Sponsor

TSHOOT Chapter 4 CCNP 6.0 2012 100% - Take Assessment – TSHOOT Chapter 4 – CCNP TSHOOT: Troubleshooting and Maintaining Cisco IP Networks (Version 6.0) – Answers – 2011 – 2012

Thứ Sáu, 31 tháng 8, 2012

Note - choose x for answer true

1
Refer to the exhibit. Which two conclusions can be made based on the output of the show mac address-table command. (Choose two.)
x Port Fa0/6 is configured as a trunk.
x Port Fa0/2 will not have the MAC address expire.
Port Fa0/5 is configured for VLAN 30.
VLAN 100 is connected to a hub.
VLAN 20 was learned via a neighboring switch.
2
Refer to the exhibit. Based on the information in the exhibit, which two statements are true? (Choose two.)
The Gateway Load Balancing Protocol (GLBP) is configured on router R1.
Router R1 is the standby router.
The output was generated by the show glbp brief command.
The output was generated by the show standby brief command.
x The output was generated by the show vrrp brief command.
x The Virtual Router Redundancy Protocol (VRRP) is configured on router R1.
3
Refer to the exhibit. A forwarding loop has been created between switches A, B, and D. Given the output generated by the show spanning-tree vlan command on switches B and D, what could be the cause of the problem?
Switches B and D are running different versions of STP.
x Switches B and D have not agreed on the STP root for VLAN 10.
Switches A and B are not configured as a trunk link.
Switches A and B are not configured as an EtherChannel.
4
What is one of the first indications that spanning tree has failed and a broadcast storm may be underway?
Access ports move into blocking state.
All 802.1Q trunks shut down unexpectedly.
MAC address tables rapidly fill and prevent data frame forwarding.
x Routers or Layer 3 switches run at a very high CPU utilization load.
5
The command show ip cef displays the contents of which table?
Address Resolution Protocol (ARP)
IP routing
x Forwarding Information Base (FIB)
adjacency
Routing Information Base (RIB)
6
A network administrator created an EtherChannel that consists of four physical links. Upon examination of the log files, the administrator observed the following message.
Nov 30 15:05:45: %EC-5-CANNOT_BUNDLE2: Gi1/1 is not compatible with Gi1/2 and will be suspended
What is the cause of this error message?
The switch was not able to create the EtherChannel link.
Only one switch is properly configured for EtherChannel.
x The switch has suspended a physical link because of incompatibilities.
There is an uneven distribution of traffic on the EtherChannel bundle members.
The Link Aggregation Control Protocol (LACP) is incompatible with the version of the IOS that is running on the switch.
7
What is true of a switched virtual interface (SVI) on a Layer 3 switch?
It carries traffic for multiple VLANs.
It is a physical interface in a single VLAN.
It is created when the associated VLAN is created.
x It provides a default gateway for hosts in a VLAN.
8
What is the purpose of the no switchport command?
to disable the interface
x to make the interface a routed port
to initiate spanning tree on the interface
to change the interface to a trunk port
9
The show mls cef command is available on which platform?
3560
3750
4500
x 6500
2960
10
Which IETF solution should be used to provide first hop redundancy in a multivendor network environment?
Cisco Express Forwarding (CEF)
Forwarding Information Base (FIB)
Gateway Load Balancing Protocol (GLBP)
Hot Standby Router Protocol (HSRP)
switch virtual interface (SVI)
x Virtual Router Redundancy Protocol (VRRP)
11
About which process can detailed information be found from the output of the show platform forward command on the Catalyst 3560, 3750, and 4500 platforms?
errors
x forwarding
counters
buffering
queuing
12
Which three types of ports or interfaces can be affected by the Spanning Tree Protocol? (Choose three.)
routed
x access
x trunk
loopback
null
x Switch Virtual Interface (SVI)
13
A network administrator received several complaints from end users that they are unable to access any resources on the Layer 2 switched network. The administrator unplugs one of the redundant links that is running to the affected area of the network, and the users report that the problem disappears. When the cable is reconnected, the problem reappears. What is the most likely cause of the problem?
The network cable is faulty.
The immediately upstream switch is faulty.
x Spanning tree has failed or has been disabled.
The link cable is connected to an incorrect VLAN.
The switch port is improperly configured as an access port.
14
Refer to the exhibit. A network administrator decided to include R3, a new router, as part of the already converged HSRP group. On the basis of the configuration that is provided, which router will assume the active role and which router will become standby for the HSRP group 1 when R3 becomes operational?
Router R2 will become active only if router R1 fails.
Routers R1 and R2 will keep the active and the standby roles.
x Router R1 will keep the active role, and R3 will assume the standby role.
Router R3 will become active, and router R1 will assume the standby role.
15
Refer to the exhibit. Router R1 was recently included in HSRP group 1. On the basis of the debug standby terse output that is provided, which statement is true?
R2 will keep the active role, and R1 will become a standby router.
x R1 has promoted itself to the role of active router and R2 has assumed the role of standby router.
R2 promoted itself to the active role when its hold-down timer expired before it saw a better candidate for the role of active router.
R1 and R2 will alternate between the active and the standby role because of a conflict in the HSRP priority that is configured on the routers.
16
Refer to the exhibit. A network administrator is troubleshooting an HSRP related problem and confirms that router R1 is the active HSRP router. Which command could be issued on a Windows host to verify the virtual IP and MAC address are the same as configured on R1?
x C:\> arp -a
C:\> ipconfig /renew
C:\> netstat
C:\> pingvirtual-ip
C:\> tracertvirtual-ip
17
A network administrator is troubleshooting a connectivity issue in a Layer 2 switched network. After issuing the show mac-address-table command on the access switch, the administrator observes that there is no entry for the host that is experiencing the problems. The host machine is powered on and appears to be functioning normally. What can be deduced from this?
ARP does not function on the host machine.
The host machine is connected to the wrong port on the local switch.
x The host machine does not have a physical connection to the switched network.
The show mac-address-table command only displays the MAC address of devices that are connected to the native VLAN.
The show mac-address-table command only displays the destination MAC address, so there should not be an entry for the host machine until data is sent to it.
18
A switch console displays the message %SPANTREE-2-CHNL_MISCFG. What does this mean?
x The ports that are configured for EtherChannel have been disabled because of an inconsistency in the configuration.
The root bridge for the Spanning Tree Protocol cannot be found.
The spanning-tree timers on the port do not match the timers on the port of the neighboring switch.
The PortFast feature has been enabled, but a switch has been detected on that port.
19
Refer to the exhibit. Based on the information that is presented in the exhibit, which statement is true?
The Gateway Load Balancing Protocol (GLBP) has been configured.
x The reachable IP address of the standby router is 10.1.1.2.
Router R1 is currently the standby router.
Router R1 is using the default priority value.
The IP address 10.1.1.254 is a loopback address on router R1.
The Virtual Router Redundancy Protocol (VRRP) has been configured.
20
Refer to the exhibit. A network administrator configured routers R1 and R2 as part of HSRP group 1. After the routers have been reloaded, a user on Host1 complained of lack of connectivity to the Internet The network administrator issued the show standby brief command on both routers to verify the HSRP operations. In addition, the administrator observed the ARP table on Host1. Which entry should be seen in the ARP table on Host1 in order to gain connectivity to the Internet?
the IP address and the MAC address of R1
x the virtual IP address and the virtual MAC address for the HSRP group 1
the virtual IP address of the HSRP group 1 and the MAC address of R1
the virtual IP address of the HSRP group 1 and the MAC address of R2
Read more ...

