ICND1 – Security Testlet
[am4show have=’p2;’]
Premium Member: You can test your knowledge with these questions first via this link.
[/am4show]
Question
[am4show have=’p2;’]RouterA and SwitchA have been configured to operate in a private network which will connect to the Internet. you have been asked to review the configuration prior to cabling and implementation.
This task requires the use of various commands to access and check the running configuration of the two devices. No configuration changes are necessary (and the configuration command has been disabled for these two devices).[/am4show]
Maybe this is the configurations on Router and Switch (but notice that they are surely missing something):
ROUTER A CONFIGURATION
|
! |
SWITCH A CONFIGURATION
|
! banner login ^c line con 0 |
Note: This is just what we gather and guess. In the exam the configurations may be different so make sure you understand about “enable secret”, “enable password”, “login”, “login local”, “transport input”, “line vty”, “service password-encryption”, “bannder motd”, “privilege” before taking this exam!
You can download Packet Tracer file of this teslet here.
This sim has 4 questions:
Question 1
[am4show have=’p2;’]Which of the following is true regarding the configuration of SwitchA?
A. only 5 simultaneous remote connections are possible
B. remote connections using ssh will require a username and password
C. only connections from the local network will be possible
D. console access to SwitchA requires a password
Answer: B[/am4show]
Explanation
There are 16 VTY lines (from 0 to 4 and 5 to 15) so there are more than 5 simutaneous remote connections can be made at the same time -> A is not correct.
There is no restriction on on the Switch so remote networks can connect to this switch -> C is not correct.
There is no config under “line con 0” so console access to this switch does not require a passowrd -> D is not correct.
All 16 VTY lines are configured to access via SSH only and all of them require a password. The difference is in the “line vty 0 4” configuration, the type of login is specified as “login local”. It means that the switch will not use the password configured under “line vty 0 4” (in this case none was set but it will use the user & password configured in “username ciscouser password 0 cisco” command -> B is correct.
Question 2
[am4show have=’p2;’]Which two of the following are true regarding the configuration of RouterA? (choose two)
A. at least 5 simultaneous remote connect are possible
B. only telnet protocol connections to Router A are supported
C. remotely connection to RouterA using telnet will succeed
D. console line connection will never time out due to inactivity
E. since DHCP is not used on Fa0/1 there is not a need to use the NAT protocol
Answer: A C[/am4show]
Explanation
A is correct as we can telnet from line 0 to line 4 (line vty o 4).
We can use both telnet and SSH to connect to this router (transport input telnet ssh) -> B is not correct.
C is correct as we can telnet to it.
D is not correct because by default, the timeout is set to 10 minutes on both the console and the vty ports.
E is not correct as NAT can be used even DHCP is not used.
Question 3
[am4show have=’p2;’]Select the options which are security issues which need to be modified before RouterA is used. (Choose two)
A. unencrypted weak password is configured to protect privilege mode
B. inappropriate wording in banner message
C. the virtual terminal lines have weak password configured
D. virtual terminal lines have a password, but it will not be used
E. configuration supports in-secure web server access
Answer: B D[/am4show]
Explanation
Privilege mode on RouterA is protected with unencrypted password (via “enable password” command). Although this is a good choice but it is not the answer Cisco wants. Answer B is a correct answer instead. This can be explained by this way:
The wording in the banner is inappropriate as it “Welcomes” you to the network. If you are gaining unauthorised access to the device, the first thing you will see is a banner welcoming you. Apparently there has been a case (or cases) where a hacker has used this as a legal defence for gaining illegitimate access to the device. The banner should say something along the lines of “NO UNAUTHORISED ACCESS”.
The password of VTY lines is “4t&34rkf”. Although it is unencrypted but it is not a weak password because it has number & special characters inside -> C is not correct.
Although a password of “4t&34rkf” is configured but with the command “login local”, router will use the username of “ciscouser” & password of “cisco” (configured in “username ciscouser privilege 15 password 0 cisco” command) -> D is correct.
