Here is the all CCNA Security Chapter 2 Exam Questions with answers. It is just for review and educational purposes. You can use this to learn more about CCNA security exam questions and answers. This exam will cover material from Chapter 2 of CCNAS 2.0 of the curriculum.
This exam will be scored using the Weighted Model where each MCSA (Multiple-Choice Single-Answer) is worth two points and each MCMA (Multiple-Choice Multiple-Answer) is worth one point for each correct option. If more options are selected than required, the student will receive a score of zero.
CCNA Security Chapter 2 Exam Questions and Answers
Quiet mode behavior can be overridden for specific networks by using an ACL.
Quiet mode behavior can be enabled via an ip access-group command on a physical interface.
Quiet mode behavior will only prevent specific user accounts from attempting to authenticate.
Quiet mode behavior can be disabled by an administrator by using SSH to connect.
manage services provided by the control plane
prevent unnecessary traffic from overwhelming the route processor
direct all excess traffic away from the route processor
disable control plane services to reduce overall traffic
The secure boot-image command works properly when the system is configured to run an image from a TFTP server.
A snapshot of the router running configuration can be taken and securely archived in persistent storage.
Once issued, the secure boot-config command automatically upgrades the configuration archive to a newer version after new configuration commands have been entered.
It maintains a secure working copy of the bootstrap startup program.
to enable OSPF MD5 authentication on a per-interface basis
to encrypt OSPF routing updates
to facilitate the establishment of neighbor adjacencies
to configure OSPF MD5 authentication globally on the router
Assign commands to the view.
Associate the view with the root view.
Create a superview using the parser view view-name command.
Create a view using the parser view view-name command.
Assign a secret password to the view.
Assign users who can use the view.
A single superview can be shared among multiple CLI views.
Users logged in to a superview can access all commands specified within the associated CLI views.
Deleting a superview deletes all associated CLI views.
A specific superview cannot have commands added to it directly.
CLI views have passwords, but superviews do not have passwords.
0
1
15
16
Views are required to define the CLI commands that each user can access.
There is no access control to specific interfaces on a router.
The root user must be assigned to each privilege level that is defined.
It is required that all 16 privilege levels be defined, whether they are used or not.
Creating a user account that needs access to most but not all commands can be a tedious process.
Commands set on a higher privilege level are not available for lower privilege users.
content of a security banner
IP addresses of interfaces
interfaces to enable
services to disable
enable password
enable secret password
retaining captured messages on the router when a router is rebooted
setting the size of the logging buffer
gathering logging information
specifying where captured information is stored
distinguishing between information to be captured and information to be ignored
authenticating and encrypting data sent over the network
banner motd
privilege exec level
login delay
login block-for
The Telnet protocol has to be configured on the SCP server side.
A transfer can only originate from SCP clients that are routers.
A command must be issued to enable the SCP server side functionality.
At least one user with privilege level 1 has to be configured for local authentication
ip ospf message-digest-key 1 md5 1A2b3C
username OSPF password 1A2b3C
area 1 authentication message-digest
area 0 authentication message-digest
enable password 1A2b3C
R1(config)# username admin password Admin01pa55
R1(config)# line con 0
R1(config-line)# login local
R1(config)# username admin Admin01pa55 encr md5
R1(config)# line con 0
R1(config-line)# login local
R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login
R1(config)# username admin password Admin01pa55
R1(config)# line con 0
R1(config-line)# login
R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login local
Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.
Provision the router with the maximum amount of memory possible.
Locate the router in a secure locked room that is accessible only to authorized personnel.
Keep a secure copy of the router Cisco IOS image and router configuration file as a backup.
Configure secure administrative control to ensure that only authorized personnel can access the router.
JR-Admin can issue debug and reload commands.
JR-Admin can issue show, ping, and reload commands.
JR-Admin can issue ping and reload commands.
JR-Admin can issue only ping commands.
JR-Admin cannot issue any command because the privilege level does not match one of those defined.
security banner
SNMP
enable secret password
interface IP address
syslog
!
Parser view SUPPORT superview
secret 5 $1$Vp10$BBB1N68Z2ekr/aLH1edts.
view SHOWVIEW
view VERIFYVIEW
Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?
superview, containing SHOWVIEW and VERIFYVIEW views
secret view, with a level 5 encrypted password
CLI view, containing SHOWVIEW and VERIFYVIEW commands
root view, with a level 5 encrypted secret password
The generated keys can be used by SSH.
The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys moduluscommand.
All vty ports are automatically configured for SSH to provide secure management.
The keys must be zeroized to reset Secure Shell before configuring other parameters.
to ensure more efficient routing
to prevent redirection of data traffic to an insecure link
to provide data security through encryption
to prevent data traffic from being redirected and then discarded
to ensure faster network convergence
superuser view
superview
CLI view
admin view
root view
config view
Enable inbound vty Telnet sessions.
Enable inbound vty SSH sessions.
Configure the IP domain name on the router.
Generate two-way pre-shared keys.
Configure DNS on the router.
Generate the SSH keys.
Information is organized in a flat manner so that SNMP can access it quickly.
The OIDs are organized in a hierarchical structure.
A separate MIB tree exists for any given device in the network.
Information in the MIB cannot be changed.
disable logins from specified hosts
slow down an active attack
automatically provide AAA authentication
create password authentication
permit only secure console access
create syslog messages
flash security
zone isolation
router hardening
remote access security
operating system security
physical security
Related search:
CCNA security final exam answers 2018
CCNA security chapter 2 exam answers
CCNA security chapter 3 exam answers 2018
CCNA security final exam packet tracer
CCNA security v2.0 skills assessment – b
Cisco cybersecurity final exam answers
What is the default privilege level of user accounts created on Cisco routers?