Network Device Access Control and Infrastructure Security - Terminal Lines and Password Protection

9 important questions on Network Device Access Control and Infrastructure Security - Terminal Lines and Password Protection

What are the 3 basic methods to connect to the CLI of an IOS device?

1. Console port (line con 0) Physical
2. Auxiliary port (line aux 0) Remote modem
3. Virtual terminal lines (line vty 0 4) Telnet/SSH

What 3 methods are available to password protect the terminal lines?

1. Password directly on the line (Not recommended)
2. Using username-based authentication (recommended as fallback)
3. Using an AAA server (Highly recommended)

What 5 types of passwords are there in Cisco IOS?

1. Type 0 passwords (Not encrypted. Enable password. Should be avoided)

2. Type 5 passwords (Improved Cisco Proprietary encryption.  Uncrackable. Favorable over Type 0 and Type 7. Enable secret and Username secret.

3. Type 7 passwords (Cisco Proprietary encryption. Known to be weak. Service password encryption

4. Type 8 passwords (PBKDF2 and SHA-256. Uncrackable)

5. Type 9 passwords (SCRYPT hashing. Uncrackable)
  • Higher grades + faster learning
  • Never study anything twice
  • 100% sure, 100% understanding
Discover Study Smart

What are 3 ways to configure a Username and Password authentication on IOS?

1. With Username .. Password .. Command (Plaintext type-0 password)

2. With Username .. Secret .. Command (Type-5 encryption)

3. With Username .. Algorythm-type {MD5 | Sha256 | SCRYPT} (Type-5, Type-8 and Type-9 respectively)

What are the 3 default User Privilege Levels in IOS?

1. Privilege Level 0 (disable, enable, exit, help and logout)

2. Privilege Level 1 (User EXEC mode. > sign. No configuration command possible.)

3. Privilege Level 15 (Privileged EXEC mode. # sign. All commands available)

How can the protocol access to vty lines be set?

Using the Transport input {all | None | Telnet | SSH} command.

SSHv2 is preffered over SSHv1, what is the minimum modulus length needed for SSHv2?

768 bits

Which vlans are allowed on a Trunk link by default, and which methods can be used to change this?

All VLANS are allowed by default.
Commands to change:
switchport trunk allowed vlan add (To add allowed vlans)
switchport trunk allowed vlan all (To add all vlans to allowed)
switchport trunk allowed vlan except (To add all vlans except list)
switchport trunk allowed vlan remove (remove allowed vlans)

What are the different possibilities to configure a NTP Access-Group?

There are 4 options:

1. Peer (Receive Time Requests and NTP Control Queries and allow synchronization.)

2. Serve (Receive Time Requests and NTP Control Queries)

3. Serve-Only (Receive Time Requests only)

4. Query-Only (Receive NTP Control Queries only)

Try our study magic for free

a PDF, study it super fast
  • No sign up, email or credit card needed!
  • AI makes unlimited flashcards
  • Get unlimited quizzes and tests
  • Ask AI anything
Create a notebook
  • No sign up, email or credit card needed!
  • Have and keep perfect overview
  • Make flashcards, notes and mind maps
  • Review, test and score!

The question on the page originate from the summary of the following study material:

  • A unique study and practice tool
  • Never study anything twice again
  • Get the grades you hope for
  • 100% sure, 100% understanding
Remember faster, study better. Scientifically proven.
Trustpilot Logo