ActualTests.Cisco.640-802.Exam.Q.and.A.08.15.08-DDU (1130589), страница 66
Текст из файла (страница 66)
Prevent the loss of passwords by disabling encryptionD. Always use Telnet to access the device command line because its data is automaticallyencryptedE. Use SSH or another encrypted and authenticated transport to access deviceconfigurationsF. Use easy to remember passwords so that they are not forgottenAnswer: A, EExplanation:Whenever the trusted (inside) part of the network connects to an untrusted (outside, orinternet) network, the use of a firewall should be implemented to ensure only legitimatetraffic is allowed within the enterprise.
SSH is a secure alternative to telnet that encryptsthe traffic so that data carried within can not be "sniffed." It is always recommended touse SSH over telnet whenever possible.QUESTION 583:You want to enable telnet access to a Certkiller router as securely as possible. Whichof the following commands would you execute if you wanted to enable others toestablish a telnet session on a Cisco router?A.
Certkiller 1(config)# line console 0Certkiller 1(config-if)# enable password CertkillerB. Certkiller 1(config)# line vty 0Certkiller 1(config-line)#enable password CertkillerC. Certkiller 1(config)# line vty 0Certkiller 1(config-line)#enable secret CertkillerCertkiller 1(config-line)# loginD. Certkiller 1(config)# line console 0Certkiller 1(config-line)#enable secret CertkillerCertkiller 1(config-line)#loginE. Certkiller 1(config)#line console 0Actualtests.com - The Power of Knowing640-802Certkiller 1(config-line)# password CertkillerCertkiller 1(config-line)#loginF. Certkiller 1(config)#line vty 0Certkiller 1(config-line)#password CertkillerCertkiller 1(config-line)#loginAnswer: FExplanation:Telnet sessions use virtual terminal sessions, which are configured under the "line vty"portion of the configuration.
There are 5 total vty sessions that can be configured,numbered 0-4. In order to be prompted for a password, one must be configured. Choice Fgives the 3 commands needed to allow a single telnet session.Incorrect Answers:A, B, C, D. The telnet password needs to be configured in addition to the enablepassword. Without the initial password configured, users that try to telnet to the routerwill receive a "password required, but none set" message.D, E. Telnet uses VTY ports, not the console port.QUESTION 584:You want to increase the security in the Certkiller network. What are the twosecurity appliances that can be installed in this network? (Choose two)A.
SDMB. ATMC. IDSD. IOXE. IPSF. IOSG. FRAnswer: C, EQUESTION 585:Certkiller University has a small campus where 25 faculty members are located. Thefaculty offices and student computers are currently on the same network. Thefaculty is concerned about students being able to capture packets going across thenetwork and obtain sensitive material. What could a network administrator do toprotect faculty network traffic from student connections?A. Install anti-virus software on the student computers.B. Put the faculty computers in a separate VLAN.Actualtests.com - The Power of Knowing640-802C. Power down the switches that connect to faculty computers when they are not in use.D. Remove the student computers from the network and put them on a peer-to-peernetwork.E.
Create an access list that blocks the students from the Internet where the hacking tollsare located.F. None of the aboveAnswer: BExplanation:Main Functions of a VLAN:1. The VLAN can group several broadcast domains into multiple logical subnets.2. You can accomplish network additions, moves, and changes by configuring a port into theappropriate VLAN.1.
You can place a group of users who need high security into a VLAN so that no users outside fthe VLAN can communicate with them.2. As a logical grouping of users by function, VLANs can be considered independent from heirphysical or geographic locations.3. VLANs can enhance network security.4. VLANs increase the number of broadcast domains while decreasing their size.QUESTION 586:What are three valid reasons to assign ports on VLANs on a new Certkiller LANswitch? (Choose three)A. To make VTP easier to implementB.
To isolate broadcast trafficC. To increase the size of the collision domainD. To allow more devices to connect to the networkE. To logically group hosts according to functionF. To increase network securityAnswer: B, E, FExplanation:Main Functions of a VLAN (see previous question):1. The VLAN can group several broadcast domains into multiple logical subnets.2. You can accomplish network additions, moves, and changes by configuring a port into theappropriate VLAN.1.
You can place a group of users who need high security into a VLAN so that no users outside fthe VLAN can communicate with them.2. As a logical grouping of users by function, VLANs can be considered independent from heirphysical or geographic locations.Actualtests.com - The Power of Knowing640-8023. VLANs can enhance network security.4.
VLANs increase the number of broadcast domains while decreasing their size.QUESTION 587:What set of router configuration commands causes the message shown in the exhibitbelow?A. Certkiller 1(config)# line console 0Certkiller 1(config-line)# service password-encryptionCertkiller 1(config-line)# loginB.
Certkiller 1(config)# line console 0Certkiller 1(config-line)# enable password ciscoCertkiller 1(config-line)# loginC. Certkiller 1(config)# line console 0Certkiller 1(config-line)# enable password ciscoCertkiller 1(config-line)# logging synchronousD. Certkiller 1(config)# line console 0Certkiller 1(config-line)# enable secret ciscoCertkiller 1(config-line)# loginE.
Certkiller 1(config)# line console 0Certkiller 1(config-line)# password ciscoCertkiller 1(config-line)# loginF. None of the aboveAnswer: EExplanation:Use the line con 0 command to configure the console line. Use the login and passwordcommands to configure the console for login with a password. Here is an example usingthe Battle Creek router:Battle>enablePassword:*******CK1 #conf termCK1 (config)#line con 0CK1 (config-line)#loginCK1 (config-line)#password oatmealCK1 (config-line)#^ZActualtests.com - The Power of Knowing640-802The "login" command is needed to enforce users to log in to the router using the consoleconnection.QUESTION 588:Refer to the Certkiller network shown below:For security reasons, information about Certkiller 1, including platform and IPaddresses, should not be accessible from the Internet.
This information should,however, be accessible to devices on the internal networks of Certkiller 1. Whichcommand or series of commands will accomplish these objectives?A. Certkiller 1(config)#no cdp enableB. Certkiller 1(config)#no cdp runC. Certkiller 1(config)#interface s0/0Certkiller 1(config-if)#no cdp runD. Certkiller 1(config)#interface s0/0Certkiller 1(config-if)#no cdp enableE.
None of the aboveAnswer: DExplanation:CDP is a proprietary protocol designed by Cisco tohelp administrators collect information about bothlocally attached and remote devices. By using CDP,you can gather hardware and protocol informationabout neighbor devices which is useful info fortroubleshooting and documenting the network.Actualtests.com - The Power of Knowing640-802To disable the CDP on particular interface use the "no cdp enable" command. To disableCDP on the entire router use the "no cdp run" in global configuration mode.QUESTION 589:An extended access list needs to be applied to a Certkiller router.
What three piecesof information can be used in an extended access list to filter traffic? (Choose three)A. Source IP Address and destination IP addressB. Source MAC address and destination MAC addressC. Source switch port numberD. VLAN numberE. ProtocolF. TCP or UDP port numbersAnswer: A, E, FQUESTION 590:The Certkiller administrator is implementing access control lists in the Certkillernetwork. What are two reasons that the Certkiller network administrator would useaccess lists? (Choose two.)A. To filter traffic as it passes through a routerB.
To filter traffic that originates from the routerC. To replace passwords as a line of defense against security incursionsD. To control broadcast traffic through a routerE. To control VTY access into a routerF. To encrypt trafficAnswer: A, EQUESTION 591:Router CK1 is configured with an inbound ACL. When are packets processed inthis inbound access list?A. Before they are routed to an outbound interface.B. After they are routed for outbound traffic.C.
After they are routed to an outbound interface while queuing.D. Before and after they are routed to an outbound interface.E. Depends on the configuration of the interfaceF. None of the aboveActualtests.com - The Power of Knowing640-802Answer: AExplanation:When a packet is received on an interface with an inbound access list configured, thepackets are matched against the access list to determine if they should be permitted ordenied. After this check, the packets are processed by the routing function. The accesslist check is always done first.Incorrect Answers:B, C. The packets are always processed by the inbound access list prior to being routed.D. All packets are always checked against a specific access list only once.
While packetstraversing through a router may be checked against different access lists for eachinterface and in each direction (inbound and outbound), each access list is always onlyconsulted once.QUESTION 592:Many Certkiller routers are configured using access lists. Which of the following arebenefits provided with access control lists (ACLs)? (Select all that apply)A. ACLs monitor the number of bytes and packets.B. Virus detection.C. ACLs identify interesting traffic for DDR.D. ACLs provide IP route filtering.E. ACLs provide high network availability.F. ACLs classify and organize network traffic.Answer: C, DExplanation:IP access control lists allow a router to discard some packets based on criteria defined bythe network engineer.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
