ICND1 – Security Testlet
[am4show have=’p2;’]
Premium Member: You can test your knowledge with these questions first via this link.
[/am4show]
Question
[am4show have=’p2;’]RouterA and SwitchA have been configured to operate in a private network which will connect to the Internet. you have been asked to review the configuration prior to cabling and implementation.
This task requires the use of various commands to access and check the running configuration of the two devices. No configuration changes are necessary (and the configuration command has been disabled for these two devices).[/am4show]
Maybe this is the configurations on Router and Switch (but notice that they are surely missing something):
ROUTER A CONFIGURATION
|
! |
SWITCH A CONFIGURATION
|
! banner login ^c line con 0 |
Note: This is just what we gather and guess. In the exam the configurations may be different so make sure you understand about “enable secret”, “enable password”, “login”, “login local”, “transport input”, “line vty”, “service password-encryption”, “bannder motd”, “privilege” before taking this exam!
You can download Packet Tracer file of this teslet here.
This sim has 4 questions:
Question 1
[am4show have=’p2;’]Which of the following is true regarding the configuration of SwitchA?
A. only 5 simultaneous remote connections are possible
B. remote connections using ssh will require a username and password
C. only connections from the local network will be possible
D. console access to SwitchA requires a password
Answer: B[/am4show]
Explanation
There are 16 VTY lines (from 0 to 4 and 5 to 15) so there are more than 5 simutaneous remote connections can be made at the same time -> A is not correct.
There is no restriction on on the Switch so remote networks can connect to this switch -> C is not correct.
There is no config under “line con 0” so console access to this switch does not require a passowrd -> D is not correct.
All 16 VTY lines are configured to access via SSH only and all of them require a password. The difference is in the “line vty 0 4” configuration, the type of login is specified as “login local”. It means that the switch will not use the password configured under “line vty 0 4” (in this case none was set but it will use the user & password configured in “username ciscouser password 0 cisco” command -> B is correct.
Question 2
[am4show have=’p2;’]Which two of the following are true regarding the configuration of RouterA? (choose two)
A. at least 5 simultaneous remote connect are possible
B. only telnet protocol connections to Router A are supported
C. remotely connection to RouterA using telnet will succeed
D. console line connection will never time out due to inactivity
E. since DHCP is not used on Fa0/1 there is not a need to use the NAT protocol
Answer: A C[/am4show]
Explanation
A is correct as we can telnet from line 0 to line 4 (line vty o 4).
We can use both telnet and SSH to connect to this router (transport input telnet ssh) -> B is not correct.
C is correct as we can telnet to it.
D is not correct because by default, the timeout is set to 10 minutes on both the console and the vty ports.
E is not correct as NAT can be used even DHCP is not used.
Question 3
[am4show have=’p2;’]Select the options which are security issues which need to be modified before RouterA is used. (Choose two)
A. unencrypted weak password is configured to protect privilege mode
B. inappropriate wording in banner message
C. the virtual terminal lines have weak password configured
D. virtual terminal lines have a password, but it will not be used
E. configuration supports in-secure web server access
Answer: B D[/am4show]
Explanation
Privilege mode on RouterA is protected with unencrypted password (via “enable password” command). Although this is a good choice but it is not the answer Cisco wants. Answer B is a correct answer instead. This can be explained by this way:
The wording in the banner is inappropriate as it “Welcomes” you to the network. If you are gaining unauthorised access to the device, the first thing you will see is a banner welcoming you. Apparently there has been a case (or cases) where a hacker has used this as a legal defence for gaining illegitimate access to the device. The banner should say something along the lines of “NO UNAUTHORISED ACCESS”.
The password of VTY lines is “4t&34rkf”. Although it is unencrypted but it is not a weak password because it has number & special characters inside -> C is not correct.
Although a password of “4t&34rkf” is configured but with the command “login local”, router will use the username of “ciscouser” & password of “cisco” (configured in “username ciscouser privilege 15 password 0 cisco” command) -> D is correct.
By checking the configuration of routerA with the “show run” command. To support web server access it must have the command “ip http server” but it does not -> E is not correct.
Question 4
[am4show have=’p2;’]Select three options which are security issues with the current configuration of Switch A. (Choose three)
A. privilege mode is protected with an unencrypted password
B. inappropriate wording in banner message
C. virtual terminal lines are protected only by a password requirement
D. both the username and password are weak
E. telnet connections can be used to remotely manage the switch
F. Cisco user will be granted privilege level 15 by default
Answer: A B D[/am4show]
Explanation
The command “no service password-encryption” exists so the password to access privilege mode is not encrypted -> A is correct.
