Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cisco CCNP ENCOR > Config AAA, CoPP, SSH > Flashcards

Config AAA, CoPP, SSH Flashcards

1
Q

What are the commands to set a password on a router’s console port (two commands)?

A

Router(config)# line console 0
Router(config-line)# password {the-password}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the commands to set a password on a router’s auxiliary port (two commands)?

A

Router(config)# line aux 0
Router(config-line)# password {the-password}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the commands to set a password on a router’s ssh/telnet ports (two commands)?

A

Router(config)# line vty 0 4
Router(config-line)# password {the-password}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the command to create a local username and password on a router?

A

Router(config)# username {user} [privilege {0-15}] algorithm-type {md5 | sha256 | scrypt} secret {the-password}

Example:
Router(config)# username adminxx privilege 15 algorithm-type sha256 secret p@$$W0rd!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the command to specific use of the local username and password for logging into a telnet or ssh session?

A

Router(config-line)# login local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the command to set a session timeout on a telnet/ssh port?

A

Router(config)# line vty 0 4
Router(config-line)# exec-timeout {number in minutes}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the commands to setup SSH on a router including local login? (7 commands)

A

Router(config)# username {user} password {password}
Router(config)# ip domain-name {domain.com}
Router(config)# crypto key generate rsa modulus {bits}
Router(config)# ip ssh version 2
Router(config)# line vty 0 4
Router(config-line)# transport input ssh
Router(config-line)# login local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When configuring privilege levels for a user account, what do the built-in privilege levels 0, 1, and 15 mean?

A

0 - only allows five commands: logout, enable, disable, help and exit.
1 - read only and “ping”
15 - full access to all commands

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the command to set a CLI command to a custom privilege level?

A

Router(config)# privilege {mode-name} level {#} {command}

Examples:
Router(config)# privilege exec level 5 configure terminal
Router(config)# privilege configure level 5 interface
Router(config)# privilege interface level 5 shutdown

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When configuring privilege levels for a user account, what do levels 2 through 14 do?

A

Privilege 2 through 14 are custom configurable levels. In theory the higher levels would have more access but this depends on what was configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What command enables AAA services on a Cisco device?

A

Router1(config)# aaa new-model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the commands to set a TACACS server on a Cisco device?
(3 commands)

A

Router1(config)# tacacs server NAME
Router1(config-server-tacacs)# address ipv4 {ip-address}
Router1(config-server-tacacs)# key {key-string}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the commands to create a TACACS server group?
(2 commands)

A

Router1(config)# aaa group server tacacs+ GROUP-NAME
Router1(config-sg-tacacs+)# server name SERVER-NAME

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the command to set AAA authentication to look at the TACACS group for all interface types (con, aux, vty)?

A

Router1(config)# aaa authentication login default group GROUP-NAME [local]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the command to set AAA authorization for exec mode to look at the TACACS group for all interface types (con, aux, vty)?

A

Router1(config)# aaa authorization exec default group TACACS-GRP1 [if-authenticated]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the command to set AAA authorization for privileged exec mode to look at the TACACS group for all interface types (con, aux, vty)?

A

Router1(config)# aaa authorization enable default group TACACS-GRP1 [local] [enable]

17
Q

What are the 3 main pieces of MQC?

A
  • Class-Map: identify traffic
  • Policy-Map: take action/police traffic
  • Service-Policy: where to apply the policy (for CoPP its the control plane)
18
Q

What are the commands to create a class-map and match on an ACL that was created named ICMP_ACL? (2 commands)

A

Router(config)# class-map match-any CLASS_NAME
Router(config-cmap)# match access-group name ACL_NAME

19
Q

What is the command to create a policy map?

A

R1(config)# policy-map POLICY_NAME

20
Q

What is are the commands to add treatment to a class-map inside a policy map?

A

R1(config-pmap)# class CLASS_NAME
R1(config-pmap-c)# police {target-bps} conform-action {action} exceed-action {action} violate-action {action}

Example:

R1(config-pmap)# class ICMP_CLASS
R1(config-pmap-c)# police 8000 conform-action transmit exceed-action drop violate-action drop

21
Q

What are the commands to apply the policy map to the control plane on a Cisco device? (2 commands)

A

R1(config)# control-plane
R1(config-cp)# service-policy input POLICY_NAME

22
Q

What command can you use to verify the service policy applied to a control plane?

A

R1# show policy-map control-plane input

Cisco CCNP ENCOR (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions