ICND1 – Security Questions
[am4show have=’p2;’]
Premium Member: You can test your knowledge with these questions first via this link.
[/am4show]
Question 1
[am4show have=’p2;’]An administrator has connected devices to a switch and, for security reasons, wants the dynamically learned MAC addresses from the address table added to the running configuration. What must be done to accomplish this?
A. Enable port security and use the keyword sticky.
B. Set the switchport mode to trunk and save the running configuration.
C. Use the switchport protected command to have the MAC addresses added to the configuration.
D. Use the no switchport port-security command to allow MAC addresses to be added to the configuration.
Answer: A[/am4show]
Explanation
This is the full command mentioned in answer A:
switchport port-security mac-address sticky [MAC]
If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration.
Question 2
[am4show have=’p2;’]The following commands are entered on the router:
Burbank(config)# enable secret fortress
Burbank(config)# line con 0
Burbank(config-line)# login
Burbank(config-line)# password n0way1n
Burbank(config-line)# exit
Burbank(config)# service password-encryption
What is the purpose of the last command entered?
A. to require the user to enter an encrypted password during the login process
B. to prevent the vty, console, and enable passwords from being displayed in plain text in the configuration files
C. to encrypt the enable secret password
D. to provide login encryption services between hosts attached to the router
Answer: B[/am4show]
Explanation
The “service password-encryption” command encrypts passwords used by “enable password” global configuration command, as well as the password line configuration command (VTY, console) that are saved in the router configuration file.
Note: The secret password (configured by the command “enable secret fortress”) is always encrypted even if the “service password-encryption” command is not used.
Also, the “service password-encryption” command encrypts both current and future passwords.
Question 3
[am4show have=’p2;’]Why would a network administrator configure port security on a switch?
A. to prevent unauthorized Telnet access to a switch port
B. to prevent unauthorized hosts from accessing the LAN
C. to limit the number of Layer 2 broadcasts on a particular switch port
D. block unauthorized access to the switch management interfaces
Answer: B[/am4show]
Question 4
[am4show have=’p2;’]A company has placed a networked PC in a lobby so guests can have access to the corporate directory. A security concern is that someone will disconnect the directory PC and re-connect their laptop computer and have access to the corporate network. For the port servicing the lobby, which three configuration steps should be performed on the switch to prevent this? (Choose three)
A. Enable port security.
B. Create the port as a trunk port.
C. Create the port as an access port.
D Create the port as a protected port.
E. Set the port security aging time to 0.
F. Statically assign the MAC address to the address table.
G. Configure the switch to discover new MAC addresses after a set time of inactivity.
Answer: A C F[/am4show]
Explanation
By configuring the port connected with the directory PC as access port the network administrator will mitigate a lot of security issues because access port does not have as much privilege as a trunk port -> C is correct.
The port security feature can also help mitigate security issue because it can learn the MAC address of the directory PC. When another laptop is plugged into the port, the switch will automatically block or shut down that port (if suitable configuration is used) -> A is correct. But nowadays a hacker can fake the MAC address of the directory PC.
By statically assigning the MAC address to the address table, only that MAC address can access to the network -> F is correct.
Question 5
[am4show have=’p2;’]What is the effect of using the service password-encryption command?
A. Only the enable password will be encrypted.
B. Only the enable secret password will be encrypted.
C. Only passwords configured after the command has been entered will be encrypted.
D. It will encrypt the secret password and remove the enable secret password from the configuration.
E. It will encrypt all current and future passwords.
Answer: E[/am4show]
Explanation
The “service password-encryption” command encrypts passwords used by “enable password” global configuration command, as well as the password line configuration command (VTY, console) that are saved in the router configuration file.
The “service password-encryption” command encrypts both current and future passwords.
Question 6
[am4show have=’p2;’]How can you ensure that only the MAC address of a server is allowed by switch port Fa0/1?
A. Configure port Fa0/1 to accept connections only from the static IP address of the server.
B. Configure the server MAC address as a static entry of port security.
C. Use a proprietary connector type on Fa0/1 that is incomputable with other host connectors.
D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
Answer: B[/am4show]
Explanation
The command to configure port security on a switch is (in interface configuration mode):
switchport port-security mac-address sticky [MAC]
In this case we will type the server MAC address. That MAC address will be stored in the address table, and added to the switch running configuration.
