Home > ICND1 – Security Questions

ICND1 – Security Questions

June 7th, 2017 in ICND1 100-105 Go to comments

Question 1

Explanation

This is the full command mentioned in answer A:

switchport port-security mac-address sticky [MAC]

If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration.

Question 2

Explanation

The “service password-encryption” command encrypts passwords used by “enable password” global configuration command, as well as the password line configuration command (VTY, console) that are saved in the router configuration file.

Note: The secret password (configured by the command “enable secret fortress”) is always encrypted even if the “service password-encryption” command is not used.

Also, the “service password-encryption” command encrypts both current and future passwords.

Question 3

Question 4

Explanation

By configuring the port connected with the directory PC as access port the network administrator will mitigate a lot of security issues because access port does not have as much privilege as a trunk port -> C is correct.

The port security feature can also help mitigate security issue because it can learn the MAC address of the directory PC. When another laptop is plugged into the port, the switch will automatically block or shut down that port (if suitable configuration is used) -> A is correct. But nowadays a hacker can fake the MAC address of the directory PC.

By statically assigning the MAC address to the address table, only that MAC address can access to the network -> F is correct.

Question 5

Explanation

The “service password-encryption” command encrypts passwords used by “enable password” global configuration command, as well as the password line configuration command (VTY, console) that are saved in the router configuration file.

The “service password-encryption” command encrypts both current and future passwords.

Question 6

Explanation

The command to configure port security on a switch is (in interface configuration mode):

switchport port-security mac-address sticky [MAC]

In this case we will type the server MAC address. That MAC address will be stored in the address table, and added to the switch running configuration.

Note: If we don’t specify the MAC address then the switch will dynamically learn the attached MAC Address and place it into your running-configuration

Question 7

Explanation

In the configuration above we have three passwords:

+ The “enable secret” password: sanfran
+ The “enable password” password: cisco
+ The VTY line password: sanjose

The two first “enable secret” and “enable password” are used to set password for entering privilege mode (an example of privilege mode: Router#). Both of them will be stored in the running configuration. But the password in “enable secret” command is always encrypted using MD5 hash while the password in “enable password” is in plain text.

Note: If you want to encrypt “enable password” you can use the command “service password-encryption” but it will be encrypted with a very basic form of encryption called vigenere cipher, which is very weak.

When you configure both an enable and a secret password, the secret password will be used -> B is correct.

Question 8

Explanation

All other answers are not recommended for a network security plan so only B is the correct answer.

Question 9

Question 10

Comments (38) Comments
  1. Router47
    October 25th, 2013

    Why is Question # 3 answer B and not A?

  2. jp.ccna
    October 29th, 2013

    Router47, telnet is remote access. You would not telnet via a physical port, but via the vty setup. Port security refers to the physical ports and therefore would prevent physical hosts from plugging into a switchport and gaining access.

  3. bbk
    December 17th, 2013

    i am an Indian……. if any1 of u gave exam in India …would u plz tell me how much exam cost u in rupees????? because yesterday i register for exam …that time exchange rate was 62.54… but they charge me 66 rs. 66*150=9900…. is it ok??? plz guide…

  4. itsme
    December 18th, 2013

    I took xam on 16th. It costs me 96XX. I dont remember the xchange rate on monday.

  5. CCENT Someday
    January 31st, 2014

    Anyone,

    I plan on taking exam next week. What other sims/labs did you get besides the OSPF 6 router?

    Thanks in Advance!

  6. Marco Mwaimu
    February 20th, 2014

    Thank you very much for the dumps it has been so informative for me,im going to sit for my ICND1 exam at the end of March please any one who can give me the link for sample questions help me

  7. Router-On-Stick
    April 10th, 2014

    Router47, port security is configured on a physical interface on the switch to prevent unauthorised acces to unwanted users to the LAN and telnet requires SVI configurations plus its accessed remotely not physically.

  8. Malik
    April 14th, 2014

    I Just Pass my ICND1 today with 973 Marks and these question was there,
    Thank you 9tut for a big help and support …. you guys are awesome …..

    need to pass icnd1 ? study cbt nuggets icnd1 and check everything on 9tut.net you dont need anything else …….

  9. fez
    April 24th, 2014

    Passed my 100-101 exam today and question 2,4 and 6 were there.. all the best

  10. Manohar Tn
    May 16th, 2014

    Got 986/1000 Marks, {5/16/2014} 50 Questions, Ospf Sim, Security simlet, and Router and switch Simlet Was also there…..All questions From 9tut. and Examcollections…..Now Heading For Icnd2 And Blogging…..

    For Any Help.
    Manohar Tn
    Website: http://www.techlinko.com
    G+ : https://plus.google.com/u/0/+ManoharTN9/

  11. sparJ90
    August 17th, 2014

    shudnt the answer to q 4 be A D F.. PLS HELP!

