Module 19 – Build a Small Cisco Network Quiz Answers

19.5.2 Module 19 – Build a Small Cisco Network Quiz Answers

1. Which connection provides a secure CLI session with encryption to a Cisco switch?

  • a console connection
  • an AUX connection
  • a Telnet connection
  • an SSH connection

Explanation: A CLI session using Secure Shell (SSH) provides enhanced security because SSH supports strong passwords and encryption during the transport of session data. The other methods support authentication but not encryption.

2. Which interface is the default SVI on a Cisco switch?

  • VLAN 1
  • GigabitEthernet 0/1
  • FastEthernet 0/1
  • VLAN 99

Explanation: An SVI is a virtual interface and VLAN 1 is enabled by default on Cisco switches. VLAN 99 must be configured to be used. FastEthernet 0/1 and GigabitEthernet 0/1 are physical interfaces.

3. On which switch interface would an administrator configure an IP address so that the switch can be managed remotely?

  • VLAN 1
  • vty 0
  • console 0
  • FastEthernet0/1

Explanation: Interface VLAN 1 is a virtual interface on a switch, called SVI (switch virtual interface). Configuring an IP address on the default SVI, interface VLAN 1, will allow a switch to be accessed remotely. The VTY line must also be configured to allow remote access, but an IP address cannot be configured on this line.

4. What is the effect of using the Router# copy running-config startup-config command on a router?

  • The contents of NVRAM will change.
  • The contents of ROM will change.
  • The contents of RAM will change.
  • The contents of flash will change.

Explanation: The command copy running-config startup-config copies the running-configuration file from RAM into NVRAM and saves it as the startup-configuration file. Since NVRAM is none-volatile memory it will be able to retain the configuration details when the router is powered off.

5. What is one difference between using Telnet or SSH to connect to a network device for management purposes?

  • Telnet supports a host GUI whereas SSH only supports a host CLI.
  • Telnet does not provide authentication whereas SSH provides authentication.
  • Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.
  • Telnet uses UDP as the transport protocol whereas SSH uses TCP.

Explanation: SSH provides security for remote management connections to a network device. SSH does so through encryption for session authentication (username and password) as well as for data transmission. Telnet sends a username and password in plain text, which can be targeted to obtain the username and password through data capture. Both Telnet and SSH use TCP, support authentication, and connect to hosts in CLI.

6. Refer to the exhibit. A network technician is statically assigning an IP address to a PC. The default gateway is correct. What would be a valid IP address to assign to the host?

Module 19 - Build a Small Cisco Network Quiz Answers 3


Explanation: In data communication, the default gateway device is involved only when a host needs to communicate with other hosts on another network. The default gateway address identifies a network device used by hosts to communicate with devices on remote networks. The IP address of the host and the default gateway address must be in the same network. With the default subnet mask, valid host IP addresses range from to

7. What happens when the transport input ssh command is entered on the switch vty lines?

  • The switch requires remote connections via a proprietary client software.
  • Communication between the switch and remote users is encrypted.
  • The switch requires a username/password combination for remote access.
  • The SSH client on the switch is enabled.

Explanation: The transport input ssh command when entered on the switch vty (virtual terminal lines) will encrypt all inbound controlled telnet connections.

8. Company policy requires using the most secure method to safeguard access to the privileged exec and configuration mode on the routers. The privileged exec password is trustknow1. Which of the following router commands achieves the goal of providing the highest level of security?

  • service password-encryption
  • enable secret trustknow1
  • enable password trustknow1
  • secret password trustknow1

Explanation: The command service password-encryption is used to encrypt and secure plain-text passwords configured on a router

9. Which command can be used to encrypt all passwords in the configuration file?

  • service password-encryption
  • password
  • enable secret
  • enable password

Explanation: The service password-encryption command entered under the global configuration mode will encrypt all system passwords and store them in the encrypted format in the running-config and startup-config files.

10. Refer to the exhibit. From global configuration mode, an administrator is attempting to create a message-of-the-day banner by using the command banner motd Authorized access only! Violators will be prosecuted!. When users log in using Telnet, the banner does not appear correctly. What is the problem?

Module 19 - Build a Small Cisco Network Quiz Answers 4

  • The banner message is too long.
  • The delimiting character appears in the banner message.
  • The symbol “!” signals the end of a banner message.
  • Message-of-the-day banners will only appear when a user logs in through the console port.

Explanation: To create a banner message of the day on a device, use the banner motd # the message of the day # global config command. The “#” in the command syntax is called the delimiting character. It is entered before and after the message. The delimiting character can be any character as long as it does not occur in the message.

Notify of

Inline Feedbacks
View all comments