With the “login local” command the VTY lines will require both username and password -> C is not correct.
The username and password are easy to guess as they have common words like “cisco” and “user” -> D is correct.
In all VTY lines only SSH is allowed with the “transport input ssh” -> E is not correct.
To grant privilege level of 15 by default the following commands are required:
line vty 0 4
privilege level 15
or these lines:
username ciscouser privilege 15 password cisco
and
login local (in “line vty 0 4”)
but none can be found so F is not correct.
I have exam today wish me luck 🙂
Good luck @Hana ISE
Hana ISe may you have failed in ur exams 🙂
HI all ;
I took exam today 8-31-2016 and I Passed ICND1 exam . 897/1000 .The Sim was similar to this one that shows here ( about router and Switch Secuirty) . so read it carefully . Another Sims had R1,R2,R3 with RIP configuration and then they had problem in DHCP scope , (which was configured wrong) ; they put ACL in one of the routers that was blocking the people to access Server ; and another Topic was in NAT ( the Interesting traffic was wrong) and another Concet of NTP . No need to do any configuration only show commands . It was time consuming and Had to use a lot of show run and Show ip int brief to find answer, I had two Sim with only show commands on ICND1 Exams. I studies old ICND1 exam PDF and I was able to pass it. Few Questions on Ip address , but some more question about NTP server.
Hello everyone….anyone have idea about ICND 1 V3?
hi james…. excuse… did you see somthing about ospf in the 100-105 exam?
Thank you for some other informative website. Where else may just I am getting that kind of info written in such an ideal means? I’ve a venture that I am just now working on, and I have been on the glance out for such info. gafakfgeeadefeke
What are your thoughts on the questions below:
Which option is a valid hostname for a switch?
A.5witch-Cisco
B.Switch-Cisco!
C.5witchCisc0
D.SwitchCisc0
Which MTU size can cause a baby giant error?
A.1500
B.9216
C.1600
D.1518
Which statement about native VLAN traffic is true?
A.Cisco Discovery Protocol traffic travels on the native VLAN by default.
B.Traffic on the native VLAN is tagged with 1 by default.
C.Control plane traffic is blocked on the native VLAN.
D.The native VLAN is typically disabled for security reasons.
Which value is indicated by the next hop in a routing table?
A.preference of the route source
B.IP address of the remote router for forwarding the packets
C.how the route was learned
D.exit interface IP address for forwarding the packets
Which RFC was created to alleviate the depletion of IPv4 public addresses
A.RFC 4193
B.RFC 1519
C.RFC 1518
D.RFC 1918
Which NTP command configures the local device as an NTP reference clock source?
A.ntp peer
B.ntp broadcast
C.ntp master
D.ntp server
1) Hostnames can’t start with a number, and can’t have special characters (bangs/exclamation) (but can have a dash). A) starts with a number. B) has a bang at the end. C) starts with a number. Only D) is correct.
2) a standard frame is 1500 bytes. Baby Jumbo Frames are anything SLIGHTLY larger than 1500, up to 1600 bytes. Jumbo Frames are between 1600 and 9000 bytes. Super Jumbo frames are lager than 9000 bytes of payload. So, to answer this question: Just look at which MTU setting is slightly larger than 1500 MTUs, and that would be D) 1518.
3) This question is about Native VLAN. The native VLAN is the VLAN that is configured for packets that don’t have a tag. The default native VLAN on all Cisco Switches is VLAN 1. It is always enabled by default. These settings can all be changed: That is: you can designate a different VLAN as the native VLAN, disable VLAN 1, etc. Knowing that, we can eliminate D) as the correct answer because it is enabled by default. We can also eliminate B) because Native VLAN packets don’t get tags by default (you can change this). Finally, Control Plane traffic is never blocked on Native VLAN 1, and even if you change the Native VLAN, the control plane traffic still comes across VLAN 1. That eliminated answer C) – leaving A) as the only answer.
4) The next hop is the IP address of the next router that the packet has to be forwarded to, in order for it to eventually reach it’s destination. This pretty much leaves us with only one logical answer: B)
5)
RFC 4193 is about Unique Local IPv6 Unicast Addresses.
RFC 1519: Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy .
RFC 1518: An Architecture for IP Address Allocation with CIDR.
And RFC 1918: Address Allocation for Private Internets.
Since we’re talking about Public, not private addresses, we can eliminate answer D. Since we’re talking about IPv4, we can also eliminate Answer A. Answer C can also be eliminated because the RFC is about the architecture for IP address allocation… leaving just Answer B as the correct choice.
