System information
78 Chapter 3: Defending the Perimeter
1. Which of the following are considered IOS security features? (Choose four.)
a. Stateful firewall
b. MARS
c. IPS
d. VRF-aware firewall
e. VPN
f. ACS
2. Some ISRs include a USB port, into which a flash drive can connect. What are three
common uses for the flash drive? (Choose three.)
a. Storing configuration files
b. Storing a digital certificate
c. Storing a copy of the IOS image
d. Storing a username/password database
3. The enable secret password appears as an MD5 hash in a router’s configuration file,
whereas the enable password is not hashed (or encrypted, if the password-encryption
service is not enabled). Why does Cisco still support the use of both enable secret and
enable passwords in a router’s configuration?
a. Because the enable secret password is a hash, it cannot be decrypted. Therefore,
the enable password is used to match the password that was entered, and the
enable secret is used to verify that the enable password has not been modified
since the hash was generated.
b. The enable password is used for IKE Phase I, whereas the enable secret password
is used for IKE Phase II.
c. The enable password is considered to be a router’s public key, whereas the enable
secret password is considered to be a router’s private key.
d. The enable password is present for backward compatibility.
4. What is an IOS router’s default response to multiple failed login attempts after the
security authentication failure command has been issued?
a. The login process is suspended for 10 seconds after 15 unsuccessful login attempts.
b. The login process is suspended for 15 seconds after 10 unsuccessful login attempts.
c. The login process is suspended for 30 seconds after 10 unsuccessful login attempts.
d. The login process is suspended for 10 seconds after 30 unsuccessful login attempts.