CCSP SECUR FAQ : Secure Router Administration
Q1. What are some of the steps that can be taken to secure the console interface on a router or switch device?
A. Administratively shut down the console interface.
B. Physically secure the device.
C. Apply an access list using the access-class command.
D. Configure a console password.
Q2. How many characters can you have in an enable password?
Q3. Which of the following is the least restrictive privilege level?
Q4. The service password-encryption command does which of the following?
A. Encrypts the configuration on the router
B. Stores passwords in an encrypted manner in the router configuration
C. Only encrypts the telnet password in the Cisco IOS configuration
D. Is only available on PIX Firewall
Q5. Which of the following choices has the correct configuration for encrypting the enable password?
A. Router(config)#enable secret gr3twhite
B. Router#enable encryption gr3twhite
C. Router#enable secret gr3twhite
D. Router#(config)enable encryption t gr3twhite
Q6. Which of the following commands are associated with privilege level 0?
B. configure terminal
Q7. Which of the following configurations displays a login banner when a router is accessed?
A. Router# banner exec d If you are not an authorized user disconnect immediately message d
B. Router(config)# banner login d If you are not an authorized user disconnect immediately d
C. Router(config)#banner exec d If you are not an authorized user disconnect immediately d
D. Router# banner login d If you are not an authorized user disconnect immediately d
Q8. For maintaining confidentiality and integrity in accessing a router, is recommended over telnet.
C. Secure telnet
Q9. How do you secure the Ethernet port on a switch? (Select two.)
A. Disable unused ports.
B. Configure port security.
C. Set access list.
D. Security cannot be configured on the port.
Q10. In the event of a security violation, what is the default response of the port?
A. Switches into restrictive mode
B. Switches into a temporary shutdown mode
C. Switches into permanent shutdown mode
D. Switches into a temporary restrictive mode
Q11. How many levels of command access does the CLI have?
Q12. What are some of the characteristics of the enable password?
Q13. What are the commands associated with privileged level 0?
Q14. What is the banner login command used for?
Q15. Give one example of telnet vulnerability?
Q16. Give two advantages of using SSH for connecting to your device?
Q17. What is maximum number of MAC addresses allowed on a port?
Q18. What does the service password-encryption command do?
Q19. What is the advantage of using the enable secret command over enable password command?
Q20. What are the steps required to configure SSH on a Cisco IOS router?
Answer: The four steps required to enable SSH support on a Cisco IOS router are as follows:
- Configure the hostname command.
- Configure the DNS domain.
- Generate the SSH key to be used.
- Enable SSH transport for vty lines.