6) Last- NTP: NTP is the Network Time Protocol, which is how devices get time updates. A Master server (If you’re using public NTP, there are several of them) uses an atomic clock or GPS signal to keep itself on time. It also passes that time info down to properly configured NTP Peers. An NTP Server, is a router or other device that is authorized to pass on the time info to other devices. They can be several layers deep – meaning: The master passes time data to Router’s 1 and 2. Router 1 is a server, and passes that same data on to Router A and B. Router A passes the info onto a switch. and so on. All the servers, usually have several peers they refer to (other servers) to compare the times across the board. Any that are “insane” are rejected outright. Anyway the command to make a router a server is simply Answer D) which tells the router it is the source of NTP on it’s network. Note: It will have a master for NTP unless it is the master (meaning it has an atomic clock or GPS attached to it.)
The ICND1 is 100-105 so you can shove your best offer on an old exam
Question 2,
Answer A’s wording is stupid… it said ” ‘at least’ 5 simultaneous remote connect are possible”
To normal people “At least”= Minimum.. In this situation, 5 simultaneous connections is maximum. This isn’t even testing us on our knowledge of the subject. Its word play to screw us up.
why the answer given in explanation and in Quiz are different. Which one is right?
In question 4.–Answer B is surely not correct as the wording in banner does not leak any security information. but in Quiz it is coming as correct answer. Please advise
@Arshik: We have just updated this simlet. Please try again. According to the candidates’ reports, the banner has inappropriate wording is the correct answer.
Refer to the exhibit. Which statement describes the effect of this configuration?
Router#configure terminal
Router(config)#vlan 10
Router(config-vlan)#do show vlan
A. The VLAN 10 VTP configuration is displayed.
B. VLAN 10 spanning-tree output is displayed.
C. The VLAN 10 configuration is saved when the router exits VLAN configuration mode.
D. VLAN 10 is added to the VLAN database.
Whenever I try to type in a command it simulation keeps saying this command is not supported. What am I doing wrong? I’ve tried Router1#show startup-config and Router1# do show startup-config.
Other commands are giving me the same issue as well. Any know what’s going on?
I figured it out. I had to update java
@alik the answer is C. The VLAN 10 configuration is saved when the router exits VLAN configuration mode.
Because VLAN 10 is only created when we exits VLAN configuration mode. So exit needs to be typed in
This one iand dhcp seem to be the ones that are coming up most on the test at this moment.
There’s a complete industry around celebrity gossip. Should you really need to impress a woman, stay updated on celebrity gossip and current problems. This propensity for awful news spans the worldwide population. –
Hi Guys, am i the only one who sees the security simlet as a normal webpage? i actually dont see the questions at all, only the answers. Please help.
@First, that’s normal.. buy premium for 9USD and you will have full access
new to ccna currently doing ccent can any1 suggest an learning material please
hello from where i can get questions?
Inappropriate Banner is correct or no?
Hi routerA,
Banner motd has welcome that means is inappropriate message, so it means there is an issue in the security configuration which leads to correct answer.
Question 3
I think the correct answer is A and D
On this subject have already been solved many times.
Be mindful and do not flood
right here is the website http://custombestessay.com/order-prime-glass-ceiling-synthesis-essay-writing-agency/
Inappropriate banner? Lol Really? I would have never thought about this one especially if there is another more logical answer. Really cheesy. Just for curiosity I have checked the Todd Lammle and Wendel Odom books as well if they say anything about it… and no. Not a word about that oooh you should be aware of the content of the MOTD. Thanks 9tut that you highlighted this for us!
Refer to the exhibit. Which statement describes the effect of this configuration?
Router#configure terminal
Router(config)#vlan 10
Router(config-vlan)#do show vlan
A. The VLAN 10 VTP configuration is displayed.
B. VLAN 10 spanning-tree output is displayed.
C. The VLAN 10 configuration is saved when the router exits VLAN configuration mode.
D. VLAN 10 is added to the VLAN database.
answer should be D? i tested this is cli
Mat what kind of Drag and Drop Question you got on the exam??
This was the exact question in my today’s test.
@whocares
I’m taking my exam on the 10th of this month in two days, was 9tut accurate with its questions?
D. VLAN 10 is added to the VLAN database.
hi Z
how did you get on with your exams and was there any drag and drops questions?
Thanks
can someone send me 101 -105 VCE dumps I have the VCE engine which I purchased for a high amount , you can send them on joseoluoch at gmail dot com please I am trying to re certify asap before end of the year
Which NTP command configures the local device as an NTP reference clock source?
