Exam 200-301 Question id=5492 Security Fundamentals

As part of a new initiative to tighten the security of your Cisco devices, you have configured the firewall to restrict access to the devices from the outside. What would be other recommended ways of protecting the integrity of the device configuration files on the devices while ensuring your continued ability to manage the devices remotely?

A. encrypt the configuration files
B. use SSH to connect to the devices for management
C. prevent the loss of administrator passwords by disabling their encryption
D. disable the VTY ports on the devices
E. use an encrypted password for VTY access

You should use SSH to connect to the devices for management. You should also require an encrypted password for VTY access. Using Telnet for remote management transmits all information, including the username and passwords, in clear text. Using an encrypted password for VTY access ensures that the password cannot be read either in transit or in the configuration file.

Passwords used for access to the console, aux, or VTY connections can be encrypted if desired. When passwords are created with the enable command, the password is saved in clear text. When the enable secret command is used, however the password will be encrypted.

If both types of password are configured for a particular connection type, the system will ignore the enable password and require the enable secret password. For example, if the set of commands shown below were executed, both types of password will be created for console access, but the system will require the password crisco rather than cisco. Also make note that neither of those passwords will required for VTY access. That password is sicso, which is the password configured
after accessing the line VTY interface configuration prompt.
Router(config)# enable secret crisco Router(config)# enable password cisco Router(config)# line vty 0 4 Router(config-line)# password sisco
Although it is possible to encrypt the password in the configuration files, it is not possible to encrypt the rest of the files.

You should not disable the encryption of the passwords in the configuration files. Password encryption is a good security measure to take, and sloppy password management should not be a reason to change this practice.

You should not disable the VTY ports on the devices. This would certainly enhance security, but it would prevent you from managing the devices remotely



WARNING

the answers are mixed, do not specify in the comment number or the letter of the answer
please write answer#A instead A, answer#B instead B...
Subject:

only logged users can write comments