PrepAway - Latest Free Exam Questions & Answers

What are three of the security conditions that Cisco Configuration Professional One-Step Lockdown can automati

What are three of the security conditions that Cisco Configuration Professional One-Step
Lockdown can automatically detect and correct on a Cisco router? (Choose three.)

PrepAway - Latest Free Exam Questions & Answers

A.
One-Step Lockdown can set the enable secret password.

B.
One-Step Lockdown can disable unused ports.

C.
One-Step Lockdown can disable the TCP small servers service.

D.
One-Step Lockdown can enable IP Cisco Express Forwarding.

E.
One-Step Lockdown can enable DHCP snooping.

F.
One-Step Lockdown can enable SNMP version 3.

Explanation:
One-Step Lockdown
This option tests you router configuration for any potential security problems and automatically
makes any necessary configuration changes to correct any problems found. The conditions
checked for and, if needed, corrected are as follows:
• Disable Finger Service
• Disable PAD Service
• Disable TCP Small Servers Service
• Disable UDP Small Servers Service

• Disable IP BOOTP Server Service
• Disable IP Identification Service
• Disable CDP
• Disable IP Source Route
• Enable Password Encryption Service
• Enable TCP Keepalives for Inbound Telnet Sessions
• Enable TCP Keepalives for Outbound Telnet Sessions
• Enable Sequence Numbers and Time Stamps on Debugs
• Enable IP CEF
• Disable IP Gratuitous ARPs
• Set Minimum Password Length to Less Than 6 Characters
• Set Authentication Failure Rate to Less Than 3 Retries
• Set TCP Synwait Time
• Set Banner
• Enable Logging
• Set Enable Secret Password
• Disable SNMP
• Set Scheduler Interval
• Set Scheduler Allocate
• Set Users
• Enable Telnet Settings
• Enable NetFlow Switching
• Disable IP Redirects
• Disable IP Proxy ARP
• Disable IP Directed Broadcast
• Disable MOP Service
• Disable IP Unreachables
• Disable IP Mask Reply
• Disable IP Unreachables on NULL Interface
• Enable Unicast RPF on Outside Interfaces
• Enable Firewall on All of the Outside Interfaces
• Set Access Class on HTTP Server Service
• Set Access Class on VTY Lines
• Enable SSH for Access to the Router
Reference:
http://www.cisco.com/c/en/us/td/docs/routers/access/cisco_router_and_security_device_manager/
24/software/user/guide/SAudt.html


Leave a Reply