Hide Notes 

Slide 1: 642-501 Securing Cisco IOS Networks Exam: 642-501 Demo Edition CERT MAGIC 1 http://www.certmagic.com
Slide 2: 642-501 Section 1: Sec One (1 to 20) Details: Basic Cisco Router Security Secure administrative access for Cisco routers QUESTION: 1 Exhibit: servicepassword-encryption ! aaa new-model aaa authentication login default line aaa authentication login nologin name aaa authentication login admin tacacs+ enable aaa authentication ppp default tacacs+ ! enable secret 5 $1$WogB$7.0FLEFgB8Wp.C9eqNX9L/ ! ! interface Group-Async ip unnumbered Loopback0 ip tcp header-compression passive encapsulation ppp async mode interactive John at Certmagic Inc. is looking at this configuration to figure out what method authenticates through the vty port. Which method is correct? A. no access permitted B. line password C. no authentication required D. default authentication used Answer: B Explanation: Enabling Authentication for LoginUsing the aaaauthentication logincommand and the following keywords, you create one or more lists of authentication methods that are tried at login. The lists are used with the login authenticationline configuration command. Enter the following command in global configuration mode to enable authentication for login: Switch# aaa authentication login {default |list-name} method1 [method3]]The keyword list-name is any character string used to name the list you are creating. The method keyword refers to the actual method the authentication algorithm tries, in the sequence entered. You can enter up to three methods: Keyword Description line Uses the line password for authentication. local Uses the local username database for authentication. tacacs+ Uses TACACS+ authentication. 2 http://www.certmagic.com
Slide 3: 642-501 Reference: http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_ guide_chapter09186a008007f03 QUESTION: 2 James the administrator on Certmagic is trying to figure out which router table is modified or prevented from updating, if a rerouting attack occurs.(Choose one) A. ARP B. address C. bridging D. routing Answer: D Explanation: Route filters can be set up on any interface to prevent learning or propagating routing information inappropriately. Some routing protocols (such as EIGRP) allow you to insert a filter on the routes being advertised so that certain routes are not advertised in some parts of the network. Reference: Managing Cisco Network Security (Ciscopress) page 233 QUESTION: 3 Brain the security administrator is in charge of creating a security policy for Certmagic Inc. Which two statements about the creation of a security policy are true? (Choose two) A. It helps Chief Information Officers determine the return on investment of network security at Certmagic Inc. B. It defines how to track down and prosecute policy offenders at Certmagic Inc. C. It helps determine which vendor security equipment or software is better than others. D. It clears the general security framework so you can implement network security at Certmagic Inc. E. It provides a process to audit existing network security at Certmagic Inc. F. It defines which behavior is and is not allowed at Certmagic Inc. Answer: E, F 3 http://www.certmagic.com
Slide 4: 642-501 Explanation: Reasons to create a network security policy: 1. Provides a process to audit existing network security 2. Provides a general security framework for implementing network security 3. Defines which behavior is and is not allowed 4. Often helps determine which tools and procedures are needed for the organization 5. Helps communicate consensus among a group of key decision-makers and defines responsibilities of users and administrators 6. Defines a process for handling network security incidents 7. Enables global security implementation and enforcement 8. Creates a basis for legal action if necessary Reference: Managing Cisco Network Security (Ciscopress) page 43 QUESTION: 4 John the administrator at Certmagic Inc. is working on securing the router passwords. Which IOS command encrypts all clear text passwords in a router configuration? A. service password-encryption B. service password md5 C. encrypt passwords D. enable password-encryption E. service password-encrypted Answer: A Explanation: servicepassword-encryption To encrypt passwords, use the service password-encryption global configuration command. Use the no form of this command to disable this service. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_command_summary _chapter09186a00800d9c26.ht QUESTION: 5 Johnthe administrator wants to know which type of key exchange mechanism is DiffieHellman. 4 http://www.certmagic.com
