1

If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.) assign a secret password to the view assign co ands to the view

assign users who can use the view associate the view with the root view create a superview using the parser view view-name co create a view using the parser viewview-name co 2 and and

!hat are two characteristics of the "#$ "ecurity Audit wi%ard? (Choose two.) It uses interactive dialogs and pro pts to i ple ent AAA. It auto atically enables Cisco I&" firewall and i ple ents Cisco I&" I'" security configurations to secure the router. It displays a screen with (i)*it chec+ bo)es to let you choose which potential security*related configuration changes to i ple ent. It requires users to first identify which router interfaces connect to the inside networ+ and which connect to the outside networ+. It is initiated fro CLI and e)ecutes a script in which the anag ent plane functions and forwarding plane services are tested against +nown vulnerabilities.

,efer to the e)hibit. !hich two state ents describe the current "#$ logging setup? (Choose two.) -uffered logging will be enabled on the router for Logging Level . essages. essages. -uffered logging will be enabled on the syslog server for Logging Level . All All essages with a trap level of / and higher (less critical) will be logged. essages with a trap level of / and lower ( ore critical) will be logged.

0he router interface I' address that is connected to the syslog server is 123.145.1.6. 0he syslog server I' address is 123.145.1.6. 4An ad inistrator defined a local user account with a secret password on router ,1 for use with ""7. !hich three additional steps are required to configure ,1 to accept only encrypted ""7 connections? (Choose three.) configure the I' do ain na e on the router enable inbound vty 0elnet sessions generate the ""7 +eys configure #8" on the router enable inbound vty ""7 sessions generate two*way pre*shared +eys

!hich reco ended security practice prevents attac+ers fro purpose of gaining access to the privileged 9:9C ode?

perfor ing password recovery on a Cisco I&" router for the

;eep a secure copy of the router Cisco I&" i age and router configuration file as a bac+up. #isable all unused ports and interfaces to reduce the nu ber of ways that the router can be accessed. Configure secure ad inistrative control to ensure that only authori%ed personnel can access the router. Locate the router in a secure loc+ed roo 'rovision the router with the a)i u that is accessible only to authori%ed personnel. e ory possible. a secure archive on a router on which Cisco I&" and.

a ount of

ands are required to restore a pri ary bootset fro 6!hich three co resilience is enabled? (Choose three.) ,estart the router in ,&$ onitor ,estart the router, enter privileged 9:9C flash co and.

ode and display the secure bootset Cisco I&" i age na e using the dir co

ode, and display the secure bootset Cisco I&" i age na e using the show and with the filena e. and.

-oot the secure bootset Cisco I&" i age using the boot co

Copy the secure bootset Cisco I&" i age to flash using the copy IOS-backup-ima e flash co ,estore the secure configuration file using the copy co!fi -backup flash co and. and.

,estore the secure configuration file using the secure boot-co!fi restore filename co " !hich state ent atches the CLI co

ands to the "#$ wi%ard that perfor s si ilar configuration functions? and and the "#$ &ne*"tep Loc+down wi%ard ands and the "#$ I'" wi%ard

aaa configuration co

ands and the "#$ -asic (irewall wi%ard

auto secure privileged 9:9C co

class-maps, policy-maps, and service-policy configuration co setup privileged 9:9C co

and and the "#$ "ecurity Audit wi%ard

#!hich state ent describes the operation of the Cisco "#$ "ecurity Audit wi%ard? 0he wi%ard configures a router to prevent unauthori%ed access. 0he wi%ard co pares a router configuration against reco 0he wi%ard ended settings. alicious traffic.

onitors networ+ data and logs possible unauthori%ed or

0he wi%ard logs the effectiveness of networ+ security $

easures for baseline co parisons.

,efer to the e)hibit. !hat two pieces of infor ation can be gathered fro 0his 0his 0his 0his 0his 1% essage is a level five notification essage appeared because a essage appeared because a essage.

the generated

essage? (Choose two.)

inor error occurred requiring further investigation. a<or error occurred requiring i ediate action.

essage indicates that service ti esta ps have been globally enabled. essage indicates that enhanced security was configured on the vty ports.

!hich two operations are required to i ple ent Cisco "#$ &ne*"tep Loc+down? (Choose two.) Choose the &ne*"tep Loc+down feature. Apply the docu ented networ+ policies. #eliver the configuration changes to the router. Co pare the router configuration against reco ended settings.

"elect the (irewall and ACL tas+ on the "#$ Configuration screen. 11 !hich three areas of router security physical security flash security ust be aintained to secure an edge router at the networ+ peri eter? (Choose three.)

operating syste

security

re ote access security router hardening %one isolation 12

,efer to the e)hibit. !hat is the significance of secret = in the generated output? 0he A#$I8 password is encrypted using #7 group =. 0he A#$I8 password is encrypted via the service password-e!cryptio! co 0he A#$I8 password is hashed using $#=. 0he A#$I8 password is hashed using "7A. 13 !hich three services on a router does Cisco "#$ &ne*"tep Loc+down enable? (Choose three.) "8$' 0C' intercepts ""7 access to the router Cisco #iscovery 'rotocol password encryption service firewall on all outside interfaces 14 and.

