CCNA Security - Chapter 2 Exam Answers 2014
1. Refer to the exhibit. What two pieces of information can be gathered from the generated message? (Choose two.)
Answer:
* This message is a level five notification message.
* This message indicates that service timestamps have been globally enabled.
2. By default, how many seconds of delay between virtual login attempts is invoked when the login block-for command is configured?
Answer:
* one
3. Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail command on R2? (Choose two.)
Answer:
* Router R1 is the master, and R2 is the client.
* The IP address of R1 is 192.168.1.2.
4. What are two characteristics of the SDM Security Audit wizard? (Choose two.)
Answer:
* It displays a screen with Fix-it check boxes to let you choose which potential security-related configuration changes to implement.
* It requires users to first identify which router interfaces connect to the inside network and which connect to the outside network.
5. If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.)
Answer:
* assign a secret password to the view
* assign commands to the view
* create a view using the parser viewview-name command
6. Refer to the exhibit. Which statement regarding the JR-Admin account is true?
Answer:
* JR-Admin can issue ping and reload commands.
7. Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode?
Answer:
* Locate the router in a secure locked room that is accessible only to authorized personnel.
8. Which three options can be configured by Cisco AutoSecure? (Choose three.)
Answer:
* CBAC
* security banner
* enable secret password
9. Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?
Answer:
* superview, containing SHOWVIEW and VERIFYVIEW views
10. Which three services on a router does Cisco SDM One-Step Lockdown enable? (Choose three.)
Answer:
* SSH access to the router
* password encryption service
* firewall on all outside interfaces
11. An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.)
Answer:
* configure the IP domain name on the router
* generate the SSH keys
* enable inbound vty SSH sessions
12. Which statement describes the operation of the Cisco SDM Security Audit wizard?
Answer:
* The wizard compares a router configuration against recommended settings.
13. An administrator needs to create a user account with custom access to most privileged EXEC commands. Which privilege command is used to create this custom account?
Answer:
* privilege exec level 2
14. Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)
Answer:
* physical security
* operating system security
* router hardening
15. Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack?
Answer:
* CDP
16. Which two operations are required to implement Cisco SDM One-Step Lockdown? (Choose two.)
Answer:
* Choose the One-Step Lockdown feature.
* Deliver the configuration changes to the router.
17. Which statement matches the CLI commands to the SDM wizard that performs similar configuration functions?
* auto secure privileged EXEC command and the SDM One-Step Lockdown wizard
18. Refer to the exhibit. What is the significance of secret 5 in the generated output?
Answer:
* The ADMIN password is hashed using MD5.
19. Which three commands are required to restore a primary bootset from a secure archive on a router on which Cisco IOS resilience is enabled? (Choose three.)
Answer:
* Restart the router in ROM monitor mode and display the secure bootset Cisco IOS image name using the dir command.
* Boot the secure bootset Cisco IOS image using the boot command with the filename.
* Restore the secure configuration file using the secure boot-config restore filename command.
20. Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console?
Answer:
* R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login local
21. Refer to the exhibit. Which two statements describe the current SDM logging setup? (Choose two.)
Answer:
* All messages with a trap level of 4 and lower (more critical) will be logged.
* The syslog server IP address is 192.168.1.3.
22. What are two characteristics of SNMP community strings? (Choose two.)
Answer:
* SNMP read-only community strings can be used to get information from an SNMP-enabled device.
* SNMP read-write community strings can be used to set information on an SNMP-enabled device.
23. What is the minimum recommended modulus key length for keys generated to use with SSH?
Answer:
* 1024
24. Which two characteristics apply to Role-Based CLI Access superviews? (Choose two.)
Answer:
* Users logged in to a superview can access all commands specified within the associated CLI views.
* Commands cannot be configured for a specific superview.
25. Refer to the exhibit. What two facts can be determined from the output? (Choose two.)
Answer:
* The Cisco IOS image and configuration files have been properly secured.
* The Cisco IOS Resilient Configuration feature is enabled.
26. What are three requirements that must be met if an administrator wants to maintain device configurations via secure in-band management? (Choose three.)
Answer:
* network devices configured to accommodate SSH
* encryption of all remote access management traffic
* connection to network devices through a production network or the Internet
* direct access to the console ports of all network devices
Sumber : http://ccna-exam-answers-final.blogspot.com/2013/08/ccna-security-chapter-2-exam-answers.html
blog.ceaster.com - www.ceaster.com Ceaster Corp
Posts
