Security Testlet
Question
Not sure about the requirement of this question but it is something like this:
Before this switch and router can be put to use in the network, what security risks can be found…
We are still not sure about the configurations in this sim but we got some information to share with you (updated on December-07-2011. Thanks Joe Mendola, xallax and many candidates who share the information!):
Maybe this is the configurations on Router and Switch (but notice that they are surely missing something):
ROUTER A CONFIGURATION
|
! |
SWITCH A CONFIGURATION
|
! |
Note: This is just what we gather and guess. In the exam the configurations may be different so make sure you understand about “enable secret”, “enable password”, “login”, “login local”, “transport input”, “line vty”, “service password-encryption”, “bannder motd”, “privilege” before taking this exam!
This sim has 4 questions:
Question 1
Identify security threats on RouterA (select 3)
A. unencrypted password set
B. unsecured message on banner
C. remote access can only be made through telnet or SSH
D. user gets level 15 automatically by default
Answer: A C D
Guideline to answer this question:
Because the “service password-encryption” is not set on RouterA so the password to access privileged mode (via the command “enable password cisco”) is unencrypted. Also, the password for VTY is unencrypted (notice that the password “4t&34rkf” is in fact unencrypted) -> A is correct.
Although the banner says “Welcome …” but it does not leak any security information so it is still safe -> B is not correct.
From the command “transport input telnet ssh” we learn that remote access can be mad through telnet or SSH. This is also the default setting of Cisco router -> C is correct.
In the “line vty 0 4″ configuration, the type of login is specified as “login local”. It means that the router will not use the password configured under “line vty 0 4″ (in this case “4t&34rkf”) but it will use the user & password configured in “username ciscouser privilege 15 password cisco” command. The command “username ciscouser privilege 15 password cisco” will grant the privilege of 15 for “ciscouser” user -> D is correct.
Question 2
Which two of the following are true regarding the configuration of RouterA (choose two)
A. at least 5 simultaneous remote connect are possible
B. only telnet protocol connections to Router A are supported
C. remotely connection to RouterA using telnet will succeed
D. console line connection will never time out due to inactivity
E. since DHCP is not used on Fa0/1 there is not a need to use the NAT protocol
Answer: A C
Guideline to answer this question:
A is correct as we can telnet from line 0 to line 4 (line vty o 4).
We can use both telnet and SSH to connect to this router (transport input telnet ssh) -> B is not correct.
C is correct as we can telnet to it.
D is not correct because by default, the timeout is set to 10 minutes on both the console and the vty ports.
E is not correct as NAT can be used even DHCP is not used.
Question 3
Select the options which are security issues which need to be modified before RouterA is used (not sure how many answers we can choose)
A. unencrypted weak password is configured to protect privilege mode
B. inappropriate wording in banner message
C. the virtual terminal lines have weak password configured
D. virtual terminal lines have a password, but it will not be used
E. configuration supports in-secure web server access
Answer: A D
Guideline to answer this question:
Privilege mode on RouterA is protected with unencrypted password (via “enable password” command) -> A is correct.
B is not correct as mentioned above.
The password of VTY lines is “4t&34rkf”. Although it is unencrypted but it is not a weak password because it has number & special characters inside -> C is not correct.
Although a password of “4t&34rkf” is configured but with the command “login local”, router will use the username of “ciscouser” & password of “cisco” (configured in “username ciscouser privilege 15 password 0 cisco” command) -> D is correct.
By checking the configuration of routerA with the “show run” command. To support web server access it must have the command “ip http server” but it does not -> E is not correct.
Question 4
Select three options which are security issues with the current configuration of Switch A. (Choose three)
A. privilege mode is protected with an unencrypted password
B. inappropriate wording in banner message
C. virtual terminal lines are protected only by a password requirement
D. both the username and password are weak
E. telnet connections can be used to remotely manage the switch
F. Cisco user will be granted privilege level 15 by default
Answer: not sure
Guideline to answer this question:
We haven’t had enough information about switch configuration so we can’t be sure about the correct answers but the below is a guideline:
Answer B is surely not correct as the wording in banner does not leak any security information.
If under “line vty 0 4″ you see the “login” command but it does not have a password then maybe answer C is correct. In this case if we try to telnet/ssh to the switch then we will receive a message “Password required, but none set” then we are kicked out ^^.
If you see popular username and password then maybe answer D is correct.
If the command “transport input …” specifies “telnet” as a method then answer E is correct.
For answer F, if you see something like this:
line vty 0 4
privilege level 15
or these lines:
username ciscouser privilege 15 password cisco
and
login local (in “line vty 0 4″)
then answer F is correct.
———————————-
Hope you will contribute your experience about this sim after taking the ICND1 exam. We will post here when we get new information about this sim as soon as possible.
Hi guys,
I passed my CNDI 1 today (March 23, 2013) with 925/1000. I got this security question with no banner at all. I did not get any drag and drop. I got the simulated with five routers and two testlets which you can find them in this site. Lot of questions from this site. The questions were very easy. Anyway thanks to this site which helped me to understand the questions.
Thank you
Mike
I got 987/1000 ,Thanks 9tut, exam collection, Wendell Odom and brain. ICND_1 is very simple you just have to be prepare. ICND_2 preparation began.
pls can any body give me link for vce with crack
I had this question in my ICND1 test a month ago. I passed but I don’t think I got this question right. Did anyone else get misled by the use of the words ‘at least’ in the ‘at least 5 remote simultaneous connections’ answer? To me line vty 0 4 means ‘up to 5 remote simultaneous connections’ not ‘at least’. ‘At least’ implies you can actually get more than 5.
Can anyone please tell me what was Question# 4 actually and its correct answer? In this, I think A and B is ruled out! In C, vty 0 4 has no login whereas vty 5 15 has login (still I don’t see any password set in running-config). D, again I don’t see any password set in running-config!! Moreover, I don’t find E as an security threat n telnet (except its unencrypted transmission) and again nothing about F in running-config…
Frankly speaking…I don’t find any of these choices correct in Q#4
Please reply..
Thanx in advance…
@George – Maybe they put ‘at least’ since some devices can have up to 16?
Got this testlet on my ICND 1 today
Yup this was in the test today too
Answer to:
“Question 3
Select the options which are security issues which need to be modified before RouterA is used (not sure how many answers we can choose)
A. unencrypted weak password is configured to protect privilege mode
B. inappropriate wording in banner message
C. the virtual terminal lines have weak password configured
D. virtual terminal lines have a password, but it will not be used
E. configuration supports in-secure web server access”
..should be A, B and D
A -> this is obvious, the priviledge exec password is cisco, weak password
B -> True. “Welcome..blah blah” is highly inappropriate for a security environment! You do not welcome people for such devices! It should be something like “Unauthorizes access strictly prohibited!!”
D -> because ‘login local’ command has been issued. the username password pair will be used instead of the specified ’4t&34rkf’ password.
Hope this helps someone..