Documente Academic
Documente Profesional
Documente Cultură
2.1.1.1
2.1.1.2
2.1.1.3
Page 1 of 13
2.1.1.4
2.1.1.5
2.1.2.1 2.1.2.1
Visit: http://sectools.org/crackers.html to see a list of password attack tools. Describe some common guidelines for choosing strong passwords:
Page 2 of 13
2.1.2.2
2.1.2.2
2.1.2.2
2.1.2.2
2.1.2.3
2.1.2.4
What command creates a secure list of usernames and passwords in a database on the router for local login authentication? What should be done to better configure security for virtual login connections?
2.1.3.1
2.1.3.2
What commands are available to configure a Cisco IOS device to support enhanced login features?
Page 3 of 13
2.1.3.3
2.1.3.4
What commands can be used to keep track of the number of successful and failed login attempts.?
2.1.3.4
What command generates a log message when the login failure rate is exceeded? How can you verify that the login block-for command is configured and which mode the router is currently in?
2.1.3.4
2.1.3.4
What command displays more information regarding failed login attempts? Why are banners important and how can they be configured?
2.1.3.5
2.1.4.1
How can a secure remote access connection be established to manage Cisco IOS devices?
2.1.4.1
Describe the four steps to configure routers for the SSH protocol:
Page 4 of 13
2.1.4.2
Describe the four steps to configure SSH on a Cisco router and the commands to accomplish each step:
2.1.4.3
Describe how to configure and confirm: SSH version SSH timeout period Number of authentication retries
2.1.4.4
Describe the two ways to connect to an SSH-enabled router: How can connection status be verified?
2.1.4.5
2.1.4.5
Using Cisco SDM how are the vty lines configured to support SSH?
2.2.1.1
What two levels of access to commands does Cisco IOS software CLI have?
Page 5 of 13
2.2.1.2
2.2.1.2
2.2.1.3
What are the two methods for assigning passwords to different levels for authentication?
2.2.2.1
2.2.2.2
Page 6 of 13
2.2.2.2
2.2.2.3
2.2.2.4
2.3.1.2
1. What command enables Cisco IOS image resilience? 2. What command takes a snapshot of the router running configuration and securely archives it in persistent storage? What command is used to verify the existence of the secured files in the archive?
2.3.1.3
Page 7 of 13
2.3.1.3
Describe the steps to restore a primary bootset from a secure archive after the router has been tampered with:
2.3.1.4
2.3.1.5
What command secures the router from the normal password recovery process? Describe the two paths that the flow can take when logging and managing information flow between management hosts and the managed devices:
2.3.2.2
Page 8 of 13
2.3.3.1
Describe 5 different facilities to which Cisco routers can send log messages:
2.3.3.1
What are the three main parts of Cisco router log messages?
2.3.3.1
Describe the eight levels that Cisco router log messages fall into in order of severity from highest to lowest:
2.3.3.2
Page 9 of 13
2.3.3.2
Describe Cisco Security MARS and explain how it uses logging information:
2.3.3.3
2.3.3.4
Describe the steps to enable syslog logging using Cisco Security Device Manager:
2.3.4.1
Describe SNMP:
Page 10 of 13
2.3.4.1
2.3.4.1
What are the three actions that a manager node can use to view or alter information in a managed device?
2.3.4.2
Describe the two types of community strings as they relate to SNMP versions 1 and 2:
2.3.4.3
2.3.4.4
Describe the security levels available for the three SNMP security models:
Page 11 of 13
2.3.4.5 2.3.5.1
This page shows the steps to activate an SNMP trap receiver. Describe two ways to set date and time on a Cisco router.
2.3.5.2
Describe the process of setting date and time on Cisco routers using NTP:
2.3.5.3
2.3.5.3
This page shows the configuration steps for CLI based NTP authentication:
2.3.5.4
This page shows the configuration steps for SDM based NTP authentication: Describe some of the practices that help ensure that a network device is secure:
2.4.1.2
2.4.1.3
What is best way to determine and fix the vulnerabilities that exist with a current configuration?
2.4.1.4
What actions does the Security Audit wizard in Cisco Security Device Manager (SDM) perform?
Page 12 of 13
2.4.2.1
Differentiate between the management plane and the forwarding plane of a Cisco router:
2.4.2.1
List management plane and forwarding plane services and functions which can be secured with auto secure:
2.4.3.2
Describe the features of Cisco AutoSecure that are not implemented or are implemented differently in Cisco SDM one-step lockdown:
Page 13 of 13