Q4.docx

Full Transcript

What is the primary purpose of network security?

A) To ensure network performance
B) To increase data processing speed
C) To prevent unauthorized access and data breaches
D) To improve user experience
E) To expand network capacity
F) To reduce hardware costs
Answer: C) To prevent unauthorized access and data breaches

SSH is preferred over Telnet for remote management due to:

A) Faster connection speeds
B) Encryption of data in transit
C) More user-friendly interfaces
D) Compatibility with more devices
E) No need for user authentication
F) Lower bandwidth usage
Answer: B) Encryption of data in transit

RBAC (Role-Based Access Control) in network devices is used to:

A) Assign IP addresses
B) Prioritize network traffic
C) Assign different access rights based on user roles
D) Automate network configurations
E) Monitor network performance
F) Backup network configurations
Answer: C) Assign different access rights based on user roles

A secure password policy should enforce:

A) The use of the username in the password
B) Regular password reuse
C) A minimum password length and complexity
D) Only numeric characters
E) The use of simple, memorable passwords
F) The same password for all accounts
Answer: C) A minimum password length and complexity

The main risk of using Telnet over SSH for remote access is:

A) Telnet is slower than SSH
B) Telnet does not encrypt the session
C) Telnet is incompatible with modern routers
D) Telnet sessions can't be logged
E) Telnet does not support password authentication
F) Telnet uses more bandwidth
Answer: B) Telnet does not encrypt the session

What does port security on a switch do?

A) Manages VLAN configurations
B) Prioritizes traffic based on port numbers
C) Restricts input to an interface by limiting MAC addresses
D) Increases the number of available ports
E) Configures port forwarding
F) Automates port labeling
Answer: C) Restricts input to an interface by limiting MAC addresses

Syslog is used in network devices to:

A) Assign IP addresses
B) Monitor and log system events
C) Filter traffic
D) Prioritize traffic
E) Encrypt data transmissions
F) Balance network load
Answer: B) Monitor and log system events

TFTP is often used on network devices for:

A) Password recovery
B) Encrypting traffic
C) User authentication
D) Transferring configuration files and IOS images
E) Assigning VLANs
F) Monitoring network performance
Answer: D) Transferring configuration files and IOS images

In Cisco devices, disabling small services like echo and chargen helps to:

A) Increase network speed
B) Expand network capacity
C) Improve Quality of Service (QoS)
D) Reduce the risk of denial-of-service attacks
E) Assign IP addresses more efficiently
F) Streamline user access control
Answer: D) Reduce the risk of denial-of-service attacks

Standard ACLs differ from extended ACLs in that they:

A) Can filter by source and destination IP addresses
B) Only filter by source IP address
C) Can filter by protocol and port numbers
D) Are only applied to outbound traffic
E) Do not support deny statements
F) Are only available on high-end routers
Answer: B) Only filter by source IP address

To securely configure an ACL, the best practice is to:

A) Place permit statements at the top
B) Place deny statements at the bottom
C) Sequence the ACLs randomly
D) Only use deny statements
E) Start with an implicit deny at the beginning
F) Order the ACL entries to match the network security policy
Answer: F) Order the ACL entries to match the network security policy

NAT (Network Address Translation) is used to:

A) Assign internal IP addresses
B) Encrypt internal traffic
C) Convert private IP addresses to public IP addresses
D) Reduce the speed of network connections
E) Monitor network traffic
F) Log network events
Answer: C) Convert private IP addresses to public IP addresses

Named ACLs in Cisco IOS are preferred over numbered ACLs because they:

A) Do not require an implicit deny at the end
B) Can only be applied to physical interfaces
C) Are easier to identify and manage
D) Automatically encrypt traffic
E) Do not support sequence numbers
F) Can be applied globally to all interfaces
Answer: C) Are easier to identify and manage

In the context of Cisco switches, port-security mac-address sticky is used to:

