IST291 Chapter 2
IST 291-151Security
Chapter 2
JEOPARDY
K. Koon
CCNA1 v3 Module 2
RouterRouterModesModes
WANWANEncapsulationEncapsulation
WANWANServicesServices
RouterRouterBasicsBasics
RouterRouterCommands Commands
100
200
300
400
500
RouterRouterModesModes
WANWANEncapsulationEncapsulation
WANWANServicesServices
RouterRouterBasicsBasics
RouterRouterCommands Commands
100 100 100 100 100
200 200 200 200 200
300 300 300 300 300
400 400 400 400 400
500 500 500 500 500
AcronymsAcronymsRouterRouter
SecuritySecurityTrue FalseTrue False
MoreMoreRouterRouter
SecuritySecurityTermsTerms PotpourriPotpourri
100
200
300
400
500
100
200
300
400
500
► ► ► F i n a l J e o p a r d y ◄ ◄ ◄
CCNA1 v3 Module 2
Question
SDM
Acronyms100
A: What is the Cisco Router and Security Device Manager?
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
CCNA1 v3 Module 2
QuestionA: What is the Network Time Protocol?
NTP
IST291 Chapter 2
Acronyms200
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500
A: What is Secure Shell (sometimes referred to as Secure Telnet)?
SSH
IST291 Chapter 2
Acronyms300
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500
A: What is the Cisco Discovery Protocol?
CDP
IST291 Chapter 2
Acronyms400
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is the Simple Network Management Protocol?
SNMP
Acronyms500
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is the Single Router Approach?
A single router connects the protected network, or internal LAN, to the Internet. All security policies are configured on this device. This is more commonly deployed in smaller site implementations such as branch and SOHO sites.
Router Security100
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is the Defense-in-Depth Approach?
The edge router acts as the first line of defense and is known as a screening router. The second line of defense is the firewall. This is the __________________.
Router Security 200
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is an Edge Router?
This device is the last router between the internal network and an untrusted network such as the Internet. It functions as the first and last line of defense for a network.
Router Security 300
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is an Edge Router?
Through initial and final filtering, this device helps to secure the perimeter of a protected network. It is responsible for implementing security actions based on the security policies of the organization.
Router Security 400
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is a Firewall?
This device typically picks up where the edge router leaves off and performs additional filtering. It provides additional access control by tracking the state of the connections and acts as a checkpoint device.
Router Security 500
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is False? It is only available for systems that support a PCMCIA Advanced Technology Attachment(ATA) Flash interface.
The Cisco IOS Resilient Configuration feature is only available for systems that support a Universal Serial Bus (USB) Advanced Technology Attachment (ATA) Flash interface.
True False100
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is False?
Routers running CISCO IOS Release 12.1(1)T image or later support SSH and by default is already configured and enabled.
True False 200
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is True?
You can easily tell if a CISCO IOS Release image supports SSH by looking for K8 or K9 in the image name.
True False 300
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is False?
The login block-for feature monitors login device activity and operates in three modes: Normal mode, Quiet mode and Whisper mode. The Whisper mode is especially useful in that it automatically sends syslog messages to the SNMP-SERVER without notifying the user.
True False 400
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
Beginning with the CISCO IOS Release 12.3(1) and later, administrators can set the minimum character length for all router passwords from 0 to 16 characters using the global configuration command security passwords min-length length
True False 500
A: What is True?
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is a Firewall?
By default, this device denies the initiation of connections from the outside (untrusted) networks to the inside (trusted) network.
More Router Security 100
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is a Firewall?
It allows the internal users to establish connections to the untrusted networks and permits the responses to come back through this device.
More Router Security 200
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is the Demilitarized Zone(DMZ)?
A variation of the defense-in-depth approach is to offer an intermediate area, often called ______. The ______ can be used for servers that must be accessible from the Internet.
More Router Security 300
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is a Firewall and Demilitarized Zone.?
The _____, located between the protected and unprotected networks, is set up to permit the required connections from the outside (untrusted) networks to the public servers in the _____.
More Router Security 400
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is the Demilitarized Zone, Router, Firewall?
In the _____approach, the _____ provides some protection by filtering some traffic, but leaves the bulk of the protection to the _____.
More Router Security 500
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is Physical Security?
Place the router and physical devices that connect to it in a secure locked room that is accessible only to authorized personnel, free of electrostatic or magnetic interference, has fire suppression, and controls for temperature and humidity. This is _____________.
Terms100
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is Operating System Security?
Configure the router with the maximum amount of memory possible. The availability of memory can help protect the network from some DoS attacks, while supporting the widest range of security services. This is __________________.
Terms 200
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is Router Hardening?
Secure administrative control. Ensure that only authorized personnel have access and that their level of access is controlled. Disable unused ports and interfaces. Reduce the number of ways a device can be accessed. This is ______________.
Terms 300
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is Root?
___ view has the same access privileges as a user who has level 15 privileges. Only a ___ view user can configure a new view and add or remove commands from the existing views.
Terms 400
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is CLI?
A specific set of commands can be bundled into a ____ view. Unlike privilege levels, a ____ view has no command hierarchy and no higher or lower views.
Terms 500
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is Superview?
A ______ consists of one or more CLI views. ______s allow a network administrator to assign users and groups of users multiple CLI views at once, instead of having to assign a single CLI view per user with all commands associated to the one CLI view.
Potpourri 100
CCNA1 v3 Module 2
Question100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is the Cisco IOS Resilient Configuration?
Potpourri 200
This feature allows for faster recovery if someone reformats flash memory or erases the startup configuration file in NVRAM. It secures the router image and maintains a secure working copy of the running configuration.
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is Advanced Technology Attachment?
Potpourri 300
ATA
CCNA1 v3 Module 2
Question
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is Secure Shell (SSH)?
Potpourri 400
___ provides functionality similar to an outbound Telnet connection, except the connection is encrypted and operates on port 22. With authentication and encryption, ___ allows for secure communication over a non-secure network.
CCNA1 v3 Module 2
Question100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500IST291 Chapter 2
A: What is 360 to 2048?
Potpourri 500
One way secret (asymmetric) keys must be generated for a router to encrypt the SSH traffic. To create the RSA key, use the crypto key generate rsa general-keys modulus modulus-size command in global configuration mode where modulus-size can be configured from ___ to ___.
CCNA1 v3 Module 2
Question
A: What is SSHv1 & SSHv2, SSHv1, SSHv2?
There are three versions of SSH: SSHv1 SSHv2 & SSHv3. Of these versions, CISCO IOS 12.3(4)T and later support ________. ___ uses the Rivest, Shamir and Adleman (RSA) algorithm & ___ uses the Diffie-Hellman key exchange and the strong integrity-checking message authentication code (MAC).
Final Jeopardy
IST291 Chapter 2
100 100 100 100 100 100
200 200 200 200 200 200
300 300 300 300 300 300
400 400 400 400 400 400
500 500 500 500 500 500