Network Security 1.0 Modules 5-7 Monitoring and Managing Devices Group Exam Answers PDF

Preview

Summary

Network Security ( Version 1) – Network Security Modules Modules 5 – 7:Monitoring and Managing Devices Group Exam Answers1. Which privilege level is predefined for the privileged EXEC mode? level 0 level 1  level 15 level 16 Explanation: Privileged EXEC mode (privilege level 15) is reserved for ...

Description

Network Security ( Version 1) – Network Security Modules Modules 5 – 7: Monitoring and Managing Devices Group Exam Answers

1. Which privilege level is predefined for the privileged EXEC mode? l ev el0 l ev el1  level 15 l ev el16 Explanation: Pr i v i l egedEXECmode( pr i vi l egel ev el15)i sr es er v edf ort heenabl emodepr i vi l eges( al lenabl el ev el commands ) .Us er scanchangeconfi gur at i onsandv i ewconfigur at i onfi l es. 2. What is a requirement to use the Secure Copy Protocol feature?  Atl eastoneus erwi t hpr i vi l egel ev el 1hast obeconfi gur edf orl ocalaut hent i cat i on.  A command must be issued to enable the SCP server side functionality.  At r ans f erc anonl yor i gi nat ef r om SCPcl i ent st hatar er out er s .  TheTel netpr ot ocolhast obec onfigur edont heSCPs er v ersi de. Explanation: TheSecur eCopyPr ot ocol f eat ur er el i esonSSHandr equi r est hatAAAaut hent i cat i onand aut hor i zat i onbeconfigur edsot hatt her out ercandet er mi newhet hert heuserhast hecor r ectpr i v i l egel ev el .Forl ocal aut hent i cat i on,atl eas toneus erwi t hpr i vi l egel ev el15hast obec onfigur ed.Tr ansf er scanor i gi nat ef r om anySCP c l i entwhet hert hatcl i enti sanot herr out er ,swi t ch,orwor k st at i on.Thei ps cps er v erenabl ecommandhast obei ssued t oenabl et heSCPs er v ersi def unc t i onal i t y . 3. Which three items are prompted for a user response during interactive AutoSecure setup? (Choose three.) I Paddr es sesofi nt er f aces  content of a security banner  enable secret password s er vi cest odi sabl e  enable password i nt er f acest oenabl e Explanation: Dur i ngAut oSecur es et up,t hef ol l owi ngst epsoccur : –Theaut osecur ecommandi sent er ed. –Thewi z ar dgat her si nf or mat i onaboutt heout si dei nt er f aces . –Aut oSec ur esecur est hemanagementpl acebydi s abl i ngunnecess ar ys er vi ces . –Aut oSec ur epr ompt sf oras ec ur i t ybanner . –Aut oSec ur epr ompt sf orpass wor dsandenabl espas swor dandl ogi nf eat ur es . –I nt er f acesar esecur ed. –Thef or war di ngpl anei ss ec ur ed. 4. Which syslog message type is accessible only to an administrator and only via the Cisco CLI?  er r or s  al er t s  debugging  emer genc y Explanation: Sys l ogmessagescanbesentt ot hel oggi ngbuffer ,t hec onsol el i ne,t het er mi nall i ne,ort oas ys l og s er v er .Howev er ,debugl ev elmess agesar eonl yf or war dedt ot hei nt er nalbufferandonl yaccess i bl et hr ought he Ci s coCLI .

