CCNA Security v2.0 Chapter 2 Exam Answers 1. An administratr defined a lcal user accunt with a secret passwrd n ruter R1 fr use with SSH. Which three additinal steps are required t cnfigure R1 t accept nly encrypted SSH cnnectins? (Chse three.) Enable inbund vty SSH sessins. Generate tw-way pre-shared keys. Cnfigure DNS n the ruter. Cnfigure the IP dmain name n the ruter. Enable inbund vty Telnet sessins. Generate the SSH keys. 2. Which set f cmmands are required t create a username f admin, hash the passwrd using MD5, and frce the ruter t access the internal username database when a user attempts t access the cnsle? R1(cnfig)# username admin passwrd Admin01pa55 R1(cnfig)# line cn 0 R1(cnfig-line)# lgin lcal R1(cnfig)# username admin secret Admin01pa55 R1(cnfig)# line cn 0 R1(cnfig-line)# lgin lcal R1(cnfig)# username admin Admin01pa55 encr md5 R1(cnfig)# line cn 0 R1(cnfig-line)# lgin lcal R1(cnfig)# username admin passwrd Admin01pa55 R1(cnfig)# line cn 0 R1(cnfig-line)# lgin R1(cnfig)# username admin secret Admin01pa55 R1(cnfig)# line cn 0 R1(cnfig-line)# lgin 3. Refer t the exhibit. Which statement abut the JR-Admin accunt is true? CCNA Security Chapter 2 Exam Answer v2 001 JR-Admin can issue nly ping cmmands. JR-Admin can issue shw, ping, and relad cmmands. CCNA 5 Page 1
JR-Admin cannt issue any cmmand because the privilege level des nt match ne f thse defined. JR-Admin can issue debug and relad cmmands. JR-Admin can issue ping and relad cmmands 4. Which three areas f ruter security must be maintained t secure an edge ruter at the netwrk perimeter? (Chse three.) remte access security zne islatin ruter hardening perating system security flash security physical security 5. Which recmmended security practice prevents attackers frm perfrming passwrd recvery n a Cisc IOS ruter fr the purpse f gaining access t the privileged EXEC mde? Lcate the ruter in a secure lcked rm that is accessible nly t authrized persnnel. Cnfigure secure administrative cntrl t ensure that nly authrized persnnel can access the ruter. Keep a secure cpy f the ruter Cisc IOS image and ruter cnfiguratin file as a backup. Prvisin the ruter with the maximum amunt f memry pssible. Disable all unused prts and interfaces t reduce the number f ways that the ruter can be accessed. 6. Refer t the exhibit. Based n the utput f the shw running-cnfig cmmand, which type f view is SUPPORT? CCNA Security Chapter 2 Exam Answer v2 002 CLI view, cntaining SHOWVIEW and VERIFYVIEW cmmands superview, cntaining SHOWVIEW and VERIFYVIEW views CCNA 5 Page 2
secret view, with a level 5 encrypted passwrd rt view, with a level 5 encrypted secret passwrd 7. Which tw characteristics apply t rle-based CLI access superviews? (Chse tw.) A specific superview cannt have cmmands added t it directly. CLI views have passwrds, but superviews d nt have passwrds. A single superview can be shared amng multiple CLI views. Deleting a superview deletes all assciated CLI views. Users lgged in t a superview can access all cmmands specified within the assciated CLI views. 8. Which three types f views are available when cnfiguring the rle-based CLI access feature? (Chse three.) superview admin view rt view superuser view CLI view cnfig view 9. If AAA is already enabled, which three CLI steps are required t cnfigure a ruter with a specific view? (Chse three.) Create a superview using the parser view view-name cmmand. Assciate the view with the rt view. Assign users wh can use the view. Create a view using the parser view view-name cmmand. Assign a secret passwrd t the view. Assign cmmands t the view. 10. What ccurs after RSA keys are generated n a Cisc ruter t prepare fr secure device management? The keys must be zerized t reset Secure Shell befre cnfiguring ther parameters. All vty prts are autmatically cnfigured fr SSH t prvide secure management. The general-purpse key size must be specified fr authenticatin with the crypt key generate rsa general-keys mduluscmmand. The generated keys can be used by SSH. 11. Which three statements describe limitatins in using privilege levels fr assigning cmmand authrizatin? (Chse three.) CCNA 5 Page 3