By checking the configuration of routerA with the “show run” command. To support web server access it must have the command “ip http server” but it does not -> E is not correct.
Question 4
[am4show have=’p2;’]Select three options which are security issues with the current configuration of Switch A. (Choose three)
A. privilege mode is protected with an unencrypted password
B. inappropriate wording in banner message
C. virtual terminal lines are protected only by a password requirement
D. both the username and password are weak
E. telnet connections can be used to remotely manage the switch
F. Cisco user will be granted privilege level 15 by default
Answer: A B D[/am4show]
Explanation
The command “no service password-encryption” exists so the password to access privilege mode is not encrypted -> A is correct.
With the “login local” command the VTY lines will require both username and password -> C is not correct.
The username and password are easy to guess as they have common words like “cisco” and “user” -> D is correct.
In all VTY lines only SSH is allowed with the “transport input ssh” -> E is not correct.
To grant privilege level of 15 by default the following commands are required:
line vty 0 4
privilege level 15
or these lines:
username ciscouser privilege 15 password cisco
and
login local (in “line vty 0 4”)
but none can be found so F is not correct.
Hello Blake,Thanks for introducing a great book to me at Barnes and Nobles tnihgot. I will like to keep you in my contacts due to some possible programming and networking in the near future. In addition, my brother is very interested in CISCO, please write me back an email as soon as you can. I think your site is very impressive, and i love the fact that you love Honduras because that is where i am from. Congratulations on all of your accomplishments specially your baby Sofia, please send my warm greetings to your wife Hailey. Blessings
so unsecured message on banner is correct answer.
That is a question not statment. Ha!
Shiva, somebody mentioned A,C,E is correct for 4.
Made today and have 962…
simple… very simple…
I see all the questions here and in vce Cisco.Lead2pass.640-822.v2012-04-06.by.Daniel.339q and Cisco.Prepking.640-822.v2012-02-16.by.tjasp.268q
only one question I don’t see anywhere, a drag and drop… I dont remember the items of this.
Note : Security Testlet – Banner response is a valid response!!!!! in router and switch questions I put Banner and have 100% in this item.
But attention, depends of the runcfg on Rt and Sw, in my runcfg it have litle diferences from one it is here… but by the logic I came to a valid responce.
thanks all, and good luck for everybody…
Now, ICND2 is waiting for me….
just passed with 974 mark,
selected banner on both router and swith and got 100%
good luck
I have been looking for this problem….finally THANK YOU SO MUCH 9TUT WE REALLY DO APPRECIATE IT
I had this testlet on mine. I failed with a 799 with a needed 804…… I retake it tomorrow, but I will pass! Then on to ICND2 in 5 days…
On question 4, one of the answers I was able to choose from was “The configured VTY line will not be used. I choose this because there is a command that says “No login”. If I get this tomorrow, I will be sure to try to remember it!
ANY ONE CAN HELPH ME FR THE ANSWER :
Select three options which are security issues with the current configuration of Switch A. (Choose three)
A. privilege mode is protected with an unencrypted password
B. inappropriate wording in banner message
C. virtual terminal lines are protected only by a password requirement
D. both the username and password are weak
E. telnet connections can be used to remotely manage the switch
F. Cisco user will be granted privilege level 15 by default
Hi Posso
Above questiom is B,C E are correct good luck
Got this one on wensday.
There was ip http secure server and banner .
Went with banner and scored 100 % on security.
i just get the exam with 1000/1000
and i have got security simlet
welcome msg is a threat
no login is a threat too because no need to login
Warning do u mind sharing where u prepared from
wahab check urduitacademy.com
The Banner is a problem — 100%
Security testlet also, chose banner and got 100% on security portion. The other answers are just process of elimination.
hey guys in ccna security exam i am gona get only this sim ??? one more thing haw can i get it support with packet tracer thanks ……
Hi, i passed today with a 937! I took it 2 weeks ago and scored a 799, so came back prepared. That has to make you mad. This site has some great material and Id like to post a comment on the security sim that is so tough. The question on the exam has a router and switch that are configured with #banner login ^C Welcome to This blah blah ^C. 9tut reads banner motd, which is why I think there has been some confusion about whether the banner is an issue.
