Ch. 8 Configuring Ethernet Switching Flashcards
Cisco switches can protect user mode with a simple ______ with no username for Console and telnet users
Password
The first step to securing a switch to secure access to the _____
CLI (command line interface)
The _____ command tells iOS to use simple password security
Login
The _____ _____ ______ command defines the password
Password password – value
AAA server
Authentication authorization and accounting server
Cisco switches and routers support an alternative way to keep track of usernames and passwords by using an external _____ server
AAA (authentication authorization and accounting)
Switches and AAA servers typically use either _____ or _____ protocol both of which encrypt the passwords as they traverse the network
RADIUS or TACAS+
You can set up passwords using the____ _____ command
Enable secret
MD5
Message digest 5
The _____ stores the results of the formula in the enable secret command in the configuration
MD5
A ____ is simply some text that appears on the screen for the
Banner
MOTD
Message of the day
_____ _____ List the commands currently held in history buffer
Show history
From the console or vty line configuration mode since the default number of command saved in the history buffer for the user of the console
History size x
From the EXEC this command allows a single-user to set just for this one session the size of his or her history buffer
Terminal history size x
SVI aka VLAN
Switched virtual interface
The _____ acts like the switch’s own NIC connecting into a LAN to send IP packets
SVI
A typical layer two Cisco LAN switch can only use one _____ interface at a time
VLAN
iOS uses the term _____ to refer to physical ports used for data to and from other devices
Interface
The engineer can use _____ _____ to restrict the interface on a switch so that only expected devices can use it
Port security
_____ Defines a maximum number of source Mac address is allowed for all frames coming in the interface
Port security
_____ _____ watches all incoming frames and keeps a list of all source Mac addresses plus the counter of the number of different source Mac addresses
Port security
_____ ______ when adding a new source Mac address to its list checks if the number of Mac addresses pushes past the configured maximum, if this occurs a port security violations occurred the switch then shuts down the interface
Port security
Port security provides an easy way to discover the Mac addresses used each port using a feature called _____ _____ MAC addresses
Sticky secure
The first step in securing a switch to secure access to the ____
CLI (command line interface)
Cisco switches protect enable mode for an user with the _____ ____
Enable password
The user and user mode types the _____ _____ command as prompted for this enable password. If the user types the correct password iOS moves the user to enable them
Enable EXEC
The console and vty password configuration uses the same two subcommand and Console and vty line configuration modes, respectively. The _____ command tells the iOS to you simple password security and the ______ password_value command defines the password
Login
Password
I was protects enablement the enable secret password, configured using the global command ______ _______ password value
Enable secret
The migration from using password only login method to using locally configured usernames and passwords requires only some small configuration changes. The switch needs one or more ______ name, _____ password will configuration commands to define the usernames and passwords
Username
Password
Cisco switches and router support an alternative way to keep track of all usernames and passwords by using an external_____ server
AAA(authentication authorization and accounting)
To support____, Cisco switches require the base configuration used to support telnet login with username plus additional configuration
SSH
Using ____ the switch needs a cryptography key to encrypt the data
SSH
You can encrypt some password using the____ ____-_____ global configuration command
Service password – encryption
The ______ global configuration command can be used to configure all three types of messages
Banners
______ Shown before the login prompt for temporary messages
MOTD (message of the day)
The _____ banner is shown before the login prompt but after the message of the day banner for permanent messages such as “unauthorized access prohibited”
Login
The ____ banner shown after the login prompt and used to supply information that should be hidden from unauthorized users
Exec
To configure IPv4 in a switch step 1 is enter VLAN 1 configuration mode using the _____ _____ 1 global configuration command
Interface vlan
To configure IPv4 in a switch step 2 is: sign the IP address and mask using the ___ ____ IP – address mask interface subcommand
IP addresses
To configure IPv4 in a switch step 3 is enable the VLAN 1 interface using the ___ ____ interface subcommand
No shutdown
To configure IPv4 in a switch step 4 is add the __ ____-______ IP – address global command to configure the default gateway
IP default – Gateway
To configure IPv4 in a switch step 5 (optional) add the ___ ___-____ IP – address1 IP – address2…. Global command to configure the switch to use DNS to resolve names into their matching IP address
IP name –server
To administratively enable an interface on the switch use the ___ ____ interface subcommand
No shutdown
To disable an interface use the _____ interface subcommand
Shutdown
If the network engineer knows what devices should be cabled and connected to particular interfaces on the switch the engineer can use _____ ______ to restrict that interface so that only the expected devices can use it
Port security
Imagine that you have configured the enable secret command followed by the enable password command from the console. You log out of the switch and log back in at the console. which command defines the password you had to enter to access Privileged mode
Enable secret
An engineer had formerly configured a Cisco switch to allow telnet access so that the switch expected a password of mypassword from the telnet user. The engineer then change the configuration to support secure shell. Which of the phone commands could have been part of the new configuration. (Choose two)
A username name password password pty mode subcommand
A username name password password global configuration command
A login local vty mode subcommand
A transport input SSH global configuration command
A Username name password password global configuration command
A login local vty mode subcommand
The following command was copied and pasted into configuration mode when are user was Telnetted into a Cisco switch
Banner login this is the login banner
Which of the following is true about what occurs the next time a user logs in from the console?
No banner text is displayed
The banner text “his is” is displayed
The banner text “this is the login banner” is displayed
The Banner text”login banner configured no text defined”is displayed
The banner text “his is “ is displayed
When configuring port security with sticky learning the _____ ____-_____ interface subcommand is required
Switchport port-security
And engineers desktop PC connection switch at the main site. A router at the main site connects each branch office through a serial link one small router and switch at each branch. Which of the following commands must be configured on the branch office switches in the listed configuration mode to allow the engineer to telnet to the branch office switches (choose three answer)
IP address command in VLAN configuration mode
The IP address command in global mode
IP default- Gateway command in VLAN configuration mode
The IP default- Gateway command in global configuration mode
The password command in console line configuration mode
Password command vty line configuration mode
The IP address command in VLAN configuration mode
IP default – Gateway command in global configuration mode
The password command in vty configuration mode
Which of the following describes a way to disable IEEE standard autonegotiation on 10/100 on a Cisco switch
Configure the negotiate disable interface subcommand
Configure the no negotiate interface subcommand
Configure the speed 100 interface subcommand
Configure the duplex half interface subcommand
Configure the duplex full interface subcommand
Configure the speed 100 and duplex full interface subcommands
Configure the speed 100 and duplex full interface subcommands
In which of the following modes of the CDI could you configure the duplex settings for interfaced fast ethernet 0/5? User mode Enable mode Global configuration mode VLAN mode Interface configuration mode
Interface configuration mode
