11/24/2020 CCNA Security v2.

0 Chapter 2 Test Online

 Questions Bank IOS Commands Help Resources » IP Subnet Calculators »

 Donations

Search the site 

 CCNA v6 »  CCNA v7 » IT Essentials 7.0 » CCNA Security v2.0 »

CCNA CyberOps » CCNP » Linux »

 Questions Bank CCNA v6 » CCNA v7 » IT Essentials 7.0 » CCNA Security v2.0 »

CCNA CyberOps » CCNP » Linux » IOS Commands Help Resources »

Download Cisco Packet Tracer » IP Subnet Calculators » Donation Contact

CCNA Security v2.0 Chapter 2 Test

Online
 19/08/2016 |  Last Updated on 19/03/2019 |
 CCNA Security v2.0 Answers |  1 Comment

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 1/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

IIoT Gateway
PROFIBUS
Future proof investment
due to the ongoing
implementation of
Softing Industrial standardized interfaces

CCNA Security Exam

 Share  Tweet  Share  Pin it Answers
Chapter 1 Exam
Chapter 2 Exam
1 2 3 4 5 6 7 8 9 10 11 12
Chapter 3 Exam
13 14 15 16 17 18 19 20 21 22 23 24 Chapter 4 Exam
Chapter 5 Exam
25 Chapter 6 Exam
Answered Review
Chapter 7 Exam
Chapter 8 Exam
1. Question 1 points Chapter 9 Exam

An administrator defined a local user account with a secret Chapter 10 Exam

password on router R1 for use with SSH. Which three Chapter 11 Exam
additional steps are required to configure R1 to accept only Practice Final Exam
encrypted SSH connections? (Choose three.) Certification Practice Exam
Final Exam
1. Enable inbound vty SSH sessions. PT Practice Skill SA Part 1 Answers
PT Practice Skill SA Part 2 Answers
2. Generate two-way pre-shared keys.
3. Configure DNS on the router.
Share your Buy me a
4. Configure the IP domain name on the router.
Donate
5. Enable inbound vty Telnet sessions.
6. Generate the SSH keys.
Recent Comments
2. Question 1 points
CCNA Questions Answers on
Which set of commands are required to create a username of CCNA 200-301 Dumps Full
admin, hash the password using MD5, and force the router to Questions – Exam Study Guide &
Free

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 2/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

access the internal username database when a user attempts CCNA Questions Answers on
to access the console? CCNA 3 v7.0 Final Exam
Answers Full – Enterprise
1. R1(config)# username admin password Admin01pa55 Networking, Security, and
Automation
R1(config)# line con 0 R1(config-line)# login local
CCNA Questions Answers on IT
2. R1(config)# username admin secret Admin01pa55 Essentials 7.0 Final Exam
R1(config)# line con 0 R1(config-line)# login local (Chapters 1-9) Answers Full

3. R1(config)# username admin Admin01pa55 encr md5 CCNA Questions Answers on IT

Essentials 7.0 Final Exam –
R1(config)# line con 0 R1(config-line)# login local
Composite (Chapters 1-14)
4. R1(config)# username admin password Admin01pa55 Answers
R1(config)# line con 0 R1(config-line)# login CCNA Questions Answers on
CCNA 3 v7 Modules 6 – 8: WAN
5. R1(config)# username admin secret Admin01pa55 Concepts Test Online
R1(config)# line con 0 R1(config-line)# login

3. Question 1 points

Refer to the exhibit. Which statement about the JR-Admin

account is true?

IIoT Gateway
1. JR-Admin can issue only ping commands.
2. JR-Admin can issue show, ping, and reload
PROFIBUS
commands.