5. Refer to the exhibit. What two statements describe the NTP status of the router? (Choose two.)

 Ther out eri sser v i ngasanaut hor i t at i v et i mesour c e.  Thesof t war ec l ockf ort her out ermustbeconfigur edwi t ht hesetcl ockcommands ot hatNTPwi l lf unct i on pr oper l y .  The router is attached to a stratum 2 device.  Ther out eri sser v i ngasat i mesour cef ort hedevi ceat192. 168. 1. 1.  The IP address of the time source for the router is 192.168.1.1. Explanation: Thes hownt pst at uscommanddi s pl ay si nf or mat i onabouthowNTPi soper at i ngont hedevi c e.The out putshowst hatt her out erc l ocki ss ynchr oni z edwi t ht heNTPser v erwi t ht headdr essof192. 168. 1. 1.NTPi s hi er ar chi cal .Ther out eri sas t r at um 3devi c e,t her ef or ei t ’ st i mes our cei sas t r at um 2devi ce.Aut hor i t at i v et i me s our cesi nt heNTPs y st em ar el ocat edatst r at um 0. 6. An administrator needs to create a user account with custom access to most privileged EXEC commands. Which privilege command is used to create this custom account?  pr i vi l egeex ecl ev el 15  pr i vi l egeex ecl ev el 0  pr i vi l egeex ecl ev el 1  privilege exec level 2 Explanation: I nCi scoI OSs of t war e,t her ear e16pr i v i l egel ev el s: Level 0 :Pr edefinedf oruser l ev elaccesspr i vi l eges . Level 1 :Thedef aul tl ev elf orl ogi nwi t ht her out erpr omptRout er >. Levels 2 -14 :Maybecust omi z edf orus er l ev elpr i v i l eges .Commandsf r om l owerl ev el smaybemov edupt o anot herhi gherl ev el ,orcommandsf r om hi gherl ev el smaybemov eddownt oal owerl ev el . Level 15 :Reser v edf ort heenabl emodepr i v i l eges( enabl ecommand) . Toconfi gur eapr i vi l egel ev elwi t hs peci fi cc ommandsf orac ust omi z eduserl ev el ,uset heprivilege exec level l ev el[ command ],wher el ev elc oul dbebet ween2t o14. 7. A network administrator is analyzing the features supported by the multiple versions of SNMP. What are two features that are supported by SNMPv3 but not by SNMPv1 or SNMPv2c? (Choose two.)  message encryption  communi t y basedsecur i t y  SNMPt r apmechani sm  message source validation  bul kr et r i ev alofMI Bi nf or mat i on Explanation: SNMPv 3pr ovi desmessagei nt egr i t yt oens ur et hatapack etwasnott amper edwi t hand aut hent i cat i ont odet er mi nei ft hemess agei sf r om av al i ds our ce.SNMPv3al sos uppor t smess ageencr y pt i on. SNMPv1andSNMPv2donotsuppor tmessageenc r y pt i on,butdosuppor tcommuni t yst r i ngs .SNMPv2csuppor t s bul kr et r i ev aloper at i on.Al lSNMPv er s i onss uppor tt heSNMPt r apmechani s m. 8. A network administrator is configuring an AAA server to manage TACACS+ authentication. What are two attributes of TACACS+ authentication? (Choose two.)  TCPpor t40  encryption for all communication s i ngl epr ocessf oraut hent i cat i onandaut hor i zat i on  UDPpor t1645  encr y pt i onf oronl yt hepass wor dofauser  separate processes for authentication and authorization Explanation: TACACS+aut hent i cat i oni ncl udest hef ol l owi ngat t r i but es: Separ at esaut hent i cat i onandaut hor i z at i onpr ocess es

