版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
窗体顶端
WhataretwocharacteristicsoftheSDMSecurityAuditwizard?(Choosetwo。)
ItusesinteractivedialogsandpromptstoimplementAAA。
ItautomaticallyenablesCiscoIOSfirewallandimplementsCiscoIOSIPSsecurityconfigurationstosecuretherouter。
ItdisplaysascreenwithFix—itcheckboxestoletyouchoosewhichpotentialsecurity—relatedconfigurationchangestoimplement.
Itrequiresuserstofirstidentifywhichrouterinterfacesconnecttotheinsidenetworkandwhichconnecttotheoutsidenetwork。
ItisinitiatedfromCLIandexecutesascriptinwhichthemanagmentplanefunctionsandforwardingplaneservicesaretestedagainstknownvulnerabilities
窗体底端
窗体顶端
WhichstatementmatchestheCLIcommandstotheSDMwizardthatperformssimilarconfigurationfunctions?
aaaconfigurationcommandsandtheSDMBasicFirewallwizard
autosecureprivilegedEXECcommandandtheSDMOne—StepLockdownwizard
class-maps,policy—maps,andservice-policyconfigurationcommandsandtheSDMIPSwizard
setupprivilegedEXECcommandandtheSDMSecurityAuditwizard
窗体底端
窗体顶端
Refertotheexhibit.Whatisthesignificanceofsecret5inthegeneratedoutput?
TheADMINpasswordisencryptedusingDHgroup5.
TheADMINpasswordisencryptedviatheservicepassword-encryptioncommand。
TheADMINpasswordishashedusingMD5。
TheADMINpasswordishashedusingSHA。
窗体底端
窗体顶端
WhichtwooperationsarerequiredtoimplementCiscoSDMOne-StepLockdown?(Choosetwo.)
ChoosetheOne-StepLockdownfeature。
Applythedocumentednetworkpolicies.
Delivertheconfigurationchangestotherouter.
Comparetherouterconfigurationagainstrecommendedsettings.
SelecttheFirewallandACLtaskontheSDMConfigurationscreen。
窗体顶端
Refertotheexhibit.WhichtwostatementsdescribethecurrentSDMloggingsetup?(Choosetwo.)
BufferedloggingwillbeenabledontherouterforLoggingLevel7messages.
BufferedloggingwillbeenabledonthesyslogserverforLoggingLevel7messages。
Allmessageswithatraplevelof4andhigher(lesscritical)willbelogged。
Allmessageswithatraplevelof4andlower(morecritical)willbelogged.
TherouterinterfaceIPaddressthatisconnectedtothesyslogserveris192。168。1.3。
ThesyslogserverIPaddressis192。168。1.3.
Refertotheexhibit.Whattwopiecesofinformationcanbegatheredfromthegeneratedmessage?(Choosetwo.)
Thismessageisalevelfivenotificationmessage.
Thismessageappearedbecauseaminorerroroccurredrequiringfurtherinvestigation.
Thismessageappearedbecauseamajorerroroccurredrequiringimmediateaction。
Thismessageindicatesthatservicetimestampshavebeengloballyenabled.
Thismessageindicatesthatenhancedsecuritywasconfiguredonthevtyports。
Whichthreeareasofroutersecuritymustbemaintainedtosecureanedgerouteratthenetworkperimeter?(Choosethree.)
physicalsecurity
flashsecurity
operatingsystemsecurity
remoteaccesssecurity
routerhardening
zoneisolation
窗体顶端
Whichsetofcommandsarerequiredtocreateausernameofadmin,hashthepasswordusingMD5,andforcetheroutertoaccesstheinternalusernamedatabasewhenauserattemptstoaccesstheconsole?
R1(config)#usernameadminpasswordAdmin01pa55
R1(config)#linecon0
R1(config-line)#loginlocal
R1(config)#usernameadminpasswordAdmin01pa55
R1(config)#linecon0
R1(config—line)#logininternal
R1(config)#usernameadminAdmin01pa55encrmd5
R1(config)#linecon0
R1(config-line)#loginlocal
R1(config)#usernameadminsecretAdmin01pa55
R1(config)#linecon0
R1(config-line)#loginlocal
R1(config)#usernameadminsecretAdmin01pa55
R1(config)#linecon0
R1(config—line)#logininternal
窗体底端
Bydefault,howmanysecondsofdelaybetweenvirtualloginattemptsisinvokedwhentheloginblock-forcommandisconfigured?
one
two
three
four
five
窗体顶端
AnadministratordefinedalocaluseraccountwithasecretpasswordonrouterR1forusewithSSH.WhichthreeadditionalstepsarerequiredtoconfigureR1toacceptonlyencryptedSSHconnections?(Choosethree.)
configuretheIPdomainnameontherouter
enableinboundvtyTelnetsessions
generatetheSSHkeys
configureDNSontherouter
enableinboundvtySSHsessions
generatetwo-waypre—sharedkeys
窗体底端
WhichrecommendedsecuritypracticepreventsattackersfromperformingpasswordrecoveryonaCiscoIOSrouterforthepurposeofgainingaccesstotheprivilegedEXECmode?
KeepasecurecopyoftherouterCiscoIOSimageandrouterconfigurationfileasabackup。
Disableallunusedportsandinterfacestoreducethenumberofwaysthattheroutercanbeaccessed.
Configuresecureadministrativecontroltoensurethatonlyauthorizedpersonnelcanaccesstherouter。
Locatetherouterinasecurelockedroomthatisaccessibleonlytoauthorizedpersonnel。
Provisiontherouterwiththemaximumamountofmemorypossible.