Note: If we don’t specify the MAC address then the switch will dynamically learn the attached MAC Address and place it into your running-configuration
Question 7
[am4show have=’p2;’]Refer to the exhibit. The network administrator made the entries that are shown and then saved the configuration. From a console connection, what password or password sequence is required for the administrator to access privileged mode on Router1?
| Router# configure terminal Router(config)# hostname Router1 Router1(config)# enable secret sanfran Router1(config)# enable password cisco Router1(config)# line vty 0 4 Router1(config-line)# password sanjose Route r1(config-line)# |
A. cisco
B. sanfran
C. sanjose
D. either cisco or sanfran
E. either cisco or sanjose
F. sanjose and sanfran
Answer: B[/am4show]
Explanation
In the configuration above we have three passwords:
+ The “enable secret” password: sanfran
+ The “enable password” password: cisco
+ The VTY line password: sanjose
The two first “enable secret” and “enable password” are used to set password for entering privilege mode (an example of privilege mode: Router#). Both of them will be stored in the running configuration. But the password in “enable secret” command is always encrypted using MD5 hash while the password in “enable password” is in plain text.
Note: If you want to encrypt “enable password” you can use the command “service password-encryption” but it will be encrypted with a very basic form of encryption called vigenere cipher, which is very weak.
When you configure both an enable and a secret password, the secret password will be used -> B is correct.
Question 8
[am4show have=’p2;’]What should be part of a comprehensive network security plan?
A. Allow users to develop their own approach to network security
B. Physically secure network equipment from potential access by unauthorized individuals
C. Encourage users to use personal information in their passwords to minimize the likelihood of passwords being forgotten
D. Delay deployment of software patches and updates until their effect on end-user equipment is well known and widely reported
E. Minimize network overhead by deactivating automatic antivirus client updates
Answer: B[/am4show]
Explanation
All other answers are not recommended for a network security plan so only B is the correct answer.
Question 9
[am4show have=’p2;’]What are two recommended ways of protecting network device configuration files from outside network security threats? (Choose two)
A. Allow unrestricted access to the console or VTY ports.
B. Use a firewall to restrict access from the outside to the network devices.
C. Always use Telnet to access the device command line because its data is automatically encrypted.
D. Use SSH or another encrypted and authenticated transport to access device configurations.
E. Prevent the loss of passwords by disabling password encryption.
Answer: B D[/am4show]
Question 10
[am4show have=’p2;’]From which of the following attacks can Message Authentication Code (MAC) shield your network?
A. DoS
B. DDoS
C. spoofing
D. SYN floods
Answer: C[/am4show]
Why is Question # 3 answer B and not A?
Router47, telnet is remote access. You would not telnet via a physical port, but via the vty setup. Port security refers to the physical ports and therefore would prevent physical hosts from plugging into a switchport and gaining access.
i am an Indian……. if any1 of u gave exam in India …would u plz tell me how much exam cost u in rupees????? because yesterday i register for exam …that time exchange rate was 62.54… but they charge me 66 rs. 66*150=9900…. is it ok??? plz guide…
I took xam on 16th. It costs me 96XX. I dont remember the xchange rate on monday.
Anyone,
I plan on taking exam next week. What other sims/labs did you get besides the OSPF 6 router?
Thanks in Advance!
Thank you very much for the dumps it has been so informative for me,im going to sit for my ICND1 exam at the end of March please any one who can give me the link for sample questions help me
Router47, port security is configured on a physical interface on the switch to prevent unauthorised acces to unwanted users to the LAN and telnet requires SVI configurations plus its accessed remotely not physically.
I Just Pass my ICND1 today with 973 Marks and these question was there,
Thank you 9tut for a big help and support …. you guys are awesome …..
need to pass icnd1 ? study cbt nuggets icnd1 and check everything on 9tut.net you dont need anything else …….
