Edge Router Security Approaches Quiz

Questions and Answers

Which encryption type is recommended for configuring secret passwords on Cisco devices?

SHA type 8

md5 algorithm-type

PBKDF2 with SHA-256 hashing

Type 9 scrypt encryption (correct)

What hashing algorithm does type 8 encryption on Cisco devices use?

scrypt

SHA-1

MD5

SHA-256 (correct)

What is the purpose of using the 'username name algorithm-type' command in Cisco device configurations?

Generating SSH keys

Specifying encryption type for passwords (correct)

Configuring unique device hostname

Selecting IP domain name

Which step is not part of configuring a Cisco device to support SSH from the given list?

Install SSH software

What does the 'enable secret' command do in Cisco device configurations?

Configures secret passwords with encryption

What is the purpose of an edge router in a company's network?

To implement security actions based on company security policies

What should be avoided when creating passphrases?

Changing passwords often

In what scenario is the Defense-in-Depth approach to edge router security used?

When using multiple layers of security before traffic enters the LAN

What makes a password weak?

Writing passwords down in obvious places

Which of the following is a strong password?

12^h u4@1p7%G_3

Why is it important to maintain physical security in router configuration?

To place routers in secure locked rooms accessible only to authorized personnel

What is the primary function of a UPS or diesel backup power generator in router security?

To ensure routers have power during outages for continued operation

How can strong passwords be more useful?

When used with multi-factor authentication

What is the best practice for managing passwords?

Encrypting passwords

How does the DMZ setup provide additional security in a network?

By setting up a separate zone for servers accessible from the internet

Why is it recommended to use the latest stable version of OS that meets router specifications?

To benefit from the latest features and security updates

What action should be taken to help ensure passwords remain secret on network devices?

Encrypting all plaintext passwords

What command is used to encrypt all plaintext passwords on a Cisco router?

service password-encryption

What does the command 'service password-encryption' do on a Cisco router?

Applies weak encryption to passwords

Why should 'service password-encryption' not be used with the intention of protecting config files from serious attacks?

It provides easily reversible encryption

What information is revealed by the command 'show running-config' in Cisco devices?

Plaintext passwords

What are the potential consequences of protocol spoofing in routing systems?

Creating routing loops, monitoring traffic, discarding traffic

Why is MD5 authentication now considered vulnerable for OSPF routing protocol?

It is susceptible to attacks

In which Cisco IOS release was support added for OSPF SHA authentication?

15.4(1)T

What is the purpose of using OSPF SHA authentication instead of MD5?

Due to MD5 vulnerability to attacks

What are the three areas of router security mentioned in the text?

Physical security, OS & router hardening, secure admin access

What feature allows devices to send log messages of chosen severity to a specific destination?

Syslog