TSHOOT Chapter 3 CCNP 6.0 2012 100% - Take Assessment – TSHOOT Chapter 3 – CCNP TSHOOT: Troubleshooting and Maintaining Cisco IP Networks (Version 6.0) – Answers – 2011 – 2012

Thứ Sáu, 31 tháng 8, 2012

Note - choose x for answer true

1

[Picture 5]
Refer to the exhibit. A network administrator used an extended ping to verify connectivity to a remote location. The ping indicated a 50 percent packet loss. What could be the cause of the problem?
NAT is filtering the echo reply packets.
The packet size is exceeding the MTU.
An ACL is blocking the echo reply packets.
An ACL is blocking the echo request packets.
x Load balancing is occurring with packet loss on one path.
2
Which two symptoms would the show processes cpu command be helpful in troubleshooting? (Choose two.)
no link lights
x failed Telnet sessions to router
output queue drops
x input queue drops
excessive collisions
3
The administrator would like to see the commands that are associated with the serial1/0 interface. The administrator enters the command show running-config | section interface serial1/0 but does not receive a response. What could be the problem?
The interface is down.
The interface does not have any commands associated with it.
x The interface serial1/0 keyword looks for an exact match and should specify interface Serial1/0.
The administrator should have entered the command show run | i interface serial1/0.
4
[Picture 4]
Refer to the exhibit. What information does this output provide?
The router has a connected default route.
The router is installing five routes in its routing table.
x The router received routing updates from 10.89.64.28.
The router is advertising its routes to the router with the address 10.89.94.31.
5
What statistical information is gathered using NetFlow?
interface error statistics
x IP traffic statistics
router CPU usage statistics
switch memory usage statistics
6
[Picture 6]
Refer to the exhibit. The RSPAN configuration for each switch is shown. The network administrator has configured RSPAN to allow the monitoring of traffic to a corporate server. Unfortunately, the administrator is unable to sniff any traffic from the link. Why is the administrator unable to sniff traffic?
Only VLAN 1 can be used as the RSPAN VLAN.
The session numbers on the two switches do not match.
The remote interface on SW1 should be identified as fa0/3.
The source and destination interfaces are reversed on SW2.
x VLAN 100 has not been properly configured as an RSPAN VLAN.
7
Which SNMP version offers enhanced security through encryption and authentication?
SNMP version 2
SNMP version 2c
x SNMP version 3
SNMP version 3c
SNMP version 5
SNMP version 9
8
[Picture 7]
Refer to the exhibit. A network administrator is testing connectivity to a remote application server. On the basis of the output that is exhibited, what conclusion can be made?
A problem exists with Layer 3 connectivity.
A connection can be established to all TCP ports on the server.
x The Open response on R1 indicates that the port (application) is active.
A Telnet connection to the HTTP port on a server is unsuccessful.
9
[Picture 3]
Refer to the exhibit. From the debug ip packet command output, which statement is correct?
All packets are the same length.
x All packets are being process switched.
All packets originated within the router.
All packets are forwarded out interface FastEthernet0/0.
10
Embedded Event Manager events can be triggered based on which three Cisco IOS subsystems? (Choose three.)
changes in the CEF table
changes in the routing table
x counter changes
execution of a Tcl script
x SNMP MIB object changes
x syslog messages
11
What does the command show ip interface brief | exclude unassigned display?
x all interfaces that have an IP address assigned
all interfaces that are assigned an access control list
the first instance of the unassigned keyword and all lines afterwards
only the first section of output that contains the unassigned keyword
12
What should be considered when using the debug command?
It may result in outdated output.
x It may render the system unusable.
It can be executed from user EXEC.
It needs to be used only when the network has heavy traffic.
13
[Picture 2]
Refer to the the exhibit. Given the partial NetFlow configuration, which command sequence is required to forward the traffic statistics of interfaces Fa0/0 and Fa0/1 to the NetFlow traffic collector?
R1(config)# interface FastEthernet1/0
R1(config-if)# ip flow egress
R1(config-if)# exit
R1(config)# interface FastEthernet1/0
R1(config-if)# ip flow ingress
R1(config-if)# exit
R1(config)# ip flow-control source Fa0/0
R1(config)# ip flow-control source Fa0/1
R1(config)# exit
R1(config)# ip flow-control source Fa1/0
R1(config)# exit
x R1(config)# interface FastEthernet0/0
R1(config-if)# ip flow ingress
R1(config-if)# exit
R1(config)# interface FastEthernet0/1
R1(config-if)# ip flow ingress
R1(config-if)# exit
14
A router is currently running both OSPF and BGP. The administrator issues the command show ip route | exclude ^B. What routes will be displayed?
only OSPF routes
only BGP routes
both BGP and OSPF routes
x both OSPF and directly connected routes
both BGP and directly connected routes
15
What is the effect of the snmp-server ifindex persist command?
All SNMP messages will remain in memory until the next interface reset.
The SNMP community string index will be encrypted and stored in NVRAM.
The SNMP interfaces for all devices in the community will be synchronized in NVRAM.
x The SNMP interface index for each interface will stay the same, even if the device is rebooted.
16
By default, Cisco routers send which type of SNMP traps?
x SNMP version 1
SNMP version 2c
SNMP version 3
SNMP versions 1 and 2c
SNMP versions 1, 2c, and 3
17
What will occur when the no debug all command is issued?
Options for debugging will be displayed.
All debugging output will immediately stop.
x No further debugging information will be generated.
General debugging on the router will be disabled, but specific debugging will continue.
18
A newly established branch office is reporting connectivity issues with the server farm that is located at the head office. The network administrator suggests that the problem could be with the path MTU. How could the network administrator verify that this is the problem?
Escalate the problem to the ISP.
Consult the network documentation to determine the MTU.
Use the traceroute command to determine where packets are being lost.
Send different types of traffic to the destination address to determine which makes it through.
x Use the extended ping option to send packets of increasing size to the destination to determine the path MTU.
19
A network administrator has received complaints about slow network performance on one segment of a Layer 2 switched network. To determine what types of traffic are on the segment, the administrator decides to configure SPAN to allow the installation of a packet sniffer. Which two items must be configured to allow SPAN to function? (Choose two.)
x a monitored port or VLAN
the threshold value of monitored traffic
x the port that connects to the packet sniffer
the sampling rate of the monitored port or VLAN
the dot1q encapsulation on the monitored port
20
[Picture 1]
Refer to the exhibit. On the basis of the exhibited output, what could be the reason for the failure of the second ping to host 172.16.1.5?
The destination network became unreachable after two seconds.
The router cannot handle two consecutive extended ping commands.
Packets with the DF bit set cannot be transported over a Frame Relay network.
x An interface of the device along the path to the destination cannot accommodate the large packets.
Read more ...

TSHOOT Chapter 2 CCNP 6.0 2012 100% - Take Assessment – TSHOOT Chapter 2 – CCNP TSHOOT: Troubleshooting and Maintaining Cisco IP Networks (Version 6.0) – Answers – 2011 – 2012

Thứ Sáu, 31 tháng 8, 2012
NOTE CHOOSE x FOR TRUE

1

What are two limitations of an ad hoc troubleshooting approach? (Choose two.)
x inefficient use of time and resources
only applicable to physical layer problems
x difficult to transfer the job to someone else
can only be used after a structured approach has failed
requires more technical knowledge than a structured approach
2
What are two facts regarding the information that is collected for baseline creation? (Choose two.)
The information is the same for all networks.
x It can be used for capacity planning.
It should be limited to only a few key performance statistics.
x It can be collected using tools such as NBAR, NetFlow, and SNMP.
It should be collected only once and then archived for future reference.
3
After a proposed solution has been implemented, the network administrator realizes that new problems have been introduced by the changes. What is the next step in the troubleshooting process?
Propose a hypothesis.
x Execute the rollback plan.
Determine an appropriate workaround.
Escalate the problem to another department.
4
A network engineer initially uses the ping command to help troubleshoot a connection problem. Which troubleshooting approach best describes this scenario?
bottom-up approach
x divide-and-conquer approach
follow-the-path approach
move-the-problem approach
spot-the-difference approach
top-down approach
5
What is a situation where escalation of an issue is inadvisable?
Management has not been consulted.
x Escalation will slow the procedure.
The problem is actually a set of problems.
The problem has an impact on the performance of the entire network.
Solving the problem would showcase the skills and knowledge of the troubleshooter.
6
To correct an issue that was discovered a few days earlier, an administrator makes a change during a regularly scheduled maintenance window. After making the change, the administrator discovers that a new problem has occurred. What should the administrator do next?
x Rollback the change and resume the troubleshooting process.
Continue making changes until the symptoms disappear.
Leave the change in place and troubleshoot the new problems at a later time.
Gather information about the new problem and form a new hypothesis.
7
Which three types of data are useful for creating a baseline? (Choose three.)
number of infrastructure routers and switches
x Remote Monitoring (RMON), Network Based Application Recognition (NBAR), and NetFlow statistics
DHCP and NAT translation statistics

