Ch34-Device Security Features

Question 1

Command reference:

Changes the context to console configuration mode

Answer 1

line console 0

Question 2

Command reference:

Changes the context to vty configuration mode for the range of vty lines listed in the command

Answer 2

line vty <i>first-vty - last-vty</i>

Question 3

Command reference:

Console and line configuration mode. Tells IOS to prompt for a password

Answer 3

login

Question 4

Command reference:

Console and line configuration mode. Lists the password required if the <b>login</b> command is configured

Answer 4

password <i>pass-value</i>

Question 5

Command reference:

Console and line configuration mode. Tells IOS to prompt for a username and password, to be checked against locally-configured <b>username</b> global configuration commands

Answer 5

login local

Question 6

Command reference:

Global command. Defines one of possibly multiple usernames and associated passwords (stored as a hashed value)

Answer 6

username <i>user</i> secret <i>password</i>

Question 7

Command reference:

Global command. Defines one of possibly multiple usernames and associated passwords (stored in clear text in the configuration)

Answer 7

username <i>user</i> password <i>password</i>

Question 8

Command reference:

Global command. Creates and stores the keys required by SSH

Answer 8

crypto key generate rsa

Question 9

Command reference:

VTY configuration mode. Defines whether Telnet and/or SSH access is allowed into the device

Answer 9

transport input [telnet | ssh | none | all]

Question 10

Command reference:

Global command. Encrypts all clear-text passwords in the running config. The <b>no</b> version of this commands disables the encryption of passwords the next time said password is set

Answer 10

[no] service password-encryption

Question 11

Command reference:

Global command to create the enable password, stored as a hashed value instead of clear text

Answer 11

enable secret <i>password</i>

Question 12

Command reference:

Global command to create the enable password, as clear text

Answer 12

enable password <i>password</i>

Question 13

Global command to create the enable password, stored as a hashed value, defined by the hashing algorithm type

Answer 13

enable [algorithm-type md5 | sha256 | scrypt] secret <i>password</i>

Question 14

Which passwords are encrypted via <b>service password-encryption</b>?

Answer 14

enable password
username user password pass-value
console/vty line passwords

Question 15

When a password is encrypted via <b>service password-encryption</b>, what is its encryption type noted as?

Answer 15

Type 7

Question 16

Both <b>enable secret</b> and <b>enable password</b> have been configured on a device. Which will be used?

Answer 16

enable secret

Question 17

Neither <b>enable secret</b> or <b>enable password</b> were configured on a device. Describe what happens when a user attempts to access enable mode

Answer 17

1. Console users will go directly to enable mode

2. Line (Telnet/SSH) users will be rejected from trying to access enable mode

Question 18

List the banner display order for console and Telnet users

Answer 18

MOTD
login
—user login—
exec

Question 19

List the banner display order for SSH users

Answer 19

login
—user login—
MOTD
exec

Question 20

A router is configured with SSH version 1. A user attempts to sign in via SSH. What banners will be displayed?

Answer 20

MOTD & exec (login not displayed if SSH v1)