Encr y pt sal l communi cat i on,notj us tpass wor ds Ut i l i z esTCPpor t49 9. What are two characteristics of the RADIUS protocol? (Choose two.)  encr y pt i onoft heent i r ebodyoft hepack et  encryption of the password only  the use of UDP ports for authentication and accounting t hes epar at i onoft heaut hent i cat i onandaut hor i z at i onpr ocess es t heuseofTCPpor t49 Explanation: RADI USi sanopenst andar dAAApr ot ocolusi ngUDPpor t1645or1812f oraut hent i cat i onandUDP por t1646or1813f oraccount i ng.I tcombi nesaut hent i cat i onandaut hor i zat i oni nt oonepr ocess . 10. What is the one major difference between local AAA authentication and using the login local command when configuring device access authentication?  Thel ogi nl ocalcommandr equi r est headmi ni st r at ort omanual l yconfi gur et heuser namesandpass wor ds, butl ocalAAAaut hent i cat i ondoesnot .  LocalAAAaut hent i cat i onal l owsmor et hanoneuseraccountt obeconfigur ed,butl ogi nl ocaldoesnot .  Local AAA authentication provides a way to configure backup methods of authentication, but login local does not.  Thel ogi nl ocalcommandus esl ocal us er namesandpas swor dss t or edont her out er ,butl ocalAAA aut hent i cat i ondoesnot . Explanation: LocalAAAaut hent i cat i onwor k sv er ysi mi l art ot hel ogi nl ocalcommand,ex ceptt hati tal l owsy out o s peci f yback upaut hent i cat i onmet hodsaswel l .Bot hmet hodsr equi r et hatl ocaluser namesandpass wor dsbe manual l yconfigur edont her out er . 11. Which two UDP port numbers may be used for server-based AAA RADIUS authentication? (Choose two.)  1812  1645  1813  1646  49 Explanation: RADI USaut hent i cat i onandaccount i ngut i l i z et hef ol l owi ngUDPpor tnumber s : UDPpor t1645or1812f oraut hent i cat i on UDPpor t1646or1813f oraccount i ng TACACS+usesTCPpor t49. 12. Which command will move the show access-lists command to privilege level 14? r out er ( config) #pr i v i l egel ev el 14commandshowaccess l i st s  router(config)# privilege exec level 14 show access-lists r out er ( config) #s etpr i vi l egel ev el14showaccess l i st s r out er ( config) #s howacces sl i s t spr i v i l egel ev el14 Explanation: Toconfigur eapr i v i l egel ev elwi t hs peci ficcommands,us et heprivilege exec level level [ command ]. 13. Which authentication method stores usernames and passwords in the router and is ideal for small networks? s er v er bas edAAAov erTACACS+ l ocalAAAov erRADI US s er v er bas edAAA l ocalAAAov erTACACS+ l ocalAAA s er v er bas edAAAov erRADI US Explanation: I nasmal lnet wor kwi t haf ewnet wor kdevi c es ,AAAaut hent i cat i oncanbei mpl ement edwi t ht hel ocal dat abas eandwi t huser namesandpass wor dss t or edont henet wor kdev i ces.Aut hent i cat i onus i ngt heT ACACS+or RADI USpr ot ocolwi l lr equi r ededi cat edACSs er v er sal t hought hi saut hent i cat i ons ol ut i ons cal eswel li nal ar ge net wor k . 14. What are three characteristics of superviews in the Cisco role-based CLI access feature? (Choose three.)  Auserusest hecommandenabl evi ews uper v i ewnamet oent erasuper vi ew.  Auserusesas uper v i ewt oconfi gur ecommandsi ns i deass oc i at edCLIv i ews.

 Commands cannot be configured for a superview.  Lev el15pr i vi l egeaccessi sus edt oconfi gur eanews uper v i ew.  Deleting a superview does not delete the associated CLI views.  A single CLI view can be shared within multiple superviews. Explanation: Ci scor ol ebas edSuper v i ewshav esev er al spec i ficchar act er i st i cs: –As i ngl eCLIv i ewcanbes har edwi t hi nmul t i pl es uper v i ews . –Commandscannotbeconfigur edf orasuper v i ew.Anadmi ni st r at ormustaddcommandst ot heCLIvi ewandadd t hatCLIv i ewt ot hesuper v i ew. –Us er swhoar el oggedi nt oas uper v i ewcanac ces sal lt hecommandst hatar econfi gur edf oranyoft heCLIv i ews t hatar epar toft hesuper v i ew. –Eachs uper v i ewhasapass wor dt hati susedt oswi t chbet weens uper vi ewsorf r om aCLIvi ewt oas uper v i ew. –Del et i ngasuper vi ewdoesnotdel et et heas soci at edCLIv i ews .TheCLIvi ewsr emai nav ai l abl et obeass i gnedt o anot hers uper v i ew. –Onl yar ootvi ewusercanconfi gur eanewv i ewandaddorr emov ecommandsf r om t heexi st i ngv i ews. 15. A student is learning about role-based views and role-based view configurations. The student enters the Router(config)# parser view TECH-view command. What is the purpose of this command?  to create a CLI view named TECH-view t oent ert hesuper vi ewnamedTECHvi ew t ocheckt hecur r entset upoft heCLIvi ewnamedTECHv i ew t oent ert heCLIv i ewnamedTECHvi ew Explanation: ThecommandRout er ( config) #parser view [ view-name ] i susedt oc r eat eanewCLIvi ew.The commandRout er ( config) #parser view [ view-name ] superview i sus edt ocr eat eanewsuper vi ewvi ew. 16. Refer to the exhibit. A student uses the show parser view all command to see a summary of all views configured on router R1. What is indicated by the symbol * next to JRADMIN?