The thing is, there are 3 banner messages that could be configured on switch or router. The MOTD is a friendly general message that is updated often. But the second one, the banner login, is supposed to be a permanent “do not enter if you dont belong message”. And then there is a third banner that display after authorized access, which can be some private company info.
http://www.scribd.com/doc/74123106/ICND1-Official-Cert-Guide-Third-Edition, p252 has some info on the uses of each type of banner.
Other have commented plenty on why the banenr is a problem, but if 9tut can change the Sim to read “banner login” instead of “banner motd” , that would be helpful.
What else do I remember. One of the devices did have the service password-encryption command set, I remember that. Keep an eye out.
Also, 9tut has an error in one of the analysis up above too. The solution for Question 1 above states that “transport input telnet ssh” is the default, which is a mistake. The default for Cisco devices is just telnet. This means that transport input telnet ssh” is a medium, reasonable, level of security and not a problem. The best security would be to use ssh alone.
I think there were only 2 choices needed on that first question as well.
On the exam it did not say welcome.
so it makes the banner ok right?
Hi Guys,
Also got this security sim,
but not attended properly, some extra questions asked in same sim.
Just confused
But passed 937/1000.
Hey guys,
I got this sim today, still valid.
Make sure you use the command #show run
to get this info to come up
Passed today with an 925/1000.
Failed 768, got this sim.. i struggled for a a min with this, the only thing i could answer was if the passwords for each line were weak, and the banner said “welcome to routerA,” i take that as a security issue because if someone is in your network, you don’t want anything to identify what device they are on. so im with others that are confused,
Passed ICND1 this morning. Got 100% on security section and had this SIM, I chose banner being a security risk because it had “Welcome” in it. Also had Implementation SIM and Show Configuration SIM. Know Subnetting, DORA, WAN, WLAN 802.11 protocol, Public/Private IP Ranges and how Switches and Routers handle packets (source/destination MAC & source/destination IPs) Had a WAN drag and drop that wasn’t on here. Forget the exact question but you had to drop Frame Relay, ATM, and two others to their counterpart. Also had the drag&drop question 1 from the drag & drop questions2 page.
Prepking practice tests are good and so are these pages. Good luck. On to ICND2
hello ph52ml,
thanks for the above reference.tomm i m giving the exam.i have one question regarding the show cong SIM .IS this a same or they made change in that ?
Guys,
On switch u can select banner as a threat.
On router select configuration supports in-secure web server access if the configuration has Ip http server command.
I did the same and got 100% on security testlet.
thanks everybody ..i cleared my icnd1 exam yesterday…..going for icnd2…help if you have any dump .
This was on my exam yesterday which I got 974/1000 for.
Passed the security section 100%. Some of the answers were:
1) Innapproriate banner
2) Can login into VTY lines without password
3) insecure/unencrpted passwords
For memory, both devices had http secure server enabled and one had a secret password (the other just a regular password).
Passed today, 974/1000.
I got Security Testlet, 4 questions. “Welcome” in banner is unsecured message!
I will take my icnd1 test today (fingers crossed). I feel pretty confident that I will pass. This site is like a gold mine!!! I will keep you posted on the results 🙂
Passed today with 912/1000. I got this question and chose the banner.
Good this question on the test, took test on the 13th
hello! ciscos
thank God i pass my icnd1 this sim was there too
this question is in the test passed it today
Passed yesterday,this questions was there.
i just get the exam with 950/1000
and I’ve got this security questions
welcome msg is a threat (on the Switch and the Router)
no login is a threat too because no need to login
in Ques 2
A. at least 5 simultaneous remote connect are possible is not correct because it says that minimum 5 connections are there … there may be greater than 5 also…. acc. to ques..
Hi George can you provide us all the answers of above question and with modifications in configuration in your question???
i took this exam today and pass with a 925 score this questions was there
is this a sim where any config is needed? or just answer the questions based on show command reseults?
