Chapter 6 - Securing the Management Plane Flashcards Preview

Cisco CCNA Security (640-554) > Chapter 6 - Securing the Management Plane > Flashcards

Flashcards in Chapter 6 - Securing the Management Plane Deck (8):
1

What command do you use to check what privilege level you're currently at?

show privilege

2

How do you get out of privilege exec (Level 15)?

disable

3

What are the requirements for enabling SSH on a router?

  • Hostname (other than "router)
  • domain name
  • public / private key pair
  • require "login" on VTY lines
  • Have a user account configured either locally or on an ACS server.

4

What command creates a public / private key pair on a router?

(config)# crypto key generate rsa

5

How do you enable timestamps on log entries?

(config)# service timestamps log datetime

6

Which two commands are needed to create a secure bootset on a router?

(config)# secure boot-image

(config)# secure boot-config

verify using show secure bootset


Router(config)# secure boot-image

Router(config)# %IOS_RESILIENCE-5-IMAGE_RESIL_ACTIVE: Successfully secured running image

Router(config)# secure boot-config

Router(config)# %IOS_RESILIENCE-5-CONFIG_RESIL_ACTIVE: Successfully secured config archive [flash:.runcfg-20101017-020040.ar]
 

7

What happens to a router when you issue the no service password-recovery command?

You will lose access to ROMMON. (know this for the exam)

 

More info:

Without ROMMON you can not change the configuration register to bypass the startup configuration.

8

When configuring role-based CLI on a router what do you have to do first?

Enable the root view on the router.

 

More info:

Basically execute the enable command and enter the secret password (or enable password)

You have to be the root view, not just a user that has level 15 privilege access.