Slide 5: 642-501 A. Private key exchange B. RSA keying C. Public key exchange D. AES key exchange Answer: C Explanation: Diffie-Hellman is used to securely exchange public keys so that shared secret keys can be securely generated for use as DES keys. Reference: Managing Cisco Network Security (Ciscopress) page 467 QUESTION: 6 John the security administrator for Certmagic Inc. needs to identify three character mode access methods. Choose three character mode access methods. A. ppp B. tty C. vty D. async E. acl F. aux Answer: B, C, F Explanation: AAA and Character-Mode Traffic - AAA secure character-mode traffic during login sessions via the lines" 1. Aux 2. Console 3. TTY 4. VTY Reference: Managing Cisco Network Security (Ciscopress) page 113 QUESTION: 7 Kathy the security administrator for Certmagic Inc. is working on defending the network. One of the attacks she is working to defend is SYN flooding and is looking to know which Cisco IOS feature defends against SYN flooding DoS attacks. 5 http://www.certmagic.com
Slide 6: 642-501 A. Route authentication B. Encryption C. ACLs D. TCP intercept Answer: D Explanation: The TCP intercept feature in Cisco IOS software protects TCP servers from SYN- flooding attacks, a type of DoS attack. Reference: Managing Cisco Network Security (Ciscopress) page 239 QUESTION: 8 The security team at Certmagic Inc. was asked the question, what attack is most often used in social engineering. They all answered this wrong. What is the correct answer? A. Session fragment B. Unauthorized access C. Data manipulation D. Malicious applets Answer: B Explanation: Social engineering is when someone attempts to manipulate others to access information or access without authorization. Social engineering has many levels, but they all have the same goal of gaining unauthorized information or access. QUESTION: 9 Jason the security administrator Certmagic Inc. wants to know by default, how long does a router wait before terminating an unattended line connection? A. 5 minutes B. 10 minutes C. 20 minutes D. 30 minutes Answer: B 6 http://www.certmagic.com
Slide 7: 642-501 Explanation: In the page 76 of the MCNS book you see the right data is 10 minutes. QUESTION: 10 Which of the following are Cisco firewall features? (Choose three.) A. PIX firewall B. authentication proxy C. flash memory D. CBAC E. stateful failover F. IDS Answer: B, D, F Explanation: The Cisco IOS firewall feature set was first introduced as CiscoSecure Integrated Software (CSIS). The Cisco IOS firewall overview lists the following features: 1) Standard and extended access lists 2) Dynamic access lists 3) Reflexive access lists 4) System auditing 5) TCP intercept 6) Java blocking 7) Context-based access control - CBAC examines traffic passing through the firewall at all layers (up to the application layer). CBAC is used to generate dynamic accesslists. 8) Cisco IOS firewall IDS. 9) DoS mitigation 10) Authentication proxy - Authentication proxy is used to proxy authentication requests to AAA server. This allows authentication to occur on a per-user basis. 11) Network Address Translation 12) IPSec network security 13) Neighbor router authentication 14) Event logging 15) User authentication and authorization 16) Real-time alerts Reference: CCSP SECUR exam certification guide p.69-70 7 http://www.certmagic.com
Slide 8: 642-501 QUESTION: 11 Which of the following IOS commands will you advice the Certmagic trainee technician to use when setting the timeout for router terminal line? A. exec-timeout minute [seconds] B. line-timeout minute [seconds] C. timeout console minute [seconds] D. exec-time minutes [seconds] Answer: A http://www.cisco.com/warp/public/793/access_dial/comm_server.html QUESTION: 12 What is another name for packet mode when working in a NAS environment? A. Interface B. PPP C. CTY D. Async Answer: B http://www.cisco.com/warp/public/707/32.html QUESTION: 13 Which of the following represents the two files that are necessary to run SDM on a Cisco Router? (Select two) A. secure.shtml B. sdm.shtml C. sdm.exe D. sdm.tar E. home.tar Answer: B, D Explanation: 8 http://www.certmagic.com