A) Assign a static IP address to a port
B) Reserve the port for MAC address table overflow
C) Dynamically learn and add MAC addresses to the running configuration
D) Enable port fast for rapid STP convergence
E) Configure the port as a trunk
F) Set the port to default settings
Answer: C) Dynamically learn and add MAC addresses to the running configuration

SSH configuration on a Cisco device typically involves:

A) Generating RSA keys
B) Setting a domain-name
C) Configuring VTY lines for SSH
D) All of the above
E) Only setting a domain-name
F) Only configuring VTY lines for SSH
Answer: D) All of the above

Disabling unused services on a Cisco router, like HTTP or Telnet, enhances security by:

A) Reducing the router’s CPU usage
B) Increasing the router's memory availability
C) Decreasing the router's attack surface
D) Allowing more users to connect simultaneously
E) Speeding up the router's boot process
F) Expanding the router’s storage capacity
Answer: C) Decreasing the router's attack surface

Which of the following is an advantage of using RBAC?

A) It assigns a static IP address to users
B) It allows all users the same level of access
C) It provides a way to align access rights with job functions
D) It simplifies password management
E) It eliminates the need for passwords
F) It configures network interfaces automatically
Answer: C) It provides a way to align access rights with job functions

A service set to no service tcp-small-servers on a Cisco device will:

A) Enable all small TCP-based services for compatibility
B) Disable unneeded and potentially vulnerable small services
C) Configure the device as a TCP server
D) Prioritize TCP traffic over UDP
E) Start a small-scale TCP server for file sharing
F) Restrict TCP traffic to small packet sizes
Answer: B) Disable unneeded and potentially vulnerable small services

Which command on a Cisco router configures syslog to send logs to a server?

A) logging 192.168.1.100
B) enable syslog
C) syslog start
D) send logs 192.168.1.100
E) activate logging
F) log server 192.168.1.100
Answer: A) logging 192.168.1.100

Using TFTP for router configuration backup is considered less secure because:

A) TFTP uses a high amount of bandwidth
B) TFTP does not provide authentication or encryption
C) TFTP can only backup but not restore configurations
D) TFTP backups are not compatible with all Cisco devices
E) TFTP requires complex configuration
F) TFTP does not support incremental backups
Answer: B) TFTP does not provide authentication or encryption

When configuring an ACL on a Cisco device, the permit or deny statements are processed in:

A) Alphabetical order
B) Random order
C) Order of complexity
D) Sequential order based on their position in the list
E) Reverse order, starting from the bottom
F) Parallel for efficiency
Answer: D) Sequential order based on their position in the list

A named ACL is modified by:

A) Deleting the ACL and recreating it
B) Directly editing the ACL in global configuration mode
C) Entering the named ACL configuration mode
D) Modifying the ACL file in flash memory
E) Using an external editor and uploading the changes
F) Calling Cisco support for changes
Answer: C) Entering the named ACL configuration mode

Which of the following is a characteristic of NAT?

A) It translates private IP addresses to other private IP addresses
B) It translates public IP addresses to more public IP addresses
C) It encrypts data leaving the network
D) It hides private network IP addresses behind a public IP address
E) It increases the internal network speed
F) It reduces the number of necessary routers
Answer: D) It hides private network IP addresses behind a public IP address

To secure a Cisco device, the AutoSecure feature will:

A) Install antivirus software
B) Enable all TCP and UDP small servers
C) Disable unnecessary services and secure management access
D) Increase the speed of the management interface
E) Automatically create VPN tunnels
F) Enable all services for ease of use
Answer: C) Disable unnecessary services and secure management access

Port security sticky learning on a switch:

A) Learns and saves MAC addresses in RAM
B) Learns and saves MAC addresses in the startup-config
C) Learns and saves MAC addresses in the running-config
D) Only allows the administrator to manually configure MAC addresses
E) Requires a TFTP server to learn MAC addresses
F) Learns MAC addresses but does not save them
Answer: C) Learns and saves MAC addresses in the running-config

An access-list applied with in (inbound) on a Cisco router interface will:

A) Filter traffic leaving the interface
B) Filter traffic before it enters the interface
C) Filter traffic after it has been routed
D) Only log traffic, not filter it
E) Prioritize traffic entering the interface
F) Duplicate traffic for monitoring purposes
Answer: B) Filter traffic before it enters the interface

Which command would you use to disable Telnet on a Cisco device?