x network performance characteristics
switch interface statistics of all access ports
x basic performance statistics like the interface load for critical network links and the CPU load and memory usage of routers and switches
8
After a network change that occurred during a scheduled maintenance window, users were complaining about not being able to access a local file server. Upon investigation, the administrator determined that the problem was with the recently entered routing configurations. Because of company policy, the administrator is not allowed to correct the routing configuration outside of a scheduled maintenance window. Instead, the administrator moved the file server to an accessible subnet. Which statement describes what the administrator did?
The administrator determined a solution to the problem.
x The administrator determined a workaround for the problem.
The administrator applied the “move the problem” troubleshooting approach.
The administrator applied the “spot the difference” troubleshooting approach.
9
Which three IOS features can be used to keep the network documentation accurate? (Choose three.)
x rollback feature
policy compliance
x configuration archive
performance monitoring
basic performance statistics
x Embedded Event Manager
10
A network administrator executes the show processes cpu command on a production router and notices that the average CPU load over the past 5 seconds was 97% and over the last one minute was around 39%. What should the administrator do next?
Nothing. This is normal behavior for an ISR router.
Contact the service provider because the contract is not being fulfilled as specified in the SLA.
x Compare the result to the baseline for an accurate assessment.
Replace the router as soon as possible because it has reached capacity.
11
Which two procedures can be implemented to ensure that current backups of all device configurations are maintained? (Choose two.)
x Log all configuration change events to a syslog server.
Password protect all devices to prevent configuration changes.
x Implement a system to create automatic configuration backups.
Update configuration backups only after major network outages.
Create configuration backups as soon as an issue is reported with network performance.
12
A user creates a trouble ticket indicating that the Internet is inaccessible. The network administrator receives the ticket and determines that this user is the only one having problems. A ping command issued from the administrative PC to the user PC is successful. What should the administrator do next?
x Escalate the issue to the desktop support group.
Contact the ISP to determine if there is an issue on the ISP side.
View the route table on the core router to determine if there is a routing issue.
Swap out the patch cable between the user PC and the switch to determine if that solves the problem.
13
What is a symptom of an incorrectly applied network command when issued under the routing process?
a down status on an interface
x a timeout message when attempting to ping a device on another network
a routing protocol that is not running
a user who is unable to connect to machines that are located on the same subnet
14
Which two components are normally considered part of change control? (Choose two.)
the cost of network changes
x the time when changes can be made
the technology that is used to implement changes
x the authorization that is required to make changes
the staff changes that are required to carry out repairs
15
In which phase of the structured troubleshooting process should a network administrator clearly communicate to the affected network users what is going to be done and why it is being done?
the analysis of information
the definition of the problem
the elimination of possibilities
the gathering of facts
x the proposal and testing of a hypothesis
16
What is a benefit of change control during the processes of regular network maintenance?
simplification of the process for creating a network baseline
x reduction in the frequency and duration of unplanned outages
elimination of the need to troubleshoot planned outages
elimination of the need to perform a regular network backup
17
In which structured troubleshooting process phase would a network engineer ask questions such as “When did it last work?” or “Has it ever worked?”
analyze information phase
x define the problem phase
eliminate possibilities phase
gather facts phase
propose a hypothesis phase
solve the problem phase
18
What is an important element of troubleshooting, regardless of the method used?
using a single troubleshooting process
executing the steps in the same order every time
x following a structured and systematic process
spending a significant amount of time analyzing the information
19
The help desk receives several calls on Monday morning stating that users cannot connect to a local print server that was working on Friday. Which statement about the problem would be correct?
x The inability to connect to the print server is a symptom of a problem.
The inability to connect to the print server is the problem.
The connectivity problem occurred Monday morning.
The inability to connect to the print server caused the problem.
20
What type of information can be gathered by using SNMP during the process of collecting baseline information?
basic performance statistics via the use of show commands
basic performance statistics for Layer 2 and Layer 3 protocols
x basic performance statistics about the interface load for critical network links
basic performance statistics to profile different types of traffic on the network
Read more ...

TSHOOT Chapter 1 CCNP 6.0 2012 100% Take Assessment – TSHOOT Chapter 1 – CCNP TSHOOT: Troubleshooting and Maintaining Cisco IP Networks (Version 6.0) – Answers – 2011 – 2012

Thứ Sáu, 31 tháng 8, 2012
NOTE CHOOSE X FOR TRUE

1

What are two motivations for measuring network performance? (Choose two.)
capacity planning
controlling traffic flow
diagnosing performance problems
increasing network security
monitoring user activity
troubleshooting logging activity
2
Refer to the exhibit. A network administrator is tasked with creating a backup of the startup configuration for router R1 to a server with IP address 10.1.15.1. Which option will provide the most secure way to transfer the file?
R1# copy startup-config ftp://10.1.15.1/R1-test.cfg
R1# copy startup-config ftp://RED:san-fran@10.1.15.1/R1-test.cfg
R1# copy startup-config http://10.1.15.1/R1-test.cfg
R1# copy startup-config https://10.1.15.1/R1-test.cfg
3
An administrator needs to ensure a server is created to store all network device backups. Which service should be enabled on the server to allow it to receive backups?
Telnet
CCP
NTP
FTP
4
Which Cisco web-based resource provides a complete bill-of-materials based on selected hardware and software configurations?
Cisco Power Calculator
Cisco Feature Navigator
Embedded Event Manager
x Dynamic Configuration Tool
CiscoWorks Resource Manager Essentials
5
What are two ways to simplify access to network maintenance documentation? (Choose two.)
a wiki
an issue tracking system
SNMP Object Navigator
Cisco Feature Navigator
Cisco Dynamic Configuration Tool
6
Which two statements are true about NTP servers in an enterprise network? (Choose two.)
There can only be one NTP server on an enterprise network.
All NTP servers synchronize directly to a stratum 1 time source.
NTP servers at stratum 1 are directly connected to an authoritative time source.
NTP servers ensure an accurate time stamp on logging and debugging information.
NTP servers control the mean time between failures (MTBF) for key network devices.
7
What are two benefits of scheduling maintenance as part of the network maintenance planning effort? (Choose two.)
x reduced network downtime
more promotion of the use of a common calendar
less need for network monitoring
x predictable lead time for change requests
immediate solutions to noncritical issues
easier for budget planning purposes
8
Which two network maintenance tasks should be performed as part of a network maintenance plan? (Choose two.)
network monitoring
IP address administration
service-level agreement compliance
command line device management
accommodating adds, moves, and changes
9
A network technician receives a report from a user about a connectivity issue to a branch office resource. The details of the issue are documented and assigned a priority. Another team member reviews the issue and researches how similar issues were resolved in the past. The issue is escalated to another team for resolution. What type of maintenance tool matches the process described?
Management Information Base (MIB)
Dynamic Configuration Tool
x issue tracking system
syslog server logging system
10
What must be considered when creating configuration backups to be used during disaster recovery?
a clear versioning and naming system
service contract information
exact hardware serial numbers
location of single points of failure
11
When should high-impact network changes be made on a production network?
immediately
during regular business hours
during peak network traffic times
during scheduled maintenance windows
12
Why is it important to have a disaster recovery plan for a network?
to reduce network costs
x to reduce downtime when a device fails
to increase network capacity during peak times
to increase network throughput during peak times
13
Which two network procedures should all network maintenance plans include? (Choose two).
replacing failed devices
determining business hours
accommodating adds, moves, and changes
establishing a list of non-essential applications
responding to all external queries
14
Which two actions are considered part of network monitoring and performance measurement? (Choose two.)
measurement of network delay, jitter, or packet loss
monitoring of interface status, interface load, CPU load, and memory usage
monitoring the procedures used to install software, configurations, and licenses
monitoring the performance of the tools required to transfer the software and configuration to the device
ensuring the availability of documentation of the exact hardware part, serial, and service contract numbers for the devices
15
What are two benefits to a scheduled maintenance? (Choose two.)
x reduces network downtime
allows failed devices to be corrected immediately
allows the engineers to make the corrections during peak utilization times
x ensures software patches and backups are completed
16
Which network performance statistics should be measured in order to verify SLA compliance?
NAT translation statistics
device CPU and memory utilization
x packet round-trip time (RTT), jitter, and packet loss
number of error messages that are logged on the syslog server
17
Refer to the exhibit. Based on the information presented, why would a syslog server not receive debugging information?
Debugging information cannot be sent to a syslog server.
The logging trap 7 global configuration command still needs to be issued.
The logging buffer is too small to store debugging information and must be increased.
The logging console debugging global configuration command still needs to be issued.
The logging monitor debugging global configuration command still needs to be issued.
18
Successful disaster recovery is dependent on the existence of which two items? (Choose two.)
network management personnel on-site 24/7
up-to-date server patches
x software provisioning tools
x up-to-date hardware inventory
well-defined trust boundaries
19
An administrator has a written procedure of the steps to follow if a device fails. Which two items should the administrator have in order to reduce the amount of downtime the failed device could cause? (Choose two.)
x existing IOS
SNMP logs
Cisco Feature Navigator
x copy of current configuration
20
Refer to the exhibit. A network administrator is tasked with creating a configuration archive for the configuration of R1. What would be the outcome of the displayed configuration?
The current running configuration file will be archived after 10080 minutes on the remote server.
The current running configuration file will be archived every 10080 minutes in the local flash memory.
The current running configuration file will be archived any time running configuration is copied to NVRAM.
The current running configuration file will be archived every 10080 minutes in the local flash memory and remote location.
Read more ...