  12. Eng
    September 30th, 2014

    SparJ90, I think you may be on target. Question 4, the decision needs to be made between access port and protected port – we are all in agreement with enabling port security and Statically assigning the MAC address to the address table. Since the question doesn’t seem to be concerned with attaching a rogue switch in this scenario (thus forming a trunk) – and setting the violation to protected better fits the laptop scenario – I believe it should be A, D, and F. No question, all non-trunked Access Layer switch ports should be configured to access ports. I have not taken the exam yet but have been in the field for a while – anxious to hear others thoughts/experiences with regards to this question.

  13. Eng
    September 30th, 2014

    To retract my statement to SparJ90 regarding Question 4, I can see why A, C, and F were chosen. Sorry, all, for the confusion. When you enable port security and statically set the MAC address – the default settings are maximum number of secure MAC addresses = 1 and violation mode = shutdown…. So protect would not be necessary in this case – plus don’t forget default would do logging with SNMP traps. Since this device is in a lobby, it would be wise to remove default dynamic desirable and set to static access (not because of the laptop concern) – which is eliminated in answers A and F when considering default settings for violations and maximum number of MAC addresses allowed, but to prevent rogue switches from possibly forming a trunk – maximum number of MAC addresses default would eliminate the concern of hubs too. Hope this helps – sorry for the long dissertation 🙂

  14. watevah
    September 30th, 2014

    pipo want dumps wen all questions come from 9tut hahaha…jus deal with 9 tut you gp pass

  15. watevah
    September 30th, 2014

    pipo want dumps wen all questions come from 9tut hahaha…jus deal with 9 tut you go pass

  16. Luke
    November 16th, 2014

    Failed the test today 🙁 I got 801/1000 needed 804!!!!!!!!!!!!!!!!!!!!! So unfair, anyway thanks 9tut a lot of learning has come from you and made me get the answers i did get, correct.

  17. Yahia Tariq
    November 22nd, 2014

    Questions 1-3-7 were in exam on 20/11/2014, more than 45 questions were from 9tut !

  18. roger
    March 5th, 2015

    good stuff

  19. Ahmed
    March 28th, 2015

    q1,3,4,5,7 in exam

  20. Anonymous
    April 15th, 2015

    hi guys just did the exam and q2,4,5 and 6 were there. Thanks 9tut.

  21. G-10
    April 26th, 2015

    Q1,4,5,7 is were in the exam, i take it the last friday

  22. G-10
    April 26th, 2015

    Q6,8 in exam

  23. Anonymous
    May 16th, 2015

    This a nice forum

  24. Dude
    June 25th, 2015

    Question #7 answer is not explained correctly. The answer is B because from a “CONSOLE CONNECTION” you will not use the vty lines since you will be directly connected to the device. Now “ENABLE PASSWORD” uses a lower encryption type than “ENABLE SECRET,” because of this, the high encryption type will be used as a password. I tried this using Packet Tracer, used both “ENABLE” types and the “ENABLE SECRET” was the one that worked.

  25. Anonymous
    June 26th, 2015

    get free dumps dumps from this link
    wurl. cc/dumps

  26. 9tut
    July 13th, 2015

    @all: We had to move all the questions and answers out of 9tut. We can only keep the explanation. You can download the questions and answers at: https://mega.co.nz/#!oIdESYbD!yyu33vygrfKPy4rcmcbV6qW2fxINNoTokuDM3CjA_og

  27. Anonymous
    July 20th, 2015

    why is this site not showing the questions anymore?

  28. aramirez
    July 28th, 2015

    Hi, when the site will show the questions?

  29. 9tut
    September 10th, 2015

    can s1 explain more about q3 pls
    Thanks in advance

  30. Dont need anything further
    May 31st, 2016

    please note that if you have both enable password and enable secret, the enable secret TRUMPS!!
    the enable password.

    hahaha – Sorry, I needed to through Trump in there ! 😉

  31. zizou
    August 13th, 2016

    can i have latest dumps please,writing icnd1 in 3 days

  32. Afridi
    August 22nd, 2016

    Can i have dumps of CCNA R&S??

  33. Afridi
    August 22nd, 2016

    Can i have something related to AAA Radius or TACACS+ server or both?? Either labs or theory…

  34. Afridi
    August 22nd, 2016

    My email id is {email not allowed}

  35. Salene
    December 1st, 2016

    Get best offer from Dumps4Download on 100-101 exam or all Cisco exam study material visit this link for more info https://www.dumps4download.us/free-100-101/cisco-question-answers.html

  36. jane woken
    May 16th, 2017

    hi guys,
    can someone send me the dumps according the answers of this site for ICND1???? please please please. I really neeeeeeeeeeeeeeeed it. my email address is jane_woken52 at yahoo dot com . It will be big help. Pleeeeeeeeeeeeeeeease .

    my email address is jane_woken52 @ yahoo . com

  37. vlad
    June 4th, 2017

    please share the security sim

  38. Lance
    July 24th, 2017

    Passed, if you go the exam study the 285q dumps.