A) no telnet server
B) disable telnet
C) telnet off
D) no line vty
E) transport input none
F) line vty 0 4 transport input ssh
Answer: F) line vty 0 4 transport input ssh

Which of the following is a best practice when managing Cisco device passwords?

A) Using the same password for all devices
B) Storing passwords in an unencrypted file
C) Using the service password-encryption command
D) Setting the enable password to ‘cisco’
E) Writing passwords on sticky notes for convenience
F) Sharing passwords among team members
Answer: C) Using the service password-encryption command

What is the main difference between an extended ACL and a standard ACL?

A) Extended ACLs can only be applied to physical interfaces
B) Standard ACLs can filter by source and destination IP
C) Extended ACLs can filter by protocol, source IP, destination IP, and port numbers
D) Extended ACLs are older and less secure
E) Standard ACLs are not supported on newer Cisco devices
F) Extended ACLs can only be named, not numbered
Answer: C) Extended ACLs can filter by protocol, source IP, destination IP, and port numbers

What protocol does the switchport mode trunk command use by default to encapsulate VLAN tags?

A) VTP
B) STP
C) 802.1X
D) 802.1Q
E) ISL
F) ICMP
Answer: D) 802.1Q

The command switchport port-security mac-address sticky is used for what purpose?

A) To assign a static IP address to a device
B) To secure the MAC address table from overflow
C) To enable dynamic learning and saving of MAC addresses on a switch port
D) To reserve the switch port for a single MAC address
E) To create a sticky note reminder about the port's configuration
F) To enable fast switching for MAC addresses
Answer: C) To enable dynamic learning and saving of MAC addresses on a switch port

Which command on a Cisco router enables the device to accept SSH connections?

A) enable ssh
B) line vty 0 4 transport input ssh
C) ssh start
D) ssh enable
E) activate ssh
F) ssh version 2
Answer: B) line vty 0 4 transport input ssh

Which command is used to resequence the entries in an ACL?

A) acl resequence
B) resort acl
C) acl sort
D) sequence acl
E) ip access-list resequence
F) reorder access-list
Answer: E) ip access-list resequence

NAT (Network Address Translation) is primarily used in IPv4 to:

A) Encrypt data traffic
B) Increase network bandwidth
C) Conserve public IP addresses
D) Assign private IP addresses
E) Create VLANs
F) Route traffic between VLANs
Answer: C) Conserve public IP addresses

Syslog messages have different severity levels. Which level indicates an emergency situation?

A) 0
B) 1
C) 2
D) 3
E) 4
F) 5
Answer: A) 0

If a Cisco switch receives a frame on a port secured by port security and the maximum number of MAC addresses is already reached, what will happen if the frame does not match any of the known addresses?

A) The frame will be allowed and added to the MAC address table.
B) The frame will be dropped, and a syslog message will be generated.
C) The switch will shut down the port.
D) The switch will increase the MAC address table dynamically.
E) The switch will replace the oldest MAC address with the new one.
F) The switch will forward the frame as broadcast.
Answer: B) The frame will be dropped, and a syslog message will be generated.

What is the purpose of a console password on a Cisco device?

A) To prevent unauthorized physical access to the device
B) To encrypt data traffic leaving the console port
C) To assign an IP address to the console port
D) To create a VLAN for the console port
E) To set up remote management access
F) To enable web interface access
Answer: A) To prevent unauthorized physical access to the device

Which of the following Cisco IOS services can be disabled for security reasons?

