Chapter 8 Flashcards Preview

CCNA 100-101 > Chapter 8 > Flashcards

Flashcards in Chapter 8 Deck (30):
1

What is the default password setting for console 0?

Console access is open by default.

2

What is the default security settings for Telnet and SSH?

Disabled by default

3

Securing user mode with a simple password means what

Console and/or tenlet users must enter a password (no username)

4

Command for entering console line configuration mode from global configuration mode

line console 0

5

Two login authentication methods for Cisco switches that use username/passwords

Manually setting up unique username/passwords for each switch

Using a AAA (authentication, authorization, and accounting) server

6

Protocols used by AAA servers

RADIUS or TACACS+

7

What does a Cisco switch need to begin accepting SSH connections?

Cryptography Key used to encrypt data

8

Command to list status information about the ssh server

show ip ssh

9

Command to list the ssh clients connected to the switch

show ssh

10

Benefits of ssh2 over ssh1

Improves security algorithms and adds banner support

11

2 Commands set set support for telnet and ssh

transport input all
transport input telnet ssh

12

Command to set support for telnet, ssh

From the vty line subcommand: transport input {all|none|telnet|ssh}

13

command to encrypt stored passwords so they aren't stored as cleartext in config file

service password-encryption

14

Command to turn off password encryptions

no service password-encryption

15

Effect of turning off password encryption

No immediate effect. Passwords are still stored encrypted until a change to the password is made

16

Enable Password command versus Enable Secret Password

Both set password for enable mode. Enable Secret Password is newer and more secure because it encrypts the enable password in the config

17

Three popular banner types

MOTD, Exec, Login

18

MOTH banner

Shown before the login prompt. Used for temporary messages that change from time to time

19

Login Banner

Shown at the login prompt. Used for permanent messages ("Unauthorized user prohobited")

20

Exec Banner

Shown after successful login. Provide information that should be hidden from unauthorized users

21

command to list all commands stored in the history file

show history

22

command to disable syslog messages on the console screen

in global config, no logging console

23

All types of port security have 3 common concepts

Define max number of source MAC addresses allowed for an interface / watch incoming frames & keep a list of unique MAC addresses & a counter of unique addresses / When counter pushes past max, shut the port down

24

Before setting up port security on an interface, you must define what --

The type of interface - static access or a trunk interface

25

Four optional types of port security

Override default max number of allowed MAC addresses / override result of a security violation (protect, restrict, or shutdown) / define allowed MAC addresses / set up "sticky learning" to learn new MAC addresses

26

Result of an interface shutdown due to a port security violation

Disables the interface, discards all traffic, sends log and SNMP messages

27

Result of an interface "protect" mode due to a port security violation

Discards offending traffic. Does not send SNMP messages. All other traffic continues

28

Result of an interface "restrict" mode due to a port security violation

Discards offending traffic, sends log and SNMP messages. All valid traffic continues

29

How to recover an interface from a shutdown state, triggered by a violation of port security - what are the commands?

Manually shutdown and bring the interface back up.

shutdown
no shutdown

30

What 3 things should you do to secure unused ports?

Disable the interface using the shutdown subcommand.
Prevent VLAN trunking by setting the port to switchport mode access
Assign the port to an unused VLAN