49 Questions
What is the primary security feature of port-security on Cisco switches?
Restricting the number of valid MAC addresses on a port
When a Cisco router's interface is configured with NAT, what is the purpose of the overload keyword?
To allow multiple internal hosts to share a single public IP address
What does the service password-encryption command on a Cisco device do?
It encrypts passwords in the device's configuration file
Why might you use a named ACL instead of a numbered ACL on a Cisco router?
Named ACLs allow for easier management and readability
What is the purpose of using login local under the VTY lines configuration on a Cisco device?
To specify that the local username/password database should be used for authentication
In the context of Cisco IOS services, why would you disable HTTP and HTTPS services?
To reduce the attack surface by disabling unnecessary management interfaces
What is the primary purpose of network security?
To prevent unauthorized access and data breaches
Why is SSH preferred over Telnet for remote management?
Encryption of data in transit
What is the purpose of RBAC (Role-Based Access Control) in network devices?
Assign different access rights based on user roles
What should a secure password policy enforce?
A minimum password length and complexity
What is the main risk of using Telnet over SSH for remote access?
Telnet does not encrypt the session
What does port security on a switch do?
Prevent unauthorized physical access to switch ports
Why is it important to have a firewall in a network?
To prevent unauthorized access and data breaches
What is the purpose of intrusion detection systems (IDS) in network security?
To monitor and detect potential security threats
What is the primary purpose of NAT in IPv4?
Conserving public IP addresses
What does a Syslog message with severity level 0 indicate?
An emergency situation
What is the purpose of a console password on a Cisco device?
Preventing unauthorized physical access
When should the service password-encryption command be used when configuring a Cisco device?
For security reasons
What does the AutoSecure feature in Cisco devices do?
Disables unnecessary services and secures management access
What does port security sticky learning on a switch do?
Learns and saves MAC addresses in the running-config
Where does an access-list applied with 'in' (inbound) on a Cisco router interface filter traffic?
Before it enters the interface
What does the switchport mode trunk command use by default to encapsulate VLAN tags?
802.1Q
What does the command switchport port-security mac-address sticky enable on a switch port?
Dynamic learning and saving of MAC addresses
How can Telnet be disabled on a Cisco device?
Using the command 'line vty 0 4 transport input ssh'
What can an extended ACL filter by?
Protocol, source IP, destination IP, and port numbers
When managing Cisco device passwords, what is a best practice for enhancing security?
Using the service password-encryption command
What is the purpose of port-security mac-address sticky in Cisco switches?
To dynamically learn and add MAC addresses to the running configuration
Which statement about ACLs is true?
Standard ACLs only filter by source IP address
What is the purpose of disabling small services like echo and chargen in Cisco devices?
To reduce the risk of denial-of-service attacks
What is the preferred order for securely configuring an ACL?
To match the network security policy
What is the purpose of NAT in networking?
To convert private IP addresses to public IP addresses
Why are named ACLs preferred over numbered ACLs in Cisco IOS?
Because they are easier to identify and manage
What is the primary function of syslog in network devices?
To monitor and log system events
What is the purpose of TFTP in network devices?
For transferring configuration files and IOS images
What is the purpose of SSH configuration on a Cisco device?
To provide secure remote access
What is the purpose of disabling unused services like HTTP or Telnet on a Cisco router?
To enhance security by decreasing the router's attack surface
What is the primary function of RBAC in network security?
To align access rights with job functions
What is the purpose of encrypting passwords in the configuration file of a Cisco device?
To secure sensitive data
What is the primary function of RBAC (Role-Based Access Control) in Cisco network devices?
Managing user roles and access levels
What does the transport input none command on a Cisco switch VTY line do?
Disables all inbound connections on the line
What is the primary purpose of using TFTP in managing Cisco devices?
To transfer configuration files and IOS images
What does the log keyword at the end of an ACE in a Cisco ACL do?
Logs the traffic that matches the ACE
What is the default behavior regarding traffic not explicitly permitted by an ACL?
Automatically denied
Why is setting a domain name necessary when configuring SSH on a Cisco device?
To generate RSA keys for encryption
How can an ACL be used in conjunction with NAT on a Cisco router?
To define which addresses are to be translated
What does configuring switchport port-security maximum 1 on a Cisco switch port allow?
Only one MAC address to communicate through the port
What is the purpose of disabling CDP on a Cisco device?
To prevent the advertisement of the device's presence to others
What does the ip ssh version 2 command do when configuring SSH on a Cisco device?
Sets the SSH version to the more secure version 2
What does the switchport port-security mac-address sticky command do on a switch port?
Configures the port to automatically learn and save the connected device's MAC address as secure
Study Notes
Cisco Network Device Configuration and Security
- ACLs can restrict input to an interface by limiting MAC addresses
- Syslog is used in network devices to monitor and log system events
- TFTP is used on network devices for transferring configuration files and IOS images
- Disabling small services like echo and chargen in Cisco devices helps reduce the risk of denial-of-service attacks
- Standard ACLs only filter by source IP address
- Best practice for securely configuring an ACL is to order the entries to match the network security policy
- NAT is used to convert private IP addresses to public IP addresses
- Named ACLs in Cisco IOS are preferred over numbered ACLs because they are easier to identify and manage
- Port-security mac-address sticky in Cisco switches is used to dynamically learn and add MAC addresses to the running configuration
- SSH configuration on a Cisco device typically involves generating RSA keys, setting a domain-name, and configuring VTY lines for SSH
- Disabling unused services on a Cisco router, like HTTP or Telnet, enhances security by decreasing the router's attack surface
- RBAC provides a way to align access rights with job functions
Cisco Network Device Management Key Points
- Purpose of encrypting passwords in the configuration file is to secure sensitive data
- RBAC (Role-Based Access Control) primarily used for managing user roles and access levels in network devices
- The transport input none command on a Cisco switch VTY line disables all inbound connections on the line
- TFTP in managing Cisco devices is used to transfer configuration files and IOS images
- The log keyword at the end of an ACE in a Cisco ACL logs the traffic that matches the ACE
- To automatically deny any traffic not explicitly permitted by an ACL, no additional step is necessary; this is the default behavior
- When configuring SSH on a Cisco device, setting a domain name is necessary to generate RSA keys for encryption
- An ACL can be used in conjunction with NAT on a Cisco router to define which addresses are to be translated
- Configuring switchport port-security maximum 1 on a Cisco switch port allows only one MAC address to communicate through the port
- Disabling CDP on a Cisco device is done to prevent the advertisement of the device's presence to others
- The ip ssh version 2 command sets the SSH version to the more secure version 2
- The switchport port-security mac-address sticky command configures a switch port to automatically learn the MAC address of the device connected to it and save it as a secure address
Test your knowledge of Cisco network device configuration and security with this quiz. Covering topics such as ACLs, TFTP, SSH configuration, port security, and best practices for securing and managing network devices, this quiz will help you assess your understanding of key concepts in Cisco network management.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free