Home > Articles

Securing Cisco Routers

  • Print
  • + Share This
This chapter is from the book

Exam Prep Questions

Question 1

Which of the following passwords can be applied on a Cisco router?

  1. enable secret 1lcisco123

  2. enable secret password cisco

  3. enable secret c

  4. enable secret <space><space>ciscocisco

Answers: B, C, D. Passwords on a Cisco router cannot start with a number, and they ignore the leading spaces after the keyword secret. You can have a password from 1 to 25 characters in length.

Question 2

Which of the following commands resulted in the output that is bolded:

line con 0
 exec-timeout 0 0
 password 7 104D000A061843595F50
 logging synchronous
  1. service password encryption

  2. service encryption password

  3. service password-encryption

  4. encryption-password

Answer: C. The service password-encryption command uses the Cisco- proprietary Vigenere cipher to encrypt all the other passwords on the router except the enable secret password (which uses MD5). A, B, and D are incorrect because they have the wrong syntax.

Question 3

Which command can you use to ensure that all administrative interfaces stay active for a period of 5 minutes and 45 seconds only after the last session activity?

  1. Central(config-line)#timeout 5 45

  2. Central(config-line)#exec-timeout 5 45

  3. Central(config)#exec-timeout 5 45

  4. Central#exec-timeout 5 45

Answer: B. The exec-timeout in line configuration mode ensures that the administrative interface stays up for the specified duration after the last session activity. A is incorrect because the correct command is exec-timeout and not simply timeout. C and D are incorrect because you have to be in line configuration mode to execute the exec-timeout command.

Question 4

Which of the following commands on a Cisco router can you use to prevent a hacker from finding out which users are logged into the network device?

  1. show cdp entry

  2. ip finger

  3. no ip finger

  4. no service finger

Answers: C, D. You can use the no ip finger and no service finger commands to prevent a hacker from finding out which users are logged into the network device. The no service finger command is a legacy command and works just the same as no ip finger.

Question 5

You have just configured the following access list and would like only these hosts to have Telnet access to the Central router. Which of the following commands will you use to make sure this implementation works?

Central(config)#access-list 1 permit host 10.10.0.1
Central(config)#access-list 1 permit host 10.10.0.2 
  1. ip access-group 1 in

  2. access-group 1 in

  3. ip access-class 1 in

  4. access-class 1 in

Answer: D. You use the access-class command in line configuration mode in an inbound direction to ensure that only hosts 10.10.0.1 and 10.10.0.2 are allowed to Telnet to the router. By default, all access lists have an implicit deny in the end, and because of that rule, only two hosts will be allowed Telnet access to the Central router.

  • + Share This
  • 🔖 Save To Your Account