IOS Security

Question 1

What file stores vlan information and where is it stored?

Answer 1

vlan.dat and it is stored on flash

Question 2

How do you clear the device configuration?

Answer 2

delete startup-configuration
or
write erase (wr e)

Delete vlan.dat on a switch

Question 3

which banner is recommended for displaying legal information to users that are trying to access the system?

Answer 3

banner motd

messages of the day

Question 4

Which is more secure, TELNET or SSH ? Why?

Answer 4

SSH. TELNET is sent in clear text and can be seen with a packet sniffer like Wireshark. SSH employs public key cryptography for the encryption.

Question 5

What do you need in order to enable SSH?

Answer 5

1. set an ip domain name to associate to RSA encryption keys
2. generate an RSA encryption keys using fqdn
3. create local account and local database
4. enable SSH on VTY lines

Question 6

What command creates RSA encryption keys?

Answer 6

crypto key generate rsa

Question 7

What is the default encryption strength? What is recommended?

Answer 7

512 is the default. 1024 is recommended

Question 8

Which port does SSH use?

Answer 8

SSH uses a well-known TCP port 22.

Question 9

Which global configuration command is used to encrypt all passwords in device configuration file?

Answer 9

service password-encryption

Question 10

Where do you assign the IP address on a switch for telnet or SSH?

Answer 10

VLAN1

Question 11

What does VTY stand for?

Answer 11

Virtual TeletYpe

Question 12

Which port does TELNET use?

Answer 12

23

Question 13

Which is more secure “enable secret 5” or “enable password 7”

Answer 13

enable secure 5

Question 14

How do secure privileged EXEC mode?

Answer 14

enable secret securePassword
This encrypt the password in password-5, which is more secure then password-7.

enable password securePassword saves the password in clear text. enable secret trumps enable password.