Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCNA 200-301 > Cisco Device Security > Flashcards

Cisco Device Security Flashcards

1
Q

What mode is this in?

hostname#

A

Privileged Exec Mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What mode is this in?

hostname>

A

User Exec Mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What mode is this in?

hostname(config)#

A

Global Configuration Mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What three different levels are there for basic line level security?

A
  • Console
  • Virtual Terminal VTY
  • Privileged Exec Mode
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What line number is the console at always?

A

0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a basic Telnet Configuration?

A
  • Switch(config)#int vlan 1 (You can use a different management VLAN here if you want)
  • Switch(config-if)#ip address {ip-address} {subnet}
  • Switch(config-if)#no shutdown
  • Switch(config-if)#exit
  • Switch(config)#ip default-gateway {default-gateway-address}
  • R1(config)#line vty 0 15
  • R1(config-line)#password {password}
  • R1(config-line)#login
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the default inactivity timeout for administrators on Cisco Devices?

A

10 minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How would you configure a timeout to not be enforced?

A

no-exec-timeout

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How would you configure a timeout of 15 minutes and 30 seconds?

A

exec-timeout 15 30

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What configuration can you use to control who gets access to Telnet and SSH Sessions?

A
  • R1(config)#access-list 1 permit host 10.0.0.10
  • R1(config)#line vty 0 15
  • R1(config-line)#login
  • R1(config-line)#password {password}
  • R1(config-line)#access-class 1 in
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What command can you use to ensure that all passwords are encryped and not in plain text?

A

service password-encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How would you configure a Telnet session to use individual usernames and passwords instead of a generic global one?

A
  • R1(config)#username {username} secret {password} (This sets the username and password which we’ll use below when we invoke login local
  • R1(config)#line console 0
  • R1(config-line)#login local
  • R1(config)#line vty 0 15
  • R1(config-line)#login local
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How many privilege levels of admin access are there on Cisco devices?

A

16 (0-15)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

By default, what 3 levels of privilege are used?

A

Zero
User
Privileged

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does zero-level access provide?

A

5 commands only (logout, enable, disable, help and exit)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does User Level 1 access provide?

A

Very limited read only access to the device

17
Q

What does privilege level 15 provide?

A

Complete control over the device

18
Q

What level of access would this command have?

R1(config)#username {username} secret {secret}

A

Level 1 Access

19
Q

How do you enable SSH?

A
  • R1(config)#ip domain-name {domain-name}
  • R1(config)#crypto key generate rsa
20
Q

How do you configure SSH after enabling it?

A
  • R1(config)#line vty 0 15
  • R1(config-line)#transport input ssh
  • R1(config-line)#login local
  • R1(config)#ip ssh version 2
21
Q

What is the command from a CMD to login via SSH

A

ssh -l {username} {ip-address}

22
Q

What AAA stand for?

A

Authentication, Authorization and Accounting

23
Q

What is Cisco’s AAA Server called?

A

ISE (Indentity Services Engine)

23
Q

Commonly used for end user level services, such as VPN

A

Radius

23
Q

What are the protocols used for AAA?

A

RADIUS and TACACS+

23
Q

Commonly used for administrator access on Cisco devices as it has more granular authorization capabilities

A

TACACS+

23
Q

How would you configure a RADIUS configuration for older IOS Versions?

A
  • R1(config)#username {username} secret {password}
    • This is configuring a local user in case connectivity to the AAA server is lost
  • R1(config)#aaa new-model
    • This command is just configuring AAA on this device
  • R1(config)#radius-server host {ip-address} key {key}
  • R1(config)#radius-server host {ip-address} key {key}
    • Redundancy is being used here. You don’t have to put this command in twice.
    • The keys need to be configured the same in this command as on the AAA server
      • This allows them to connect to each other
  • R1(config)#aaa group server radius {group-name}
    • This command is optional
  • R1(config-sg-radius)#server {ip-address}
  • R1(config-sg-radius)#server {ip-address}
    • Again, redundant servers here
    • These are the servers that are being into the group you just created
    • Again, this optional
  • R1(config)#aaa authentication login default group radius local
    • Use all RADIUS servers configured on this particular device
    • OR
  • R1(config)#aaa authentication login default group {group-name} local
    • Use servers in specified group
23
Q

How would you configure a TACACS+ configuration for old IOS Versions?

A
  • R1(config)#username {username} secret {password}
    • Creating our backup user in case AAA server isn’t available
  • R1(config)#aaa new-model
  • R1(config)#tacacs-server host {ip-address} key {key}
    • You can also add another one here for redundancy as well
  • R1(config)#aaa group server tacacs+ {group-name}
  • R1(config-sg-tacacs+)#server {ip-address}
  • R1(config)#aaa authentication login default group {group-name} local
23
Q

What are some services you should disable on Cisco devices?

A

HTTP Server, CDP, etc

23
Q

How would you configure a RADIUS configuration for new IOS Versions?

A
  • R1(config)#radius-server host {ip-address}
  • R1(config)#aaa new-model
  • R1(config)#radius server {server-name}
  • R1(config-radius-server)#address ipv4 {ip-address}
  • R1(config-radius-server)#key {key}
    • Again, this should match the key configured on the AAA Server
  • You can also configure a redundant server using different variables
  • Configuring the Radius Group to group those servers together
  • R1(config-radius-server)#aaa group server radius {group-name}
  • R1(config-sg-radius)#server name {server-name}
  • R1(config-sg-radius)#aaa authentication login default group {group-name} local
23
Q

How would you configure a TACACS+ configuration for new IOS Versions?

A
  • R1(config)#tacacs-server host {ip-address}
  • R1(config)#username {username} secret {password}
  • R1(config)#aaa new-model
  • R1(config)#tacacs server {server-name}
  • R1(config-server-tacacs)#address ipv4 {ip-address}
  • R1(config-server-tacacs)#key {key}
  • You can configure redundancy here as well with the same commands
  • R1(config-radius-server)#aaa group server tacacs+ {group-name}
  • R1(config-sg-tacacs+)#server name {server-name}
    • Don’t forget to include the other server here if you’ve added it for redundancy
  • R1(config-sg-tacacs+)#aaa authentication login default group {group-name} local
23
Q

What does NTP stand for?

A

Network Time Protocol

24
Q

How do you configure a device to be an NTP Client?

A
  • R1(config)#clock timezone {timezone} {- how many hours it’s behind UTC}
    • Example: clock timezone PST -8
  • R1(config)#ntp server {ip-address-of-NTP-server}
25
Q

What commands would you use to verify NTP?

A
  • R1#show clock
  • R1#show ntp status

CCNA 200-301 (25 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions