Securing Routers with AutoSecure Quiz

Questions and Answers

What action will be taken if more than 5 login failures occur in 60 seconds or less on R1?

Logins will be disabled for 90 seconds

Logins will be disabled for 60 seconds

Logins will be disabled for 120 seconds (correct)

Logins will be disabled for 180 seconds

What is the purpose of the 'security authentication failure rate threshold-rate log' command?

To monitor successful logins

To monitor failed logins

To set a threshold for login failures (correct)

To create ACLs for login attempts

What type of command is used to verify the login block-for settings and current mode?

show login block-for

show login on-success

show login failures (correct)

show login on-failure

Which access list is applied during Quiet-Mode on R1?

PERMIT-ADMIN (B)

What does the 'show login failures' command display?

Detailed information about failed attempts (A)

What is the consequence of applying a login delay of 10 seconds on R1?

Successful logins are delayed by 10 seconds (C)

What is the primary purpose of the Cisco AutoSecure feature?

To provide security defaults for Cisco routers (D)

Which of the following is NOT a service/function that can be locked down on the management plane using AutoSecure?

CEF (A)

What is the default mode of operation for Cisco AutoSecure?

Interactive mode (A)

Which type of broadcast should be disabled to ensure terminal access security?

Gratuitous ARP (B)

What protocol is used for legal notification banners on Cisco routers?

MOP (C)

What wizard guides administrators through the configuration of a device when the 'auto secure' command is initiated?

CLI wizard (B)

What is the main purpose of the AutoSecure command?

To secure the management plane by disabling unnecessary services (A)

Which feature allows an admin to define 'views' with specific commands?

Role-Based CLI access (B)

What is the purpose of the Cisco IOS Resilient Configuration feature?

To keep a secure local copy of running image and config files (C)

How can the security of the login process be enhanced if a password attack is suspected?

By shutting down logins and sending log messages (C)

What is the purpose of using Secure Copy Protocol (SCP) on a Cisco router?

To copy config and image files remotely to another device (B)

What is a limitation of privilege levels on a router?

Higher privilege users can access commands specifically set for lower privilege levels. (B)

How does role-based CLI access enhance network security?

By providing specific views of router configurations based on user roles. (A)

What is the purpose of the Root View in role-based CLI access?

To define Views and Superviews for different users. (A)

How do role-based views address operational efficiency for network administrators?

By creating different sets of commands available to different user roles. (B)

What distinguishes CLI View from Root View in role-based CLI access?

CLI View requires all commands to be bundled, unlike the Root View. (A)

Why do privilege levels not provide access control to specific interfaces and slots on a router?

As lower privilege users can execute commands available at higher levels. (C)

What is the purpose of the 'secret' command in the configurations?

To encrypt the passwords for the views (C)

In the configuration, what is the significance of 'superview' in commands like 'parser view SUPPORT superview'?

It designates a higher-level view for the specified view (B)

What does the log message '%PARSER-6-SUPER_VIEW_CREATED: super view 'SUPPORT' successfully created.' indicate?

A support view has been successfully created (C)

What does adding a view like 'VERIFYVIEW' to a superview like 'SUPPORT' indicate in the context of configurations?

The 'VERIFYVIEW' view inherits permissions and access rights from 'SUPPORT' (B)

What is the purpose of specifying a 'secret' in the configurations for views like 'JR-ADMIN'?

To enhance security by setting an encrypted password for the view (C)

What does the log message '%PARSER-6-SUPER_VIEW_EDIT_ADD: view REBOOTVIEW added to superview JRADMIN.' suggest about 'REBOOTVIEW'?

'REBOOTVIEW' has been successfully added to the 'JRADMIN' superview (A)