Encryption for remote access connections
AAA for authenticating management access
Routing protocol authentication
NTP for consistent timestamps on logging messages
Local AAA authentication provides a way to configure backup methods of authentication, but login local does not
The login local command requires the administrator to manually configure the usernames and passwords, but local AAA authentication does not
Local AAA authentication allows more than one user account to be configured, but login local does not.
The login local command uses local usernames and passwords stored on the router, but local AAA authentication does not.
The enable secret password could be used in the next login attempt.
The authentication process stops.
The username and password of the local user database could be used in the next login attempt.
The enable secret password and a random username could be used in the next login attempt.
Identification of Layer 3 protocol support on hosts
TCP and UDP port scanning
Validation of IT system configuration
They are more resource intensive.
DES weak keys use very long key sizes.
They produce identical subkeys.
DES weak keys are difficult to manage.
Reactive protection against Internet attacks
Granularity control within applications
Support of TCP-based packet filtering
Support for logging
When the router boots up, the Cisco IOS image is loaded from a secured FTP location.
The Cisco IOS image file is not visible in the output of the show flash command.
The Cisco IOS image is encrypted and then automatically backed up to the NVRAM.
The Cisco IOS image is encrypted and then automatically backed up to a TFTP server.
The ASAs must all be running the same ASDM version.
Each ASA must have the same enable secret password.
Each ASA must have the same master passphrase enabled.
The ASAs must be connected to each other through at least one inside interface.
ASDM must be run as a local application.
ISAKMP SA policy
ZPF allows interfaces to be placed into zones for IP inspection.
The ZPF is not dependent on ACLs.
Multiple inspection actions are used with ZPF.
ZPF policies are easy to read and troubleshoot.
With ZPF, the router will allow packets unless they are explicitly blocked.
Step-by-step details regarding methods to deploy company switches
Recommended best practices for placement of all company switches
Required steps to ensure consistent configuration of all company switches
List of suggestions regarding how to quickly configure all company switches
An uplink port to another switch
On any port where DHCP snooping is disabled 2
Any untrusted port
Access ports only
A router interface can belong to only one zone at a time.
Service policies are applied in interface configuration mode.
Router management interfaces must be manually assigned to the self zone.
The pass action works in multiple directions.
The Telnet connection between RouterA and RouterB is not working correctly.
The password cisco123 is wrong.
The administrator does not have enough rights on the PC that is being used.
The enable password and the Telnet password need to be the same.
MAC and IP address spoofing
The crypto map has not yet been applied to an interface.
The current peer IP address should be 172.30.2.1.
There is a mismatch between the transform sets.
The tunnel configuration was established and can be tested with extended pings.
Public key algorithms
Packet filters perform almost all the tasks of a high-end firewall at a fraction of the cost.
Packet filters provide an initial degree of security at the data-link and network layer.
Packet filters represent a complete firewall solution.
Packet filters are not susceptible to IP spoofing.
Aaa accounting network start-stop group tacacs+
Aaa accounting network start-stop group radius
Aaa accounting connection start-stop group radius
Aaa accounting exec start-stop group radius
Aaa accounting connection start-stop group tacacs+
Aaa accounting exec start-stop group tacacs+
Allows a new TCP session to be established for every authorization request
Authorizes connections based on a list of IP addresses configured in an ACL on a Cisco ACS server
Allows a Cisco ACS server to minimize delay by establishing persistent TCP connections
Allows the device to establish only a single connection with the AAA-enabled server
Install a UPS.
Keep a secure copy of router operating system images.
Configure the router with the maximum amount of memory possible.
Disable default router services that are not necessary.
Reduce the number of ports that can be used to access the router.
It uses UDP port 500 to exchange IKE information between the security gateways.
IKE Phase 1 can be implemented in three different modes: main, aggressive, or quick.
It allows for the transmission of keys directly across a network.
The purpose of IKE Phase 2 is to negotiate a security association between two IKE peers.
Here's an interesting quiz for you.