Network Device Hardening and Secure Configuration Questions

Focuses on secure configuration and operational hardening of network infrastructure devices such as routers, switches, wireless controllers, and firewalls. Topics include enforcing strong authentication and password management, disabling unnecessary network services and interfaces, restricting management plane access through secure management channels such as Secure Shell rather than insecure protocols, and limiting management access to a management Virtual Local Area Network or dedicated management network. Candidates should understand configuration backups and safe rollback, firmware and software update processes, logging and change monitoring, secure remote access controls, access control lists and network segmentation to limit lateral movement, and secure default setting remediation. Emphasis on operational practices that keep device configurations consistent and auditable, including automated configuration management and monitoring for unauthorized changes.