窗体顶端
Refertotheexhibit.WhichstatementregardingtheJR-Adminaccountistrue?
JR-Admincanissueshow,ping,andreloadcommands。
JR—Admincanissuepingandreloadcommands。
JR—Admincanissueonlypingcommands。
JR-Admincanissuedebugandreloadcommands.
JR-Admincannotissueanycommandbecausetheprivilegeleveldoesnotmatchoneofthose
窗体底端
窗体顶端
Refertotheexhibit。Basedontheoutputoftheshowrunning—configcommand,whichtypeofviewisSUPPORT?
secretview,withalevel5encryptedpassword
rootview,withalevel5encryptedsecretpassword
superview,containingSHOWVIEWandVERIFYVIEWviews
CLIview,containingSHOWVIEWandVERIFYVIEWcommands
窗体顶端
WhichtwocharacteristicsapplytoRole—BasedCLIAccesssuperviews?(Choosetwo。)
CLIviewshavepasswords,butsuperviewsdonothavepasswords。
UsersloggedintoasuperviewcanaccessallcommandsspecifiedwithintheassociatedCLIviews.
AsinglesuperviewcanbesharedamongmultipleCLIviews。
Commandscannotbeconfiguredforaspecificsuperview.
DeletingasuperviewdeletesallassociatedCLIviews.
窗体顶端
IfAAAisalreadyenabled,whichthreeCLIstepsarerequiredtoconfigurearouterwithaspecificview?(Choosethree.)
assignasecretpasswordtotheview
assigncommandstotheview
assignuserswhocanusetheview
associatetheviewwiththerootview
createasuperviewusingtheparserviewview—namecommand
createaviewusingtheparserviewview—namecommand
窗体底端
窗体顶端
Whatarethreerequirementsthatmustbemetifanadministratorwantstomaintaindeviceconfigurationsviasecurein—bandmanagement?(Choosethree。)
networkdevicesconfiguredtoaccommodateSSH
aseparatenetworksegmentconnectingallmanagementdevices
atleastonerouteractingasaterminalserver
encryptionofallremoteaccessmanagementtraffic
connectiontonetworkdevicesthroughaproductionnetworkortheInternet
directaccesstotheconsoleportsofallnetworkdevices
窗体底端
窗体顶端
WhataretwocharacteristicsofSNMPcommunitystrings?(Choosetwo。)
AvulnerabilityofSNMPv1,SNMPv2,andSNMPv3isthattheysendthecommunitystringsinplaintext。
CommonlyknowncommunitystringsshouldbeusedwhenconfiguringsecureSNMP.
Ifthemanagersendsoneofthecorrectread—onlycommunitystrings,itcangetinformationandsetinformationinanagent.
SNMPread—onlycommunitystringscanbeusedtogetinformationfromanSNMP—enableddevice。
SNMPread-writecommunitystringscanbeusedtosetinformationonanSNMP-enableddevice.
窗体顶端
Refertotheexhibit。RoutersR1andR2areconnectedviaaseriallink。OnerouterisconfiguredastheNTPmaster,andtheotherisanNTPclient.WhichtwopiecesofinformationcanbeobtainedfromthepartialoutputoftheshowntpassociationsdetailcommandonR2?(Choosetwo。)
BothroutersareconfiguredtouseNTPv2.
RouterR1isthemaster,andR2istheclient。
RouterR2isthemaster,andR1istheclient.
TheIPaddressofR1is192.168.1。2.
TheIPaddressofR2is192。168.1。2.
窗体底端
窗体顶端
WhichthreecommandsarerequiredtorestoreaprimarybootsetfromasecurearchiveonarouteronwhichCiscoIOSresilienceisenabled?(Choosethree。)
RestarttherouterinROMmonitormodeanddisplaythesecurebootsetCiscoIOSimagenameusingthedircommand.
Restarttherouter,enterprivilegedEXECmode,anddisplaythesecurebootsetCiscoIOSimagenameusingtheshowflashcommand。
BootthesecurebootsetCiscoIOSimageusingthebootcommandwiththefilename.
CopythesecurebootsetCiscoIOSimagetoflashusingthecopyIOS—backup—imageflashcommand.
Restorethesecureconfigurationfileusingthecopyconfig—backupflashcommand.
Restorethesecureconfigurationfileusingthesecureboot-configrestorefilenamecommand.
窗体顶端
WhichthreeoptionscanbeconfiguredbyCiscoAutoSecure?(Choosethree。)
CBAC
SNMP
syslog
securitybanner
interfaceIPaddress
enablesecretpassword
窗体顶端
WhatistheminimumrecommendedmoduluskeylengthforkeysgeneratedtousewithSSH?
256
512
768
1024
2048
窗体底端
窗体顶端
AnadministratorneedstocreateauseraccountwithcustomaccesstomostprivilegedEXECcommands。Whichprivilegecommandisusedtocreatethiscustomaccount?
privilegeexeclevel0
privilegeexeclevel1
privilegeexeclevel2
privilegeexeclevel15
窗体顶端
Refertotheexhibit.Whattwofactscanbedeterminedfromtheoutput?(Choosetwo。)
TheCiscoIOSimageandconfigurationfileshavebeenproperlysecured。
ROMmonmodewillbeinaccessibleuponenteringtheprivilegedEXECreloadcommand。
TheCiscoIO
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
评论
0/150
提交评论