IST 291-151 Security

JEOPARDY
Chapter 2
IST291 Chapter 2
K. Koon

Router Acronyms Modes

More Router WAN WAN Router Router True False Router Terms Potpourri Security Encapsulation Services Basics Commands Security
Final Jeopardy

100 200 300 400 500

100 200 300 400 500

100 200 300 400 500

100 200 300 400 500

100 200 300 400 500

100 200 300 400 500

CCNA1 v3 Module 2

Acronyms 100
SDM

Question
A: What is the Cisco Router and Security Device Manager?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Acronyms 200
NTP

Question
A: What is the Network Time Protocol?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3Chapter 22 IST291 Module

500

Acronyms 300
SSH

Question
A: What is Secure Shell (sometimes referred to as Secure Telnet)?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Acronyms 400
CDP

Question
A: What is the Cisco Discovery Protocol?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Acronyms 500
SNMP

Question
A: What is the Simple Network Management Protocol?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Router Security 100

A single router connects the protected network, or internal LAN, to the Internet. All security policies are configured on this device. This is more commonly deployed in smaller site implementations such as branch and SOHO sites.

Question
A: What is the Single Router Approach?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Router Security 200

The edge router acts as the first line of defense and is known as a screening router. The second line of defense is the firewall. This is the __________________.

Question
A: What is the Defense-in-Depth Approach?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Router Security 300

This device is the last router between the internal network and an untrusted network such as the Internet. It functions as the first and last line of defense for a network.

Question
A: What is an Edge Router?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Router Security 400

Through initial and final filtering, this device helps to secure the perimeter of a protected network. It is responsible for implementing security actions based on the security policies of the organization.

Question
A: What is an Edge Router?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Router Security 500

This device typically picks up where the edge router leaves off and performs additional filtering. It provides additional access control by tracking the state of the connections and acts as a checkpoint device.

Question
A: What is a Firewall?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

True False 100

The Cisco IOS Resilient Configuration feature is only available for systems that support a Universal Serial Bus (USB) Advanced Technology Attachment (ATA) Flash interface.

Question
A: What is False? It is only available for systems that support a PCMCIA Advanced Technology Attachment(ATA) Flash interface.
CCNA1 v3 Module 2 IST291 Chapter 2
100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

True False 200

Routers running CISCO IOS Release 12.1(1)T image or later support SSH and by default is already configured and enabled.

Question
A: What is False?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

True False 300

You can easily tell if a CISCO IOS Release image supports SSH by looking for K8 or K9 in the image name.

Question
A: What is True?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

True False 400

The login block-for feature monitors login device activity and operates in three modes: Normal mode, Quiet mode and Whisper mode. The Whisper mode is especially useful in that it automatically sends syslog messages to the SNMP-SERVER without notifying the user.

Question
A: What is False?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

True False 500

Beginning with the CISCO IOS Release 12.3(1) and later, administrators can set the minimum character length for all router passwords from 0 to 16 characters using the global configuration command security passwords min-length length

Question
A: What is True?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

More Router Security 100

By default, this device denies the initiation of connections from the outside (untrusted) networks to the inside (trusted) network.

Question
A: What is a Firewall?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

More Router Security 200

It allows the internal users to establish connections to the untrusted networks and permits the responses to come back through this device.

Question
A: What is a Firewall?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

More Router Security 300

A variation of the defense-in-depth approach is to offer an intermediate area, often called ______. The ______ can be used for servers that must be accessible from the Internet.

Question
A: What is the Demilitarized Zone(DMZ)?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

More Router Security 400

The _____, located between the protected and unprotected networks, is set up to permit the required connections from the outside (untrusted) networks to the public servers in the _____.

Question
A: What is a Firewall and Demilitarized Zone.?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

More Router Security 500

In the _____approach, the _____ provides some protection by filtering some traffic, but leaves the bulk of the protection to the _____.

Question
A: What is the Demilitarized Zone, Router, Firewall?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Terms 100
Place the router and physical devices that connect to it in a secure locked room that is accessible only to authorized personnel, free of electrostatic or magnetic interference, has fire suppression, and controls for temperature and humidity. This is _____________.

Question
A: What is Physical Security?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Terms 200
Configure the router with the maximum amount of memory possible. The availability of memory can help protect the network from some DoS attacks, while supporting the widest range of security services. This is __________________.

Question
A: What is Operating System Security?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Terms 300
Secure administrative control. Ensure that only authorized personnel have access and that their level of access is controlled. Disable unused ports and interfaces. Reduce the number of ways a device can be accessed. This is ______________.

Question
A: What is Router Hardening?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Terms 400
___ view has the same access privileges as a user who has level 15 privileges. Only a ___ view user can configure a new view and add or remove commands from the existing views.

Question
A: What is Root?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Terms 500
A specific set of commands can be bundled into a ____ view. Unlike privilege levels, a ____ view has no command hierarchy and no higher or lower views.

Question
A: What is CLI?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Potpourri 100
A ______ consists of one or more CLI views. ______s allow a network administrator to assign users and groups of users multiple CLI views at once, instead of having to assign a single CLI view per user with all commands associated to the one CLI view.

Question
A: What is Superview?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Potpourri 200
This feature allows for faster recovery if someone reformats flash memory or erases the startup configuration file in NVRAM. It secures the router image and maintains a secure working copy of the running configuration.

Question
A: What is the Cisco IOS Resilient Configuration?
CCNA1 v3 Module 2 IST291 Chapter 2
100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

Potpourri 300
ATA

Question
A: What is Advanced Technology Attachment?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Potpourri 400
___ provides functionality similar to an outbound Telnet connection, except the connection is encrypted and operates on port 22. With authentication and encryption, ___ allows for secure communication over a non-secure network.

Question
A: What is Secure Shell (SSH)?
100 200 300 400 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

CCNA1 v3 Module 2 IST291 Chapter 2

500

Potpourri 500
One way secret (asymmetric) keys must be generated for a router to encrypt the SSH traffic. To create the RSA key, use the crypto key generate rsa general-keys modulus modulus-size command in global configuration mode where modulus-size can be configured from ___ to ___.

Question
100 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

A: What is 360 to 2048?

CCNA1 v3 Module 2 IST291 Chapter 2

200 300 400 500

Final Jeopardy
There are three versions of SSH: SSHv1 SSHv2 & SSHv3. Of these versions, CISCO IOS 12.3(4)T and later support ________. ___ uses the Rivest, Shamir and Adleman (RSA) algorithm & ___ uses the Diffie-Hellman key exchange and the strong integrity-checking message authentication code (MAC).

Question
100 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500

A: What is SSHv1 & SSHv2, SSHv1, SSHv2?

CCNA1 v3 Module 2 IST291 Chapter 2

200 300 400 500