Last Updated on June 26, 2019 by Admin
Implementing Network Security ( Version 2.0) – CCNAS Chapter 2 Exam Online
CCNAS – Chapter 2 Exam
Quiz-summary
0 of 25 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
Information
CCNAS – Chapter 2 Exam
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 25 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- Answered
- Review
-
Question 1 of 25
1. Question
3 pointsAn administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.)Correct
Incorrect
There are four steps to configure SSH support on a Cisco router: Step 1: Set the domain name. Step 2: Generate one-way secret keys. Step 3: Create a local username and password. Step 4: Enable SSH inbound on a vty line.
Hint
There are four steps to configure SSH support on a Cisco router: Step 1: Set the domain name. Step 2: Generate one-way secret keys. Step 3: Create a local username and password. Step 4: Enable SSH inbound on a vty line. -
Question 2 of 25
2. Question
1 pointsWhich set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console?Correct
Incorrect
To configure a user account with an encrypted password, the username secret command is used. The line con 0 command defines the console line as configured for login and the login local command tells the router to look in the local database for the user credentials.Hint
To configure a user account with an encrypted password, the username secret command is used. The line con 0 command defines the console line as configured for login and the login local command tells the router to look in the local database for the user credentials. -
Question 3 of 25
3. Question
1 pointsRefer to the exhibit. Which statement about the JR-Admin account is true?Correct
Incorrect
When the username name privilege 10 command is issued, access to commands with a privilege level of 10 or less (0-10) is permitted to the user.Hint
When the username name privilege 10 command is issued, access to commands with a privilege level of 10 or less (0-10) is permitted to the user. -
Question 4 of 25
4. Question
3 pointsWhich three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)Correct
Incorrect
There are three areas of router security to maintain: 1) physical security 2) router hardening 3) operating system security
Hint
There are three areas of router security to maintain: 1) physical security 2) router hardening 3) operating system security -
Question 5 of 25
5. Question
1 pointsWhat is the default privilege level of user accounts created on Cisco routers?Correct
Incorrect
There are 16 privilege levels that can be configured as part of the username command, ranging from 0 to 15. By default, if no level is specified, the account will have privilege level 1,Hint
There are 16 privilege levels that can be configured as part of the username command, ranging from 0 to 15. By default, if no level is specified, the account will have privilege level 1, -
Question 6 of 25
6. Question
1 pointsWhich recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode?Correct
Incorrect
Of the three areas of router security, physical security, router hardening, and operating system security, physical security involves locating the router in a secure room accessible only to authorized personnel who can perform password recovery.
Hint
Of the three areas of router security, physical security, router hardening, and operating system security, physical security involves locating the router in a secure room accessible only to authorized personnel who can perform password recovery. -
Question 7 of 25
7. Question
1 pointsRefer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?Correct
Incorrect
The superview role-based CLI view named SUPPORT has been configured on the router. The SUPPORT suerview consists of two CLI views called SHOWVIEW and VERIFYVIEW.
Hint
The superview role-based CLI view named SUPPORT has been configured on the router. The SUPPORT suerview consists of two CLI views called SHOWVIEW and VERIFYVIEW. -
Question 8 of 25
8. Question
2 pointsWhich two characteristics apply to role-based CLI access superviews? (Choose two.)Correct
Incorrect
By using a superview an administrator can assign users or groups of users to CLI views which contain a specific set of commands those users can access. Commands cannot be added directly to a superview but rather must be added to a CLI view and the CLI view added to the superview.
Hint
By using a superview an administrator can assign users or groups of users to CLI views which contain a specific set of commands those users can access. Commands cannot be added directly to a superview but rather must be added to a CLI view and the CLI view added to the superview. -
Question 9 of 25
9. Question
3 pointsWhich three types of views are available when configuring the role-based CLI access feature? (Choose three.)Correct
Incorrect
There are three types of Role-based CLI views: 1) root view 2) CLI view 3) superview
Hint
There are three types of Role-based CLI views: 1) root view 2) CLI view 3) superview -
Question 10 of 25
10. Question
3 pointsIf AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.)Correct
Incorrect
There are five steps involved to create a view on a Cisco router. 1) AAA must be enabled. 2) the view must be created. 3) a secret password must be assigned to the view. 4) commands must be assigned to the view. 5) view configuration mode must be exited.
Hint
There are five steps involved to create a view on a Cisco router. 1) AAA must be enabled. 2) the view must be created. 3) a secret password must be assigned to the view. 4) commands must be assigned to the view. 5) view configuration mode must be exited. -
Question 11 of 25
11. Question
1 pointsWhat occurs after RSA keys are generated on a Cisco router to prepare for secure device management?Correct
Incorrect
Once RSA keys are generated, SSH is automatically enabled.
Hint
Once RSA keys are generated, SSH is automatically enabled. -
Question 12 of 25
12. Question
3 pointsWhich three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.)Correct
Incorrect
An administrator can create customized privilege levels and assign different commands to each level. However, this method of controlling he level of access to the router has limitations. Using privilege levels access to specific interfaces or ports cannot be controlled and availability of commands cannot be customized across levels.
