Device Security Quiz

Q: Which Cisco IOS command disables the unsecured HTTP management server on a router?

no ip http server — Use `no ip http server` to disable HTTP and `ip http secure-server` to enable HTTPS-only management access.

Q: What is the minimum recommended RSA key modulus size for SSH version 2 on Cisco routers?

1024 bits — SSH v2 requires at least a 768-bit key; 1024 bits is the accepted minimum recommended in the CCNA Security curriculum.

Q: Cisco privilege level 15 represents:

Privileged EXEC mode with full administrative access — Level 15 is privileged EXEC (enable mode) with full administrative access to all IOS commands.

Q: The `banner motd` command on a Cisco router is used to:

Display a legal warning message before authentication — The Message of the Day (MOTD) banner displays a legal warning to any user connecting to the device, before authentication.

Q: Which IOS command explicitly restricts a VTY line to accept only SSH connections?

transport input ssh — `transport input ssh` (in line vty config) rejects Telnet and only allows SSH, preventing cleartext management sessions.

Q: The `service password-encryption` command applies which type of encryption to plaintext passwords?

Type 7 — a weak, reversible obfuscation — Type 7 (Vigenère-based) is weak and reversible. `enable secret` uses MD5 (Type 5) and is always preferred over `enable password`.

Q: SNMPv3 improves on SNMPv1/v2c primarily by adding:

Authentication and encryption of SNMP messages — SNMPv3 adds user-based security with authentication (HMAC-MD5/SHA) and optional privacy (DES/AES) — neither existed in v1 or v2c.

Q: Which Cisco privilege level grants only basic user EXEC commands (ping, traceroute, show version)?

Level 1 — Privilege level 1 is the default user EXEC mode. Level 0 grants only a handful of commands. Level 15 is full admin access.

Home
Blog
Hobbies
- Movies
- Recipes
- Dogs
- Videos
CCNA Security
Engineering
Forum

CCNA Security

Home
Chapters
Search

Securing Network Devices

Question 1 of 12

Which Cisco IOS command disables the unsecured HTTP management server on a router?

Select the best answer:

no ip http server

ip http secure-server

no http service

disable http

What is the minimum recommended RSA key modulus size for SSH version 2 on Cisco routers?

Select the best answer:

512 bits

768 bits

1024 bits

256 bits

Cisco privilege level 15 represents:

Select the best answer:

User EXEC mode with no configuration privileges

Privileged EXEC mode with full administrative access

Read-only access limited to show commands

A custom level used only for SSH access

The `banner motd` command on a Cisco router is used to:

Select the best answer:

Display the hostname in the CLI prompt

Display a legal warning message before authentication

Configure the console port password

Advertise the router's IP address via CDP

Which IOS command explicitly restricts a VTY line to accept only SSH connections?

Select the best answer:

ip ssh version 2

transport input ssh

crypto key generate rsa modulus 1024

ip domain-name ssh

The `service password-encryption` command applies which type of encryption to plaintext passwords?

Select the best answer:

MD5 hashing (Type 5)

Type 7 — a weak, reversible obfuscation

AES-256 encryption

SHA-256 hashing

NTP authentication on a Cisco router is configured to:

Select the best answer:

Encrypt NTP packets end-to-end with AES

Verify that NTP updates originate from a trusted time source

Synchronize clocks over HTTPS instead of UDP

Set the correct timezone on the router automatically

What does the Cisco AutoSecure feature do when invoked?

Select the best answer:

Automatically downloads and installs IOS security patches

Disables unnecessary services and interactively prompts to configure security features

Generates ACLs based on live traffic analysis

Encrypts all SNMP community strings with AES

SNMPv3 improves on SNMPv1/v2c primarily by adding:

Select the best answer:

Support for 64-bit performance counters

Authentication and encryption of SNMP messages

TCP transport for reliable delivery

Unlimited community string length

Which Cisco privilege level grants only basic user EXEC commands (ping, traceroute, show version)?

Select the best answer:

Level 0

Level 1

Level 5

Level 15

Which Cisco IOS feature temporarily blocks all login attempts after repeated failures?

Select the best answer:

login block-for

ip access-class (restricts source IP, not attempt count)

no service telnet

aaa authentication attempts login

The `enable secret` command is preferred over `enable password` because it:

Select the best answer:

Uses Type 7 encryption, which is stronger

Stores the password using a one-way MD5 hash, making it more resistant to cracking

Allows the password to be longer than 25 characters

Is required for SSH access on all Cisco platforms

Bible

Favorite Verses

Latest Projects

AWS Cloudfront Hacks

Latest Book

Contact Information

West Chester PA
email