CCNA Security Chapter 2 Securing Network Devices

2.1.1.1

Describe an edge router:

2.1.1.2

Describe three different approaches to securing the internal (protected) network:

2.1.1.3

Describe three critical areas of router security:

Page 1 of 13

CCNA Security Chapter 2 Securing Network Devices

2.1.1.4

Describe the important tasks involved in securing administrative access:

2.1.1.5

When accessing the network remotely, what precautions should be taken?

2.1.2.1 2.1.2.1

Visit: http://sectools.org/crackers.html to see a list of password attack tools. Describe some common guidelines for choosing strong passwords:

Page 2 of 13

CCNA Security Chapter 2 Securing Network Devices

2.1.2.2

Describe the enable secret password global configuration command:

2.1.2.2

How can you protect Console Port access?

2.1.2.2

How can you protect Virtual Terminal Line (vty) access?

2.1.2.2

How can you protect Auxiliary Port (aux) access?

2.1.2.3

increase the security of passwords?

What can be done to

2.1.2.4

What command creates a secure list of usernames and passwords in a database on the router for local login authentication? What should be done to better configure security for virtual login connections?

2.1.3.1

2.1.3.2

What commands are available to configure a Cisco IOS device to support enhanced login features?

Page 3 of 13

CCNA Security Chapter 2 Securing Network Devices

2.1.3.3

Describe the two login block-for feature modes of operation:

2.1.3.4

What commands can be used to keep track of the number of successful and failed login attempts.?

2.1.3.4

What command generates a log message when the login failure rate is exceeded? How can you verify that the login block-for command is configured and which mode the router is currently in?

2.1.3.4

2.1.3.4

What command displays more information regarding failed login attempts? Why are banners important and how can they be configured?

2.1.3.5

2.1.4.1

How can a secure remote access connection be established to manage Cisco IOS devices?

2.1.4.1

Describe the four steps to configure routers for the SSH protocol:

Page 4 of 13

CCNA Security Chapter 2 Securing Network Devices

2.1.4.2

Describe the four steps to configure SSH on a Cisco router and the commands to accomplish each step:

2.1.4.3

Describe how to configure and confirm: SSH version SSH timeout period Number of authentication retries

2.1.4.4

Describe the two ways to connect to an SSH-enabled router: How can connection status be verified?

2.1.4.5

How can Cisco SDM be used to configure an SSH daemon on a router?

2.1.4.5

Using Cisco SDM how are the vty lines configured to support SSH?

2.2.1.1

What two levels of access to commands does Cisco IOS software CLI have?

Page 5 of 13

CCNA Security Chapter 2 Securing Network Devices

2.2.1.2

Describe the privilege levels available in the Cisco IOS CLI.

2.2.1.2

What is the command to set privilege levels?

2.2.1.3

What are the two methods for assigning passwords to different levels for authentication?

2.2.2.1

How can the limitations of assigning privilege levels be overcome?

2.2.2.2

Role-based CLI provides which three types of views?

Page 6 of 13

CCNA Security Chapter 2 Securing Network Devices

2.2.2.2

Describe the characteristics of Superviews:

2.2.2.3

Describe the steps to create and manage a specific view:

2.2.2.4

Describe the steps to create and manage a superview:

2.3.1.2

1. What command enables Cisco IOS image resilience? 2. What command takes a snapshot of the router running configuration and securely archives it in persistent storage? What command is used to verify the existence of the secured files in the archive?

2.3.1.3

Page 7 of 13

CCNA Security Chapter 2 Securing Network Devices

2.3.1.3

Describe the steps to restore a primary bootset from a secure archive after the router has been tampered with:

2.3.1.4

Describe the steps necessary to recover a lost router password:

2.3.1.5

What command secures the router from the normal password recovery process? Describe the two paths that the flow can take when logging and managing information flow between management hosts and the managed devices:

2.3.2.2

Page 8 of 13

CCNA Security Chapter 2 Securing Network Devices

2.3.3.1

Describe 5 different facilities to which Cisco routers can send log messages:

2.3.3.1

What are the three main parts of Cisco router log messages?

2.3.3.1

Describe the eight levels that Cisco router log messages fall into in order of severity from highest to lowest:

2.3.3.2

Describe the two types of systems contained in Syslog implementations:

Page 9 of 13

CCNA Security Chapter 2 Securing Network Devices

2.3.3.2

Describe Cisco Security MARS and explain how it uses logging information:

2.3.3.3

Describe the steps to activate and configure system logging:

2.3.3.4

Describe the steps to enable syslog logging using Cisco Security Device Manager:

2.3.4.1

Describe SNMP:

Page 10 of 13

CCNA Security Chapter 2 Securing Network Devices

2.3.4.1

Describe the components of SNMP:

2.3.4.1

What are the three actions that a manager node can use to view or alter information in a managed device?

2.3.4.2

Describe the two types of community strings as they relate to SNMP versions 1 and 2:

2.3.4.3

How does SNMP version 3 address the vulnerabilities of versions 1 and 2?

2.3.4.4

Describe the security levels available for the three SNMP security models:

Page 11 of 13

CCNA Security Chapter 2 Securing Network Devices

2.3.4.5 2.3.5.1

This page shows the steps to activate an SNMP trap receiver. Describe two ways to set date and time on a Cisco router.

2.3.5.2

Describe the process of setting date and time on Cisco routers using NTP:

2.3.5.3

Describe the security features of NTP:

2.3.5.3

This page shows the configuration steps for CLI based NTP authentication:

2.3.5.4

This page shows the configuration steps for SDM based NTP authentication: Describe some of the practices that help ensure that a network device is secure:

2.4.1.2

2.4.1.3

What is best way to determine and fix the vulnerabilities that exist with a current configuration?

2.4.1.4

What actions does the Security Audit wizard in Cisco Security Device Manager (SDM) perform?

Page 12 of 13

CCNA Security Chapter 2 Securing Network Devices

2.4.2.1

Differentiate between the management plane and the forwarding plane of a Cisco router:

2.4.2.1

List management plane and forwarding plane services and functions which can be secured with auto secure:

2.4.3.2

Describe the features of Cisco AutoSecure that are not implemented or are implemented differently in Cisco SDM one-step lockdown:

Page 13 of 13