I ti sar ootv i ew. I ti saCLIv i ewwi t houtacommandconfigur ed.  It is a superview. I ti saCLIv i ew. Explanation: Fr om t her ootvi ew,anet wor kadmi ni s t r at orc ans eeas ummar yofal lr ol ebasedvi ewsbyusi ng t heshow parser view all command.Anast er i ski dent i fiesasuper v i ew. 17. What are two characteristics of the Cisco IOS Resilient Configuration feature? (Choose two.) I tmai nt ai nsami r r ori mageoft heconfi gur at i onfi l ei nRAM. I ts endsabackupcopyoft heI OSi maget oaTFTPser v er .  It saves a secure copy of the primary image and device configuration that cannot be removed by a user.

 It minimizes the downtime of a device that has had the image and configuration deleted. I ti sauni v er salf eat ur et hatcanbeact i v at edonal lCi s codevi ces . Explanation: TheCi s coI OSResi l i entConfigur at i ons t or esas ecur ecopyoft hepr i mar yi magefi l eanddev i ce configur at i on.Thesesecur efil escannotber emov edbyaus er .I t smai nf unct i oni st ospeedupt her ecov er yt i mei fa devi cehasbeencompr omi s edandt hei magefil eandt hedevi ceconfi gur at i onhav ebeendel et ed.Thi sf eat ur ei sonl y av ai l abl eonpl at f or mst hats uppor taPCMCI AATAdi skwi t henoughst or agespace. 18. What IOS privilege levels are available to assign for custom user-level privileges? l ev el s1t hr ough15 l ev el s0,1,and15 l ev el s2t hr ough14 l ev el s0and1 Explanation: Ther ear e16pr i vi l egel ev el st hatcanbeappl i edt ouseraccount s .Lev el s0,1,and15hav e pr edefi nedset t i ngs.Thi sl eav esl ev el s2t hr ough14av ai l abl ef orcr eat i ngc ust om l ev el sofaccess . 19. Refer to the exhibit. What information in the syslog message identifies the facility?

 ADJCHG  Loadi ngDone  OSPF l ev el5 Explanation: Thef aci l i t yi sas er vi cei dent i fierusedt ocat egor i z eandi dent i f yt hemes sagesbei nggener at edbya devi ceus i ngs ys l og.Thef aci l i t yofOSPFi dent i fiest hi ss y sl ogmes sageasbei ngf r om t heOSPFpr ot ocol .Lev el5i s t hes ev er i t yl ev eloft hi smessage.ADJCHG i st hemnemoni ct odescr i bet heact i onoccur r i ng.Loadi ngDonei spar tof t hedesc r i pt i onoft heev entt hatocc ur r ed. 20. What is the biggest issue with local implementation of AAA?  Locali mpl ement at i ons uppor t sonl yTACACS+ser v er s .  Locali mpl ement at i onc annotpr ov i des ec ur eaut hent i cat i on.  Local implementation does not scale well.  Locali mpl ement at i ons uppor t sonl yRADI USser v er s. Explanation: Oneoft hepur posesofAAAi st opr ovi des ec ur eaut hent i cat i ont onet wor kdevi ces .Local i mpl ement at i ondoesnotus eRADI USorTACACS+ser v er s .I tr el i esonal ocal dat abaset oaut hent i cat eal luser s. Thi scanbeapr obl em i nanet wor kt hathasmanydevi ceswi t hhundr edsofuser sormor e. 21. Which task is necessary to encrypt the transfer of data between the ACS server and the AAA-enabled router?  Configure the key exactly the same way on the server and the router.  Spec i f yt hes i ngl econnec t i onk eywor d.  Cr eat eaVPNt unnel bet weent hes er v erandt her out er .  Us ei dent i calr es er v edpor t sont hes er v erandt her out er . Explanation: Thekey commandi sus edt oconfigur et hes har edsecr etk eyt hati sus edf orenc r y pt i on.Thek ey mustbeconfigur edt heex acts amewayont her out erandont heACSs er v er .Thec r eat i onofaVPNt unneli s unnecess ar y .Nei t hert hec onfigur at i onofpor t snort heuseoft hesingle-connection commandhasanyeffecton encr y pt i on.

22. Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?