This question was a frustration, I know the manuals say you shouldn’t put Welcome in a banner, but does it truly make a switch or router less secure? It’s like having a welcome mat outside your front door, does it make your home security any less secure? For that matter saying trespasses will be shot on the spot, does that make your home more secure? The welcome message may only become a problem should the matter go to court and sure that depends on the country you’re in. Forgive the little rant, think Cisco could spend more time on things of substance in these exams.
In my mind security issues pertain to weak/plain text passwords or no passwords at all. For example a secret password that is password or cisco is just as big a risk as a plain text version.
Should such a question appear in your exam, I would suggest being familiar with the way users are authenticated from terminal or SSH (VTY connections). Be mindful of what login and no login mean and the effect of these statements on a VTY connection.
Oh and it pains me to say I think Cisco would like you to say the Welcome message is a security risk in this situation.
It has been recorded that certain individuals have had all charges dropped due to the fact that when they broke into a system the banner message read welcome. This is why it is a security threat.
this lab came into my exam today. and i passed my icnd1. good website to learn. make sure you just dont memories the question. try to understand the concept.
A nasty question – check the all the information properly before blindly checking answers
I’ve seen NAT and Frame-Relay SIMs posted in the 9tut.net section (not 9tut.com). I’m guessing that these 2 areas would only have SIMs in the ICND2 and not in the ICND1. Has anyone personally gotten NAT or Frame-Relay in their ICND1 test?
Had this on my exam 8/31 weht with banner and got 100%
this was the only question that i had on my exam. but I found that this was a good please to help me study
Passed today with 950 score. this Q was there..
Please where can I get a packet tracer to practise for the exam?
@ruth
http://www.packet-tracer.com/packet-tracer-5-3-3.html
had this on my exam on thursday- Clicked on banner -got only 50 percent in the security simlet.Failed the exam by 5 marks..got 799 ..
Passed today, 987. This testlet was on it with 4 questions.
Passed today 874. This question was on it. It cost me a few marks as its the same old story. Is the inappropriate banner a security risk and the answer for the router telnet conncetions. At least 5 etc. Confusing but got through it. Lucky for me I sailed the rest!
Passed 9/23/12 with a 974. This website is awesome and is a great representation of whats on the test. I had the DORA drag and drop, and also the WAN protocol DAD. The security testlet was on there. Chose banner as part of my answers and got 100% in that area. I had lots of subnetting questions, so if you are not comfortable with subnetting, practice. For studying I used this site, cisco (for the subnetting game, and also went through their review questions), and attended a CCNA course at a certified cisco learning partner. Also had the implementation drag and drop. thanks 9tut, on to ICND2. Good luck everyone.
Screen can get a bit crowded when doing the security testlet. Always make sure you are in the correct interface when screening for your answers. This might sound like a no duhhh, but trust me when all those screens are up you might click on the wrong thing, just be cautious. I finished my first two questions and realized I was in the switch instead of the router. Do not try to memorize answers, know what your doing. You do not get credit if you do not access the interfaces. Got a hundred percent in this area only cause I caught my mistake. If banner says welcome, it’s part of the answer.
Banner Answer – if you’ve done the Cisco ‘official’ training you will know the banner is considered a threat. This is because there was a case where a hacker was tracked down and prosecuted for accessing a secure system. Banner message didn’t say ‘Do not log in if you are unauthorised’ (or something similiar) – and this was used as a sucessful defense by the hacker.
At the the training the Cisco instructor hammers this home – both ICND 1 and 2 courses. Hence the answer to the question.
Cheers,
Congrats bushy – u got 100 percent ? So u chose the banner?
Wan protocol dad -haven’t come across that till now ever -what is it?? Full form pls
Banner was the one I selected and I scored 100% on the sec domain..
