Which option is a valid configuration to restrict remote users by applying an ACL to vty lines?
router(config)# line vty 0 15 router(config-line)# access-group 1 in
router(config)# line vty 0 15 router(config-line)# access-list 1 in
router(config)# line vty 0 15 router(config-line)# access-class 1 in
router(config)# line vty 0 15 router(config-line)# ip access-group 1 in
router(config)# line vty 0 15 router(config-line)# access-class 1 in
Which command enables you to configure the parameters for the console access?
line console 0
line console
login console 0
login console
line console 0
Which command encrypts plaintext passwords on routers?
password encryption
service password-encryption
service encryption
enable secret
service password-encryption
Which statement correctly describes the authenticator and its responsibility?
The authenticator, which is usually the switch, acts as an intermediary between the authentication server and the client.
The authenticator is the server that is responsible for authenticating the client.
Both the authenticator and authentication server act as the login server.
The authenticator is usually a switch that authenticates the newly connected client to access the network.
The authenticator, which is usually the switch, acts as an intermediary between the authentication server and the client.
Which command generates RSA keys for user authentication, used when connecting via SSH?
crypto key generate rsa
crypto generate key rsa
crypto rsa generate key
crypto generate rsa key
crypto key generate rsa
Which banner should be used to show information that is hidden from unauthorized users?
MOTD
login
EXEC
slip-ppp
login
Which two statements are true about Cisco Discovery Protocol? (Choose two.)
It enables Cisco network devices to announce themselves to their neighbors.
It is disabled by default.
It provides an easy reconnaissance vector to any attacker with an Ethernet connection.
It can be useful for network troubleshooting when checking connectivity to non Cisco devices.
You can use the no cdp enable command to disable it globally.
It enables Cisco network devices to announce themselves to their neighbors.
It provides an easy reconnaissance vector to any attacker with an Ethernet connection.
Which two practices would you follow to prevent VLAN attacks on a network? (Choose two.)
Set all ports to STP PortFast.
Disable DTP on all ports.
Disable Cisco Discovery Protocol on all ports.
Explicitly configure trunking mode or access mode.
Disable the HTTP service.
Disable DTP on all ports and Explicitly configure trunking mode or access mode
An attacker has bypassed physical security and was able to connect a laptop to an Ethernet interface on a switch. If all the switch ports are configured with port security and the violation mode is set to the default, which action is taken against the attacker?
Packets with unknown source addresses are dropped and there is no notification that a security violation has occurred.
Packets with unknown source addresses are dropped and there is a notification that a security violation has occurred.
Packets with unknown source addresses are dropped, there is a notification that a security violation has occurred, and the interface becomes error-disabled.
Packets with unknown source addresses are forwarded and there is a notification to the syslog server.
Packets with unknown source addresses are dropped and there is a notification that a security violation has occurred.
Dynamic ARP Inspection depends on which of the following options in environments that use DHCP?
Port Security
DHCP snooping binding
Cisco Discovery Protocol
HTTP Services
DHCP snooping binding
You plan to implement an iACL on the internet router in your company to protect the infrastructure devices. Which three options should you use when configuring the iACL? (Choose three.)
Deny all noninitial fragments.
Permit all noninitial fragments.
Permit RFC 1918 IPv4 address space.
Implement ingress filtering according to RFC 2827.
Deny the flow of transit traffic to noninfrastructure destinations.
Permit protocols that are used on the devices, such as BGP, SSH, and SNMP, from specific source addresses.
Deny all noninitial fragments, Implement ingress filtering according to RFC 2827 and Permit protocols that are used on the devices, such as BGP, SSH, and SNMP, from specific source addresses
Referring to the command output, in what state is the port?
SwitchX# show port-security interface FastEthernet 0/5
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : fc99.47e5.2598:1
Security Violation Count : 0
forwarding
error-disabled
shutdown
listening
forwarding
What kind of threat requires mitigation by ensuring that the cable runs are neat?
remote access threats
environmental threats
electrical threats
maintenance threats
maintenance threats
Which command protects a switched network from a hacker who is trying to preempt an election of STP?
spanning-tree portfast default
spanning-tree guard root
switchport port-security violation
spanning-tree guard
spanning-tree guard root
Which of these options is a mitigation technique to prevent rogue DHCP servers from providing false IP configuration parameters?
DHCP spoofing
Dynamic ARP Inspection
port security
ARP spoofing
DHCP snooping
DHCP snooping
What is the purpose of shutting down a VLAN?
Shutting down a VLAN disables all interfaces that are part of the VLAN.
Shutting down a VLAN prevents data exchange between the ports in a VLAN.
Shutting down a VLAN makes all the ports routed ports.
Shutting down a VLAN disables all interfaces that are not part of that VLAN.
Shutting down a VLAN disables all interfaces that are part of the VLAN.