Passed my 100-101 exam today and question 2,4 and 6 were there.. all the best
Got 986/1000 Marks, {5/16/2014} 50 Questions, Ospf Sim, Security simlet, and Router and switch Simlet Was also there…..All questions From 9tut. and Examcollections…..Now Heading For Icnd2 And Blogging…..
For Any Help.
Manohar Tn
Website: http://www.techlinko.com
G+ : https://plus.google.com/u/0/+ManoharTN9/
shudnt the answer to q 4 be A D F.. PLS HELP!
SparJ90, I think you may be on target. Question 4, the decision needs to be made between access port and protected port – we are all in agreement with enabling port security and Statically assigning the MAC address to the address table. Since the question doesn’t seem to be concerned with attaching a rogue switch in this scenario (thus forming a trunk) – and setting the violation to protected better fits the laptop scenario – I believe it should be A, D, and F. No question, all non-trunked Access Layer switch ports should be configured to access ports. I have not taken the exam yet but have been in the field for a while – anxious to hear others thoughts/experiences with regards to this question.
To retract my statement to SparJ90 regarding Question 4, I can see why A, C, and F were chosen. Sorry, all, for the confusion. When you enable port security and statically set the MAC address – the default settings are maximum number of secure MAC addresses = 1 and violation mode = shutdown…. So protect would not be necessary in this case – plus don’t forget default would do logging with SNMP traps. Since this device is in a lobby, it would be wise to remove default dynamic desirable and set to static access (not because of the laptop concern) – which is eliminated in answers A and F when considering default settings for violations and maximum number of MAC addresses allowed, but to prevent rogue switches from possibly forming a trunk – maximum number of MAC addresses default would eliminate the concern of hubs too. Hope this helps – sorry for the long dissertation 🙂
pipo want dumps wen all questions come from 9tut hahaha…jus deal with 9 tut you gp pass
pipo want dumps wen all questions come from 9tut hahaha…jus deal with 9 tut you go pass
Failed the test today 🙁 I got 801/1000 needed 804!!!!!!!!!!!!!!!!!!!!! So unfair, anyway thanks 9tut a lot of learning has come from you and made me get the answers i did get, correct.
Questions 1-3-7 were in exam on 20/11/2014, more than 45 questions were from 9tut !
good stuff
q1,3,4,5,7 in exam
hi guys just did the exam and q2,4,5 and 6 were there. Thanks 9tut.
Q1,4,5,7 is were in the exam, i take it the last friday
Q6,8 in exam
This a nice forum
Question #7 answer is not explained correctly. The answer is B because from a “CONSOLE CONNECTION” you will not use the vty lines since you will be directly connected to the device. Now “ENABLE PASSWORD” uses a lower encryption type than “ENABLE SECRET,” because of this, the high encryption type will be used as a password. I tried this using Packet Tracer, used both “ENABLE” types and the “ENABLE SECRET” was the one that worked.
get free dumps dumps from this link
wurl. cc/dumps
@all: We had to move all the questions and answers out of 9tut. We can only keep the explanation. You can download the questions and answers at: https://mega.co.nz/#!oIdESYbD!yyu33vygrfKPy4rcmcbV6qW2fxINNoTokuDM3CjA_og
why is this site not showing the questions anymore?
Hi, when the site will show the questions?
can s1 explain more about q3 pls
Thanks in advance
please note that if you have both enable password and enable secret, the enable secret TRUMPS!!
the enable password.
hahaha – Sorry, I needed to through Trump in there ! 😉
can i have latest dumps please,writing icnd1 in 3 days
Can i have dumps of CCNA R&S??
Can i have something related to AAA Radius or TACACS+ server or both?? Either labs or theory…
My email id is {email not allowed}
Get best offer from Dumps4Download on 100-101 exam or all Cisco exam study material visit this link for more info https://www.dumps4download.us/free-100-101/cisco-question-answers.html
hi guys,
can someone send me the dumps according the answers of this site for ICND1???? please please please. I really neeeeeeeeeeeeeeeed it. my email address is jane_woken52 at yahoo dot com . It will be big help. Pleeeeeeeeeeeeeeeease .
my email address is jane_woken52 @ yahoo . com
please share the security sim
Passed, if you go the exam study the 285q dumps.