1. At what point in the enterprise network are packets arriving from the internet examined prior to entering the network?
- campus core
- internet edge
- network edge
- WAN edge
2. What three configuration steps must be performed to implement SSH access to a router? (Choose three.)
- a password on the console line
- an IP domain name
- an encrypted password
- an enable mode password
- a unique hostname
- a user account
3. What is one difference between using Telnet or SSH to connect to a network device for management purposes?
- Telnet uses UDP as the transport protocol whereas SSH uses TCP.
- Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.
- Telnet does not provide authentication whereas SSH provides authentication.
- Telnet supports a host GUI whereas SSH only supports a host CLI.
4. Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)
- operating system security
- physical security
- router hardening
- zone isolation
- flash security
- remote access security
5. What is a good password recommendation for a Cisco router?
- Use the service password-encryption command to protect a password used to log into a remote device across the network.
- Use a minimum of 7 characters.
- Zeroize all passwords used.
- Use one or more spaces within a multiword phrase.
6. What is the purpose of using a banner message on a Cisco network device?
- It can provide more security by slowing down attacks.
- It can be used to create a quiet period where remote connections are refused.
- It is effective in deflecting threat actors from entering the device.
- It can protect the organization from a legal perspective.
7. A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection?
- direct access to the switch through the use of a terminal emulation program
- out-of-band access to a switch through the use of a virtual terminal with password authentication
- remote access to the switch through the use of a telephone dialup connection
- on-site access to a switch through the use of a directly connected PC and a console cable
- remote access to a switch where data is encrypted during the session
8. What command will prevent all unencrypted passwords from displaying in plain text in a configuration file?
- (config-line)# password secret
- (config)# enable secret Secret_Password
- (config)# enable password secret
- (config)# service password-encryption
- (config)# enable secret Encrypted_Password
9. A network administrator is issuing the login block-for 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent?
- a user who is trying to guess a password to access the router
- a worm that is attempting to access another part of the network
- an unidentified individual who is trying to access the network equipment room
- a device that is trying to inspect the traffic on a link
10. Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode?
- Configure secure administrative control to ensure that only authorized personnel can access the router.
- Locate the router in a secure locked room that is accessible only to authorized personnel.
- Provision the router with the maximum amount of memory possible.
- Keep a secure copy of the router Cisco IOS image and router configuration file as a backup.
- Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.
11. A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router?
- Cisco Nexus switch
- VPN gateway
- firewall
- Layer 2 switch with port security features enabled
12. Which type of access is secured on a Cisco router or switch with the enable secret command?
- virtual terminal
- AUX port
- privileged EXEC
- console line
13. What is a common security task performed when securing administrative access to a network infrastructure device?
- Disable discovery protocols for all user-facing ports.
- Enable at least two ports for remote access.
- Log and account for all access.
- Block local access.