SWITCH Chapter 7 CCNP 6.0 2012 100%- Take Assessment – SWITCH Chapter 7 – CCNP SWITCH: Implementing IP Cisco Switching (Version 6.0) – Answers – 2011 – 2012

Thứ Sáu, 31 tháng 8, 2012

1. Which three statements are true about Protocol Independent Multicast (PIM) implementation on Cisco routers? (Choose three.)

Bidir-PIM is suited for multicast with larger numbers of sources.
In PIM-SM deployment, all routers create only (*,G) entries for the multicast groups.
In PIM-DM, a multicast sender first registers with the RP, and the data stream begins to flow from sender to RP to receiver.
Available network bandwidth is overutilized outside of the multicast routing zone because multiple streams of data are required between distant routers in place of a single transmission.
All routers in the PIM network learn about the active group-to-RP mapping from the RP mapping agent by automatically joining the Cisco-RP-discovery (224.0.1.40) multicast group.
In a PIM-SM network, the routers have the SPT threshold set to 0 by default which guarantees that the last-hop router switches to SPT mode as soon as the host starts receiving the multicast.
2. What method of QoS gives preferential handling for predefined classes of traffic?
best-effort services
differentiated services
hard QoS services
integrated services
3. What are two reasons to implement wireless in a network? (Choose two.)
increased security
increased mobility
increased productivity
increased cost savings
increased throughput
4. Which configuration-related step is required for IGMP snooping on a Catalyst switch?
Enable IGMP snooping in global configuration mode.
Configure the IGMP snooping method.
Enable multicast routing in global configuration mode.
None – IGMP snooping is enabled globally by default.
5.
Refer to the exhibit. The network has EIGRP configured on all routers and has converged on the routes advertised. PIM sparse mode has been also configured on all routers. The routers between the Source and the rendezvous point (RP) have (S,G) state in the multicast routing table and the routers between the RP and the Receivers have (*,G) state in their multicast routing tables. After the first multicast packet is received by the Receivers and the switchover takes place, how will the multicast traffic continue to flow from the Source to the Receivers?

The traffic will flow via source tree from the Source to the Receivers.
The traffic will flow via shared tree from the Source to the RP and via shared tree from the RP to the Receivers.
The traffic will flow via shared tree from the Source to the RP and via source tree from the RP to the Receivers.
The traffic will flow via source tree from the Source to the RP and via shared tree from the RP to the Receivers.
6. What is the result of the global configuration command ip pim send-rp-discovery Loopback0 scope 3?
The router sends broadcast group-to-RP mapping messages so that other routers can automatically discover the RP.
The routers sends group-to-RP mapping messages to 224.0.1.39 so that other routers can automatically discover the RP.
The router sends group-to-RP mapping messages to 224.0.1.40 so that other routers can automatically discover the RP.
The router advertises itself as the RP by sending messages to the 224.0.1.39 address.
7. Where should QoS classification and marking be done?
access layer
at the first router interface
core layer
distribution layer
8. For configuring IP multicast routing, what is the purpose of the global configuration mode command ip pim send-rp-announce 10.1.1.1?
enables IP multicast routing with router ID 10.1.1.1
assigns the role of rendezvous point mapping agent to the router with IP address 10.1.1.1
announces the candidacy of the router with IP address 10.1.1.1 as the rendezvous point for all multicast groups
enables protocol independent multicast (PIM) with router ID 10.1.1.1
9. What are two reasons to implement voice in a network? (Choose two.)
cost savings
increased productivity
stronger security
increased data throughput
easier administration
10.
Refer to the exhibit. Router R6 has sent a join message to router R4 requesting multicast traffic for users in the multicast group 224.1.1.1. How will the multicast traffic that is sent from the multicast server SRC through the R1-R3-R5 path be handled at router R6?

The multicast traffic will be dropped.
The multicast traffic will be sent to switch SW1, which will drop the traffic.
The multicast traffic will be forwarded to all users in the multicast group 224.1.1.1.
The multicast traffic will be sent back to the rendezvous point (RP) through the R4-R2-R1 path.
11. Which MAC multicast address correctly maps to the IP multicast address 224.10.50.4?
01.00.5E.10.32.04
01.00.5E.10.50.04
01.00.5E.0A.32.04
01.00.5E.0A.50.04
12. Which two statements about Protocol Independent Multicast (PIM) are true? (Choose two.)
PIM does not require an IGP protocol to be configured in the network.
PIM should be configured only on the first and the last hop routers in the multicast tree.
PIM should be configured on the device that hosts the source of the muticast traffic.
PIM Sparse Mode is most useful when there are few senders, many receivers, and the volume of multicast traffic is high.
PIM is a multicast routing protocol that makes packet-forwarding decisions independent of the unicast IP routing protocol that is running in the network.
Three of the forwarding modes for PIM are PIM Dense Mode (PIM-DM), PIM Sparse Mode (PIM-SM), and PIM Sparse-Dense Mode.
13. Which two statements about IP multicast addresses are true? (Choose two.)
IP address 224.0.0.5 identifies the all-routers group.
All IP multicast group addresses fall in the range from 224.0.0.0 through 254.255.255.255.
GLOP addresses and limited scope addresses are two types of IP multicast addresses.
IP addresses between 233.0.0.0 and 233.255.255.255 are reserved link-local addresses.
IP addresses between 224.0.0.1 and 239.255.255.255 can be assigned to the sources of multicast traffic.
IP address 224.0.1.1 is a globally scoped address that has been reserved for the Network Time Protocol (NTP).
14. Which statement is true about the split MAC architecture?
It distributes the processing of 802.11 data and management protocols between a lightweight access point and a centralized WLAN controller.
Multiple devices can be grouped together to combine total bandwidth.
The conversation flow can be split between multiple switches.
The conversation flow can be split between multiple routers.
15. What is the function of a gateway within a VoIP network?
provides translation between VoIP and non-VoIP networks
provides connection admission control (CAC), bandwidth control and management, and address translation
provides real-time connectivity for participants in multiple locations to attend the same video conference or meeting
provides call control for IP phones, CAC, bandwidth control and management, and address translation
16. What is a major difference between traffic shaping and policing?
Traffic shaping buffers excessive traffic to smooth traffic whereas policing drops excessive traffic.
Traffic shaping is preferred for traffic flows such as voice and video whereas policing is better for TCP flows.
Traffic shaping controls the rate traffic flows through a switch whereas policing controls traffic flows through a router.
Traffic shaping marks traffic with Layer 2 class of service (CoS) whereas policing marks traffic with the ToS bits in the IP header.
17. The bootstrap router (BSR) mechanism of automating the distribution of rendezvous point (RP) information uses which IP address to disseminate information to all protocol independent multicast (PIM) routers?
224.0.0.13
224.0.1.13
224.1.0.13
224.1.1.13
18. What is the IP address for the Cisco-RP-announce multicast group?
224.0.1.1
224.0.1.39
224.0.1.40
224.0.0.40
19. What are two best practices when implementing voice in a network? (Choose two.)
Create a separate VLAN for voice traffic.
Utilize Power over Ethernet.
Minimize the volume of the data traffic.
Remove all QoS policies that are applied in the network.
Implement access control lists at the distribution layer.
20. What is true about the differences between wireless LANs (WLANs) and LANs?
A VPN connection that uses IPsec is not possible with WLANs.
WLANs do not use MAC addresses.
WLANs use CSMA/CA rather than CSMA/CD because WLANs operate at half-duplex.
WLANs use CSMA/CA rather than CSMA/CD because WLANs cannot detect collisions.
WLANs use CSMA/CD rather than CSMA/CA because wireless LANs operate on multiple frequencies.
WLANs use CSMA/CD rather than CSMA/CA because WLANs operate at full-duplex.
Read more ...

