CCNP Practice Exam For ISCW Study:

Cisco Router Security And Autosecure (#2)

Vital Reading And Watching For All Cisco Certification Candidates:

The July 2010 CCNP Changes (And How To Beat Them!)

More practice exams for the ISCW, BSCI, ONT, and BCMSN exams await you on our CCNP Practice Exam page!

Join our Twitter conversation on the left side of this page for immediate notification on the posting of new answers and questions, additions to our YouTube Cisco Certification Channel, and more!

Enjoy the questions!

Chris Bryant

CCIE #12999

"The Computer Certification Bulldog"

chris@thebryantadvantage.com

Question 1:

What command allows you to define a key number to further secure NTP communications?

A. ntp authentication

B. ntp key value

C. ntp trusted-key

D. ntp authenticate

Question 2:

What TCP Intercept mode has the router answer incoming TCP SYN requests, rather than forwarding them to the intended destination?

A. intercept

B. proxy

C. arp

D. watch

 

Question 3:

What command is applied to VTY lines to use an ACL to restrict Telnet and SSH access?

A. ip access-group

B. access-class

C. access-group

D. ip access-class

Question 4:

When configuring SSH, what authentication methods are available?

A. local database

B. VTY line password

C. The ssh login password command

D. AAA authentication

Question 5:

Identify the true statements.

A. The service password-encryption command uses MD5 encryption.

B. The service password-encryption command uses Vigenere encryption.

C. MD5 encryption is stronger than Vigenere encryption.

D. Vigenere encryption is stronger than MD5 encryption.

 

Question 6:

Which of the following is NOT true of Autosecure's defaults?

A. Minimum length of password = 10 characters

B. The source addresses 0.0.0.0 and 255.255.255.255 are blocked.

C. CDP is disabled.

D. RFC 1918 private address ranges may be unnecessarily blocked.

Question 7:

What numeric value is assigned to the highest level of clocks in the NTP hierarchy?

A. 0

B. 1

C. 255

D. 15

 

Answers at the bottom of the page!

 

Earn Your CCNP With The Personal Guarantee Of Chris Bryant, CCIE #12933:

“I GUARANTEE You'll Pass The Current CCNP Exams - BSCI, ONT, ISCW, and BCMSN - Before The July 31, 2010 Cutoff Date With My CCNP Study Packages ...

... And If You Don't Pass FOR ANY REASON Before That Time, I'll Give You a 100% Free CCNP Study Package Download For The New Exam Track!"

You Also Get A FREE CCNA Security Study Package, Valued at $67, With The Purchase Of Any CCNP Study Package!

Answers:

1. "C". The NTP trusted-key command allows you to define a key number, which must match for an NTP adjacency to be formed.

 

2. "A". When TCP Intercept runs in intercept mode, the router will answer SYN requests with a SYN-ACK of its own.

 

3. "B". Use the access-class command, followed by the ACL number/name and the direction in which the ACL should be applied.

 

4. "A, B". You can use a local database or AAA authentication with SSH, but you cannot use a single password configured on the VTY lines.

 

5. "B, D". The service password-encryption command uses Vigenere, described by Cisco's website as "simple". It's not as strong as MD5 encryption.

 

6. "A". The minimum password length is set to six characters, which may not fit your network security requirements. The other statements are true.

 

7. "A". At the top of the NTP hierarchy are Stratum-0 devices such as atomic clocks.