Appendix  ■   Answers to Practice Test Questions  32

Appendix 

  Answers to Practice Test Questions

ip ssh version 2 will set your SSH version to 2. This command is 

to be entered at a global configuration prompt. The command 

version 2 is incorrect, 

regardless of where it is configured. The command 

ssh version 2 must be preceded with 

the 

ip command.

transport ssh telnet will configure the VTY line to accept SSH as 

a login protocol and fallback to Telnet. The command 

login ssh telnet is incorrect 

regardless of where it is configured. The command 

transport ssh telnet is incorrect 

when it is configured from a global configuration prompt.

 34.  D.  SSH is encrypted and Telnet is in clear text. To keep passwords and configuration safe, 

SSH should always be used. Telnet contains no encryption whatsoever, and all usernames, 

passwords, and commands are sent in clear text. SSH allows for file copy if it is turned on 

in the IOS, but it is not a main reason to replace Telnet. Telnet and SSH make it equally 

easy to create ACLs for access.

 35.  C.  You must first create an access list to permit the host that will manage the router or 

switch with the command 

access-list 1 permit host 192.168.1.5. Then enter the 

VTY line in which it will be applied with the command 

line vty 0 5. Then apply it with 

the command 

ip access-class 1 in, which differs from the command ip access-

group, which is used on interfaces. All of the other options are incorrect.

be at least 768 bits for the modulus. The default is normally 512 bits, and it is standard 

practice to double the number to 1024 bits. The time and date do not necessarily need 

to be correct to enable SSH version 2. The DNS server does not need to be configured to 

enable SSH version 2. DNS and host records are used strictly for connectivity and will not 

affect enabling SSH version 2.

username user1 password Password20! will create a user account 

called user1 with a password of Password20!. The commands 

account user1 and 

password Password20! are incorrect. The command user user1 Password20! is 

incorrect. The command 

user-account user1 password Password20! is incorrect.

 38.  B.  The command 

service password-encryption should be entered in global config. It 

should not be kept in the configuration as it will use CPU cycles. So after it is configured, 

you should perform a 

show running-config to double-check if the encryption worked 

and then perform a 

no service password-encryption to turn it off. The command 

password encryption is incorrect. The command service encryption is incorrect. The 

command 

password-encryption service is incorrect.

crypto key generate rsa will generate the encryption keys for SSH. 

You will be asked for the key strength, called the modulus, which should be over 768 bits 

to support SSH version 2. The command 

generate crypto key rsa is incorrect. The 

command 

rsa is incorrect when configured from the privileged exec prompt.

Chapter 5: Security Fundamentals (Domain 5) 

Download 8,04 Mb.

Do'stlaringiz bilan baham: