Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CCNA > SSH > Flashcards

SSH Flashcards

1
Q

T/F: By default, no password is needed to access the CLI of a Cisco device via console port

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

T/F: By default, the password needed to access the Cisco CLI is ‘password’

A

F

By default, there is no password needed to access the CLI via console port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

T/F: You can configure a password on the console line, which means that a user will have to enter a password to access the CLI via console port

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How many console lines are there on a Cisco IOS device

A

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the series of commands to enable a password for the CLI via console port

A

line console 0

password {password}

login

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the series of commands to require users to login using a configured username on the console port

A

username {username} secret {password}

line console 0

login local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the command to log a user out after a certain amount of inactivity on a console line

A

exec-timeout {mins} {seconds}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

T/F: You can assign an IP address to an SVI to allow remote connections to the switch CLI

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

T/F: You can only assign an IP address for remote switch management on L3 switches

A

F

You can assign an IP address to an SVI on L2 only switches to facilitate remote SSH management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

T/F: You don’t need to configure a default gateway on a switch for remote SSH management

A

F

You should always configure a default gateway for this

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the command to assign a default gateway for an L2 Cisco Switch

A

ip default-gateway [ip-addr]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the series of commands to assign an IP address to an SVI

A

interface [svi]
ip address [ip-addr] [subnet-mask]
no shutdown

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

T/F: Telnet is more secure than SSH and should be used instead

A

F

Telnet is unencrypted and should never be used as it is a security risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

T/F: Telnet is unencrypted and should never be used for remote management

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

T/F: Telnet is insecure and should be disabled for network management

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the protocol and port which a telnet server listens for telnet traffic on

17
Q

List the series of commands for configuring Telnet access on a switch

A
  1. enable secret password
  2. username username secret password
  3. access-list 1 permit host host-ip
  4. line vty 0 15
  5. login local
  6. exec-timeout minutes seconds
  7. transport input telnet
  8. access-class 1 in
18
Q

What does VTY stand for

A

Virtual TeleType

19
Q

What is the command to specify which protocols are allowed to connect to a VTY line

A

transport input { telnet | ssh | telnet ssh | all | none }

20
Q

What is the difference between the access-class and ip access-group commands

A

access-class applies an ACL to VTY lines

ip access-group applies an ACL to an interface

21
Q

T/F: SSH is unencrypted and should never be used for remote switch management

22
Q

What protocol and port does SSH use

23
Q

T/F: Not all IOS versions support SSH, you should ensure that your version does before configuring SSH

A

T

IOS images that support SSH will have ‘K9’ in the version name.

24
Q

What is the command to view an overview of SSH information on a device

25
Q

T/F: Cisco IOS automatically generates RSA public and private key pairs for SSH on boot

A

F

This must be done manually as part of SSH configuration

26
Q

What is the series of actions required for configuring SSH RSA keys

A
  1. Configure domain name of the switch w/ FQDN
  2. Generate the RSA key
27
Q

What is the series of commands required for configuring SSH RSA keys

A
  1. ip domain name fqdn
  2. crypto key generate rsa modulus length (length must be > 768 bits)
28
Q

What is the series of steps for configuring SSH access on a Cisco device

A
  1. Configure hostname
  2. Configure DNS domain name
  3. Generate RSA key pair
  4. Configure enable PW, username/PW
  5. Enable SSH (v2 only)
  6. Configure VTY lines
29
Q

What is the series of commands for configuring SSH access on a Cisco device

A
  1. ip default gateway
  2. line con 0
  3. line vty 0 15
  4. crypto key generate rsa
  5. ip ssh version 2
  6. login local
  7. transport input [protocols | all | none]
  8. exec-timeout minutes sec
  9. access-class acl in
30
Q

You issue the crypto key generate rsa command on a Cisco router, but the command is rejected. Which of the following might be the cause? (select multiple)

a) A host name hasn’t been configured
b) The ip ssh version 2 command hasn’t been configured
c) The transport input ssh command hasn’t been configured
d) Only switches can generate RSA keys
e) A DNS domain name hasn’t been configured
f) SSH version 1.99 is enabled

31
Q

Which of the following commands would allow both Telnet and SSH to be used to connect to the VTY lines of a device (select 2)

a) transport input default
b) transport input none
c) transport input telnet ssh
d) transport input all

32
Q

You want to allow only 192.168.1.1 to connect to R1 via SSH. Which configs need to be made to accomplish this?

A
  1. Create an ACL that only allows traffic on port 22 from 192.168.1.1
  2. Apply the ACL to all in traffic on all VTY lines
33
Q

Which of the following statements about SSH are true? (pick 2)

a) RSA keys are optional but recommended
b) K9 IOS images support SSH
c) SSH version 1.99 was released between version 1 and 2
d) SSH sends data in plain text
e) NPE IOS images support SSH
f) A key length of at least 768 bits is required for SSHv2

34
Q

A network admin using PC1 is remotely configuring SW1 by connecting to the CLI of SW1 via SSH. What is the role of SW1 in this situation?

a) SSH peer
b) SSH server
c) SSH client
d) None of the above

35
Q

You want to configure SSH for incoming VTY connections on a router with the host name Router1. Router1 is running a K9 IOS image but has not yet been configured with a domain name or RSA key pair. In addition, the VTY lines are not yet configured to accept incoming SSH connections.

You issue the crypto key generate rsa command from global configuration mode.

Which of the following messages will you most likely receive?

a) The name for the keys will be:
b) Please define a domain-name first
c) Please create RSA keys to enable SSH
d) Please define a hostname other than Router
e) Please enable SSH version 2

36
Q

Which of the following commands automatically enables SSH on a router?

a) enable secret
b) no transport input telnet
c) crypto key zeroize rsa
d) transport input ssh
e) crypto key generate rsa

A

e) crypto key generate rsa

37
Q

What is the command to remove RSA keys from a router?

A

crypto key zeroize rsa

38
Q

You’ve done zero SSH setup on a new router so far. You issue the ip ssh time-out 60 command, what is the message you are likely to receive?

A

Please create RSA keys to enable SSH

CCNA (38 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions