Build a Small IACS Network – Module 17 Quiz Exam Answers

Build a Small IACS Network – Module 17 Quiz Exam Answers provides a comprehensive guide for students and IT professionals preparing for their Industrial Automation and Control Systems (IACS) module assessments. This resource focuses on delivering accurate and well-explained answers to the exam questions and answers, ensuring clarity in concepts such as network design, configuration, and troubleshooting. By following these solutions, you’ll enhance your understanding of IACS fundamentals and gain confidence to excel in your certification or coursework exams.

1. What does the “Router>” prompt indicate when using Cisco iOS commands?

  • It indicates that the router is in User EXEC mode.
  • It indicates that the router is in configuration mode.
  • It indicates that the router is in ROM monitor mode.
  • It indicates that the router is in setup mode.

The “Router>” prompt in Cisco IOS commands indicates that the router is in user EXEC mode. This mode allows for basic monitoring and testing but has limited capabilities and does not allow for configuration changes. To make configuration changes, one must enter privileged EXEC mode, often accessed by entering the command “enable” from the user EXEC mode.

The correct answer is:

It indicates that the router is in User EXEC mode.

The Router> prompt in Cisco IOS signifies that the device is in User EXEC mode, a mode with limited capabilities primarily used for basic monitoring, viewing device status, and testing connectivity. It does not permit configuration changes or access to advanced features. To transition to a more powerful mode (Privileged EXEC mode), you would typically use the enable command from the User EXEC mode.


2. What is the purpose of Privileged EXEC Mode in Cisco iOS?

  • to restrict access to administrative tasks
  • to enable basic monitoring commands
  • to allow executing configuration commands and accessing higher configuration modes
  • to provide access to advanced troubleshooting tools, monitoring tools, and syntax checking tools

The Privileged EXEC Mode in Cisco iOS is designed for advanced configuration and system management. This mode allows users to execute configuration commands, access higher configuration modes for making system-wide changes, and perform critical administrative tasks. It also provides access to various advanced troubleshooting tools, ensuring network administrators can maintain and monitor their networks efficiently.

The correct answer is:

To allow executing configuration commands and accessing higher configuration modes.

Privileged EXEC Mode in Cisco IOS provides advanced access for configuring the device and managing the system. It allows users to execute all user-level commands as well as configuration commands. From this mode, administrators can access global configuration mode and other sub-configuration modes, enabling system-wide changes and advanced management tasks. Additionally, it grants access to troubleshooting tools and monitoring commands essential for maintaining the network.


3. What are the two requirements for progressing in Syntax Checker? (Choose two.)

  • entering the exact and full command as specified
  • entering commands with complete keywords and arguments
  • entering commands with the correct syntax and parameters
  • entering commands in any order
  • entering any command that closely resembles the specified command

To progress in Syntax Checker, entering the exact and full command as specified is essential. Additionally, commands must be input with the correct syntax and parameters. These requirements ensure that users accurately follow specified command structures and syntax for successful progression.

The correct answers are:

  • Entering the exact and full command as specified.
  • Entering commands with the correct syntax and parameters.

In Syntax Checker exercises, progressing typically requires strict adherence to the specified instructions. This includes inputting the exact commands with the correct syntax, keywords, and parameters. These requirements ensure users develop precision in executing commands and understanding their proper structure, which is essential for mastering Cisco IOS commands and configurations.


4. What method is considered effective for creating a strong password?

  • using a multiple word passphrase
  • utilizing a simple numeric sequence (e.g., 123456)
  • repeating the same character multiple times
  • using a short, common word or phrase

Creating a solid password often involves combining letters (uppercase and lowercase), numbers, and special characters, making it difficult for others to guess. Avoiding common words, phrases, or easily discoverable personal information is also recommended. Additionally, employing a passphrase, a sequence of random words or a sentence, can enhance security while keeping the password memorable.

The correct answer is:

Using a multiple word passphrase.

Creating a strong password involves techniques that enhance both complexity and memorability. A multiple-word passphrase—consisting of unrelated words strung together—provides a good balance of length, randomness, and usability. This approach makes the password harder to crack while being easier to remember than random strings of characters. For added security, the passphrase can include uppercase letters, numbers, or special characters.

Other options, like simple numeric sequences or repeating characters, are weak and easily compromised.


5. When connecting a device on the network for remote access, which method is preferred and why?

  • SSH, because it is faster
  • Telnet, because it is more widely used
  • SSH, because it is more secure
  • Telnet, because it also supports file transfer

When connecting a device on a network for remote access, SSH (Secure Shell) is the preferred method due to its enhanced security features. Unlike Telnet, SSH encrypts the data transmitted over the network, ensuring that sensitive information remains confidential. This makes SSH an ideal choice for secure remote administration and file transfers.

The correct answer is:

SSH, because it is more secure.

SSH (Secure Shell) is the preferred method for remote access because it provides encryption for data transmitted over the network, protecting sensitive information such as passwords and configuration details. This ensures confidentiality and security during remote management sessions.

In contrast, Telnet transmits data in plain text, making it vulnerable to interception and unauthorized access. While Telnet might still be used in some legacy systems, SSH is the modern standard for secure remote administration.


6. What command is used to configure an IPv4 default gateway on a switch?

  • ip default-route ip-address
  • set ip default-gateway ip-address
  • ip default-gateway ip-address
  • configure terminal default-gateway ip-address

To configure an IPv4 default gateway on a switch, the command is “ip default-gateway ip address.” This command allows the switch to send traffic to destinations outside its local network by specifying the gateway’s IP address. It’s essential for enabling communication between different networks or subnets

The correct answer is:

ip default-gateway ip-address

This command is used on a Layer 2 switch to configure the IPv4 default gateway. The default gateway allows the switch to forward traffic destined for networks outside its local subnet to the specified IP address of the gateway device (usually a router). This is essential for enabling inter-network communication and remote management of the switch.

The command is typically executed in global configuration mode. For example:

Switch(config)# ip default-gateway 192.168.1.1

7. What must be configured on a Cisco LAN switch for remote network management?

  • setting up a management IP address
  • configuring SSH
  • assigning a descriptive name to the switch
  • utilizing Telnet as the sole method of remote access

Setting up a management IP address is essential for configuring and managing a Cisco LAN switch over the network. It enables the user to reach the device through Telnet, SSH, or HTTP clients. The IP address information that must be configured on a switch includes the IP address, subnet mask, and default gateway, similar to the configuration on a PC. This allows for secure remote access and management of the switch.

The correct answer is:

Setting up a management IP address.

To manage a Cisco LAN switch remotely, it is essential to configure a management IP address on a VLAN interface (commonly VLAN 1 by default). This enables remote access to the switch using protocols such as Telnet or SSH. Along with the IP address, the subnet mask and default gateway should also be configured to ensure connectivity to other networks.

Additionally, while configuring SSH is highly recommended for secure access, setting up the management IP address is the first and most critical step to enabling remote network management.


8. Match the initial switch configuration tasks to the command.

  • Configure the device name. ==> hostname name
  • Secure privileged EXEC mode. ==> enable secret password
  • Save the configuration. ==> copy running-config startup-config
  • Provide legal notification. ==> banner motd delimiter message delimiter

a. Configure the device name

  • Command: hostname name
  • Description:
    This command is used to assign a unique name to the device for easier identification. For example, on a network with multiple switches, each switch should have a distinct hostname to simplify management and troubleshooting.
    Example:

    Switch(config)# hostname Switch1
    Switch1(config)#
    

b. Secure privileged EXEC mode

  • Command: enable secret password
  • Description:
    This command sets an encrypted password to protect access to privileged EXEC mode. Unlike the enable password command, the enable secret command encrypts the password in the configuration file for added security.
    Example:

    Switch(config)# enable secret MySecurePassword
    

c. Save the configuration

  • Command: copy running-config startup-config
  • Description:
    After making changes, this command saves the current running configuration to the startup configuration file in NVRAM. Without this, changes will be lost if the device reboots.
    Example:

    Switch# copy running-config startup-config
    Destination filename [startup-config]? [Press Enter]
    Building configuration...
    [OK]
    

d. Provide legal notification

  • Command: banner motd delimiter message delimiter
  • Description:
    This command configures a Message of the Day (MOTD) banner, which displays a legal or informational message to anyone accessing the device. The delimiter is a character (e.g., #, !, or %) used to mark the start and end of the banner message.
    Example:

    Switch(config)# banner motd #Unauthorized access is prohibited!#
    

Summary Example:

Here’s how the commands look together in a real configuration session:

Switch> enable
Switch# configure terminal
Switch(config)# hostname Switch1
Switch1(config)# enable secret StrongPassword123
Switch1(config)# banner motd #Warning! Unauthorized access is prohibited!#
Switch1(config)# exit
Switch1# copy running-config startup-config
Destination filename [startup-config]? [Press Enter]
Building configuration...
[OK]
Switch1#

These commands ensure the switch is properly named, secured, and configured for operation with legal and safety notices.


9. What are three results of using VLANs to design networks? (Choose three.)

  • Improved Security
  • Increased Hardware Costs
  • Enhanced Performance
  • Complicated Administration
  • Limited Flexibility and Scalability
  • Better Traffic Management

Designing a network with a VLAN offers benefits such as improved security, better traffic management, and enhanced performance. VLANs allow an administrator to segment the network into logical groups, prioritize traffic, reduce network congestion, and simplify network management. VLANs help reduce hardware costs, simplify administration, and provide increased flexibility and scalability.

The correct answers are:

  • Improved Security
    VLANs enhance security by isolating sensitive data and devices into their own logical networks. Traffic within a VLAN is not visible to devices outside the VLAN unless explicitly allowed through routing, reducing the risk of unauthorized access or data breaches.
  • Enhanced Performance
    By segmenting a network into VLANs, administrators can reduce congestion and optimize traffic flow. This minimizes broadcast domains, ensuring more efficient use of bandwidth and improving the overall performance of the network.
  • Better Traffic Management
    VLANs allow better control of traffic flow by logically grouping devices regardless of their physical location. This helps in prioritizing and managing traffic efficiently, ensuring critical applications receive the necessary bandwidth.

Explanation of Incorrect Options:

  • Increased Hardware Costs: VLANs do not inherently increase hardware costs, as they are implemented using existing switches with VLAN support, avoiding the need for additional physical devices.
  • Complicated Administration: VLANs simplify administration by logically grouping devices, making the network easier to manage and troubleshoot rather than complicating it.
  • Limited Flexibility and Scalability: VLANs increase flexibility and scalability, enabling network segmentation that adapts to changing requirements without physical rewiring.

10. Match the VLAN configuration tasks to the command.

  • Return to the privileged EXEC mode. ==> Switch(config-vlan)# end
  • Enter global configuration mode. ==> Switch# configure terminal
  • Create a VLAN with a valid ID number. ==> Switch(config)# vlan vlan-id
  • Specify a unique name to identify the VLAN ==> Switch(config-vlan)# name vlan-name

11. What is the purpose of the switchport mode access command when configuring a port?

  • It allows the port to negotiate between different VLANs.
  • It sets the port to become a trunk link.
  • It disables the port.
  • It configures the port to belong to a single VLAN and prevents negotiation to trunk mode.

The switchport mode access command configures the port to belong to a single VLAN, making it an access port, and prevents the port from negotiating to become a trunk link. This is considered a security best practice to ensure that the port remains in access mode and not trunk mode.

The correct answer is:

It configures the port to belong to a single VLAN and prevents negotiation to trunk mode.