SWITCH Chapter 6 CCNP 6.0 2012 100% Take Assessment – SWITCH Chapter 6 – CCNP SWITCH: Implementing Cisco IP Switching (Version 6.0) – Answers – 2011 – 2012

Thứ Sáu, 31 tháng 8, 2012

1. Which statement is true about a local SPAN configuration? 

A port can act as the destination port for all SPAN sessions configured on the switch.
A port can be configured to act as a source and destination port for a single SPAN session.
Both Layer 2 and Layer 3 switched ports can be configured as source or destination ports for a single SPAN session.
Port channel interfaces (EtherChannel) can be configured as source and destination ports for a single SPAN session.
2.
Refer to the exhibit. Which statement is true about the local SPAN configuration on switch SW1?

The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port Fa3/1.
The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port Fa3/1, but only if port Fa3/1 is configured in VLAN 10.
The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port Fa3/1, but only if port Fa3/1 is configured as trunk.
The SPAN session transmits to a device on port Fa3/21 only a copy of unicast traffic that is monitored on port Fa3/1. All multicast and BPDU frames will be excluded from the monitoring process.
3.
Refer to the exhibit. Which statement is true about the VSPAN configuration on switch SW1?

The VSPAN session that is configured on port Fa3/4 can monitor only the ingress traffic for any of the VLANs.
The VSPAN session that is configured on port Fa3/4 can monitor only the egress traffic for any of the VLANs.
Port Fa3/4 must be associated with VLAN 10 or VLAN 20 in order to monitor the traffic for any of the VLANs.
The VSPAN session transmits a copy of the ingress traffic for VLAN 10 and the egress traffic for VLAN 20 out interface Fa3/4.
4. Which configuration guideline applies to using the capture option in VACL?
Capture ports transmit traffic that belongs to all VLANs.
The capture port captures all packets that are received on the port.
The switch has a restriction on the number of capture ports.
The capture port needs to be in the spanning-tree forwarding state for the VLAN.
5. All access ports on a switch are configured with the administrative mode of dynamic auto. An attacker, connected to one of the ports, sends a malicious DTP frame. What is the intent of the attacker?
VLAN hopping
DHCP spoofing attack
MAC flooding attack
ARP poisoning attack
6.
Refer to the exhibit. A network engineer is securing a network against DHCP spoofing attacks. On all switches, the engineer applied the ip dhcp snooping command and enabled DHCP snooping on all VLANs with the ip dhcp snooping vlan command. What additional step should be taken to configure the security required on the network?

Issue the ip dhcp snooping trust command on all uplink interfaces on SW1, SW2 and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW2 and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2, and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2, and SW3 except interface Fa0/1 on SW1.
7. Which countermeasure can be implemented to determine the validity of an ARP packet, based on the valid MAC-address-to-IP address bindings stored in a DHCP snooping database?
DHCP spoofing
dynamic ARP inspection
CAM table inspection
8. MAC snooping How should unused ports on a switch be configured in order to prevent VLAN hopping attacks?
Configure them with the UDLD feature.
Configure them with the PAgP protocol.
Configure them as trunk ports for the native VLAN 1.
Configure them as access ports and associate them with an unused VLAN.
9.
Refer to the exhibit. Given the configuration on the ALSwitch, what is the end result?

forces all hosts that are attached to a port to authenticate before being allowed access to the network
disables 802.1x port-based authentication and causes the port to allow normal traffic without authenticating the client
enables 802.1x authentication on the port
globally disables 802.1x authentication
10.
Refer to the exhibit. Network policy dictates that security functions should be administered using AAA. Which configuration would create a default login authentication list that uses RADIUS as the first authentication method, the enable password as the second method, and the local database as the final method?

SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius local
SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius enable local
SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group radius enable local
SW-1(config)# aaa new-model
SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group radius enable local none
SW-1(config)# aaa new-model
SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group-radius enable local none
11.
Refer to the exhibit. A switch is being configured to support AAA authentication on the console connection. Given the information in the exhibit, which three statements are correct? (Choose three.)

The authentication login admin line console command is required.
The login authentication admin line console command is required.
The configuration creates an authentication list that uses a named access list called group as the first authentication method, a TACACS+ server as the second method, the local username database as the third method, the enable password as the fourth method, and none as the last method.
The configuration creates an authentication list that uses a TACACS+ server as the first authentication method, the local username database as the second method, the enable password as the third method, and none as the last method.
The none keyword enables any user logging in to successfully authenticate if all other methods return an error.
The none keyword specifies that a user cannot log in if all other methods have failed.
12. What is one way to mitigate spanning-tree compromises?
Statically configure the primary and backup root bridge.
Implement private VLANs.
Place all unused ports into a common VLAN (not VLAN 1).
Configure MAC address VLAN access maps.
13. What is one way to mitigate ARP spoofing?
Enable dynamic ARP inspection.
Configure MAC address VLAN access maps.
Enable root guard.
Implement private VLANs. Bottom of Form
14. What are two purposes for an attacker launching a MAC table flood? (Choose two.)
to initiate a man-in-the-middle attack
to initiate a denial of service (DoS) attack
to capture data from the network
to gather network topology information
to exhaust the address space available to the DHCP
15.
Refer to the exhibit. After the configuration has been applied to ACSw22, frames that are bound for the node on port FastEthernet 0/1 are periodically being dropped. What should be done to correct the issue?

Add the switchport port-security mac-address sticky command to the interface configuration.
Change the port speed to speed auto with the interface configuration mode.
Use the switchport mode trunk command in the interface configuration.
Remove the switchport command from the interface configuration.
16.
Refer to the exhibit. What is the state of the monitoring session?

This is a remote monitored session.
No data is being sent from the session.
SPAN session number 2 is being used.
The session is only monitoring data sent out Fa0/1.
17. What is the function of the 6500 Network Analysis Module?
monitors traffic on ingress ports
sends TCP resets to an attacker TCP session
gathers multilayer information from data flows that pass through the switch
provides remote monitoring of multiple switches across a switched network
18. What technology can be used to help mitigate MAC address flooding attacks?
root guard
Private VLANs
DHCP snooping
VLAN access maps
Dynamic ARP Inspection
19. What advantage for monitoring traffic flows does using VACLs with the capture option offer over using SPAN?
VLAN ACLs can be used to capture denied traffic.
VLAN ACLs can be used to capture traffic on a spanning-tree blocked port.
VLAN ACLs can be used to capture traffic based on Layer 2, 3, or 4 information.
VLAN ACLs can be used to capture traffic to the CPU separate from the traffic that is hardware switched.
20. What Cisco tool can be used to monitor events happening in the switch?
Embedded Event Manager
Intrusion Prevention System
Network Analysis module
Switched Port Analyzer
21. Which two statements are true about the interface fa0/0.10 command? (Choose two.)
The command applies VLAN 10 to router interface fa0/0.
The command is used in the configuration of router-on-a-stick inter-VLAN routing.
The command configures a subinterface.
The command configures interface fa0/0 as a trunk link.
Because the IP address is applied to the physical interface, the command does not include an IP address.
22. Which three elements must be used when configuring a router interface for VLAN trunking? (Choose three.)
one subinterface per VLAN
one physical interface for each subinterface
one IP network or subnetwork for each subinterface
one trunked link per VLAN
a management domain for each subinterface
a compatible trunking protocol encapsulation for each subinterface
23. Which statement is true about ARP when inter-VLAN routing is being used on the network?
When router-on-a-stick inter-VLAN routing is in use, each subinterface has a separate MAC address to send in response to ARP requests.
When VLANs are in use, the switch responds to ARP requests with the MAC address of the port to which the PC is connected.
When router-on-a-stick inter-VLAN routing is in use, the router returns the MAC address of the physical interface in response to ARP requests.
When traditional inter-VLAN routing is in use, devices on all VLANs use the same physical router interface as their source of proxy ARP responses.
24.
Refer to the exhibit. The commands for a router to connect to a trunked uplink are shown in the exhibit. A packet is received from IP address 192.168.1.54. The packet destination address is 192.168.1.120. What will the router do with this packet?
The router will forward the packet out interface FastEthernet 0/1.1 tagged for VLAN 10.
The router will forward the packet out interface FastEthernet 0/1.2 tagged for VLAN 60.
The router will forward the packet out interface FastEthernet 0/1.3 tagged for VLAN 120.
The router will not process the packet since the source and destination are on the same subnet.
The router will drop the packet since no network that includes the source address is attached to the router.
25.
Refer to the exhibit. R1 is routing between networks 192.168.10.0/28 and 192.168.30.0/28. PC1 can ping R1 interface F0/1, but cannot ping PC3. What is causing this failure?
PC1 and PC3 are not in the same VLAN.
The PC3 network address configuration is incorrect.
The S1 interface F0/11 should be assigned to VLAN30.
The F0/0 and F0/1 interfaces on R1 must be configured as trunks.
26.
Refer to the exhibit. PC1 has attempted to ping PC2 but has been unsuccessful. What could account for this failure?
PC1 and R1 interface F0/0.1 are on different subnets.
The encapsulation is missing on the R1 interface F0/0.
An IP address has not been assigned to the R1 physical interface.
The encapsulation command on the R1 F0/0.3 interface is incorrect.
27. What is important to consider while configuring the subinterfaces of a router when implementing inter-VLAN routing?
The physical interface must have an IP address configured.
The subinterface numbers must match the VLAN ID number.
The no shutdown command must be given on each subinterface.
The IP address of each subinterface must be the default gateway address for each VLAN subnet.
28. A router has two FastEthernet interfaces and needs to connect to four VLANs in the local network. How can this be accomplished using the fewest number of physical interfaces without unnecessarily decreasing network performance?
Implement a router-on-a-stick configuration.
Add a second router to handle the inter-VLAN traffic.
Use a hub to connect the four VLANS with a FastEthernet interface on the router.
Interconnect the VLANs via the two additional FastEthernet interfaces.
29.
Refer to the exhibit. Which two statements are true about the operation of the subinterfaces? (Choose two.)
Incoming traffic that has a VLAN ID of 2 is processed by subinterface fa0/0.2.
Incoming traffic with VLAN ID 0 is processed by interface fa0/0.
Subinterfaces use unique MAC addresses by adding the 802.1Q VLAN ID to the hardware address.
Traffic inbound on this router is processed by different subinterfaces, depending on the VLAN from which the traffic originated.
Reliability of both subinterfaces is poor because ARP is timing out.
Both subinterfaces remain up with line protocol up, even if fa0/0 line protocol is down.
30.
Refer to the exhibit. Port Fa0/0 on router R1 is connected to port Fa0/1 on switch S1. After the commands shown are entered on both devices, the network administrator determines that the devices on VLAN 2 are unable to ping the devices on VLAN 1. What is the likely problem?
R1 is configured for router-on-a-stick, but S1 is not configured for trunking.
R1 does not have the VLANs entered in the VLAN database.
Spanning Tree Protocol is blocking port Fa0/0 on R1.
The subinterfaces on R1 have not been brought up with the no shutdown command yet.
31.
Refer to the exhibit. The network administrator correctly configures RTA to perform inter-VLAN routing. The administrator connects RTA to port 0/4 on SW2, but inter-VLAN routing does not work. What could be the possible cause of the problem with the SW2 configuration?
Port 0/4 is not active.
Port 0/4 is not a member of VLAN1.
Port 0/4 is configured in access mode.
Port 0/4 is using the wrong trunking protocol.
32. What distinguishes traditional routing from router-on-a-stick?
Traditional routing is only able to use a single switch interface. Router-on-a-stick can use multiple switch interfaces.
Traditional routing requires a routing protocol. Router-on-a-stick only needs to route directly connected networks.
Traditional routing uses one port per logical network. Router-on-a-stick uses subinterfaces to connect multiple logical networks to a single router port.
Traditional routing uses multiple paths to the router and therefore requires STP. Router-on-a-stick does not provide multiple connections and therefore eliminates the need for STP.
33.
Refer to the exhibit. Which three statements describe the network design shown in the exhibit? (Choose three.)
This design will not scale easily.
The router merges the VLANs into a single broadcast domain.
This design uses more switch and router ports than are necessary.
This design exceeds the maximum number of VLANs that can be attached to a switch.
This design requires the use of the ISL or 802.1q protocol on the links between the switch and the router.
If the physical interfaces between the switch and router are operational, the devices on the different VLANs can communicate through the router.
34.
Refer to the exhibit. Switch1 is correctly configured for the VLANs that are displayed in the graphic. The configuration that is shown was applied to RTA to allow for interVLAN connectivity between hosts attached to Switch1. After testing the network, the administrator logged the following report:
Hosts within each VLAN can communicate with each other. 
Hosts in VLAN5 and VLAN33 are able to communicate with each other. 
Hosts connected to Fa0/1 through Fa0/5 do not have connectivity to host in other VLANs.
Why are hosts connected to Fa0/1 through Fa0/5 unable to communicate with hosts in different VLANs?
The router interface is shut down.
The VLAN IDs do not match the subinterface numbers.
All of the subinterface addresses on the router are in the same subnet.
The router was not configured to forward traffic for VLAN2.
The physical interface, FastEthernet0/0, was not configured with an IP address.
35. Devices on the network are connected to a 24-port Layer 2 switch that is configured with VLANs. Switch ports 0/2 to 0/4 are assigned to VLAN 10. Ports 0/5 to 0/8 are assigned to VLAN 20, and ports 0/9 to 0/12 are assigned to VLAN 30. All other ports are assigned to the default VLAN. Which solution allows all VLANs to communicate between each other while minimizing the number of ports necessary to connect the VLANs?
Configure ports 0/13 to 0/16 with the appropriate IP addresses to perform routing between VLANs.
Add a router to the topology and configure one FastEthernet interface on the router with multiple subinterfaces for VLANs 1, 10, 20, and 30.
Obtain a router with multiple LAN interfaces and configure each interface for a separate subnet, thereby allowing communication between VLANs.
Obtain a Layer 3 switch and configure a trunk link between the switch and router, and configure the router physical interface with an IP address on the native VLAN.
36.
Refer to the exhibit. What two conclusions can be drawn from the output that is shown? (Choose two.)
The no shutdown command has not been issued on the FastEthernet 0/0 interface.
Both of the directly connected routes that are shown will share the same physical interface of the router.
A routing protocol must be configured on the network in order for the inter-VLAN routing to be successful.
Inter-VLAN routing between hosts on the 172.17.10.0/24 and 172.17.30.0/24 networks is successful on this network.
Hosts in this network must be configured with the IP address that is assigned to the router physical interface as their default gateway.
37.
Refer to the exhibit. All devices are configured as shown in the exhibit. PC2 can successfully ping the F0/0 interface on R1. PC2 cannot ping PC1. What might be the reason for this failure?
R1 interface F0/1 has not been configured for subinterface operation.
S1 interface F0/6 needs to be configured for operation in VLAN10.
S1 interface F0/8 is in the wrong VLAN.
S1 port F0/6 is not in VLAN10.
38. What are the steps which must be completed in order to enable inter-VLAN routing using router-on-a-stick?
Configure the physical interfaces on the router and enable a routing protocol.
Create the VLANs on the router and define the port membership assignments on the switch.
Create the VLANs on the switch to include port membership assignment and enable a routing protocol on the router.
Create the VLANs on the switch to include port membership assignment and configure subinterfaces on the router matching the VLANs.
39. In which situation could individual router physical interfaces be used for InterVLAN routing, instead of a router-on-a-stick configuration?
a network with more than 100 subnetworks
a network with a limited number of VLANs
a network with experienced support personnel
a network using a router with one LAN interface
40. What two statements are true regarding the use of subinterfaces for inter-VLAN routing? (Choose two.)
subinterfaces have no contention for bandwidth
more switch ports required than in traditional inter-VLAN routing
fewer router ports required than in traditional inter-VLAN routing
simpler Layer 3 troubleshooting than with traditional inter-VLAN routing
less complex physical connection than in traditional inter-VLAN routing
Read more ...

