CCSP SECUR FAQ : Securing the Network with a Cisco Router

CCSP SECUR FAQ : Securing the Network with a Cisco Router

Q1. Which of the following versions of SNMP does Cisco IOS Software support?
A. SNMPv1
B. SNMPv2
C. SNMPv3
D. SNMPv4

Answer: A, B, C

Q2. Which of the following is (are) true about SNMP version 1?
A. Very secure
B. Used very widely
C. Uses a very weak authentication scheme based on “community string”
D. All of the above

Answer: B, C

Q3. Why is it important to secure the SNMP management station? Select the best answer.
A. The concentration of large information on the SNMP management station makes it a target.

B. Because there could be only a single SNMP management station.

C. SNMP management stations only operate older versions of the UNIX operating system.

D. None of the above.

Answer: A

Q4. Which of the following is true about the HTTP server on the Cisco IOS Software?
A. The HTTP server is on by default.
B. The HTTP server uses MD5 for authentication by default.
C. The HTTP server is off by default.
D. The HTTP server requires authentication to provide access to the router.

Answer: C

Q5. To what type of attack does running ip directed broadcast expose the router?
A. Smurf attack
B. SMTP attack
C. SPAM attack
D. All of the above

Answer: A

Q6. Which of the following is the best answer in securing routing updates from routing protocols?
A. Routing updates cannot be secure
B. Increase physical security
C. Disable the routing protocols
D. Configure neighbor authentication

Answer: D

Q7. Which of the following are part of the small server services?
A. Echo
B. Chargen
C. Discard
D. CDP

Answer: A, B, C

8. Which of the following is true regarding the IP directed-broadcast service?
A. The no ip directed-broadcast command is the default in Cisco IOS Software Release 12.0 and later.

B. Reduces HTTP vulnerabilities.

C. Increases security.

D. Only A and C

Answer: A

Q9. What is the command to disable CDP on a particular interface?
A. no cdp neighbor
B. no cdp running
C. no cdp
D. no cdp enable

Answer: D

Q10. What is the command to enable the HTTPS server on the Cisco IOS router?
A. ip https server
B. ip server https
C. ip http secure-server
D. ip secure-server

Answer: C

Q11. Name the two types of routing protocol authentication (neighbor authentication)?

Answer: The two types of neighbor authentication are plain text and MD5.

Q12. Name one weakness of SNMPv1.

Answer: SNMPv1 sends in clear text community strings that can easily be captured over a network. SNMPv1 also uses a very weak authentication scheme based on a community string.

Q13. How do you enable the HTTP service on the Cisco IOS router?

Answer: The HTTP service is enabled with ip http server command on the Cisco IOS router.

Q14. What are the security features that are provided by SNMPv3?

Answer: SNMPv3 provides the following security features:

  • Message integrity
  • Authentication
  • Encryption

Q15. What is an IP directed broadcast?

Answer: An IP directed broadcast is a datagram sent to the broadcast address of a subnet to which the sending machine is not directly attached. The directed broadcast is routed through the network as a unicast packet until it arrives at the target subnet, where it is converted into a link-layer broadcast.

Q16. What is the default password when accessing the router via the HTTP service?

Answer: The default password for accessing the HTTP service is the same as the enable password.

Q17. What are the symptoms on the router when an attacker exploits the “small server services” that have been enabled on the router?

Answer: The external manifestation of the problem may be a process table full error message (%SYS-3 NOPROC) or a very high CPU utilization. The EXEC command show process shows a lot of processes with the same name, such as “UDP Echo.”

More Resources

About the author

Scott

Leave a Comment