Cisco Network Configuration and Security Quiz

Questions and Answers

What is the primary security feature of port-security on Cisco switches?

Restricting the number of valid MAC addresses on a port (correct)

Prioritizing port traffic

Encrypting traffic through switch ports

Filtering traffic by IP address

When a Cisco router's interface is configured with NAT, what is the purpose of the overload keyword?

To prioritize NAT traffic

To increase the speed of NAT processing

To enable the router to handle more traffic

To allow multiple internal hosts to share a single public IP address (correct)

What does the service password-encryption command on a Cisco device do?

It enables two-factor authentication

It encrypts passwords in the device's configuration file (correct)

It creates an encrypted tunnel for password transmission

It sets up a password for the encryption service

Why might you use a named ACL instead of a numbered ACL on a Cisco router?

Named ACLs allow for easier management and readability

What is the purpose of using login local under the VTY lines configuration on a Cisco device?

To specify that the local username/password database should be used for authentication

In the context of Cisco IOS services, why would you disable HTTP and HTTPS services?

To reduce the attack surface by disabling unnecessary management interfaces

What is the primary purpose of network security?

To prevent unauthorized access and data breaches

Why is SSH preferred over Telnet for remote management?

Encryption of data in transit

What is the purpose of RBAC (Role-Based Access Control) in network devices?

Assign different access rights based on user roles

What should a secure password policy enforce?

A minimum password length and complexity

What is the main risk of using Telnet over SSH for remote access?

Telnet does not encrypt the session

What does port security on a switch do?

Prevent unauthorized physical access to switch ports

Why is it important to have a firewall in a network?

To prevent unauthorized access and data breaches

What is the purpose of intrusion detection systems (IDS) in network security?

To monitor and detect potential security threats

What is the primary purpose of NAT in IPv4?

Conserving public IP addresses

What does a Syslog message with severity level 0 indicate?

An emergency situation

What is the purpose of a console password on a Cisco device?

Preventing unauthorized physical access

When should the service password-encryption command be used when configuring a Cisco device?

For security reasons

What does the AutoSecure feature in Cisco devices do?

Disables unnecessary services and secures management access

What does port security sticky learning on a switch do?

Learns and saves MAC addresses in the running-config

Where does an access-list applied with 'in' (inbound) on a Cisco router interface filter traffic?

Before it enters the interface

What does the switchport mode trunk command use by default to encapsulate VLAN tags?

802.1Q

What does the command switchport port-security mac-address sticky enable on a switch port?

Dynamic learning and saving of MAC addresses

How can Telnet be disabled on a Cisco device?

Using the command 'line vty 0 4 transport input ssh'

What can an extended ACL filter by?

Protocol, source IP, destination IP, and port numbers

When managing Cisco device passwords, what is a best practice for enhancing security?

Using the service password-encryption command

What is the purpose of port-security mac-address sticky in Cisco switches?

To dynamically learn and add MAC addresses to the running configuration

Which statement about ACLs is true?

Standard ACLs only filter by source IP address

What is the purpose of disabling small services like echo and chargen in Cisco devices?

To reduce the risk of denial-of-service attacks

What is the preferred order for securely configuring an ACL?

To match the network security policy

What is the purpose of NAT in networking?

To convert private IP addresses to public IP addresses

Why are named ACLs preferred over numbered ACLs in Cisco IOS?

Because they are easier to identify and manage

What is the primary function of syslog in network devices?

To monitor and log system events

What is the purpose of TFTP in network devices?

For transferring configuration files and IOS images

What is the purpose of SSH configuration on a Cisco device?

To provide secure remote access

What is the purpose of disabling unused services like HTTP or Telnet on a Cisco router?

To enhance security by decreasing the router's attack surface

What is the primary function of RBAC in network security?

To align access rights with job functions

What is the purpose of encrypting passwords in the configuration file of a Cisco device?

To secure sensitive data

What is the primary function of RBAC (Role-Based Access Control) in Cisco network devices?

Managing user roles and access levels

What does the transport input none command on a Cisco switch VTY line do?

Disables all inbound connections on the line

What is the primary purpose of using TFTP in managing Cisco devices?

To transfer configuration files and IOS images

What does the log keyword at the end of an ACE in a Cisco ACL do?

Logs the traffic that matches the ACE

What is the default behavior regarding traffic not explicitly permitted by an ACL?

Automatically denied

Why is setting a domain name necessary when configuring SSH on a Cisco device?

To generate RSA keys for encryption

How can an ACL be used in conjunction with NAT on a Cisco router?

To define which addresses are to be translated

What does configuring switchport port-security maximum 1 on a Cisco switch port allow?

Only one MAC address to communicate through the port

What is the purpose of disabling CDP on a Cisco device?

To prevent the advertisement of the device's presence to others

What does the ip ssh version 2 command do when configuring SSH on a Cisco device?

Sets the SSH version to the more secure version 2

What does the switchport port-security mac-address sticky command do on a switch port?

Configures the port to automatically learn and save the connected device's MAC address as secure

Study Notes

Cisco Network Device Configuration and Security

• ACLs can restrict input to an interface by limiting MAC addresses
• Syslog is used in network devices to monitor and log system events
• TFTP is used on network devices for transferring configuration files and IOS images
• Disabling small services like echo and chargen in Cisco devices helps reduce the risk of denial-of-service attacks
• Standard ACLs only filter by source IP address
• Best practice for securely configuring an ACL is to order the entries to match the network security policy
• NAT is used to convert private IP addresses to public IP addresses
• Named ACLs in Cisco IOS are preferred over numbered ACLs because they are easier to identify and manage
• Port-security mac-address sticky in Cisco switches is used to dynamically learn and add MAC addresses to the running configuration
• SSH configuration on a Cisco device typically involves generating RSA keys, setting a domain-name, and configuring VTY lines for SSH
• Disabling unused services on a Cisco router, like HTTP or Telnet, enhances security by decreasing the router's attack surface
• RBAC provides a way to align access rights with job functions

Cisco Network Device Management Key Points

• Purpose of encrypting passwords in the configuration file is to secure sensitive data
• RBAC (Role-Based Access Control) primarily used for managing user roles and access levels in network devices
• The transport input none command on a Cisco switch VTY line disables all inbound connections on the line
• TFTP in managing Cisco devices is used to transfer configuration files and IOS images
• The log keyword at the end of an ACE in a Cisco ACL logs the traffic that matches the ACE
• To automatically deny any traffic not explicitly permitted by an ACL, no additional step is necessary; this is the default behavior
• When configuring SSH on a Cisco device, setting a domain name is necessary to generate RSA keys for encryption
• An ACL can be used in conjunction with NAT on a Cisco router to define which addresses are to be translated
• Configuring switchport port-security maximum 1 on a Cisco switch port allows only one MAC address to communicate through the port
• Disabling CDP on a Cisco device is done to prevent the advertisement of the device's presence to others
• The ip ssh version 2 command sets the SSH version to the more secure version 2
• The switchport port-security mac-address sticky command configures a switch port to automatically learn the MAC address of the device connected to it and save it as a secure address

Description

Test your knowledge of Cisco network device configuration and security with this quiz. Covering topics such as ACLs, TFTP, SSH configuration, port security, and best practices for securing and managing network devices, this quiz will help you assess your understanding of key concepts in Cisco network management.