 CLIvi ew,cont ai ni ngSHOWVI EW andVERI FYVI EW commands  superview, containing SHOWVIEW and VERIFYVIEW views s ec r etv i ew,wi t hal ev el 5encr ypt edpas swor d r ootvi ew,wi t hal ev el 5encr ypt eds ec r etpass wor d Explanation: Thes uper v i ewr ol ebas edCLIvi ewnamedSUPPORThasbeenconfigur edont her out er .The SUPPORTsuer vi ewconsi st soft woCLIvi ewscal l edSHOWVI EW andVERI FYVI EW. 23. A student is learning role-based CLI access and CLI view configurations. The student opens Packet Tracer and adds a router. Which command should be used first for creating a CLI view named TECH-View?  Rout er #enabl evi ew  Router(config)# aaa new-model  Rout er #enabl evi ewTECHvi ew  Rout er ( config) #par servi ewTECHvi ew Explanation: Bef or eanadmi ni st r at orc anc r eat eav i ewf orr ol ebas edCLIaccess ,AAAmustbeenabl edusi ngt he aaanewmodelcommand. 24. A network engineer is implementing security on all company routers. Which two commands must be issued to force authentication via the password 1A2b3C for all OSPFenabled interfaces in the backbone area of the company network? (Choose two.)  area 0 authentication message-digest  ip ospf message-digest-key 1 md5 1A2b3C  user nameOSPFpas swor d1A2b3C  enabl epas swor d1A2b3C  ar ea1aut hent i cat i onmess agedi gest Explanation: Thet wocommandst hatar enecess ar yt oconfigur eaut hent i cat i onvi at hepass wor d1A2b3Cf oral l OSPFenabl edi nt er f acesi nt hebackbonear ea( Ar ea0)oft hecompanynet wor kwoul dbei pos pfmess agedi ges t k ey1md51A2b3Candar ea0aut hent i cat i onmes sagedi ges t .Theopt i onar ea1aut hent i cat i onmes sagedi ges ti s i ncor r ectbecausei tr ef er st oAr ea1,notAr ea0.Theopt i onenabl epass wor d1A2b3Ci si ncor r ectbecausei twoul d s ett hepr i vi l egedEXECmodepas swor di nst eadoft heOSPFaut hent i cat i onpass wor d.Theopt i onus er nameOSPF pass wor d1A2b3Ci sr equi r edt oc r eat eaus er namedat abasei nar out er ,whi chi snotr equi r edwi t hOSPF aut hent i cat i on. 25. Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?  access i bi l i t y  account i ng  audi t i ng  aut hent i cat i on  authorization Explanation: Oneoft hecomponent si nAAAi saut hor i zat i on.Af t erauseri saut hent i cat edt hr oughAAA, aut hor i zat i ons er vi cesdet er mi newhi c hr esour c est heusercanaccessandwhi c hoper at i onst heuseri sal l owedt o per f or m. 26. Which AAA component can be established using token cards?  account i ng  aut hor i zat i on  audi t i ng  authentication

Explanation: Theaut hent i cat i oncomponentofAAAi sest abl i shedus i nguser nameandpas swor dcombi nat i ons, c hal l engeandr es pons equest i ons ,andt ok encar ds .Theaut hor i zat i onc omponentofAAAdet er mi neswhi ch r es our cest heusercanac ces sandwhi c hoper at i onst heuseri sal l owedt oper f or m.Theaccount i ngandaudi t i ng componentofAAAk eepst r ackofhownet wor kr es our c esar eus ed. 27. What is the primary function of the aaa authorization command?  per mi tAAAs er v eraccesst oAAAc l i entser v i ces  limit authenticated user access to AAA client services  per mi taut hent i cat eduseraccesst oAAAc l i entser v i ces l i mi tAAAs er v eraccesst oAAAc l i entser v i ces Explanation: Aut hor i z at i oni sc oncer nedwi t hal l owi nganddi sal l owi ngaut hent i cat eduser saccesst ocer t ai nar eas andpr ogr amsont henet wor kaswel lass peci ficser v i ces.Cont r ol l i ngaccesst oc onfigur at i oncommandsgr eat l y s i mpl i fiest hei nf r as t r uct ur es ec ur i t yi nl ar geent er pr i s enet wor ks ....