3. JR-Admin cannot issue any command because the

Future proof investme
privilege level does not match one of those defined. due to the ongoing
implementation of
4. JR-Admin can issue debug and reload commands.
standardized inte ace
5. JR-Admin can issue ping and reload commands

So ing Industrial
4. Question 1 points

Which three areas of router security must be maintained to

secure an edge router at the network perimeter? (Choose
three.) Open
1. remote access security

2. zone isolation
https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 3/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

3. router hardening
4. operating system security

5. flash security

6. physical security

5. Question 1 points

Which recommended security practice prevents attackers from

performing password recovery on a Cisco IOS router for the
purpose of gaining access to the privileged EXEC mode?

1. Locate the router in a secure locked room that is

accessible only to authorized personnel.

2. Configure secure administrative control to ensure that

only authorized personnel can access the router.
3. Keep a secure copy of the router Cisco IOS image and
router configuration file as a backup.

4. Provision the router with the maximum amount of

memory possible.

5. Disable all unused ports and interfaces to reduce the

number of ways that the router can be accessed.

6. Question 1 points

Refer to the exhibit. Based on the output of the show running-

config command, which type of view is SUPPORT?

1. CLI view, containing SHOWVIEW and VERIFYVIEW

commands

2. superview, containing SHOWVIEW and VERIFYVIEW

views

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 4/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

3. secret view, with a level 5 encrypted password

4. root view, with a level 5 encrypted secret password

7. Question 1 points

Which two characteristics apply to role-based CLI access

superviews? (Choose two.)

1. A specific superview cannot have commands added to

it directly.

2. CLI views have passwords, but superviews do not

have passwords.
3. A single superview can be shared among multiple CLI
views.

4. Deleting a superview deletes all associated CLI views.

5. Users logged in to a superview can access all
commands specified within the associated CLI views.

8. Question 1 points

Which three types of views are available when configuring the

role-based CLI access feature? (Choose three.)

1. superview

2. admin view

3. root view
4. superuser view

5. CLI view

6. config view

9. Question 1 points

If AAA is already enabled, which three CLI steps are required

to configure a router with a specific view? (Choose three.)

1. Create a superview using the parser view view-name

command.

2. Associate the view with the root view.

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 5/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

3. Assign users who can use the view.

4. Create a view using the parser view view-name
command.

5. Assign a secret password to the view.

6. Assign commands to the view.

10. Question 1 points

What occurs after RSA keys are generated on a Cisco router

to prepare for secure device management?

1. The keys must be zeroized to reset Secure Shell

before configuring other parameters.

2. All vty ports are automatically configured for SSH to

provide secure management.
3. The general-purpose key size must be specified for
authentication with the crypto key generate rsa general-keys
moduluscommand.

4. The generated keys can be used by SSH.

11. Question 1 points

Which three statements describe limitations in using privilege

levels for assigning command authorization? (Choose three.)

1. Creating a user account that needs access to most but

not all commands can be a tedious process.
2. Views are required to define the CLI commands that
each user can access.
3. Commands set on a higher privilege level are not
available for lower privilege users.
4. It is required that all 16 privilege levels be defined,
whether they are used or not.

5. There is no access control to specific interfaces on a

router.
6. The root user must be assigned to each privilege level
that is defined.

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 6/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

12. Question 1 points

What command must be issued to enable login enhancements

on a Cisco router?

1. privilege exec level

2. login delay
3. login block-for

4. banner motd

13. Question 1 points

What is the default privilege level of user accounts created on

Cisco routers?

1. 0

2. 1
3. 15
4. 16

14. Question 1 points

A network administrator notices that unsuccessful login

attempts have caused a router to enter quiet mode. How can
the administrator maintain remote access to the networks
even during quiet mode?

1. Quiet mode behavior can be enabled via an ip access-

group command on a physical interface.
2. Quiet mode behavior will only prevent specific user
accounts from attempting to authenticate.

3. Quiet mode behavior can be overridden for specific

networks by using an ACL.
4. Quiet mode behavior can be disabled by an
administrator by using SSH to connect.

15. Question 1 points

What is a characteristic of the Cisco IOS Resilient

Configuration feature?
https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 7/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

1. It maintains a secure working copy of the bootstrap

startup program.

