Chapter 6 - Securing the Management Plane Flashcards Preview

Cisco CCNA Security (640-554) > Chapter 6 - Securing the Management Plane > Flashcards

Flashcards in Chapter 6 - Securing the Management Plane Deck (8):

What command do you use to check what privilege level you're currently at?

show privilege


How do you get out of privilege exec (Level 15)?



What are the requirements for enabling SSH on a router?

  • Hostname (other than "router)
  • domain name
  • public / private key pair
  • require "login" on VTY lines
  • Have a user account configured either locally or on an ACS server.


What command creates a public / private key pair on a router?

(config)# crypto key generate rsa


How do you enable timestamps on log entries?

(config)# service timestamps log datetime


Which two commands are needed to create a secure bootset on a router?

(config)# secure boot-image

(config)# secure boot-config

verify using show secure bootset

Router(config)# secure boot-image

Router(config)# %IOS_RESILIENCE-5-IMAGE_RESIL_ACTIVE: Successfully secured running image

Router(config)# secure boot-config

Router(config)# %IOS_RESILIENCE-5-CONFIG_RESIL_ACTIVE: Successfully secured config archive []


What happens to a router when you issue the no service password-recovery command?

You will lose access to ROMMON. (know this for the exam)


More info:

Without ROMMON you can not change the configuration register to bypass the startup configuration.


When configuring role-based CLI on a router what do you have to do first?

Enable the root view on the router.


More info:

Basically execute the enable command and enter the secret password (or enable password)

You have to be the root view, not just a user that has level 15 privilege access.