Which command has to be configured on the router to complete the SSH

configuration?
 ip domain-name cisco.com
 transport input ssh
 enable secret class
 service password-encryption

2Which statement describes the ping and tracert commands?

 Tracert uses IP addresses; ping does not.
 Tracert shows each hop, while ping shows a destination reply only.
 Ping shows whether the transmission is successful; tracert does not.
 Both ping and tracert can show results in a graphical display.
3A technician is to document the current configurations of all network devices in a
college, including those in off-site buildings. Which protocol would be best to use to
securely access the network devices?
 FTP
 SSH
 Telnet
 HTTP
 Navigation Bar

4When configuring SSH on a router to implement secure network management, a

network engineer has issued the login local and transport input ssh line vty
commands. What three additional configuration actions have to be performed to
complete the SSH configuration? (Choose three.)
 Set the user privilege levels.
 Configure role-based CLI access.
 Generate the asymmetric RSA keys.
 Manually enable SSH after the RSA keys are generated.
 Create a valid local username and password database.
 Configure the correct IP domain name.

5On which two interfaces or ports can security be improved by configuring executive
timeouts? (Choose two.)
 vty ports
 console ports
 Fast Ethernet interfaces
 serial interfaces
 loopback interfaces
6What is considered the most effective way to mitigate a worm attack?
 Ensure that all systems have the most current virus definitions.
 Download security updates from the operating system vendor and patch all vulnerable systems.
 Change system passwords every 30 days.
 Ensure that AAA is configured in the network

7A network technician is troubleshooting an issue and needs to verify all of the IPv6
interface addresses on a router. What is the best command to use to accomplish the
task?
 show ip nat translations
 show ip route
 show interfaces
 show ipv6 interface
8What is the role of an IPS?
 authenticating and validating traffic
 connecting global threat information to Cisco network security devices
 detecting and blocking of attacks in real time
 filtering of nefarious websites

9A user is redesigning a network for a small company and wants to ensure security at
a reasonable price. The user deploys a new application-aware firewall with intrusion
detection capabilities on the ISP connection. The user installs a second firewall to
separate the company network from the public network. Additionally, the user installs
an IPS on the internal network of the company. What approach is the user
implementing?
 structured
 risk based
 attack based
 layered
0
What is the purpose of the network security authentication function?
 to require users to prove who they are
 to determine which resources a user can access
 to keep track of the actions of a user
 to provide challenge and response questions

11Which type of attack involves an adversary attempting to gather information about

a network to identify vulnerabilities?
 dictionary
 DoS
 man-in-the-middle
 reconnaissance
12What feature of SSH makes it more secure than Telnet for a device management
connection?
 confidentiality with IPsec
 login information and data encryption
 stronger password requirement
 random one-time port connection

13What is the advantage of using SSH over Telnet?

 SSH provides secure communications to access hosts.
 SSH is easier to use.
 SSH operates faster than Telnet.
 SSH supports authentication for a connection request.
 Navigation Bar

14What is the difference between a virus and a worm?

 Viruses hide in legitimate programs but worms do not.
 Worms self-replicate but viruses do not.
  Viruses self-replicate but worms do not.
 Worms require a host file but viruses do not.
15Which example of malicious code would be classified as a Trojan horse?
 malware that requires manual user intervention to spread between systems
 malware that attaches itself to a legitimate program and spreads to other programs when launched
 malware that was written to look like a video game
 malware that can automatically spread from one system to another by exploiting a vulnerability in the target
16When applied to a router, which command would help mitigate brute-force
password attacks against the router?
 login block-for 60 attempts 5 within 60
 banner motd $Max failed logins = 5$
 exec-timeout 30
 service password-encryption

17Which attack involves a compromise of data that occurs between two end points?
 man-in-the-middle attack
 denial-of-service
 username enumeration
 extraction of security parameters

18Which firewall feature is used to ensure that packets coming into a network are
legitimate responses to requests initiated from internal hosts?
 stateful packet inspection
 application filtering
 URL filtering
 packet filtering

