Chapter 3: Defending The Perimeter

25 Questions

Please wait...
Perimeter Quizzes & Trivia

Studying for IINS. Chapter 3

Questions and Answers
  • 1. 
    Name four IOS security features.
  • 2. 
    The Cisco IOS       firewall feature allows an IOS router to perform stateful inspection of traffic (using Context-Based Access Control [CBAC]), in addition to basic traffic filtering using access control lists (ACL).
  • 3. 
    The IOS         feature can detect malicious network traffic inline and stop it before it reaches its destination.
  • 4. 
    A         firewall maintains a separate routing and forwarding table for each VPN, which helps eliminate issues that arise from more than one VPN using the same address space.
  • 5. 
    Cisco IOS routers can participate in        
  • 6. 
    Name three passwords configured during the SETUP Script
  • 7. 
    This password is used to permit access to a router’s privileged mode.
  • 8. 
    The Enable secret password is stored in the router’s configuration as an       hash value, making it difficult for an attacker to guess and impossible to see with the naked eye.
  • 9. 
    This password is not encrypted (or hashed) by default.
  • 10. 
    The enable password is considered       than the enable secret password.
  • 11. 
    When an administrator connects to a router over a network connection (such as a Telnet or SSH connection), she might be prompted to enter a       password to have access to the virtual tty line to which she is connecting.
  • 12. 
    Name three Cisco IOS Resilient Configuration Steps Enable image       Secure the       configuration Verify the security of the       
  • 13. 
    The       command, issued in global configuration mode, secures the Cisco IOS image. The secured image is hidden so that it does not appear in a directory listing of files.
  • 14. 
    The       command, issued in global configuration mode, archives the running configuration of a router to persistent storage.
  • 15. 
    The        command can be used to verify that Cisco IOS Resilient Configuration is enabled and that the files in the bootset have been secured.
  • 16. 
    Requirements added by Cisco IOS Login Enhancements for Virtual Connections   ■ Create a       between repeated login attempts. ■ Suspend the      process if a denial-of-service (DoS) attack is suspected. ■ Create       messages upon the success and/or failure of a login attempt.
  • 17. 
    The SDM wizard that helps you configure LAN and WAN interfaces
  • 18. 
    The SDM wizard that supports the configuration of basic and advanced IOSbased firewalls
  • 19. 
    The SDM wizard that helps you configure a secure site-to-site VPN, Cisco Easy VPN Server, Cisco Easy VPN Remote, and DMVPN
  • 20. 
    The SDM wizard that identifies potential security vulnerabilities in a router’s current configuration and tweaks the router’s configuration to eliminate those weaknesses
  • 21. 
    The SDM wizard that allows an administrator to modify and view routing configurations for the RIP, OSPF, or EIGRP routing protocols
  • 22. 
    The SDM wizard that helps you configure Network Address Translation (NAT)
  • 23. 
    The SDM wizard that walks an administrator through the process of configuring an IOS-based IPS
  • 24. 
    The SDM wizard that provides wizards for configuring Network Admission Control (NAC) features such as Extensible Authentication Protocols (EAP)
  • 25. 
    The SDM wizard that helps you configure NAC