Can anyone provide a little detail about the types of subnetting questions for the ICND1 exam please? Will there be scenarios or just something like Question: What valid host range is the IP address 192.168.172.177/29 a part of? thnks.
confused about above answers.. can anyone give correct answers to above quesions.. pls..
thank u very much 9tut and friends..good luck all
thank u very much 9tu n friends.. i passed with 937 marks..yesterday!. securiy testlet was there.. login local n no login were there..thanks again
Passed my ICND1 on the 13th with 950 this question was on the Test. Thanks 9tut you guys helped alot.
Let me explain a few things to anyone who is still unsure i got 100% in this section.
The Banner is a threat as any banner saying ” Welcome is dangerous” . Any simple passwords i.e cisco is dangerous, having no login is dangerous, no encryption on the passwords is dangerous, allowing telnet is dangerous as its unencrypted.
9tut Please update this section.
use the banner as a threat always.. by doing that i scored 100% and i was one lucky guy..
please could someone tell me what is the answer of this question????????????/
Question 4
Select three options which are security issues with the current configuration of Switch A. (Choose three)
A. privilege mode is protected with an unencrypted password
B. inappropriate wording in banner message
C. virtual terminal lines are protected only by a password requirement
D. both the username and password are weak
E. telnet connections can be used to remotely manage the switch
F. Cisco user will be granted privilege level 15 by default
Thank you Matt
I want to buy hardware, switches and routers for CCNA/CCENT and also kinda to not have to many upgrades when CCNP comes around? Any suggestions are super welcomed. Thanks
Im trying to download a packet tracer because numerous people are saying its helpful. Where would i download one? Is that GNS3? Wireshark? Teraterm? What are these different things used for and are these important things to know how to use in real life or on the test? or Both?
why would they put line vty (o 4) instead of 0 4 … on the Switch A config? this is confusing!
CCNA-hopeful- gns3 is a free of source GUI interface where you can simulate everything for details and download go to http://www.gns3.net … packet tracer issue i am not sure of it but gns3 is always better..
Passed on 4/Dec/2012 pass rate 987! Thank you Jesus!
this question was there with different settings, make sure you understand!
I am totally having some unfortunate luck with all of my Cisco attempts for 640-802 and then stepping down to doing the two part 640-822 and 640-166. On my last two failed attempts with the 802 exam, I failed both exams by 10 points which caused me to go hysterical. When I decided to go for the 640-822 test, I studied hard for another 3 weeks with all sorts of tools provided:
– Leadpass
– CBT Nuggets
– Testout
– Boson 7.0 Netsim
– ITU
– Cisco Press ICND1 book by Wendell Odom
– Cisco Packet Tracer
– 9tut
– ExamCollection
– VCE
– subnettingquestions.org
and I still ended up failing for with a 775/1000. I was for sure that I passed the exam when I was killing all of my practice material. I definitely do not know what is going on and this is extremely disturbing. I keep seeing others with great success stories, and I’m trying to reach that pinnacle also to relay my experiences, but damn, I’m in a hole I can’t get out of. Can anyone out there feed me some of the latest dumps for the ICND1 exam. I would definitely appreciate this as I’m trying to be a family member in the Cisco world.
I can be reached easily at cehiem@yahoo.com…
I passed today. I got this simulation question. You need to know sub-netting, show cdp neighbor, wireless, configuration of switches/router. I also got a connection on WAN connection types DnD, leased line, point to point and other WAN General terminologies.
ICND1 passed with 875. This was on the exam, thanks 9tut!
This question was on my test, along with two other sims.
Passed with 937. I had about 15 subnetting questions
and a couple about private IP addresses. One about
NAT translation scenario.
Does anyone know the correct answers on all the questions? Im a little confused with like question 1 states you need 3 answers. What whould they be? If banner is an issue.
In the Cisco Book it says “Warning: Caution should be used when selecting the text that is used in the login banner. Words like Welcome may imply that access is not restricted and may allow hackers to defend their actions.
So I guess Cisco does mean it’s a threat. So if thats the case question 1 would be what for answers? Seems like all 4 are correct to me.
If you know whats right you can rule out the wrong ones. The right answer is banner in every if not all Qs in security sim.
