CCNA Security Chapter 2 Exam v2 - CCNA Exam 2016

8/22/2016
CCNASecurityChapter2Examv2CCNAExam2016
CCNACourseware
IntroductiontoLinuxII
Home
Microsoft
LinuxEssentials
IntroductiontoLinuxI
About
ITE(ITEssentials)
CCNA1
CCNA2
CCNA3
CCNA4
CCNASecurity
CCNAPTLab2016
updateeverysecondtohelpyoupassedtheexam.
CCNASecurityChapter2Exam
v2
PostedonDecember11,2015byccna7
1.Anadministratordefinedalocaluser
accountwithasecretpasswordonrouter
R1forusewithSSH.Whichthree
additionalstepsarerequiredtoconfigure
R1toacceptonlyencryptedSSH
connections?(Choosethree.)
EnableinboundvtySSHsessions.
Generatetwowaypresharedkeys.
ConfigureDNSontherouter.
ConfiguretheIPdomainnameontherouter.
EnableinboundvtyTelnetsessions.
GeneratetheSSHkeys.
2.Whichsetofcommandsarerequiredto
createausernameofadmin,hashthe
passwordusingMD5,andforcetherouter
toaccesstheinternalusernamedatabase
whenauserattemptstoaccessthe
console?
R1(config)#usernameadminpassword
Admin01pa55
R1(config)#linecon0
R1(configline)#loginlocal
R1(config)#usernameadminsecretAdmin01pa55
R1(config)#linecon0
R1(config)#usernameadminAdmin01pa55encr
md5
R1(config)#linecon0
R1(config)#usernameadminpassword
Admin01pa55
https://ccna7.com/ccnasecurityexamanswerv2/ccnasecuritychapter2examv2/
Search
FindUsonFacebook
CCNA7
5,511likes
LikePage
Share
Bethefirstofyourfriendstolikethis
Categories
CCNA1v5.02RoutingandSwitching
2015(100%)
CCNA1v5.1IntroductiontoNetworks
CCNA1v5.1OnlineAssessement
2015(100%)
CCNA2V5.03RoutingandSwitching
Essentials
2015(100%)
CCNA3v5.03ScalingNetworks
2015(100%)
CCNA4v5.03ConnectingNetworks
CCNALabExam
CCNARoutingandSwitchingCourseware
CCNASecurityExamAnswerv1.2(100%)
CCNASecurityExamAnswerv2
CiscoLearning
1/8
8/22/2016
R1(config)#linecon0
R1(configline)#login
R1(config)#usernameadminsecretAdmin01pa55
R1(config)#linecon0
R1(configline)#login
3.Refertotheexhibit.Whichstatement
abouttheJRAdminaccountistrue?
ITEITEssentialsv6.0
ITEv5.02Exam2015100%
LinuxEssentials(LPI010)
LPIC1101
LPIC1102
MicrosoftLearning
WindowTip
CCNASecurityChapter2ExamAnswerv2001
JRAdmincanissueonlypingcommands.
JRAdmincanissueshow,ping,andreload
commands.
JRAdmincannotissueanycommandbecausethe
privilegeleveldoesnotmatchoneofthose
defined.
JRAdmincanissuedebugandreloadcommands.
JRAdmincanissuepingandreloadcommands
4.Whichthreeareasofroutersecurity
mustbemaintainedtosecureanedge
routeratthenetworkperimeter?(Choose
three.)
remoteaccesssecurity
zoneisolation
routerhardening
operatingsystemsecurity
flashsecurity
physicalsecurity
5.Whichrecommendedsecuritypractice
preventsattackersfromperforming
passwordrecoveryonaCiscoIOSrouter
forthepurposeofgainingaccesstothe
privilegedEXECmode?
Locatetherouterinasecurelockedroomthatis
accessibleonlytoauthorizedpersonnel.
Configuresecureadministrativecontroltoensure
thatonlyauthorizedpersonnelcanaccessthe
router.
KeepasecurecopyoftherouterCiscoIOSimage
androuterconfigurationfileasabackup.
Provisiontherouterwiththemaximumamountof
memorypossible.
2/8
8/22/2016
Disableallunusedportsandinterfacestoreduce
thenumberofwaysthattheroutercanbe
accessed.
6.Refertotheexhibit.Basedontheoutput
oftheshowrunningconfigcommand,
whichtypeofviewisSUPPORT?
CCNASecurityChapter2ExamAnswerv2002
CLIview,containingSHOWVIEWand
