Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Refer to the exhibit. What security risks can be found on the configuration shown for Router : R1 ? (Choose Four)
The VTY password will not be used.
HTTP Server users are not authenticated.
The VTY ports protecting Telnet access have a weak and unencrypted password.
There is no encrypted password protecting the privilege mode.
For SSH, the vty-lines shouldn't have any passwords configured, and instead of having the: 'login' command, it should be configured as: 'login local'
The phrasing in the banner message is improper.
If you configure the: 'ip domain-name' as cisco.com, an invalid set of rsa-public-keys will be created when you use the: "crypto key generate rsa" command to enable SSH-version 2
Under: "line vty 0 4" it should have : 'transport input ssh' instead of the current option
(1) Appropriate wording in the banner message should be considered for giving security notice for those attempting unauthorized access. - - - - - (2) In the configuration, the: "no login", command can also be seen under the line vty, which makes the router not to ask for a login when accessing the router through Telnet even though it has a password./ - - - - - [The VTY and enable passwords are encrypted passwords. To enable HTTP Server authentication use the command _R1(config)# ip http authentication {aaa | enable |local | tacacs}, which cannot be found on the configuration] - - > For more information refer to: [http://www.cisco.com/c/en/us/td/docs/ios/122/termserv/command/reference/ftersvr/trfabout.html] - - - - - - -(3) For security, we shouldn't be allowing clear-text telnet, even if the password is encrypted in the running-config, that only admins will probably ever see: Change to: "transport input ssh" which won't allow any access but SSH - - - - (4) For SSH you should require either: an AAA -Server, or in this case, just use: "login local" which will use the globally configured username: 'cisco'/ - - - - - - The RSA-Keys are generated with a combination of the Hostname, and the configured: "ip domain-name". Most IOS's won't allow you to use one of the default-hostname (Router or Switch). And most IOS's will allow almost anything as an: "ip domain-name" (i.e. '123', 'xxx', 'ACME', "!", and "#.cipher.now-gone") for more info see: { http://www.zipz-services.com/skillset/SSH-Versionsabout.pdf } -and- { http://www.zipz-services.com/skillset/SSH-Basics-for-CCNA-2015.pdf }
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.