Chapter 2

Question 1

The edge router is…

Answer 1

the last router between the internal network and an untrusted network, such as the Internet.

Question 2

Strong password guidelines (6)

Answer 2

1. 10 or more characters
2. mix of uppercase and lowercase letters, numbers, symbols and spaces
3. avoid passwords based on easily identifable pieces of information
4. misspell
5. change often
6. do not leave in obvious places

Question 3

Commands to increase password security

Answer 3

1. security passwords min-length
2. service password-encryption
3. exec-timeout minutes [seconds]

Question 4

How do you disable the exec process for a specific line?

Answer 4

no exec

Question 5

The enable secret password uses this kind of hash and thus is not safe to use

Answer 5

MD5

Question 6

A command to configure type 9 encryption using plaintext password?

Answer 6

enable algorithm-type

Question 7

A command to create a user with a type 9 encryption

Answer 7

username name algorithm-type

Question 8

How to configure a username/password authentication on a line

Answer 8

login local

Question 9

Virtual Login Security Enhancements

Answer 9

1. Implement delays between successive login attempts
2. Enable login shutdown if DoS attacks are suspected
3. Generate system-logging messages for login detection.

Question 10

A period of time when login is blocked

Answer 10

Quiet period

Question 11

How to specify a banner?

Answer 11

banner

Question 12

How to disable logins after a specifed nubmer of failed login attempts?

Answer 12

login block-for seconds attempts tries within seconds

Question 13

How to specify allowed hosts for a quiet period?

Answer 13

login quiet-mode access-class (acl-name | acl-number)

Question 14

How to specify a number of seconds between unsuccessful login attempts?

Answer 14

login delay seconds

Question 15

How to log successful and unsuccessful logins?

Answer 15

login on-success log [every login]

login on-failure log [every login]

Question 16

login block-for operates in two modes…

Answer 16

Normal mode (counting failed logins) and Quiet mode(all login attempts denied for the time specifed in login block-for)

Question 17

What is a default delay between logins when a login block-for is invoked?

Answer 17

1 sec

Question 18

How do you generate a log message when the login failure rate is exceeded?

Answer 18

security authentication failure rate

Question 19

A command used for login block-for verification?

Answer 19

show login

Question 20

show login with additional information on failed attempts

Answer 20

show login failures

Question 21

Five steps to configure SSH

Answer 21

1.ip domain-name domain-name
2.crypto key generate rsa general-keys modulus modulus-size
3.ip ssh version 2
4.username name algorithm-type scrypt secret secret
5.login local
transport input ssh
(on a line)

Question 22

To verify SSH and display the generated keys…

Answer 22

show crypto key mypubkey rsa

Question 23

To overwrite an existing key pair…

Answer 23

crypto key zeroize rsa

Question 24

To verify the optional SSH command settings…

Answer 24

show ip ssh

Question 25

How do you modify the default SSH timeout interval?

Answer 25

ip ssh time-out seconds

Question 26

How do you configure a different number of SSH login retries?

Answer 26

ip ssh authentication-retries *integer*

Question 27

To verify the status of the SSH client connections, use

Answer 27

show ssh

Question 28

What are two default access levels in Cisco IOS CLI?

Answer 28

User EXEC mode(level 1) and Privileged EXEC mode(level 15)

Question 29

How many privilege levels exist?

Answer 29

16

Question 30

How do you assign a command to a custom privilege level?

Answer 30

privilege *mode* (level *level* | reset) *command*

Question 31

To configure a privilege level with specific commands...

Answer 31

privilege exec level *level* [command]

Question 32

How do you assign a password to a user that is granted a specific privilege level?

Answer 32

username *name* privilege level secret *password*

Question 33

How do you assign a password to the privilege level?

Answer 33

enable secret level *level* *password*

Question 34

Limitations of Privilege Levels

Answer 34

- No access control to specific interfaces, ports, logical interfaces, and slots on a router. - Commands available at lower privilege levels are always executable at higher levels. - Commands specifically set at a higher privilege level are not available for lower privileged users. - Assigning a command with multiple keywords allows access to all commands that use those keywords.

Question 35

Three types of Role-based CLI views?

Answer 35

1. Root view 2. CLI view 3. Superview

Question 36

Why is root view needed?

Answer 36

For configuring any new views

Question 37

What is a superview?

Answer 37

A view that consists of one or more CLI views