Select two options which are security Issues which need to be modified before RouterA is used?
(Choose two.)
A.
unencrypted weak password is configured to protect privilege mode
B.
inappropriate wording in banner message
C.
the virtual terminal lines have a weak password configured
D.
virtual terminal lines have a password, but it will not be used
E.
configuration supports un-secure web server access
ROUTER A CONFIGURATION
!
no service password-encryption
!
enable password cisco
!
username ciscouser privilege 15 password 0 cisco
!
banner motd ^CWelcome! If you encountered any problem, please consult the administrator^C
!
line vty 0 4
password 4t&34rkf
login local
transport input telnet ssh
!
SWITCH A CONFIGURATION
!
!
no service password-encryption
!
hostname switch1
enable password cisco
username ciscouser password 0 cisco
ip domain-name cisco.com
banner login ^c
************ welcome to Switch1. If you encountered any problem, please consult the administrator ************* ^c
line con 0
line vty 0 4
login login local
transport input ssh
line vty 5 15
login local
transport input ssh
Note: This is just what we gather and guess. In the exam the configurations may be different so make sure you understand about “enable secret”, “enable password”, “login”, “login local”, “transport input”, “line vty”, “service password-encryption”, “bannder motd”, “privilege” before taking this exam!
One of the things that usually are not implemented by the network administrator is the banner; but what and why use it?
The banner is a feature used not only on Cisco systems but also in other systems like Unix, Linux and so on. It permits to define a text that it is displayed in some cases, for example when you log in a router via SSH.
There are two main reasons to implement banner on our router/switch:
Banner messages should be used to warn would-be intruders that they are not welcome on your network.
Banner are useful to quickly identify the terminal (remember reconnaissance…).
There are five banner types:
banner exec
banner incoming
banner login
banner motd
banner slip-ppp
banner exec
To display a banner on terminals with an interactive EXEC, use the banner exec global configuration command. This command specifies a message to be displayed when an EXEC process is created (a line is activated, or an incoming connection is made to a VTY line).
banner exec d message d
banner incoming
To specify that a banner be used when you have an incoming connection to a line from a host on the network, use the banner incoming global configuration command. This banner is displayed after the MOTD banner and before the login prompts.
banner incoming d message d
banner login
To display a login banner, use the banner login global configuration command. This command specifies a message to be displayed before the username and password login prompts.
banner login d message d
banner motd
To specify a message-of-the-day (MOTD) banner, use the banner motd global configuration command.
banner motd d message d
banner slip-ppp
To customize the banner that is displayed when a user makes a SLIP or PPP connection, use the banner slip-ppp command in global configuration mode.
banner slip-ppp d message d
Note: Delimiting character of your choice—for example, a percent sign (%). You cannot use the delimiting character in the banner message.