Network Security (Version 1.0) Modules 5 – 7: Monitoring and Managing Devices Group Exam Answers
1. Which privilege level is predefined for the privileged EXEC mode?
- level 0
- level 1
- level 15
- level 16
2. What is a requirement to use the Secure Copy Protocol feature?
- At least one user with privilege level 1 has to be configured for local authentication.
- A command must be issued to enable the SCP server side functionality.
- A transfer can only originate from SCP clients that are routers.
- The Telnet protocol has to be configured on the SCP server side.
3. Which three items are prompted for a user response during interactive AutoSecure setup? (Choose three.)
- IP addresses of interfaces
- content of a security banner
- enable secret password
- services to disable
- enable password
- interfaces to enable
4. Which syslog message type is accessible only to an administrator and only via the Cisco CLI?
5. Refer to the exhibit. What two statements describe the NTP status of the router? (Choose two.)
- The router is serving as an authoritative time source.
- The software clock for the router must be configured with the set clock command so that NTP will function properly.
- The router is attached to a stratum 2 device.
- The router is serving as a time source for the device at 192.168.1.1.
- The IP address of the time source for the router is 192.168.1.1.
6. An administrator needs to create a user account with custom access to most privileged EXEC commands. Which privilege command is used to create this custom account?
- privilege exec level 15
- privilege exec level 0
- privilege exec level 1
- privilege exec level 2
7. A network administrator is analyzing the features supported by the multiple versions of SNMP. What are two features that are supported by SNMPv3 but not by SNMPv1 or SNMPv2c? (Choose two.)
- message encryption
- community-based security
- SNMP trap mechanism
- message source validation
- bulk retrieval of MIB information
8. A network administrator is configuring an AAA server to manage TACACS+ authentication. What are two attributes of TACACS+ authentication? (Choose two.)
- TCP port 40
- encryption for all communication
- single process for authentication and authorization
- UDP port 1645
- encryption for only the password of a user
- separate processes for authentication and authorization
9. What are two characteristics of the RADIUS protocol? (Choose two.)
- encryption of the entire body of the packet
- encryption of the password only
- the use of UDP ports for authentication and accounting
- the separation of the authentication and authorization processes
- the use of TCP port 49
10. What is the one major difference between local AAA authentication and using the login local command when configuring device access authentication?
- The login local command requires the administrator to manually configure the usernames and passwords, but local AAA authentication does not.
- Local AAA authentication allows more than one user account to be configured, but login local does not.
- Local AAA authentication provides a way to configure backup methods of authentication, but login local does not.
- The login local command uses local usernames and passwords stored on the router, but local AAA authentication does not.
11. Which two UDP port numbers may be used for server-based AAA RADIUS authentication? (Choose two.)
12. Which command will move the show access-lists command to privilege level 14?
- router(config)# privilege level 14 command show access-lists
- router(config)# privilege exec level 14 show access-lists
- router(config)# set privilege level 14 show access-lists
- router(config)# show access-lists privilege level 14
13. Which authentication method stores usernames and passwords in the router and is ideal for small networks?
- server-based AAA over TACACS+
- local AAA over RADIUS
- server-based AAA
- local AAA over TACACS+
- local AAA
- server-based AAA over RADIUS
14. What are three characteristics of superviews in the Cisco role-based CLI access feature? (Choose three.)
- A user uses the command enable view superview-name to enter a superview.
- A user uses a superview to configure commands inside associated CLI views.
- Commands cannot be configured for a superview.
- Level 15 privilege access is used to configure a new superview.
- Deleting a superview does not delete the associated CLI views.
- A single CLI view can be shared within multiple superviews.
15. A student is learning about role-based views and role-based view configurations. The student enters the Router(config)# parser view TECH-view command. What is the purpose of this command?
- to create a CLI view named TECH-view
- to enter the superview named TECH-view
- to check the current setup of the CLI view named TECH-view
- to enter the CLI view named TECH-view
16. Refer to the exhibit. A student uses the show parser view all command to see a summary of all views configured on router R1. What is indicated by the symbol * next to JR-ADMIN?
- It is a root view.
- It is a CLI view without a command configured.
- It is a superview.
- It is a CLI view.
17. What are two characteristics of the Cisco IOS Resilient Configuration feature? (Choose two.)
- It maintains a mirror image of the configuration file in RAM.
- It sends a backup copy of the IOS image to a TFTP server.
- It saves a secure copy of the primary image and device configuration that cannot be removed by a user.
- It minimizes the downtime of a device that has had the image and configuration deleted.
- It is a universal feature that can be activated on all Cisco devices.
18. What IOS privilege levels are available to assign for custom user-level privileges?
- levels 1 through 15
- levels 0, 1, and 15
- levels 2 through 14
- levels 0 and 1
19. Refer to the exhibit. What information in the syslog message identifies the facility?
- Loading Done
- level 5
20. What is the biggest issue with local implementation of AAA?
- Local implementation supports only TACACS+ servers.
- Local implementation cannot provide secure authentication.
- Local implementation does not scale well.
- Local implementation supports only RADIUS servers.
21. Which task is necessary to encrypt the transfer of data between the ACS server and the AAA-enabled router?
- Configure the key exactly the same way on the server and the router.
- Specify the single-connection keyword.
- Create a VPN tunnel between the server and the router.
- Use identical reserved ports on the server and the router.
22. Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?
- CLI view, containing SHOWVIEW and VERIFYVIEW commands
- superview, containing SHOWVIEW and VERIFYVIEW views
- secret view, with a level 5 encrypted password
- root view, with a level 5 encrypted secret password
23. A student is learning role-based CLI access and CLI view configurations. The student opens Packet Tracer and adds a router. Which command should be used first for creating a CLI view named TECH-View?
- Router# enable view
- Router(config)# aaa new-model
- Router# enable view TECH-view
- Router(config)# parser view TECH-view
24. A network engineer is implementing security on all company routers. Which two commands must be issued to force authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area of the company network? (Choose two.)
- area 0 authentication message-digest
- ip ospf message-digest-key 1 md5 1A2b3C
- username OSPF password 1A2b3C
- enable password 1A2b3C
- area 1 authentication message-digest
25. Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
26. Which AAA component can be established using token cards?
27. What is the primary function of the aaa authorization command?
- permit AAA server access to AAA client services
- limit authenticated user access to AAA client services
- permit authenticated user access to AAA client services
- limit AAA server access to AAA client services