A.ntp peer
B.ntp broadcast
C.ntp master
D.ntp server
Which MTU size can cause a baby giant error?
A.1500
B.9216
C.1600
D.1518
can some one give me the answers of these question … i need someone expert to answer it because i search alot but i didn’t find any suitable answer
Hello Odis! I cannot see any posts from Irina under that link.
Hey Hiram! Where can I found that dumps?
Hi am writting this week , please 100-105 dumps
Which NTP command configures the local device as an NTP reference clock source?
A. ntp peer B. ntp broadcast C. ntp master D. ntp server
Answer: D
Explanation
From a Cisco perspective, getting the clock from an Internet time source and/or from a local timing device both require the same command (ntp server). To have a specific network device consider itself as a reference clock source, another command is used (ntp master)
For example, the command
Router(config)#ntp server 192.168.1.1
configures the local device to use a remote NTP clock source from 192.168.1.1 while the command:
Router(config)#ntp master 1
configures the local device as a NTP reference clock source with stratum of 1.
Which MTU size can cause a baby giant error?
A. 1500 B. 9216 C. 1600 D. 1518
Answer: D
Question 5
Explanation
Ethernet frame size refers to the whole Ethernet frame, including the header and the trailer while MTU size refers only to Ethernet payload. Baby giant frames refer to Ethernet frame size up to 1600 bytes, and jumbo frame refers to Ethernet frame size up to 9216 bytes (according to this link: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/29805-175.html)
For example, standard Ethernet frame MTU is 1500 bytes. This does not include the Ethernet header and Cyclic Redundancy Check (CRC) trailer, which is 18 bytes in length, to make the total Ethernet frame size of 1518.
So according to strict definition, MTU size of 1600 cannot be classified as baby giant frames as the whole Ethernet frames will surely larger than 1600 -> Answer C is not correct.
Answer D is a better choice as the MTU is 1518, so the whole Ethernet frame would be 1536 (1518 + 18 Ethernet header and CRC trailer). This satisfies the requirement of baby giant frames “Baby giant frames refer to Ethernet frame size up to 1600 bytes
This was appeared verbatim… Dec 2017… Anythings in 9tut
I passed the ICND1 today, one of the sims is RIPv2 , a lot of questions similar to this website,
there is some differences, the SIM need to pay good attention.
there is enough time take your time in sims, i submitted my exam 25 minutes earlier because I was expecting 1 3rd sim.
good luck every body.
This is from my knowledge:
Which NTP command configures the local device as an NTP reference clock source?
A.ntp peer
B.ntp broadcast
C.ntp master
D.ntp server
C is correct answer. little setup on router tells you all!
• Configure the local device to use a remote NTP clock source.
router(config)#ntp server {ip-address | hostname}
• Configure the local device as a NTP reference clock source.
router(config)#ntp master stratum-number
Which MTU size can cause a baby giant error?
A.1500
B.9216
C.1600
D.1518
correct answer is D.
Carefully read question: it asking for MTU size not frame size. MTU(1500)+18bytes=1518 frame size ok but not ok with MTU(1518)+18bytes=1536 frame size which will be baby giant error. Now you should understand why 1600 not correct because MTU(1600)+18bytes=1618 that will be jumbo frame.
Answer should be D – 1518 because MTU doesn’t include the frame header. The MTU size max is 1500. Add the frame header of 18 and you’re fine. However, if the MTU size is 1518, and then you add your frame header of 18, you get a total size of 1536 which falls in the range of a baby giant error. hope this help!
I just sat the ICND1 exam, and this DHCP and the Security simulation were 100% the same. And I passed, couldn’t have done it without the
Muhammad(MN)
thank you. very clear. “local device AS A reference clock” = master
OR
configure local device “TO USE” a remote clock source = server
Is this lab still valid for 100-105 exam
I have exams today wish me luck
how did it go Anonymus?
nice
Where can i download Packet tracer from?
hi guys if someone can tell me how should i study and if someone have a free book
I just pass the CCENT thanks 9tut
@Constyle could you please share the information of all the resources you used for ccent. my email id is : cisco.test @ yahoo . com
passed ccent yesterday. used CBT nuggets, used the Official Cert Guide book for practice questions. Went thru the ICND1V3 NEW QUESTIONS list on 9tut. Got the Show Configuration Sim, except they switch arount the interface numbers, so pay attention to your SIM on the test. I also got a SIM to create vlans manually on 2 switchess, assign interfaces to the created VLANS, and to configure trunking between both switches.
what commands did were supposed to be used to find answers?
Hi ali,
Where i can find a pdf only for icnd1V3 question ?