Which of the following are you most likely to recommend…

You manage your company’s Cisco devices by using Telnet. Your supervisor is concerned about
eavesdropping over inband device management and has asked you to recommend a solution that would allow
you to disable the Telnet servers on each device.
Which of the following are you most likely to recommend as a replacement? (Select the best answer.)

You manage your company’s Cisco devices by using Telnet. Your supervisor is concerned about
eavesdropping over inband device management and has asked you to recommend a solution that would allow
you to disable the Telnet servers on each device.
Which of the following are you most likely to recommend as a replacement? (Select the best answer.)

A.
SNMPv3

B.
SSH

C.
SFTP

D.
SCP

Explanation:
Most likely, you will recommend Secure Shell (SSH) as a replacement for Telnet as a method of inband
management on your company’s Cisco devices. SSH is a virtual terminal (VTY) protocol that can be used to
securely replace Telnet. Telnet is considered to be an insecure method of remote connection because it sends
credentials over the network in clear text. Therefore, you should replace Telnet with an encrypted application,
such as SSH, where possible. Encryption is a method of encoding network traffic so that it cannot be read
intransit. Thus encryption can be used to defeat eavesdropping attacks.
You are not likely to recommend any version of Simple Network Management Protocol (SNMP) as a
replacement for Telnet. However, if your company were using SNMP version 1 (SNMPv1) or SNMPv2 as ameans of inband management, you might recommend that your company use SNMPv3 instead. Three versions
of SNMP currently exist. SNMPv1 and SNMPv2 do not provide encryption? password information, known as
community strings, is sent as plain text with messages. SNMPv3 improves upon SNMPv1 and SNMPv2 by
providing encryption, authentication, and message integrity to ensure that the messages are not tampered with
during transmission.
You are not likely to recommend either Secure File Transfer Protocol (SFTP) or Secure Copy (SCP) as a
replacement for Telnet. However, either of those applications could replace File Transfer Protocol (FTP), which
is a protocol that is used to exchange files between devices. FTP transmits all data as clear text. Both SFTP
and SCP transmit information in an encrypted format.

Cisco: Cisco Guide to Hardening IOS Devices: Use Secure Protocols When Possible
Cisco: SNMP Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches): Versions of SNMP



Leave a Reply 0

Your email address will not be published. Required fields are marked *