Hint
An administrator can create customized privilege levels and assign different commands to each level. However, this method of controlling he level of access to the router has limitations. Using privilege levels access to specific interfaces or ports cannot be controlled and availability of commands cannot be customized across levels. -
Question 13 of 25
13. Question
1 pointsWhat command must be issued to enable login enhancements on a Cisco router?Correct
Incorrect
Cisco IOS login enhancements can increase the security for virtual login connections to a router. Although login delay is a login enhancement command, all login enhancements are disabled until the login block-for command is configured.Hint
Cisco IOS login enhancements can increase the security for virtual login connections to a router. Although login delay is a login enhancement command, all login enhancements are disabled until the login block-for command is configured. -
Question 14 of 25
14. Question
1 pointsA network administrator notices that unsuccessful login attempts have caused a router to enter quiet mode. How can the administrator maintain remote access to the networks even during quiet mode?Correct
Incorrect
Quiet mode prevents any further login attempts for a period of time. Quiet mode is enabled via the login quiet-mode access-class command. Quiet mode behavior can be overridden for specific networks by building and implementing an access control list (ACL).Hint
Quiet mode prevents any further login attempts for a period of time. Quiet mode is enabled via the login quiet-mode access-class command. Quiet mode behavior can be overridden for specific networks by building and implementing an access control list (ACL). -
Question 15 of 25
15. Question
1 pointsWhat is a characteristic of the Cisco IOS Resilient Configuration feature?Correct
Incorrect
The Cisco IOS Resilient Configuration feature maintains a secure working copy of the router IOS image file and a copy of the running configuration file. The secure boot-image command functions properly only when the system is configured to run an image from a flash drive with an ATA interface. The secure boot-config command has to be used repeatedly to upgrade the configuration archive to a newer version after new configuration commands have been issued. A snapshot of the router running configuration can be taken and securely archived in persistent storage using the secure boot-config command.Hint
The Cisco IOS Resilient Configuration feature maintains a secure working copy of the router IOS image file and a copy of the running configuration file. The secure boot-image command functions properly only when the system is configured to run an image from a flash drive with an ATA interface. The secure boot-config command has to be used repeatedly to upgrade the configuration archive to a newer version after new configuration commands have been issued. A snapshot of the router running configuration can be taken and securely archived in persistent storage using the secure boot-config command. -
Question 16 of 25
16. Question
1 pointsWhat is a requirement to use the Secure Copy Protocol feature?Correct
Incorrect
The Secure Copy Protocol feature relies on SSH and requires that AAA authentication and authorization be configured so that the router can determine whether the user has the correct privilege level. For local authentication, at least one user with privilege level 15 has to be configured. Transfers can originate from any SCP client whether that client is another router, switch, or workstation. The ip scp server enable command has to be issued to enable the SCP server side functionality.Hint
The Secure Copy Protocol feature relies on SSH and requires that AAA authentication and authorization be configured so that the router can determine whether the user has the correct privilege level. For local authentication, at least one user with privilege level 15 has to be configured. Transfers can originate from any SCP client whether that client is another router, switch, or workstation. The ip scp server enable command has to be issued to enable the SCP server side functionality. -
Question 17 of 25
17. Question
1 pointsWhat is a characteristic of the MIB?Correct
Incorrect
SNMP set, get, and trap messages are used to access and manipulate the information contained in the MIB. This information is organized hierarchically so that SNMP can access it quickly. Each piece of information within the MIB is given an object ID (OID), that is organized based on RFC standards into a hierarchy of OIDs. The MIB tree for any given device includes branches with variables common to many networking devices and branches with variables specific to that device or vendor.
Hint
SNMP set, get, and trap messages are used to access and manipulate the information contained in the MIB. This information is organized hierarchically so that SNMP can access it quickly. Each piece of information within the MIB is given an object ID (OID), that is organized based on RFC standards into a hierarchy of OIDs. The MIB tree for any given device includes branches with variables common to many networking devices and branches with variables specific to that device or vendor. -
Question 18 of 25
18. Question
3 pointsWhich three items are prompted for a user response during interactive AutoSecure setup? (Choose three.)Correct
Incorrect
During AutoSecure setup, the following steps occur: - The auto secure command is entered. - The wizard gathers information about the outside interfaces. - AutoSecure secures the management place by disabling unnecessary services. - AutoSecure prompts for a security banner. - AutoSecure prompts for passwords and enables password and login features. - Interfaces are secured. - The forwarding plane is secured.
