Edge Router Security Approaches Quiz

Questions and Answers

Which encryption type is recommended for configuring secret passwords on Cisco devices?

• SHA type 8
• md5 algorithm-type
• PBKDF2 with SHA-256 hashing
• Type 9 scrypt encryption (correct)

What hashing algorithm does type 8 encryption on Cisco devices use?

• scrypt
• SHA-1
• MD5
• SHA-256 (correct)

What is the purpose of using the 'username name algorithm-type' command in Cisco device configurations?

• Generating SSH keys
• Specifying encryption type for passwords (correct)
• Configuring unique device hostname
• Selecting IP domain name

Which step is not part of configuring a Cisco device to support SSH from the given list?

Install SSH software (D)

What does the 'enable secret' command do in Cisco device configurations?

Configures secret passwords with encryption (D)

What is the purpose of an edge router in a company's network?

To implement security actions based on company security policies (D)

What should be avoided when creating passphrases?

Changing passwords often (C)

In what scenario is the Defense-in-Depth approach to edge router security used?

When using multiple layers of security before traffic enters the LAN (B)

What makes a password weak?

Writing passwords down in obvious places (D)

Which of the following is a strong password?

12^h u4@1p7%G_3 (B)

Why is it important to maintain physical security in router configuration?

To place routers in secure locked rooms accessible only to authorized personnel (D)

What is the primary function of a UPS or diesel backup power generator in router security?

To ensure routers have power during outages for continued operation (B)

How can strong passwords be more useful?

When used with multi-factor authentication (B)

What is the best practice for managing passwords?

Encrypting passwords (D)

How does the DMZ setup provide additional security in a network?

By setting up a separate zone for servers accessible from the internet (C)

Why is it recommended to use the latest stable version of OS that meets router specifications?

To benefit from the latest features and security updates (C)

What action should be taken to help ensure passwords remain secret on network devices?

Encrypting all plaintext passwords (C)

What command is used to encrypt all plaintext passwords on a Cisco router?

service password-encryption (B)

What does the command 'service password-encryption' do on a Cisco router?

Applies weak encryption to passwords (D)

Why should 'service password-encryption' not be used with the intention of protecting config files from serious attacks?

It provides easily reversible encryption (D)

What information is revealed by the command 'show running-config' in Cisco devices?

Plaintext passwords (D)

What are the potential consequences of protocol spoofing in routing systems?

Creating routing loops, monitoring traffic, discarding traffic (C)

Why is MD5 authentication now considered vulnerable for OSPF routing protocol?

It is susceptible to attacks (B)

In which Cisco IOS release was support added for OSPF SHA authentication?

15.4(1)T (D)

What is the purpose of using OSPF SHA authentication instead of MD5?

Due to MD5 vulnerability to attacks (B)

What are the three areas of router security mentioned in the text?

Physical security, OS & router hardening, secure admin access (D)

What feature allows devices to send log messages of chosen severity to a specific destination?

Syslog (D)