Chapter 2 Flashcards

1
Q

The edge router is…

A

the last router between the internal network and an untrusted network, such as the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Strong password guidelines (6)

A
  1. 10 or more characters
  2. mix of uppercase and lowercase letters, numbers, symbols and spaces
  3. avoid passwords based on easily identifable pieces of information
  4. misspell
  5. change often
  6. do not leave in obvious places
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Commands to increase password security

A
  1. security passwords min-length
  2. service password-encryption
  3. exec-timeout minutes [seconds]
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do you disable the exec process for a specific line?

A

no exec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The enable secret password uses this kind of hash and thus is not safe to use

A

MD5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A command to configure type 9 encryption using plaintext password?

A

enable algorithm-type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A command to create a user with a type 9 encryption

A

username name algorithm-type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How to configure a username/password authentication on a line

A

login local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Virtual Login Security Enhancements

A
  1. Implement delays between successive login attempts
  2. Enable login shutdown if DoS attacks are suspected
  3. Generate system-logging messages for login detection.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A period of time when login is blocked

A

Quiet period

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How to specify a banner?

A

banner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How to disable logins after a specifed nubmer of failed login attempts?

A

login block-for seconds attempts tries within seconds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How to specify allowed hosts for a quiet period?

A

login quiet-mode access-class (acl-name | acl-number)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How to specify a number of seconds between unsuccessful login attempts?

A

login delay seconds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How to log successful and unsuccessful logins?

A

login on-success log [every login]

login on-failure log [every login]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

login block-for operates in two modes…

A

Normal mode (counting failed logins) and Quiet mode(all login attempts denied for the time specifed in login block-for)

17
Q

What is a default delay between logins when a login block-for is invoked?

A

1 sec

18
Q

How do you generate a log message when the login failure rate is exceeded?

A

security authentication failure rate

19
Q

A command used for login block-for verification?

A

show login

20
Q

show login with additional information on failed attempts

A

show login failures

21
Q

Five steps to configure SSH

A

1.ip domain-name domain-name
2.crypto key generate rsa general-keys modulus modulus-size
3.ip ssh version 2
4.username name algorithm-type scrypt secret secret
5.login local
transport input ssh
(on a line)

22
Q

To verify SSH and display the generated keys…

A

show crypto key mypubkey rsa

23
Q

To overwrite an existing key pair…

A

crypto key zeroize rsa

24
Q

To verify the optional SSH command settings…

A

show ip ssh

25
Q

How do you modify the default SSH timeout interval?

A

ip ssh time-out seconds

26
Q

How do you configure a different number of SSH login retries?

A

ip ssh authentication-retries integer

27
Q

To verify the status of the SSH client connections, use

A

show ssh

28
Q

What are two default access levels in Cisco IOS CLI?

A

User EXEC mode(level 1) and Privileged EXEC mode(level 15)

29
Q

How many privilege levels exist?

A

16

30
Q

How do you assign a command to a custom privilege level?

A

privilege mode (level level | reset) command

31
Q

To configure a privilege level with specific commands…

A

privilege exec level level [command]

32
Q

How do you assign a password to a user that is granted a specific privilege level?

A

username name privilege level secret password

33
Q

How do you assign a password to the privilege level?

A

enable secret level level password

34
Q

Limitations of Privilege Levels

A
  • No access control to specific interfaces, ports, logical interfaces, and slots on a router.
  • Commands available at lower privilege levels are always executable at higher levels.
  • Commands specifically set at a higher privilege level are not available for lower privileged users.
  • Assigning a command with multiple keywords allows access to all commands that use those keywords.
35
Q

Three types of Role-based CLI views?

A
  1. Root view
  2. CLI view
  3. Superview
36
Q

Why is root view needed?

A

For configuring any new views

37
Q

What is a superview?

A

A view that consists of one or more CLI views