A) NTP
B) SSH
C) HTTP and HTTP Secure server
D) VLAN assignments
E) Port security
F) Routing protocols
Answer: C) HTTP and HTTP Secure server

When configuring a Cisco device, why is it important to use the service password-encryption command?

A) To encrypt all data traffic
B) To enable password recovery
C) To encrypt passwords in the configuration file
D) To generate random passwords
E) To create a public/private key pair
F) To set up password synchronization with a server
Answer: C) To encrypt passwords in the configuration file

What is RBAC (Role-Based Access Control) primarily used for in network devices?

A) To define network topologies
B) To manage user roles and access levels
C) To set dynamic IP addresses
D) To monitor network traffic
E) To configure VLANs
F) To encrypt traffic with IPsec
Answer: B) To manage user roles and access levels

The transport input none command on a Cisco switch VTY line does what?

A) Disables all inbound connections on the line
B) Prioritizes certain types of traffic
C) Encrypts all inbound connections
D) Assigns the line to a specific VLAN
E) Sets the line to a specific speed and duplex
F) Allows only SNMP traffic
Answer: A) Disables all inbound connections on the line

What is the purpose of TFTP in managing Cisco devices?

A) To provide secure file transfers
B) To transfer configuration files and IOS images
C) To synchronize time across devices
D) To filter traffic at the port level
E) To manage user access and passwords
F) To route traffic between VLANs
Answer: B) To transfer configuration files and IOS images

In a Cisco ACL, what does the log keyword at the end of an ACE do?

A) Logs the traffic that matches the ACE
B) Encrypts the log entries
C) Prioritizes the ACE in the ACL
D) Flags the ACE for review
E) Logs the traffic on a separate logging server
F) Activates real-time monitoring
Answer: A) Logs the traffic that matches the ACE

If you wanted to automatically deny any traffic not explicitly permitted by an ACL, what step is necessary?

A) Add a deny any any statement at the end of the ACL
B) No additional step is necessary; this is the default behavior
C) Add a permit any any statement at the end of the ACL
D) Use the implicit deny command
E) Contact Cisco support to enable this feature
F) Enable implicit deny in global configuration mode
Answer: B) No additional step is necessary; this is the default behavior

When configuring SSH on a Cisco device, why is it necessary to set a domain name?

A) To generate RSA keys for encryption
B) To define the username for SSH login
C) To specify the range of allowed IP addresses
D) To identify the device on the network
E) To assign the device to a VLAN
F) To encrypt the domain traffic
Answer: A) To generate RSA keys for encryption

How can an ACL be used in conjunction with NAT on a Cisco router?

A) To define which addresses are to be translated
B) To set the NAT translation timeout
C) To encrypt the translated addresses
D) To prioritize NAT traffic
E) To specify the routing protocol for NAT
F) To log NAT translations
Answer: A) To define which addresses are to be translated

What is the consequence of configuring switchport port-security maximum 1 on a Cisco switch port?

A) Only one MAC address can communicate through the port
B) The port speed is limited to 1 Gbps
C) Only one VLAN can be assigned to the port
D) The port is limited to sending one frame at a time
E) Only one IP address can be assigned to the port
F) The port will only operate at Layer 1
Answer: A) Only one MAC address can communicate through the port

Why would you disable CDP on a Cisco device?

A) To prevent the device from learning routing protocols
B) To improve device performance
C) To prevent the advertisement of the device's presence to others
D) To save on power consumption
E) To increase the number of VLANs supported
F) To enable faster port speeds
Answer: C) To prevent the advertisement of the device's presence to others

What does the ip ssh version 2 command accomplish?

A) Upgrades the device's IOS to version 2
B) Sets the SSH version to the more secure version 2
C) Sets up two SSH sessions simultaneously
D) Configures the device with two different SSH keys
E) Divides the network into two SSH-accessible zones
F) Enables SSH version checking
Answer: B) Sets the SSH version to the more secure version 2

Which command configures a switch port to automatically learn the MAC address of the device connected to it and save it as a secure address?

