Refer to the exhibit. What is the significance of secret 5 in the generated output?

The ADMIN password is encrypted using DH group 5. The ADMIN password is encrypted via the service password-encryption command. The ADMIN password is hashed using MD5. The ADMIN password is hashed using SHA. Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) physical security flash security operating system security remote access security router hardening zone isolation

Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console? R1(config)# username admin password Admin01pa55 R1(config)# line con 0 R1(config-line)# login local R1(config)# username admin password Admin01pa55 R1(config)# line con 0 R1(config-line)# login internal R1(config)# username admin Admin01pa55 encr md5 R1(config)# line con 0 R1(config-line)# login local R1(config)# username admin secret Admin01pa55 R1(config)# line con 0 R1(config-line)# login local R1(config)# username admin secret Admin01pa55 R1(config)# line con 0 R1(config-line)# login internal

An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.) configure the IP domain name on the router enable inbound vty Telnet sessions generate the SSH keys configure DNS on the router enable inbound vty SSH sessions generate two-way pre-shared keys

Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? Keep a secure copy of the router Cisco IOS image and router configuration file as a backup. Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed. Configure secure administrative control to ensure that only authorized personnel can access the router. Locate the router in a secure locked room that is accessible only to authorized personnel. Provision the router with the maximum amount of memory possible

Refer to the exhibit. Which statement regarding the JR-Admin account is true? JR-Admin can issue show, ping, and reload commands. JR-Admin can issue ping and reload commands. JR-Admin can issue only ping commands. JR-Admin can issue debug and reload commands. JR-Admin cannot issue any command because the privilege level does not match one of those defined.

What are three requirements that must be met if an administrator wants to maintain device configurations via secure in-band management? (Choose three.) network devices configured to accommodate SSH a separate network segment connecting all management devices at least one router acting as a terminal server encryption of all remote access management traffic connection to network devices through a production network or the Internet direct access to the console ports of all network devices

Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail command on R2? (Choose two.) Both routers are configured to use NTPv2. Router R1 is the master, and R2 is the client. Router R2 is the master, and R1 is the client. The IP address of R1 is 192.168.1.2. The IP address of R2 is 192.168.1.2.

What is the minimum recommended modulus key length for keys generated to use with SSH? 256 512 768 1024 2048

An administrator needs to create a user account with custom access to most privileged EXEC commands. Which privilege command is used to create this custom account? privilege exec level 0 privilege exec level 1 privilege exec level 2 privilege exec level 15

Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? HTTP CDP FTP NTP TFTP

Which two statements describe AAA authentication? (Choose two.) Server-based AAA authentication is more scalable than local AAA authentication. Local AAA is ideal for large complex networks because it uses the local database of the router for authentication. Server-based AAA authentication can use the RADIUS or TACACS+ protocols to communicate between the router and a AAA server. Server-based AAA authentication is ideal for large complex networks because it uses the local database of the router for authentication. Local AAA authentication requires the services of an external server, such as the Cisco Secure ACS for Windows Server.

Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information presented, which two AAA authentication statements are true? (Choose two.) The locked-out user failed authentication. The locked-out user is locked out for 10 minutes by default. The locked-out user should have used the username Admin and password Pa55w0rd. The locked-out user should have used the username admin and password Str0ngPa55w0rd. The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued.

When configuring a method list for AAA authentication, what is the effect of the keyword local? It accepts a locally configured username, regardless of case. It defaults to the vty line password for authentication. The login succeeds, even if all methods return an error. It uses the enable password for authentication.

What is a characteristic of TACACS+? TACACS+ is an open IETF standard. TACACS+ is backward compatible with TACACS and XTACACS. TACACS+ provides authorization of router commands on a per-user or per-group basis. TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646 or 1813 for accounting.

Which AAA protocol and feature best support a large ISP that needs to implement detailed accounting for customer invoicing? TACACS+ because it combines authentication and authorization, but separates accounting RADIUS because it supports detailed accounting that is required for billing users TACACS+ because it requires select authorization policies to be applied on a per-user or per-group basis RADIUS because it requires select authorization policies to be applied on a per-user or per-group basis

What is the result if an administrator configures the aaa authorization command prior to creating a user with full access rights? The administrator is immediately locked out of the system. The administrator is denied all access except to aaa authorization commands. The administrator is allowed full access using the enable secret password. The administrator is allowed full access until a router reboot, which is required to apply changes.

What is an effect if AAA authorization on a device is not configured? Authenticated users are granted full access rights. User access to specific services is determined by the authentication process. Character mode authorization is limited, and packet mode denies all requests. All authorization requests to the TACACS server receive a REJECT response.