VERIFYVIEWcommands
superview,containingSHOWVIEWand
VERIFYVIEWviews
secretview,withalevel5encryptedpassword
rootview,withalevel5encryptedsecretpassword
7.Whichtwocharacteristicsapplytorole
basedCLIaccesssuperviews?(Choose
two.)
Aspecificsuperviewcannothavecommands
addedtoitdirectly.
CLIviewshavepasswords,butsuperviewsdonot
havepasswords.
Asinglesuperviewcanbesharedamongmultiple
CLIviews.
DeletingasuperviewdeletesallassociatedCLI
views.
Usersloggedintoasuperviewcanaccessall
commandsspecifiedwithintheassociatedCLI
views.
8.Whichthreetypesofviewsareavailable
whenconfiguringtherolebasedCLI
accessfeature?(Choosethree.)
superview
adminview
rootview
superuserview
CLIview
configview
3/8
8/22/2016
9.IfAAAisalreadyenabled,whichthreeCLI
stepsarerequiredtoconfigurearouter
withaspecificview?(Choosethree.)
Createasuperviewusingtheparserviewview
namecommand.
Associatetheviewwiththerootview.
Assignuserswhocanusetheview.
Createaviewusingtheparserviewviewname
command.
Assignasecretpasswordtotheview.
Assigncommandstotheview.
10.WhatoccursafterRSAkeysare
generatedonaCiscoroutertoprepare
forsecuredevicemanagement?
ThekeysmustbezeroizedtoresetSecureShell
beforeconfiguringotherparameters.
AllvtyportsareautomaticallyconfiguredforSSH
toprovidesecuremanagement.
Thegeneralpurposekeysizemustbespecified
forauthenticationwiththecryptokeygeneratersa
generalkeysmoduluscommand.
ThegeneratedkeyscanbeusedbySSH.
11.Whichthreestatementsdescribelimitationsinusing
privilegelevelsforassigningcommandauthorization?
(Choosethree.)
Creatingauseraccountthatneedsaccesstomost
butnotallcommandscanbeatediousprocess.
ViewsarerequiredtodefinetheCLIcommands
thateachusercanaccess.
Commandssetonahigherprivilegelevelarenot
availableforlowerprivilegeusers.
Itisrequiredthatall16privilegelevelsbedefined,
whethertheyareusedornot.
Thereisnoaccesscontroltospecificinterfaceson
arouter.
Therootusermustbeassignedtoeachprivilege
levelthatisdefined.
12.Whatcommandmustbeissuedtoenable
loginenhancementsonaCiscorouter?
privilegeexeclevel
logindelay
loginblockfor
bannermotd
13.Whatisthedefaultprivilegelevelofuser
accountscreatedonCiscorouters?
4/8
8/22/2016
0
1
15
16
14.Anetworkadministratornoticesthat
unsuccessfulloginattemptshavecaused
aroutertoenterquietmode.Howcanthe
administratormaintainremoteaccessto
thenetworksevenduringquietmode?
Quietmodebehaviorcanbeenabledviaanip
accessgroupcommandonaphysicalinterface.
Quietmodebehaviorwillonlypreventspecificuser
accountsfromattemptingtoauthenticate.
Quietmodebehaviorcanbeoverriddenforspecific
networksbyusinganACL.
Quietmodebehaviorcanbedisabledbyan
administratorbyusingSSHtoconnect.
15.WhatisacharacteristicoftheCiscoIOS
ResilientConfigurationfeature?
Itmaintainsasecureworkingcopyofthebootstrap
startupprogram.
Onceissued,thesecurebootconfigcommand
automaticallyupgradestheconfigurationarchiveto
anewerversionafternewconfigurationcommands
havebeenentered.
Asnapshotoftherouterrunningconfigurationcan
betakenandsecurelyarchivedinpersistent
storage.
Thesecurebootimagecommandworksproperly
whenthesystemisconfiguredtorunanimage
fromaTFTPserver.
16.WhatisarequirementtousetheSecure
CopyProtocolfeature?
Atleastoneuserwithprivilegelevel1hastobe
configuredforlocalauthentication.