,efer to the e)hibit. !hat two facts can be deter ined fro ,&$ on

the output? (Choose two.) and.

0he Cisco I&" i age and configuration files have been properly secured. ode will be inaccessible upon entering the privileged 9:9C reload co

0he Cisco I&" ,esilient Configuration feature is enabled. 0he Cisco I&" ,esilient Configuration feature has detected an i age version 0he Cisco I&" configuration files have been erased. 15 !hich two characteristics apply to ,ole*-ased CLI Access superviews? (Choose two.) CLI views have passwords, but superviews do not have passwords. >sers logged in to a superview can access all co A single superview can be shared a ong Co 16 ands specified within the associated CLI views. is atch.

ultiple CLI views.

ands cannot be configured for a specific superview.

#eleting a superview deletes all associated CLI views. !hich three options can be configured by Cisco Auto"ecure? (Choose three.) C-AC "8$'

syslog security banner interface I' address enable secret password 1"-y default, how configured? one two three four five 1# !hat are three require ents that anage ent? (Choose three.) ust be et if an ad inistrator wants to odate ""7 anage ent devices aintain device configurations via secure in*band any seconds of delay between virtual login atte pts is invo+ed when the lo i! block-for co and is

networ+ devices configured to acco

a separate networ+ seg ent connecting all at least one router acting as a ter inal server encryption of all re ote access

anage ent traffic

connection to networ+ devices through a production networ+ or the Internet direct access to the console ports of all networ+ devices 1$

,efer to the e)hibit. ,outers ,1 and ,3 are connected via a serial lin+. &ne router is configured as the 80' aster, and the other is an 80' client. !hich two pieces of infor ation can be obtained fro the partial output of the show !tp associatio!s detail co and on ,3? (Choose two.) -oth routers are configured to use 80'v3. ,outer ,1 is the ,outer ,3 is the aster, and ,3 is the client. aster, and ,1 is the client.

0he I' address of ,1 is 123.145.1.3. 0he I' address of ,3 is 123.145.1.3. 2% !hich service is enabled on a Cisco router by default that can reveal significant infor ation about the router and potentially a+e it ore vulnerable to attac+? 700' C#' (0' 80' 0(0' ands are required to create a userna e of ad in, hash the password using $#=, and force the router to 21!hich set of co access the internal userna e database when a user atte pts to access the console? ,1(config)? user!ame admi! password &dmi!%1pa55 ,1(config)? li!e co! % ,1(config*line)? lo i! local ,1(config)? user!ame admi! password &dmi!%1pa55 ,1(config)? li!e co! % ,1(config*line)? lo i! i!ter!al ,1(config)? user!ame admi! &dmi!%1pa55 e!cr md5 ,1(config)? li!e co! %

,1(config*line)? lo i! local ,1(config)? user!ame admi! secret &dmi!%1pa55 ,1(config)? li!e co! % ,1(config*line)? lo i! local ,1(config)? user!ame admi! secret &dmi!%1pa55 ,1(config)? li!e co! % ,1(config*line)? lo i! i!ter!al 22 An ad inistrator needs to create a user account with custo co and is used to create this custo account? privile e e'ec level % privile e e'ec level 1 privile e e'ec level 2 privile e e'ec level 15 23 access to ost privileged 9:9C co ands. !hich privile e

,efer to the e)hibit. !hich state ent regarding the @,*Ad in account is true? @,*Ad in can issue show, pi! , and reload co @,*Ad in can issue pi! and reload co @,*Ad in can issue only pi! co ands. ands. atch one of those defined. ands. ands.

@,*Ad in can issue debu and reload co @,*Ad in cannot issue any co 24

and because the privilege level does not unity strings? (Choose two.)

!hat are two characteristics of "8$' co Co only +nown co

A vulnerability of "8$'v1, "8$'v3, and "8$'v6 is that they send the co If the anager sends one of the correct read*only co agent. "8$' read*only co "8$' read*write co 25!hat is the 3=4 =13 .45 1A3/ 3A/5 26 ini u reco

unity strings in plainte)t.

unity strings should be used when configuring secure "8$'. unity strings, it can get infor ation and set infor ation in an an "8$'*enabled device.

unity strings can be used to get infor ation fro ended

unity strings can be used to set infor ation on an "8$'*enabled device. odulus +ey length for +eys generated to use with ""7?

,efer to the e)hibit. -ased on the output of the show ru!!i! -co!fi co secret view, with a level = encrypted password root view, with a level = encrypted secret password

and, which type of view is ">''&,0?

superview, containing "7&!BI9! and B9,I(CBI9! views CLI view, containing "7&!BI9! and B9,I(CBI9! co ands