CCNAS Final Exam CCNA Security 1.0 2012 100%-CCNAS Final Exam – CCNA Security: Implementing Network Security (Version 1.0) – Answers – 2011 – 2012

Thứ Tư, 1 tháng 8, 2012

1. What will be disabled as a result of the no service password-recovery command ?

aaa new-model global configuration command.
change to the configuration register.
password encryption service.
ability to access ROMmon.
2. What occurs after RSA keys are generated on a Cisco router to prepare for secure device management?
All vty ports are automatically configured for SSH to provide secure management.
The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys mo command.
The keys must be zeroized to reset secure shell before configuring other parameters.
The generated keys can be used by SSH.
3. Which action best describe a MAC address spoofing attack?
altering the MAC address of an attacking host to match that of a legitimate host.
bombarding a switch with fake source MAC addresses.
forcing the election of a rogue root bridge
flooding the LAN with excessive traffic
4. What functionality is provided by Cisco SPAN in a switched network?
It mitigates MAC address overflow attacks.
It mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis.
It protects the switched network from receiving BPDUs on ports that should not be receiving them.
It inspects voice protocols to ensure that SIP, SCCP, H.323, and MGCP requests conform to voice standards.
It copies traffic that passes through a switch interface and sends the data directly to a syslog or SNMP server for analysis.
5. What precaution should be considered when the no service password–recovery command has been issued on an IOS device?
The passwords in the configuration files are in clear text.
IOS recovery requires a new system flash with the IOS image.
When the password is lost, access to the device will be terminated.
The device must use simple password authentication and cannot have user authentication.
6. A network technician is configuring SNMPv3 and has set a security level of auth. What is the effect of this setting?
Authenticates a packet using the SHA algorithm only.
Authenticates a packet by a string match of the username or community string.
Authenticates a packet by using either the HMAC with MD5 method or the SHA method.
Authenticates a packet by using either the HMAC MD5 or HMAC SHA algorithms and encrypts the packet using either the DES, 3DES or AES algorithms.
7.
Refer to the exhibit. Which type of VPN is implemented?

remote-access GRE VPN
remote-access IPsec VPN
remote-access SSL VPN
site-to-site GRE VPN
site-to-site IPsec VPN
site-to-site SSL VPN
8. Router(config)# ntp authenticate
Router(config)# ntp authentication-key 42 md5 aNiceKey
Router(config)# ntp trusted-key 2
Refer to the exhibit. What will be the effect of the commands that are shown on R1?
Authentication with the NTP master will be successful, and R1 will get the time from the NTP master.
Authentication with the NTP master will be successful, but R1 will not get the time from the NTP master.
Authentication with the NTP master will fail, and R1 will get the time from the NTP master.
Authentication with the NTP master will fail, and R1 will not get the time from the NTP master.
9. What login enhancement configuration command helps successive login DoS attacks?
exec-timeout
login block-for
privilege exec level
service password-encryption
10. What are access attacks?
attacks that prevent users from accessing network services
attacks that modify or corrupt traffic as that traffic travels across the network
attacks that exploit vulnerabilities to gain access to sensitive information
attacks that involve the unauthorized discovery and mapping of systems, services, and vulnerability
11. Nov 30 11:00:24 EST: %SYS-5-CONFIG-I: Configured from console by vty0 (10.64.2.2)
Refer to the exhibit. An administrator is examining the message in a syslog server. What can be determined from the message?

This is a notification message for a normal but significant condition
This is an alert message for which immediate action is needed
This is an error message for which warning conditions exist.
This is an error message indicating the system is unusable
12. Which three major subpolicies should comprise a comprehensive security policy that meets the security needs of a typical enterprise? (Choose three)
end-user policies
departmental policies
governing policies
human resource policies
organizational policies
technical policies
13. R1(config)# logging host 10.1.1.17
R1(config)# logging trap errors
R1(config)# logging source-interface loopback 0
R1(config)# logging on
Refer to the exhibit. An administrator has entered the commands that are shown on router R1. At what trap level is the logging function set?

2
3
5
6
14. Which mitigation technique can help prevent MAC table overflow attacks?
root guard
BPDU guard
storm control
switchport security
15. An organization requires that individual users be authorized to issue specific Cisco IOS commands. Which AAA protocols support this requirement?
TACACS+ because it separates authentication and authorization, allowing for more customization.
RADIUS because it supports multiple protocols, including ARA and NetBEUI.
TACACS+ because it supports extensive accounting on a per-user or per-group basis.
RADIUS because it implements authentication and authorization as one process.
16.
Refer to the exhibit. Based on the IPS configuration that is provided, which statement is true?

The signatures in all categories will be retired and not be used by the IPS.
The signatures in all categories will be compiled into memory and used by the IPS.
Only the signatures in the ios_ips basic category will be compiled into memory and used by the IPS.
The signatures in the ios_ips basic category will be retired and the remaining signatures will be compiled into memory and used by the IPS.
17.
Refer to the exhibit. Based on the provided configuration, which traffic will be examined by the IPS that is configured on router R1?

Traffic that is initiated from LAN 1 and LAN 2
http traffic that is initiated from LAN 1
return traffic from the web server
traffic that is destined to LAN 1 and LAN 2
no traffic will be inspected
18.
Refer to the exhibit. An administrator is configuring ZPF using the SDM Basic Firewall Configuration wizard. Which command is generated after the administrator selects the Finish button?