2. Once issued, the secure boot-config command

automatically upgrades the configuration archive to a newer
version after new configuration commands have been
entered.
3. A snapshot of the router running configuration can be
taken and securely archived in persistent storage.

4. The secure boot-image command works properly when

the system is configured to run an image from a TFTP
server.

16. Question 1 points

What is a requirement to use the Secure Copy Protocol

feature?

1. At least one user with privilege level 1 has to be

configured for local authentication.
2. A command must be issued to enable the SCP server
side functionality.
3. A transfer can only originate from SCP clients that are
routers.

4. The Telnet protocol has to be configured on the SCP

server side.

17. Question 1 points

What is a characteristic of the MIB?

1. The OIDs are organized in a hierarchical structure.

2. Information in the MIB cannot be changed.
3. A separate MIB tree exists for any given device in the
network.
4. Information is organized in a flat manner so that SNMP
can access it quickly.

18. Question 1 points

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 8/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

Which three items are prompted for a user response during

interactive AutoSecure setup? (Choose three.)

1. IP addresses of interfaces

2. content of a security banner

3. enable secret password
4. services to disable

5. enable password
6. interfaces to enable

19. Question 1 points

A network engineer is implementing security on all company

routers. Which two commands must be issued to force
authentication via the password 1A2b3C for all OSPF-enabled
interfaces in the backbone area of the company network?
(Choose two.)

1. area 0 authentication message-digest

2. ip ospf message-digest-key 1 md5 1A2b3C

3. username OSPF password 1A2b3C
4. enable password 1A2b3C

5. area 1 authentication message-digest

20. Question 1 points

What is the purpose of using the ip ospf message-digest-key

key md5 password command and the area area-id
authentication message-digest command on a router?

1. to configure OSPF MD5 authentication globally on the

router

2. to enable OSPF MD5 authentication on a per-interface

basis
3. to facilitate the establishment of neighbor adjacencies

4. to encrypt OSPF routing updates

21. Question 1 points

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 9/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

What are two reasons to enable OSPF routing protocol

authentication on a network? (Choose two.)

1. to provide data security through encryption

2. to ensure faster network convergence

3. to ensure more efficient routing

4. to prevent data traffic from being redirected and then
discarded

5. to prevent redirection of data traffic to an insecure link

22. Question 1 points

Which two options can be configured by Cisco AutoSecure?

(Choose two.)

1. enable secret password

2. interface IP address
3. SNMP

4. security banner
5. syslog

23. Question 1 points

Which three functions are provided by the syslog logging

service? (Choose three.)

1. setting the size of the logging buffer

2. specifying where captured information is stored

3. gathering logging information

4. authenticating and encrypting data sent over the
network

5. distinguishing between information to be captured and

information to be ignored
6. retaining captured messages on the router when a
router is rebooted

24. Question 1 points

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 10/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

What is the Control Plane Policing (CoPP) feature designed to

accomplish?

1. disable control plane services to reduce overall traffic

2. prevent unnecessary traffic from overwhelming the

route processor
3. direct all excess traffic away from the route process

4. manage services provided by the control plane

25. Question 1 points

Which three actions are produced by adding Cisco IOS login

enhancements to the router login process? (Choose three.)

1. permit only secure console access

2. create password authentication
3. automatically provide AAA authentication

4. create syslog messages

5. slow down an active attack
6. disable logins from specified hosts

Quiz-summary

Related Articles

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 11/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

Connect with   

Join the discussion

{} 

1 COMMENT

Robin  4 years ago

Q19 should be answer 2 (level 1)

0 0 Reply

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 12/13
11/24/2020 CCNA Security v2.0 Chapter 2 Test Online

ITExamAnswers.net Copyright © 2020. Privacy Policy | Contact

https://itexamanswers.net/ccna-security-v2-0-chapter-2-test-online.html 13/13