19Which network service automatically assigns IP addresses to devices on the

network?
 traceroute
 Telnet
 DNS
 DHCP
20A user reports a lack of network connectivity. The technician takes control of the
user machine and attempts to ping other computers on the network and these pings
fail. The technician pings the default gateway and that also fails. What can be
determined for sure by the results of these tests?
 The router that is attached to the same network as the workstation is down.
 The TCP/IP protocol is not enabled.
 The NIC in the PC is bad.
  Nothing can be determined for sure at this point.
21A network technician issues the C:\> tracert -6 www.cisco.com command on a
Windows PC. What is the purpose of the -6 command option?
 It sets a 6 milliseconds timeout for each replay.
 It limits the trace to only 6 hops.
 It forces the trace to use IPv6.
 It sends 6 probes within each TTL time period.
22A ping fails when performed from router R1 to directly connected router R2. The
network administrator then proceeds to issue the show cdp neighbors command.
Why would the network administrator issue this command if the ping failed between
the two routers?
 The network administrator suspects a virus because the ping command did not work.
 The network administrator wants to verify Layer 2 connectivity.
 The network administrator wants to verify the IP address configured on router R2.
 The network administrator wants to determine if connectivity can be established from a non-directly
connected network.
23An employee complains that a Windows PC cannot connect to the Internet. A
network technician issues the ipconfig command on the PC and is shown an IP
address of 169.254.10.3. Which two conclusions can be drawn? (Choose two.)
 The default gateway address is not configured.
 The PC cannot contact a DHCP server.
 The DNS server address is misconfigured.
 The PC is configured to obtain an IP address automatically.
 The enterprise network is misconfigured for dynamic routing.
24Which command can an administrator execute to determine what interface a router
will use to reach remote networks?
 show arp
 show interfaces
 show protocols
 show ip route

25Which statement is true about Cisco IOS ping indicators?

 'U' may indicate that a router along the path did not contain a route to the destination address and that the
ping was unsuccessful.
 ' . ' indicates that the ping was successful but the response time was longer than normal.
 A combination of '.' and '!' indicates that a router along the path did not have a route to the destination
address and responded with an ICMP unreachable message.
 '!' indicates that the ping was unsuccessful and that the device may have issues finding a DNS serve
26Users are complaining that they are unable to browse certain websites on the
Internet. An administrator can successfully ping a web server via its IP address, but
cannot browse to the domain name of the website. Which troubleshooting tool would
be most useful in determining where the problem is?
  tracert
 netstat
 ipconfig
 nslookup
27Which method is used to send a ping message specifying the source address for the
ping?
 Issue the ping command from within interface configuration mode.
 Issue the ping command after shutting down un-needed interfaces.
 Issue the ping command without extended commands.
 Issue the ping command without specifying a destination IP address.

 Telnet
 show cdp neighbors
 an extended ping
 traceroute
29What is an accurate description of redundancy?
 configuring a router with a complete MAC address database to ensure that all frames can be forwarded to
the correct destination
 designing a network to use multiple paths between switches to ensure there is no single point of failure
 configuring a switch with proper security to ensure that all traffic forwarded through an interface is filtered
 designing a network to use multiple virtual devices to ensure that all traffic uses the best path through the
internetwork
29What is an accurate description of redundancy?
 configuring a router with a complete MAC address database to ensure that all frames can be forwarded to
the correct destination
 designing a network to use multiple paths between switches to ensure there is no single point of failure
 configuring a switch with proper security to ensure that all traffic forwarded through an interface is filtered
 designing a network to use multiple virtual devices to ensure that all traffic uses the best path through the
internetwork
30Which command can an administrator issue on a Cisco router to send debug
messages to the vty lines?
 logging synchronous
 terminal monitor
  logging buffered
 logging console

31What is the purpose of a small company using a protocol analyzer utility to capture
network traffic on the network segments where the company is considering a network
upgrade?
 to document and analyze network traffic requirements on each network segment
 to capture the Internet connection bandwidth requirement
 to identify the source and destination of local network traffic
 to establish a baseline for security analysis after the network is upgraded
31What is the purpose of a small company using a protocol analyzer utility to capture
network traffic on the network segments where the company is considering a network
upgrade?
 to document and analyze network traffic requirements on each network segment
 to capture the Internet connection bandwidth requirement
 to identify the source and destination of local network traffic
 to establish a baseline for security analysis after the network is upgraded
32Why would a network administrator use the tracert utility?
 to check information about a DNS name in the DNS server
 to determine the active TCP connections on a PC
 to display the IP address, default gateway, and DNS server address for a PC
 to identify where a packet was lost or delayed on a network


Something is causing a time delay between the networks.
 Connectivity between H1 and H3 is fine.
 H3 is not connected properly to the network.
 Performance between the networks is within expected parameters.
 Something is causing interference between H1 and R1.
34A network administrator is upgrading a small business network to give high priority
to real-time applications traffic. What two types of network services is the network
administrator trying to accommodate? (Choose two.)
  SNMP
 instant messaging
 FTP
 video
 voice
35An administrator decides to use "RobErT" as the password on a newly installed
router. Which statement applies to the password choice?
 It is weak since it uses easily found personal information.
 It is strong because it contains 10 numbers and special characters.
 It is strong because it uses a passphrase.
 It is strong because it uses a minimum of 10 numbers, letters and special characters.