Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 500
Which two global commands must the network administrator implement to limit the attack surface of an internet-facing Cisco router? (Choose two.)
Answer options
- A. service tcp-keepalives-in
- B. no service password-recovery
- C. no cdp run
- D. no ip http server
- E. ip ssh version 2
Correct answer: C, D
Explanation
The commands 'no cdp run' and 'no ip http server' are essential for enhancing the security of an internet-facing Cisco router. The 'no cdp run' command disables the Cisco Discovery Protocol, reducing the risk of information leakage, while 'no ip http server' turns off the HTTP server, preventing unauthorized web access. The other options, while useful in specific contexts, do not directly address the security of an internet-facing router to the same extent.