AcommandmustbeissuedtoenabletheSCP
serversidefunctionality.
AtransfercanonlyoriginatefromSCPclientsthat
arerouters.
TheTelnetprotocolhastobeconfiguredonthe
SCPserverside.
17.WhatisacharacteristicoftheMIB?
TheOIDsareorganizedinahierarchicalstructure.
InformationintheMIBcannotbechanged.
5/8
8/22/2016
AseparateMIBtreeexistsforanygivendevicein
thenetwork.
Informationisorganizedinaflatmannersothat
SNMPcanaccessitquickly.
18.Whichthreeitemsarepromptedfora
userresponseduringinteractive
AutoSecuresetup?(Choosethree.)
IPaddressesofinterfaces
contentofasecuritybanner
enablesecretpassword
servicestodisable
enablepassword
interfacestoenable
19.Anetworkengineerisimplementing
securityonallcompanyrouters.Which
twocommandsmustbeissuedtoforce
authenticationviathepassword1A2b3C
forallOSPFenabledinterfacesinthe
backboneareaofthecompanynetwork?
(Choosetwo.)
area0authenticationmessagedigest
ipospfmessagedigestkey1md51A2b3C
usernameOSPFpassword1A2b3C
enablepassword1A2b3C
area1authenticationmessagedigest
20.Whatisthepurposeofusingtheipospf
messagedigestkeykeymd5password
commandandtheareaareaid
authenticationmessagedigestcommand
onarouter?
toconfigureOSPFMD5authenticationgloballyon
therouter
toenableOSPFMD5authenticationonaper
interfacebasis
tofacilitatetheestablishmentofneighbor
adjacencies
toencryptOSPFroutingupdates
21.WhataretworeasonstoenableOSPF
routingprotocolauthenticationona
network?(Choosetwo.)
toprovidedatasecuritythroughencryption
toensurefasternetworkconvergence
toensuremoreefficientrouting
topreventdatatrafficfrombeingredirectedand
thendiscarded
6/8
8/22/2016
topreventredirectionofdatatraffictoaninsecure
link
22.Whichtwooptionscanbeconfiguredby
CiscoAutoSecure?(Choosetwo.)
enablesecretpassword
interfaceIPaddress
SNMP
securitybanner
syslog
23.Whichthreefunctionsareprovidedbythe
syslogloggingservice?(Choosethree.)
settingthesizeoftheloggingbuffer
specifyingwherecapturedinformationisstored
gatheringlogginginformation
authenticatingandencryptingdatasentoverthe
network
distinguishingbetweeninformationtobecaptured
andinformationtobeignored
retainingcapturedmessagesontherouterwhena
routerisrebooted
24.WhatistheControlPlanePolicing(CoPP)
featuredesignedtoaccomplish?
disablecontrolplaneservicestoreduceoverall
traffic
preventunnecessarytrafficfromoverwhelmingthe
routeprocessor
directallexcesstrafficawayfromtheroute
process
manageservicesprovidedbythecontrolplane
25.Whichthreeactionsareproducedby
addingCiscoIOSloginenhancementsto
therouterloginprocess?(Choosethree.)
permitonlysecureconsoleaccess
createpasswordauthentication
automaticallyprovideAAAauthentication
createsyslogmessages
slowdownanactiveattack
disableloginsfromspecifiedhosts
CopyrightsecuredbyDigiprove2016
AllRightsReserved
Comments
0comments
7/8
8/22/2016
0Comments
Sortby
Addacomment...
FacebookCommentsPlugin
Home|CCNAExam ITE(ITEssentials) CCNA1 CCNA2 CCNA3 CCNA4

PoweredbyWordPressandHeatMapAdAptiveTheme
8/8

CCNA Security Chapter 2 Exam v2 - CCNA Exam 2016

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNA Security Chapter 2 Exam v2 - CCNA Exam 2016

Uploaded by

Copyright:

Available Formats

8/22/2016

Home|CCNAExam ITE(ITEssentials) CCNA1 CCNA2 CCNA3 CCNA4

You might also like