Ccna Sec Chap02

8/2/2019 Ccna Sec Chap02

1/13

CCNA Security Chapter 2Securing Network Devices

2.1.1.1 Describe an edge router:

2.1.1.2 Describe three different approaches tosecuring the internal (protected)network:

2.1.1.3 Describe three critical areas of routersecurity:

Page 1 of 13


2/13


2.1.1.4 Describe the important tasks involved insecuring administrative access:

2.1.1.5 When accessing the network remotely,what precautions should be taken?

2.1.2.1 Visit: http://sectools.org/crackers.html tosee a list of password attack tools.

2.1.2.1 Describe some common guidelines forchoosing strong passwords:

Page 2 of 13
http://sectools.org/crackers.htmlhttp://sectools.org/crackers.html


3/13


2.1.2.2 Describe the enable secretpasswordglobal configuration command:

2.1.2.2 How can you protect Console Portaccess?

2.1.2.2 How can you protect Virtual TerminalLine (vty) access?

2.1.2.2 How can you protect Auxiliary Port(aux) access?

2.1.2.3 What can be done to increase thesecurity of passwords?

2.1.2.4 What command creates asecure list ofusernames and passwords in adatabase on the router for local loginauthentication?

2.1.3.1 What should be done to betterconfigure security for virtual loginconnections?

2.1.3.2 What commands are available toconfigure a Cisco IOS device to supportenhanced login features?

Page 3 of 13


4/13


2.1.3.3 Describe the two login block-forfeature modes of operation:

2.1.3.4 What commands can be used to keeptrack of the number of successful andfailed login attempts.?

2.1.3.4 What command generates a log

message when the login failure rate isexceeded?

2.1.3.4 How can you verify that the loginblock-forcommand is configured andwhich mode the router is currently in?

2.1.3.4 What command displays moreinformation regarding failed loginattempts?

2.1.3.5 Why are banners important and howcan they be configured?

2.1.4.1 How can a secure remote accessconnection be established to manage

Cisco IOS devices?

2.1.4.1 Describe the four steps to configurerouters for the SSH protocol:

Page 4 of 13


5/13


2.1.4.2 Describe the four steps to configureSSH on a Cisco router and thecommands to accomplish each step:

2.1.4.3 Describe how to configure and confirm:SSH versionSSH timeout periodNumber of authentication retries

2.1.4.4 Describe the two ways to connect to anSSH-enabled router:

How can connection status be verified?

2.1.4.5 How can Cisco SDM be used toconfigure an SSH daemon on a router?

2.1.4.5 Using Cisco SDM how are the vty lines

configured to support SSH?

2.2.1.1 What two levels of access tocommands does Cisco IOS softwareCLI have?

Page 5 of 13


6/13


2.2.1.2 Describe the privilege levels available inthe Cisco IOS CLI.

2.2.1.2 What is the command to set privilegelevels?

2.2.1.3 What are the two methods for assigningpasswords to different levels forauthentication?

2.2.2.1 How can the limitations of assigningprivilege levels be overcome?

2.2.2.2 Role-based CLI provides which three

types of views?

Page 6 of 13


7/13


2.2.2.2 Describe the characteristics ofSuperviews:

2.2.2.3 Describe the steps to create andmanage a specific view:

2.2.2.4 Describe the steps to create andmanage a superview:

2.3.1.2 1. What command enables Cisco IOSimage resilience?2. What command takes a snapshot of

the router running configuration andsecurely archives it in persistentstorage?

2.3.1.3 What command is used to verify theexistence of the secured files in thearchive?

Page 7 of 13


8/13


2.3.1.3 Describe the steps to restore a primarybootset from a secure archive after therouter has been tampered with:

2.3.1.4 Describe the steps necessary torecover a lost router password:

2.3.1.5 What command secures the router fromthe normal password recovery process?

2.3.2.2 Describe the two paths that the flow cantake when logging and managinginformation flow between managementhosts and the managed devices:

Page 8 of 13


9/13


2.3.3.1 Describe 5 different facilities to whichCisco routers can send log messages:

2.3.3.1 What are the three main parts of Cisco

router log messages?

2.3.3.1 Describe the eight levels that Ciscorouter log messages fall into in order ofseverity from highest to lowest:

2.3.3.2 Describe the two types of systemscontained in Syslog implementations:

Page 9 of 13


10/13


2.3.3.2 Describe Cisco Security MARS andexplain how it uses logging information:

2.3.3.3 Describe the steps to activate andconfigure system logging:

2.3.3.4 Describe the steps to enable sysloglogging using Cisco Security DeviceManager:

2.3.4.1 Describe SNMP:

Page 10 of 13


11/13


2.3.4.1 Describe the components of SNMP:

2.3.4.1 What are the three actions that amanager node can use to view or alterinformation in a managed device?

2.3.4.2 Describe the two types of communitystrings as they relate to SNMP versions1 and 2:

2.3.4.3 How does SNMP version 3 address thevulnerabilities of versions 1 and 2?

2.3.4.4 Describe the security levels availablefor the three SNMP security models:

Page 11 of 13


12/13


2.3.4.5 This page shows the steps to activatean SNMP trap receiver.

2.3.5.1 Describe two ways to set date and timeon a Cisco router.

2.3.5.2 Describe the process of setting dateand time on Cisco routers using NTP:

2.3.5.3 Describe the security features of NTP:

2.3.5.3 This page shows the configurationsteps for CLI based NTP authentication:

2.3.5.4 This page shows the configurationsteps for SDM based NTP

authentication:

2.4.1.2 Describe some of the practices thathelp ensure that a network device issecure:

2.4.1.3 What is best way to determine and fixthe vulnerabilities that exist with a

current configuration?

2.4.1.4 What actions does the Security Auditwizard in Cisco Security DeviceManager (SDM) perform?

Page 12 of 13


13/13


2.4.2.1 Differentiate between the managementplane and the forwarding plane of aCisco router:

2.4.2.1 List management plane and forwardingplane services and functions which canbe secured with auto secure:

2.4.3.2 Describe the features of CiscoAutoSecure that are not implemented orare implemented differently in CiscoSDM one-step lockdown:

Page 13 of 13

Documents

Ccna Sec Chap02