A) switchport port-security mac-address dynamic
B) switchport port-security mac-address sticky
C) switchport port-security mac-address auto
D) switchport port-security mac-address learning
E) switchport port-security mac-address automatic
F) switchport port-security mac-address save
Answer: B) switchport port-security mac-address sticky

In the context of ACLs, what does a wildcard mask specify?

A) The priority of the ACL
B) The encryption level for the ACL
C) Which bits in an IP address should be considered for matching
D) The VLANs that the ACL applies to
E) The timeout value for the ACL entry
F) The sequence number for the ACL entry
Answer: C) Which bits in an IP address should be considered for matching

The no service tcp-small-servers command on a Cisco router will:

A) Disable unnecessary and potentially vulnerable services
B) Enable a small range of TCP services for a specific subnet
C) Prioritize small TCP packets
D) Set up a small server on the router for TCP traffic
E) Limit the router to serve only a small number of TCP connections
F) Configure the router to act as a TCP client
Answer: A) Disable unnecessary and potentially vulnerable services

What is the function of ip access-list resequence in Cisco IOS?

A) To change the priority of the ACL
B) To encrypt the ACL entries
C) To assign new sequence numbers to the entries in an ACL
D) To convert a standard ACL to an extended ACL
E) To synchronize ACLs across routers
F) To enable automatic backup of ACLs
Answer: C) To assign new sequence numbers to the entries in an ACL

Which protocol is considered insecure for remote device management due to its lack of encryption?

A) HTTPS
B) SNMPv3
C) SSH
D) Telnet
E) FTPS
F) SCP
Answer: D) Telnet

What is the primary security feature of port-security on Cisco switches?

A) Encrypting traffic through switch ports
B) Restricting the number of valid MAC addresses on a port
C) Filtering traffic by IP address
D) Prioritizing port traffic
E) Assigning static IP addresses to ports
F) Automatically configuring VLANs on ports
Answer: B) Restricting the number of valid MAC addresses on a port

When a Cisco router's interface is configured with NAT, what is the purpose of the overload keyword?

A) To enable the router to handle more traffic
B) To allow multiple internal hosts to share a single public IP address
C) To increase the speed of NAT processing
D) To prioritize NAT traffic
E) To encrypt the NAT translations
F) To log NAT traffic for monitoring
Answer: B) To allow multiple internal hosts to share a single public IP address

The service password-encryption command on a Cisco device serves what purpose?

A) It encrypts passwords in the device's configuration file
B) It sets up a password for the encryption service
C) It enables two-factor authentication
D) It creates an encrypted tunnel for password transmission
E) It synchronizes passwords across devices
F) It recovers lost passwords
Answer: A) It encrypts passwords in the device's configuration file

Why might you use a named ACL instead of a numbered ACL on a Cisco router?

A) Named ACLs automatically encrypt traffic
B) Named ACLs provide better performance
C) Named ACLs allow for easier management and readability
D) Named ACLs have no implicit deny at the end
E) Named ACLs can apply to multiple interfaces simultaneously
F) Named ACLs support more entries than numbered ACLs
Answer: C) Named ACLs allow for easier management and readability

What is the purpose of using login local under the VTY lines configuration on a Cisco device?

A) To set the login banner
B) To disable remote access
C) To specify that the local username/password database should be used for authentication
D) To log VTY line access attempts
E) To assign a local IP address to the VTY lines
F) To locally store VTY line configurations
Answer: C) To specify that the local username/password database should be used for authentication

In the context of Cisco IOS services, why would you disable HTTP and HTTPS services?

A) To improve the response time of the web interface
B) To conserve bandwidth for other services
C) To reduce the attack surface by disabling unnecessary management interfaces
D) To enable faster command-line access
E) To force all configurations to be done locally
F) To prepare the device for an IOS upgrade
Answer: C) To reduce the attack surface by disabling unnecessary management interfaces