Slide 9: 642-501 The answer are B sdm.shtml and D sdm.tar.Do show flash on cisco router sdm the single files available are sdm.tar, sdm.shtml and sdmconfig.cfg All these field are necessary to run the SDM on the router, instead of the SDM.exe is to install the application on outer but not to run the application CSP Self- Study Securing Cisco IOS Network (Secure) CiscoPress.com John F Roland Note: Copy the SDM files on the TFTP server to the router Flash memory, using the following CLI commands: Router# copy tftp://<tftp server IP address>/sdm.tar flash: Router# copy tftp://<tftp server IP address>/sdm.shtml flash: Router# copy tftp://<tftp server IP address>/home.tar flash: Router# copy tftp://<tftp server IP address>/home.html flash QUESTION: 14 Choose the command that you will advice the new Certmagic trainee technician to use to verify that SDM as been installed on a Cisco router. A. show manager B. show version C. show flash D. show sdm E. show running-config Answer: C The quickest test is to connect your PC to the lowest-numbered Ethernet port with a crossover cable and browse to http://<router ip-address> and see if Cisco SDM launch point is present on the resulting web page. If you have a Cisco 83x, 1701, 1710, 1711, or 1712 router, configure the PC to obtain an IP address automatically. If you have any other supported router, configure the PC with the static IP address 10.10.10.2. Alternatively, you can use the CLI to check that the Cisco SDM files are present in the router Flash memory: enter show flash nd look for the Cisco SDM file set: sdm.tar, sdm.shtml, sdmconfigxxxx.cfg. If the files are present, then confirm that the router configuration is set to support Cisco SDM. The configuration requirements are explained n the document Downloading and Installing SDM. QUESTION: 15 Which of the following protocols can you use to provide secure communications between a target router and SDM? (Select two.) A. HTTPS B. RCP C. Telnet 9 http://www.certmagic.com
Slide 10: 642-501 D. SSH E. HTTP F. AES Answer: A, D Cisco SDM communicates with routers for two purposes: to access the Cisco SDM application files for download to the PC and to read and write the router configuration and status. Cisco SDM uses HTTP(s) to download the application files to the PC. A combination of HTTP(s), Telnet/SSH is used to read and write the outer configuration. QUESTION: 16 Which of the following actions can you take to prevent newly configured commands from being sent to a target router? A. delete B. remove C. undo D. clear-commands E. refresh Answer: E To send the commands, you have to do a Deliver. However, if you do a refresh, then the router is polled and the current configuration on the router is brought back to the SDM and any changes that were not yet delivered would be lost. Therefore, the answer is REFRESH -E QUESTION: 17 Which one of the following actions can you take to enable SDM generated commands to reach the target router? A. You could refresh. B. You could save. C. You could deliver. D. You could download. E. You could copy-config. Answer: C 10 http://www.certmagic.com
Slide 11: 642-501 If you are working in Advanced mode, you must save your work by clicking the Deliver button on the SDM toolbar. The Deliver window allows you to preview the commands that you are sending to the router, and allows you to specify that you want the commands saved to the router's startup configuration. QUESTION: 18 Which of the following URLs is used to securely access SDM on a router with an IP address of 10.0.5.12? A. https://10.0.5.12/flash/sdm.tar B. https://10.0.5.12/flash/sdm.html C. https://10.0.5.12/flash/sdm.shtml D. https://10.0.5.12/flash/sdm Answer: C Start SDM SDM is stored in the router Flash memory. It is invoked by executing an HTML file in the router archive, which then loads the signed SDM Java file. To launch SDM: -------------------------------------------------------------------------------Step 1 From your browser, type in the following universal resource locator (URL): https://<router IP address> https://... specifies that the Secure Socket Layer (SSL) protocol be used for a secure connection QUESTION: 19 What is the maximum amount of routers SDM can manage simultaneously? A. 1 B. 5 C. 50 D. 100 E. determined by router model F. all of the above Answer: A One. Cisco SDM is a tool for configuring, managing, and monitoring a single Cisco router. Each Cisco router is accessible with its own copy of Cisco SDM. QUESTION: 20 11 http://www.certmagic.com
Slide 12: 642-501 Which of the following is the minimum IOS release that is capable of supporting SDM? A. 11.2 B. 12.0 C. 12.1 D. 12.2 E. 6.1 Answer: D 12 http://www.certmagic.com