Creating a user accunt that needs access t mst but nt all cmmands can be a tedius prcess. Views are required t define the CLI cmmands that each user can access. Cmmands set n a higher privilege level are nt available fr lwer privilege users. It is required that all 16 privilege levels be defined, whether they are used r nt. There is n access cntrl t specific interfaces n a ruter. The rt user must be assigned t each privilege level that is defined. 12. What cmmand must be issued t enable lgin enhancements n a Cisc ruter? privilege exec level lgin delay lgin blck-fr banner mtd 13. What is the default privilege level f user accunts created n Cisc ruters? 0 1 15 16 14. A netwrk administratr ntices that unsuccessful lgin attempts have caused a ruter t enter quiet mde. Hw can the administratr maintain remte access t the netwrks even during quiet mde? Quiet mde behavir can be enabled via an ip access-grup cmmand n a physical interface. Quiet mde behavir will nly prevent specific user accunts frm attempting t authenticate. Quiet mde behavir can be verridden fr specific netwrks by using an ACL. Quiet mde behavir can be disabled by an administratr by using SSH t cnnect. 15. What is a characteristic f the Cisc IOS Resilient Cnfiguratin feature? It maintains a secure wrking cpy f the btstrap startup prgram. Once issued, the secure bt-cnfig cmmand autmatically upgrades the cnfiguratin archive t a newer versin after new cnfiguratin cmmands have been entered. A snapsht f the ruter running cnfiguratin can be taken and securely archived in persistent strage. The secure bt-image cmmand wrks prperly when the system is cnfigured t run an image frm a TFTP server. 16. What is a requirement t use the Secure Cpy Prtcl feature? CCNA 5 Page 4
At least ne user with privilege level 1 has t be cnfigured fr lcal authenticatin. A cmmand must be issued t enable the SCP server side functinality. A transfer can nly riginate frm SCP clients that are ruters. The Telnet prtcl has t be cnfigured n the SCP server side. 17. What is a characteristic f the MIB? The OIDs are rganized in a hierarchical structure. Infrmatin in the MIB cannt be changed. A separate MIB tree exists fr any given device in the netwrk. Infrmatin is rganized in a flat manner s that SNMP can access it quickly. 18. Which three items are prmpted fr a user respnse during interactive AutSecure setup? (Chse three.) IP addresses f interfaces cntent f a security banner enable secret passwrd services t disable enable passwrd interfaces t enable 19. A netwrk engineer is implementing security n all cmpany ruters. Which tw cmmands must be issued t frce authenticatin via the passwrd 1A2b3C fr all OSPF-enabled interfaces in the backbne area f the cmpany netwrk? (Chse tw.) area 0 authenticatin message-digest ip spf message-digest-key 1 md5 1A2b3C username OSPF passwrd 1A2b3C enable passwrd 1A2b3C area 1 authenticatin message-digest 20. What is the purpse f using the ip spf message-digest-key key md5 passwrd cmmand and the area area-id authenticatin message-digest cmmand n a ruter? t cnfigure OSPF MD5 authenticatin glbally n the ruter t enable OSPF MD5 authenticatin n a per-interface basis t facilitate the establishment f neighbr adjacencies t encrypt OSPF ruting updates 21. What are tw reasns t enable OSPF ruting prtcl authenticatin n a netwrk? (Chse tw.) CCNA 5 Page 5
t prvide data security thrugh encryptin t ensure faster netwrk cnvergence t ensure mre efficient ruting t prevent data traffic frm being redirected and then discarded t prevent redirectin f data traffic t an insecure link 22. Which tw ptins can be cnfigured by Cisc AutSecure? (Chse tw.) enable secret passwrd interface IP address SNMP security banner syslg 23. Which three functins are prvided by the syslg lgging service? (Chse three.) setting the size f the lgging buffer specifying where captured infrmatin is stred gathering lgging infrmatin authenticating and encrypting data sent ver the netwrk distinguishing between infrmatin t be captured and infrmatin t be ignred retaining captured messages n the ruter when a ruter is rebted 24. What is the Cntrl Plane Plicing (CPP) feature designed t accmplish? disable cntrl plane services t reduce verall traffic prevent unnecessary traffic frm verwhelming the rute prcessr direct all excess traffic away frm the rute prcess manage services prvided by the cntrl plane 25. Which three actins are prduced by adding Cisc IOS lgin enhancements t the ruter lgin prcess? (Chse three.) permit nly secure cnsle access create passwrd authenticatin autmatically prvide AAA authenticatin create syslg messages slw dwn an active attack disable lgins frm specified hsts CCNA 5 Page 6