Explanation:
The switchport mode access command is used to set a switch port as an access port. An access port belongs to a single VLAN and connects end devices like computers or printers to the network. This command ensures that the port does not negotiate or attempt to operate as a trunk link, which is used for carrying multiple VLANs. Setting a port to access mode is also a security best practice to prevent unauthorized VLAN trunking.


12. What are the correct steps for configuring initial settings on a Cisco router?

  • assign a DNS server, configure a firewall, set up port forwarding, and enable remote access
  • update the router’s firmware, enable DHCP, configure wireless settings, and set a static IP address
  • establish a connection, reset the router to factory settings, assign the default gateway, and reboot the router
  • access the router’s user interface, establish the hostname, configure interfaces, and save the configuration

The correct steps for configuring initial settings on a router involve accessing the router’s user interface, establishing a unique hostname for identification, configuring network interfaces, and saving the configuration changes. This process allows the administrator to customize the router according to the network’s needs and ensures the settings are properly stored.

The correct answer is:

Access the router’s user interface, establish the hostname, configure interfaces, and save the configuration.

Explanation:

When setting up a Cisco router for the first time, the standard steps involve:

  1. Accessing the router’s user interface: This is usually done through a console connection, SSH, or a web-based interface.
  2. Establishing a unique hostname: This helps identify the router in the network and is set using the hostname command in global configuration mode.
  3. Configuring interfaces: Set up the IP addresses, subnet masks, and any other necessary parameters for the network interfaces.
  4. Saving the configuration: Use the copy running-config startup-config command to ensure that the changes are stored in the router’s startup configuration and persist after a reboot.

These steps provide the foundation for further customization and ensure the router is ready for network deployment.


13. What are two examples of strong passwords based on common password security practices? (Choose two.)

  • B@ss w0rd!
  • RunFastRunFast
  • B00kS!
  • 12345678
  • jA#2!f4kB%
  • BlueSky

Password (B@ss w0rd!) uses a mix of uppercase and lowercase letters, numbers, and special characters, making it strong and harder for attackers to guess. It also uses a space after the initial character, making it a passphrase, rather than a password. Password (jA#2!f4kB%) also contains a mix of uppercase and lowercase letters, numbers, and special characters, making it strong. Password (12345678) is weak because it is a common sequence of numbers and is easily guessable. Password (BlueSky) is weak because it is a dictionary word without any additional characters, making it easy for attackers to guess. Password (RunFastRunFast) is weak because it contains repeated pattern. Password (B00kS!) is not very strong because it is less than 8 characters.


14. Match the configuration command to the corresponding password protection action.

  • security passwords min-length ==> Sets a minimum length for passwords.
  • service password-encryption ==> Encrypts passwords stored in the configuration file.
  • exec-timeout ==> Sets a time limit for user inactivity before logging out.
  • login block-for # attempts # within # ==> Blocks login attempts for a specified time after a certain number of failed attempts.

15. What is the primary purpose of adding a banner message to a network device?

  • to inform users about system maintenance schedules and statistics regarding storage and memory capabilities
  • to display network status information to users
  • to alert users of potential security vulnerabilities
  • to provide notification to support legal actions if someone is prosecuted for breaking into a device

Adding a banner message to a network device is primarily done to notify unauthorized personnel that they should not attempt to access the device, and it supports legal actions in case someone is prosecuted for breaking into a device. In some legal systems, prosecution or monitoring of users is not permitted unless a visible notification (such as a banner) is present. This is an important security and legal practice.

The correct answer is:

To provide notification to support legal actions if someone is prosecuted for breaking into a device.

Explanation:

A banner message on a network device serves as a warning or notification to users who attempt to access the device. It typically contains a legal notice stating that unauthorized access is prohibited, and any activity may be monitored or recorded. This is an important security and legal practice to:

  • Warn unauthorized users that their actions are not allowed.
  • Provide legal grounds for prosecution if someone attempts unauthorized access.
  • Ensure compliance with laws requiring such warnings for monitoring or legal enforcement.