Module 2

Question 1

What are the three parts of an OS relevant to us?

Answer 1

Hardware ↔ Kernel ↔ Shell (CLI/GUI). Kernel talks to hardware; shell is the user/app interface.

Question 2

Why is CLI preferred on network gear over GUI?

Answer 2

More complete features, stable, low overhead, scriptable—ideal for initial setup and troubleshooting.

Question 3

Name two common access methods to a Cisco device.

Answer 3

Console (out-of-band) and SSH (in-band). Console works even if IP isn’t configured.

Question 4

What is the AUX port used for?

Answer 4

Legacy modem dial-in (out-of-band) for remote CLI when IP connectivity isn’t available.

Question 5

Name three terminal emulation programs.

Answer 5

PuTTY, Tera Term, SecureCRT (resize window, logging, fonts/colors).

Question 6

What prompt indicates user EXEC vs privileged EXEC?

Answer 6

User EXEC ends with >; privileged EXEC ends with #.

Question 7

Which command enters privileged EXEC? Leaves it?

Answer 7

enable enters; disable returns to user EXEC.

Question 8

How do you enter/leave global configuration mode?

Answer 8

configure terminal to enter; exit to go up one level; end or Ctrl+Z to privileged EXEC.

Question 9

Prompts for line and interface submodes?

Answer 9

(config-line)# and (config-if)#.

Question 10

Shortest unique abbreviation concept (example)?

Answer 10

Commands can be shortened if unique: configure terminal → conf t.

Question 11

Two IOS help tools available at the prompt.

Answer 11

? for context help; syntax checking (left→right parser) for errors.

Question 12

Paging control when output shows –More–?

Answer 12

Space (page), Enter (line). Use filters like | include to narrow output.

Question 13

First config you should apply to any device and why?

Answer 13

Hostname—confirms you’re on the right box (esp. over SSH) and aids documentation.

Question 14

Command to set hostname to Sw-Floor-1.

Answer 14

conf t
hostname Sw-Floor-1

Question 15

Which three access points should be password-protected at minimum?

Answer 15

Console, VTY (SSH/Telnet), and privileged EXEC (enable secret).

Question 16

Secure console access (commands).

Answer 16

line console 0
password <pw>
login</pw>

Question 17

Secure privileged EXEC (command + why).

Answer 17

enable secret <pw> (strong, hashed; controls full admin access).</pw>

Question 18

Secure VTY lines 0–15 (commands).

Answer 18

line vty 0 15
password <pw>
login</pw>

Question 19

What does service password-encryption do, and what doesn’t it do?

Answer 19

Obfuscates plaintext passwords in the config file (Type 7); does not encrypt traffic—use SSH for that.

Question 20

Why configure a login banner (MOTD)?

Answer 20

Legal notice for authorized access; supports monitoring/prosecution policies.

Question 21

Command to set a MOTD banner.

Answer 21

banner motd # Authorized Access Only #

Question 22

Where do running and startup configs live?

Answer 22

running-config in RAM (volatile); startup-config in NVRAM (non-volatile).

Question 23

How do you persist the current configuration?

Answer 23

copy running-config startup-config (aka write memory / wr on some images).

Question 24

How to view the active configuration?

Answer 24

show running-config (startup is show startup-config).

Question 25

Rollback: you made bad changes but didn’t save—how to revert?

Answer 25

reload and do not save when prompted.

Question 26

Rollback: you saved bad changes—how to factory reset configs?

Answer 26

erase startup-config then reload.

Question 27

Why capture configs to a text file and how?

Answer 27

Archival/restoration/versioning. Enable session logging in the terminal app and run show running-config.

Question 28

Two strong password guidelines to follow.

Answer 28

8+ chars with mixed types; avoid reuse/common words (use a generator/MFA).

Question 29

Does a Layer-2 switch need an IP to switch frames?

Answer 29

No—IP is only for management (SVI), not for basic L2 switching.

Question 30

What is an SVI and its default on a L2 switch?

Answer 30

Switch Virtual Interface for management; default is VLAN 1.

Question 31

Configure SVI on VLAN 1 with 192.168.1.20/24 and bring it up.

Answer 31

int vlan 1 ip address 192.168.1.20 255.255.255.0 no shutdown

Question 32

Why does a switch need a default gateway and where to set it?

Answer 32

For off-subnet management (e.g., SSH from another VLAN/site). Set in global mode: ip default-gateway 192.168.1.1

Question 33

Manual IPv4 config steps on Windows (high level).

Answer 33

NIC Properties → IPv4 Properties → set IP, mask, gateway, DNS.

Question 34

Automatic addressing on end devices—what do you enable?

Answer 34

DHCP: “Obtain an IP address automatically” and DNS automatically.

Question 35

IPv6 dynamic addressing methods to know.

Answer 35

DHCPv6 and SLAAC.

Question 36

Command to verify IP config on Windows.

Answer 36

ipconfig (add /all for detailed info).

Question 37

Four verification commands after SVI/DHCP labs (useful habits).

Answer 37

show ip interface brief, show vlan brief, show interfaces status, show mac address-table

Question 38

Minimal sequence to harden a fresh switch (order matters).

Answer 38

Console password → enable secret → hostname → VTY passwords (then SSH) → service password-encryption → banner motd → copy run start.

Question 39

Why start via console before enabling SSH?

Answer 39

Ensures you can recover from mistakes and secure remote access safely before exposing management over IP.

Question 40

Two reasons to prefer SSH over Telnet.

Answer 40

Encryption and credential protection (Telnet is plaintext).

Question 41

Which IOS mode must you be in to change global device settings?

Answer 41

Global configuration mode (config)#.

Question 42

How do you jump from any submode back to privileged EXEC quickly?

Answer 42

end or Ctrl+Z.

Question 43

What’s the practical impact of --More-- during a change window?

Answer 43

It can slow you down; use filters (| include/exclude) or increase terminal length.

Question 44

Name two risks of leaving the hostname at its default (“Switch”).

Answer 44

You might misconfigure the wrong device; poor documentation/troubleshooting.

Question 45

Give a one-liner to explain “why” for service password-encryption.

Answer 45

Prevents shoulder-surfing / config-file snooping of plaintext passwords.

Question 46

Harden VTY lines for local users and SSH-only (core steps)?

Answer 46

username admin secret ip domain-name lab.local crypto key generate rsa modulus 2048 line vty 0 15 login local transport input ssh

Question 47

Disable DNS lookups on typos (why/command)?

Answer 47

Prevents long delays after mistyped commands; no ip domain-lookup

Question 48

Restore saved config into RAM (merge)?

Answer 48

copy startup-config running-config