@fleshwound i know you from exam collection unlike all the other q’s here there not like here on the exam banner is right because u can rule out the other ones
hello friends icnd1 hint please going 28 January. very tough question this is second time i am going. thanks
@Johnsmith So by your post your saying the welcome message in the banner is bad?
I guess read and look at the question if I get it. Praying I don’t
I know one thing for sure, on the switch, if you specify “no login” on vty 0 4 then when you telnet to the switch, you are not asked for a password at all and you are basically into the switch.
This right out of a Cisco Curriculum – “A banner is text that a user sees when initially logging on to the router. Configuring an appropriate banner is part of a good security plan. At a very minimum, a banner should warn against unauthorized access. Never configure a banner that welcomes an unauthorized user. “
Hi Guys,
I am schedule to take the ICND1 this Wednesday 02/13/13.
Can anyone please specify what are the correct answer for questions # 1 and 4. I am confused. The banner is a threat for the Switch and the router or is just for the switch only?
Your time and help will be greatly appreciated.
Thank you so much.
No update on this? Any recent occurrences?
Cheers.
hoy aprobe el examen con 925/1000 gracias 9tut.net, solo estudie de alli y me vino todo!
is there any update to this?
Hi! I made this 100% I got this Question but with 2 router and 2 switch question. The config files was similar but the Switch had encryption. Important! If you see ,,Welcome” in the banner message that is a Unsecured Security Message!
ok.. let me explain why the WELCOME on BANNER MOTD is a security issue..
Lets say a hacker got in to the network’s router/switch. And lets assume that he did lot of damage on the network devices. When the hacker will go on trial… the hacker can claim.. HEY THERE WAS A MASSAGE BANNER SAYING… WELCOME. BTW.. this is a true story where the hacker didn’t got guilty for hacking in… SO, NEVER EVER PUT THE WORD WELCOME on a networking device, ever.
if you would like to hear more on this, you can go here>>>
http://www.elithecomputerguy.com/2010/11/04/introduction-to-hacking/
it’s a video explaining about EDUCATIONAL HACKING… and it mentions the WELCOME massage on the banner motd.
IF banner is the correct answer ,so what is incorrect answer on question 1 ? Thanks
i passed today ICND1 exam, and this question was there, got 100% to security, and i selected “banner” as security issue..
also it is explained even in cbt nuggets video that “Welcome” banner is not used since many years before, because some guys who hacked a private network, won the trial just because when they logged into the network it was written “Welcome” :P…
@mecerty help me with Q1.
The incorrect answer for #1 is probably C. The others are obvious security issues.
@Chris Thanks I got it ,then Question 4 ?
Hi guys,
I passed my CNDI 1 today (March 23, 2013) with 925/1000. I got this security question with no banner at all. I did not get any drag and drop. I got the simulated with five routers and two testlets which you can find them in this site. Lot of questions from this site. The questions were very easy. Anyway thanks to this site which helped me to understand the questions.
Thank you
Mike
I got 987/1000 ,Thanks 9tut, exam collection, Wendell Odom and brain. ICND_1 is very simple you just have to be prepare. ICND_2 preparation began.
pls can any body give me link for vce with crack
I had this question in my ICND1 test a month ago. I passed but I don’t think I got this question right. Did anyone else get misled by the use of the words ‘at least’ in the ‘at least 5 remote simultaneous connections’ answer? To me line vty 0 4 means ‘up to 5 remote simultaneous connections’ not ‘at least’. ‘At least’ implies you can actually get more than 5.
Can anyone please tell me what was Question# 4 actually and its correct answer? In this, I think A and B is ruled out! In C, vty 0 4 has no login whereas vty 5 15 has login (still I don’t see any password set in running-config). D, again I don’t see any password set in running-config!! Moreover, I don’t find E as an security threat n telnet (except its unencrypted transmission) and again nothing about F in running-config…
Frankly speaking…I don’t find any of these choices correct in Q#4
Please reply..
Thanx in advance…
@George – Maybe they put ‘at least’ since some devices can have up to 16?
Got this testlet on my ICND 1 today