Hint
During AutoSecure setup, the following steps occur: - The auto secure command is entered. - The wizard gathers information about the outside interfaces. - AutoSecure secures the management place by disabling unnecessary services. - AutoSecure prompts for a security banner. - AutoSecure prompts for passwords and enables password and login features. - Interfaces are secured. - The forwarding plane is secured. -
Question 19 of 25
19. Question
2 pointsA network engineer is implementing security on all company routers. Which two commands must be issued to force authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area of the company network? (Choose two.)Correct
Incorrect
The two commands that are necessary to configure authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area (Area 0) of the company network would be ip ospf message-digest-key 1 md5 1A2b3C and area 0 authentication message-digest. The option area 1 authentication message-digest is incorrect because it refers to Area 1, not Area 0. The option enable password 1A2b3C is incorrect because it would set the privileged EXEC mode password instead of the OSPF authentication password. The option username OSPF password 1A2b3C is required to create a username database in a router, which is not required with OSPF authentication.Hint
The two commands that are necessary to configure authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area (Area 0) of the company network would be ip ospf message-digest-key 1 md5 1A2b3C and area 0 authentication message-digest. The option area 1 authentication message-digest is incorrect because it refers to Area 1, not Area 0. The option enable password 1A2b3C is incorrect because it would set the privileged EXEC mode password instead of the OSPF authentication password. The option username OSPF password 1A2b3C is required to create a username database in a router, which is not required with OSPF authentication. -
Question 20 of 25
20. Question
1 pointsWhat is the purpose of using the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router?Correct
Incorrect
To configure OSPF MD5 authentication globally, the ip ospf message-digest-key key md5 password interface configuration command and the area area-id authentication message-digest router configuration command are issued. To configure OSPF MD5 authentication per interface, the ip ospf message-digest-key key md5 password interface configuration command and the ip ospf authentication message-digest interface configuration command are issued. Authentication does not encrypt OSPF routing updates. The requirements to establish OSPF router neighbor adjacencies are separate from authentication.Hint
To configure OSPF MD5 authentication globally, the ip ospf message-digest-key key md5 password interface configuration command and the area area-id authentication message-digest router configuration command are issued. To configure OSPF MD5 authentication per interface, the ip ospf message-digest-key key md5 password interface configuration command and the ip ospf authentication message-digest interface configuration command are issued. Authentication does not encrypt OSPF routing updates. The requirements to establish OSPF router neighbor adjacencies are separate from authentication. -
Question 21 of 25
21. Question
2 pointsWhat are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)Correct
Incorrect
The reason to configure OSPF authentication is to mitigate against routing protocol attacks like redirection of data traffic to an insecure link, and redirection of data traffic to discard it. OSPF authentication does not provide faster network convergence, more efficient routing, or encryption of data traffic.
Hint
The reason to configure OSPF authentication is to mitigate against routing protocol attacks like redirection of data traffic to an insecure link, and redirection of data traffic to discard it. OSPF authentication does not provide faster network convergence, more efficient routing, or encryption of data traffic. -
Question 22 of 25
22. Question
1 pointsWhat is the Control Plane Policing (CoPP) feature designed to accomplish?Correct
Incorrect
Control Plane Policing (CoPP) does not manage or disable any services. It does not direct traffic away from the route processor, but rather it prevents unnecessary traffic from getting to the route processor.
Hint
Control Plane Policing (CoPP) does not manage or disable any services. It does not direct traffic away from the route processor, but rather it prevents unnecessary traffic from getting to the route processor. -
Question 23 of 25
23. Question
2 pointsWhich two options can be configured by Cisco AutoSecure? (Choose two.)Correct
Incorrect
AutoSecure executes a script that first makes recommendations for fixing security vulnerabilities and then modifies the security configuration of the router. AutoSecure can lock down the management plane functions and the forwarding plane services and functions of a router, and this includes setting an enable password, and a security banner.
Hint
AutoSecure executes a script that first makes recommendations for fixing security vulnerabilities and then modifies the security configuration of the router. AutoSecure can lock down the management plane functions and the forwarding plane services and functions of a router, and this includes setting an enable password, and a security banner. -
Question 24 of 25
24. Question
3 pointsWhich three functions are provided by the syslog logging service? (Choose three.)Correct
Incorrect
Syslog operations include gathering information, selecting which type of information to capture, and directing the captured information to a storage location. The logging service stores messages in a logging buffer that is time-limited, and cannot retain the information when a router is rebooted. Syslog does not authenticate or encrypt messages.
Hint
Syslog operations include gathering information, selecting which type of information to capture, and directing the captured information to a storage location. The logging service stores messages in a logging buffer that is time-limited, and cannot retain the information when a router is rebooted. Syslog does not authenticate or encrypt messages. -
Question 25 of 25
25. Question
3 pointsWhich three actions are produced by adding Cisco IOS login enhancements to the router login process? (Choose three.)Correct
Incorrect
Cisco IOS login enhancements provide increased security in three ways:Implement delays between successive login attempts Enable login shutdown if DoS attacks are suspected Generate system-logging messages for login detection Banners and password authentication are disabled by default and must be enabled by command. Virtual login enhancements do not apply to console connections.
Hint
Cisco IOS login enhancements provide increased security in three ways:Implement delays between successive login attempts Enable login shutdown if DoS attacks are suspected Generate system-logging messages for login detection Banners and password authentication are disabled by default and must be enabled by command. Virtual login enhancements do not apply to console connections.