CCNA Security Interview Questions-Part1

  • By Dnyaneshwari Shinde
  • January 25, 2020
  • CCNANetworking
CCNA Security Interview Questions-Part1

CCNA Security Interview Questions – Part 1

Question 1. If an attacker is trying to do an attack with telnet how to avoid that attack?

Answer: If an attacker is trying to do a DOS attack then we can block that login with the IOS login enhancement concept.

Login block for 30 attempts 2 within 15. The give command gives the possibility that if any user failed login for 2 attempts then it will block that user for 30 sec within 15 sec. If someone is trying to take access so this way we can protect the router with the customized timings.

Question 2. What is a Quiet Mode?

Answer: Quiet mode is generally used in the IOS login Enhancement concept.  A quiet mode in which your router will block the corresponding login attempts until the given time expires. Once that given timer expires then quiet mode is off state. The quiet mode doesn’t listen to telnet, ssh and HTTP traffic.

For Free, Demo classes Call: 7798058777
Registration Link: Click Here!

Question 3.  How to access hosts when you are in quiet mode?

Answer: If we want to access the Internal IP host in quiet mode then we need to configure a quiet mode access control list. We need to create policy then we need to create an exception and then call that exception in the quiet mode.

Login block for 30 attempts 2 within 15——–policy

Ip access-list standard 10 ————————Exception

Permit <Host ip address>

Exit

Login quiet-mode access-class 10————–we called this exception in this command.

Question 4. How to slow down the attack?

Answer: Attacker is trying to access the wrong username and password again and again then we can slow down the attack with the help of delay. We can configure the delay.

Login delay <>

Question 5. How to configure on-failure? How does it work?

Answer: Login on-failure log. 

This command will generate logs on the failure of a username. It will show bad users in log generation.

Question 6.  What is the significance of access class?

Answer: In the access control list we usually define the access group. We define the destination, source, ports all are defined in the access group. but if we define access-group we don’t need to define a destination. It will take any destination. Because the access list is applied to the box.

 Question 7. What is vulnerability?

Answer: Vulnerability is nothing but a weak point of protocol or network.

Telnet- plain text communication

HTTP- plain text

SNMP V1- plain text

SMTP- plain text

We can use countermeasures. Countermeasures are nothing but the steps that have taken to remove the vulnerability or threat.

The following are the countermeasures over the vulnerabilities.

Telnet— use SSH

HTTP— use HTTPS

SNMP v1— SNMP V3

SMTP— HTTPS over SMTP

For Free, Demo classes Call: 7798058777
Registration Link: Click Here!

Question 8. Explain Network security lifecycle.

Answer: Step 1-.Initiation-

 We need to find all the vulnerabilities. If authentication is not provided or dynamic arp inspection is not configured,  these are all vulnerabilities.

All these vulnerabilities are categorized in different types.

1.Low Risk- for eg. dynamic ARP inspection .

2.Medium Risk- for eg. Routing protocol without authentication.

3.High Risk- for eg. security guard.

Step 2- Development-

We need to find all the countermeasures to avoid vulnerability.

Step 3-  Implementation

We need to perform all the operations on the devices.

Step 4- Monitoring

We need to monitor all the changes that we have done in implementation.

Question 9. How many ways in SSH for configuration ?

Answer: There are  three different methods to perform ssh

  1. Ip Domain name cisco

Crypto key generate RSA

  1. Crypto key generate RSA label Cisco modules 1024

Manually we have assigned the name of the key so no need to configure domain and domain name.

3.IP HTTP secure-server

Question 10. What is the key?

Answer: Key is a mathematical algorithm who is going  to perform a specific task.

There are different types of keys

1.Authentication key

2.Hashing Key

3.Encryption Key

Question 11.  How to verify key and domain names in SSH?

Answer: Show crypto key mypubkey rsa

This command will give you hostname and domain name.

Question 12. What are the types of keys in SSH?

Answer: There are 2 types of keys in SSH

  1. Exportable Key
  2. Non-Exportable Key

For eg. Crypto key generates rsa label cisco exportable .

We can not export your private keys. Because private key is not shareable. So we can use export key.

For Free, Demo classes Call: 7798058777
Registration Link: Click Here!

Question 13. What are the types of passwords?

Answer: Type 0- Plain text(universal)

For eg. username Cisco password 1234

  1. Type 5- MD5 algo

For eg. MD5 algorithm to generate hash.

This algorithm is irreversible. 

      2.Type 7 – Cisco algorithm

For eg. vigenere algorithm

This algorithm is reversible.

Question 14. Explain how to Encrypt a password?

