IOS Questions CCNA 200-120


How does using the service password encryption command on a router provide additional security?
A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router

Correct Answer: B

By using this command, all the (current and future) passwords are encrypted. This command is primarily useful
for keeping unauthorized individuals from viewing your password in your configuration file.

Refer to the exhibit

line vty 0 4
password 7 030752180599
transport input ssh

What is the effect of the configuration that is shown?
A. It configures SSH globally for all logins.
B. It tells the router or switch to try to establish an SSh connection first and if that foils to use Telnet.
C. It configures the virtual terminal lines with the password 030752180500.
D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual
terminal ports.
E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.

Correct Answer: D

Which router IOS commands can be used to troubleshoot LAN connectivity problems? (Choose three)
A. ping
B. tracert
C. ipconfig
D. show ip route
E. winipcfg
F. show interfaces

Correct Answer: ADF

The ping command can be used to test if the local device can reach a specific destination -> A is correct.
“tracert” is not a valid command in Cisco IOS commands, the correct command should be “traceroute” -> B is
not correct.
The ipconfig command is not a valid command in Cisco IOS too -> C is not correct.
The “show ip route” command can be used to view the routing table of the router. It is a very useful command
to find out many connectivity problems (like directly connected networks, learned network via routing
protocolsR) -> D is correct.
“winipcfg” is an old tool in Windows 95/98 to view IP settings of the installed network interfaces. But it is not a
valid command in Cisco IOS commands -> E is not correct.
The “show interfaces” command is used to check all the interfaces on the local device only. It has very limited
information to trouble LAN connectivity problem but it is the most reasonable to choose -> F is acceptable.

A network administrator needs to allow only one Telnet connection to a router. For anyone viewing the
confguration and issuing the show run command, the password for Telnet access should be encrypted. Which
set of commands will accomplish this task?
A. service password-encryption
access-list 1 permit
line vty 0 4
password cisco
access-class 1
B. enable password secret
line vty 0
password cisco
C. service password-encryption
line vty 1
password cisco
D. service password-encryption
line vty 0 4
password cisco
Correct Answer: C

What is the effect of using the service password-encryption command?
A. Only passwords configured after the command has been entered will be encrypted.
B. Only the enable password will be encrypted.
C. Only the enable secret password will be encrypted
D. It will encrypt the secret password and remove the enable secret password from the configuration.
E. It will encrypt all current and future passwords.

The secret password (configured by the command “enable secret “) is always encrypted even if the “service
password-encryption” command is not used. Moreover, the secret password is not removed from the
configuration with this command, we still see it in encrypted form in the running-config -> D is not correct.

The “enable password ” does not encrypt the password and can be viewed in clear text in the running-config.
By using the “service password-encryption” command, that password is encrypted (both current and future
passwords) -> A is not correct, E is correct.

Answer B – Only the enable password will be encrypted seems to be correct but it implies the secret password
will not be encrypted and stay in clear text, which is not correct.

For your information, the secret password is encrypted with MD5 one-way hash algorithm which is harder to
break than the encryption algorithm used by the “service password-encryption” command.

A network administrator needs to configure a serial link between the main office and a remote location. The
router at the remote office is a non-Cisco router. How should the network administrator configure the serial
interface of the main office router to make the connection?

A. Main(config)# interface serial 0/0
Main(config-if)# ip address
Main(config-if)# no shut

B. Main(config)# interface serial 0/0
Main(config-if)# ip address
Main(config-if)# encapsulation ppp
Main(config-if)# no shut

C. Main(config)# interface serial 0/0
Main(config-if)# ip address
Main(config-if)# encapsulation frame-relay
Main(config-if)# authentication chap
Main(config-if)# no shut

D. Main(config)# interface serial 0/0
Main(config-if)#ip address
Main(config-if)#encapsulation ietf
Main(config-if)# no shut

Correct Answer: B


Copyright ©2010 -  2018 | Privacy Policy