Answer: For the encryption of   password we have 2 types

  1. Service password Encryption

Type 0 to type 7

It  is reversible

  1. Secret  password

Type 0 to type 5

It is irreversible

Question 15. How many versions do we have in SSH?

Answer: On the basis of key size the SSH version is decided

  1. 1.55 –

SSH 1.55 has been enabled. 

SSH version 1 is enabled.

512-767 for version 1: 1.55

  1. 1.99-

SSH 1.99 has been enabled.

SSH version1 + SSH version 2

It will allow version 1 as well as version 2 traffic.

761- version1.9 

  1. 2.0-

         SSH 2.0 has been enabled.

RSA key size should be at least 768 for  SSH version 2 .

IP SSH version 2

With the above command we can specify only version 2 .

Question 16. How to disable SSH?

Answer: SSH we can disable SSH with the help of 

Crypto key zeroize  rsa 

Question 17.  What is Key append Concept?

Answer :

Key append is nothing but adding garbage value to increase the key size upto 768 .

SSH type is basically decided with key size . For SSH version 2 we need at least 768 key sizes. If we are going to select 767 so it has to take SSH version 1.99 but it will add garbage value in that key and take 768 by default this concept is Key Append.

  1. 1.55 –

SSH 1.55 has been enabled. 

SSH version 1 is enabled.

512-767 for version 1: 1.55

  1. 1.99-

SSH 1.99 has been enabled .

SSH version1 + SSH version 2

It will allow version 1 as well as version 2 traffic.

761- version1.9 

  1. 2.0-

         SSH 2.0 has been enabled.

Question 18. Which algorithm works behind SSH versions?

Answer: SSH version 1 – DES (Data Encryption Standard)

They found lot of issues in DES  then they invent SSH version 2 

SSH Version 2 – AES (Advanced Encryption Standard)

For Free, Demo classes Call: 7798058777
Registration Link: Click Here!

Question 19. What is  Minimum length for passwords?

Answer: The minimum length for a password is 4. If we try to assign less than 4 then it will through error.

Question 20.  What are the privilege levels?

Answer: Privilege level  nothing but what particular command user can run once that user is logged in.

Question 21. What are the  different modes?

Answer: we have 3 modes while configuring devices

  1. >   User Exec Mode

We can run 90% of show commands in user Exec mode.

  1. #  Privilege Exec Mode
  2. (config) #  Global Configuration Mode

Question 22. What are the categories of  privilege levels?

Answer: We have 0 – 15 privilege levels.

These privilege levels are divided into categories

1. System Defined Privilege Level- 0, 1,15 are system defined privilege Levels

  1. Custom Defined Privilege Level- 2 to 15 levels

Privilege 0 – 5 commands are their 

Privilege 1-  All show commands  , telnet ,traceroute and ping 

Privilege 15-  Configure level commands

Question 23. How to set Privilege levels to users ?

Answer: Privilege Configure level 6 interface

Privilege exec level 6 show

Privilege exec level 6 configure terminal

 We customized  privilege levels on 6 

For user assignment 

Username cisco Privilege 6 password cisco

Line vty 0 4

Login local

Question 24. What is Inheritance rule in privilege levels?

Answer: If a user at privilege level 6 then the user can access privilege level 0 ,1,2,3 this is called inheritance rule.

Question 25. What are the disadvantages of Privileges Levels?

Answer: Following are the disadvantages of Privilege Levels

  1. Inheritance Rule-

       If a user at privilege level 6 then the user can access privilege level 0 ,1 ,2,3 this is called inheritance rule.

  1. Argument is not supported –

 Command – router

Argument – Eigrp 10

If we are creating a privilege level just to allow router EIGRP command. But our user can run following Commands as well. 

Router RIP

Router OSPF

Router BGP

  1. Local Config-

We need to manually create and delete user configuration. It’s not at all scalable options.

For Free, Demo classes Call: 7798058777
Registration Link: Click Here!

Question 26 . How to overcome the privilege level concept?

Answer: To overcome the disadvantages of  privilege level 2 terms came into the picture.

  1. AAA- Authentication Authorization Accounting 

A- Authentication — who the user is—-login local

A- Authorization —  What particular commands can user-run —Privilege Levels

A- Accounting — to keep track of user activity

By default, this service is disabled on routers and switches but on ASA that is Adaptive Security Appliance, it is by default enabled.  

  1. Parser View –

In parser view role-based CLI access allows administrators to view set of configuration access and operational commands.

 

Author:
Dnyaneshwari Shinde
SevenMnetor Pvt Ltd

 

Call the Trainer and Book your free demo Class for now!!!

call icon© Copyright 2019 | Sevenmentor Pvt Ltd.

 

Submit Comment

Your email address will not be published. Required fields are marked *

*
*