zone security Out-zone on interface Fa0/0
zone security Out-zone on interface S0/0/0
zone member security Out-zone on interface Fa0/0
zone member security Out-zone on interface s0/0/0
19. Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose two)
Multiple ACLs per protocol and per direction can be applied to an interface.
If an ACL contains no permit statements, all traffic is denied by default.
The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs.
Standard ACLs are placed closest to the source, whereas Extended ACLs are placed closest to the destination.
If a single ACL is to be applied to multiple interfaces, it must be configured with a unique number for each interface.
20. Which three statements are characteristics of the IPsec protocol? (Choose three)
IPsec is a framework of open standards.
IPsec is implemented at Layer 4 of the OSI model.
IPsec ensures data integrity by using a hash algorithm.
IPsec uses digital certificates to guarantee confidentiality
IPsec is bound to specific encryption algorithms, such as 3DES and AES.
IPsec authenticates users and devices that communicate independently.
21. Which three additional precautions should be taken when remote access is required in addition to local access of networking devices? (Choose three)
A legal notice should not be displayed when access is obtained.
All activity to the specified ports that are required for access should be unrestricted.
All configuration activities should required the use of SSH or HTTPS.
All administrative traffic should be dedicated to the management network.
The number of failed login attempts should not be limited, but the time between attempts should.
Packet filtering should be required so that only identified administration hosts and protocols can gain access.
22. Which statement describes a factor to be considered when configuring a zone-based policy firewall?
An interface can belong to multiple zones.
The router always filters the traffic between interfaces in the same zone.
The CBAC ip inspect command can coexist with ZPF as long as it is used on interfaces that are in the same security zones.
A zone must be configured with the zone security global command before it can be used in the zone-member security command.
23. What is a result of securing the Cisco IOS image using the Cisco IOS Resilient Configuration feature?
The Cisco IOS image file is not visible in the output of the show flash command.
The Cisco IOS image is encrypted and then automatically backed up to a TFTP server.
The Cisco IOS image is encrypted and then automatically backed up to the NVRAM.
When the router boots up, the Cisco IOS image is loaded from a secure FTP location
24. What are three common examples of AAA implementation on Cisco routers? (Choose three)
Authenticating administrator access to the router console port, and vty ports
Authenticating remote users who are accessing the corporate LAN through IPsec VPN connections
Implementing public key infrastructure to authenticate and authorize IPsec VPN peers using digital certificates
Implementing command authorization with TACACS+
Securing the router by locking down all unused services
Tracking Cisco Netflow accounting statistics
25. When port security is enabled on a Cisco Catalyst switch, what is the default action when the maximum number of allowed MAC addresses is exceeded?
The violation mode for the port is set to restrict.
The MAC address table is cleared, and the new MAC address is entered into the table.
The port remains enabled, but the bandwidth is throttled until the old MAC addresses are aged out.
The port is shut down.
27. Which three statements describe the IPsec protocol framework? (Choose three)
AH uses IP protocol 51.
AH provides encryption and integrity.
AH provides integrity and authentication.
ESP uses UDP protocol 50.
ESP requires both authentication and encryption.
ESP provides encryption, authentication, and integrity.
28. Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.)
There is no access control to specific interfaces on a router.
The root user must be assigned to each privilege level defined.
Commands set on a higher privilege level are not available for lower privileged users
Views are required to define the CLI commands that each user can access.
Creating a user account that needs access to most but not all commands can be a tedious process
It is required that all 16 privilege levels be defined, whether they are used
29. Which Cisco IOS configuration option instructs the IPS to compile a signature category named ios_ips into memory and use it to scan traffic?
R1(config)# ip ips signature-category
R1(config-ips-category)# category all
R1(config-ips-category-action)# retired false
R1(config)# ip ips signature-category
R1(config-ips-category)# category ios_ips basic
R1(config-ips-category-action)# retired false
R1(config)# ip ips signature-category
R1(config-ips-category)# category all
R1(config-ips-category-action)# enabled true
R1(config)# ip ips signature-category
R1(config-ips-category)# category ios_ips basic
R1(config-ips-category-action)# enabled true
30.
Refer to the exhibit. An administrator has configured router R1 as indicated. However, SDEE messages fail to log. Which solution corrects this problem?

Issue the logging on command in global configuration.
Issue the ip ips notify sdee command in global configuration.
Issue the ip audit notify log command in global configuration.
Issue the clear ip ips sdee events command to clear the SDEE buffer.
31. Which three principles are enabled by a Cisco Self-Defending Network? (Choose three.)
adaptability
collaboration
insulation
integration
mitigation
scalability
32. What are two disadvantages of using network IPS?(Choose two.)
Network IPS has a difficult time reconstructing fragmented traffic to determine if an attack was successful.
Network IPS is incapable of examining encrypted traffic.
Network IPS is operating system-dependent and must be customized for each platform.
Network IPS is unable to provide a clear indication of the extent to which the network is being attacked.
Network IPS sensors are difficult to deploy whennew networks are added.
33. Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300 and destined to host 192.168.30.10?
access-list 101 permit tcp any eq 4300
access-list 101 permit tcp 192.168.30.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255
access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.30.10 0.0.0.0 eq www
access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www
access-list 101 permit tcp host 192.168.30.10 eq 80 10.1.0.0 0.0.255.255 eq 4300
34. Which type of SDM rule is created to govern the traffic that can enter and leave the network based on protocol and port number?
NAC rule
NAT rule
IPsec rule
access rule
35.
Refer to the exhibit. When configuring SSH on a router using SDM from the Configure menu, which two steps are required? (Choose two.)

Choose Additional Tasks > Router Access > SSH to generate the RSA keys.
Choose Additional Tasks > Router Access > VTY to specify SSH as the input and output protocol.
Choose Additional Tasks > Router Properties > Netflow to generate the RSA keys.
Choose Additional Tasks > Router Properties > Logging to specify SSH as the input and output protocol.
Choose Additional Tasks > Router Access > AAA to generate the RSA keys.
Choose Additional Tasks > Router Access > Management Access to specify SSH as the input and output protocol
36.
Refer to the exhibit. Which two statements are correct regarding the configuration on switch S1? (Choose two.)

Port Fa0/5 storm control for broadcasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.
Port Fa0/6 storm control for multicasts and broadcasts will be activated if traffic exceeds 2,000,000 packets per second.
Port Fa0/6 storm control for multicasts will be activated if traffic exceeds 2,000,000 packets per second.
Port Fa0/5 storm control for multicasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.
Port Fa0/5 storm control for broadcasts and multicasts will be activated if traffic exceeds 80.1 percent of 2,000,000 packets per second.
37.
Refer to the exhibit. Which three things occur if a user attempts to log in four times within 10 seconds using an incorrect password? (Choose three.)

Subsequent virtual login attempts from the user are blocked for 60 seconds.
During the quiet mode, an administrator can virtually log in from any host on network 172.16.1.0/24.
Subsequent console login attempts are blocked for 60 seconds.
A message is generated indicating the username and source IP address of the user.
During the quiet mode, an administrator can log in from host 172.16.1.2.
No user can log in virtually from any host for 60 seconds.
38. Which type of Layer 2 attack makes a host appear as the root bridge for a LAN?
LAN storm
MAC address spoofing
MAC address table overflow
STP manipulation
VLAN attack
39. What occurs after RSA keys are generated on a Cisco router to prepare for secure device management?
All vty ports are automatically configured for SSH to provide secure management.
The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys mo command.
The keys m
ust be zeroized to reset secure shell before configuring other parameters.
The generated keys can be used by SSH.
40. An organization has mobile workers who usecorporate-owned laptops at customer sites to view inventory and place orders.Which type of VPN allows these workers to securely access all of theclient/server applications of the organization?
clientless SSL VPN
remote-access IPsec VPN
site-to-site IPsec VPN
HTTPS-enabled SSL VPN
41. Which two guidelines relate to in-band networkmanagement? (Choose two.)
Apply in-band management only to devices that must be managed on the production network.
Implement separate network segments for the production network and the management network.
Attach all network devices to the same management network.
Use IPSec, SSH,or SSL
42. Which three commands are required to configure SSH ona Cisco router? (Choose three.)
ip domain-name name in global configuration mode
transport input ssh on a vty line
no ip domain-lookup in global configuration mode
passwordpassword on a vty line
service password-encryption in global configuration mode
crypto keygenerate rsa in global configuration mode
43. Anadministrator needs to create a user account with custom access to most privileged EXEC commands. Which privilege command is used to create this custom account?
privilege exec level 0
privilege exec level 1
privilege exec level 2
privilege exec level 15
44.
Refer to the exhibit. An administrator has configureda standard ACL on R1 and applied it to interface serial 0/0/0 in the outbounddirection. What happens to traffic leaving interface serial 0/0/0 that does notmatch the configured ACL statements?

The resulting action is determined by the destination IP address.
The resulting action is determined by the destination IP address and portnumber.
The source IP address is checked and, if a match is not found, traffic isrouted out interface serial 0/0/1.
The traffic is dropped
45. Which statement describes configuring ACLs to controlTelnet traffic destined to the router itself?
The ACL must be applied to each vty line individually.
The ACL is applied to the Telnet port with the ip access-group command.
Apply the ACL to the vty lines without thein orout option required when applying ACLs to interfaces.
The ACL should be applied to all vty lines in thein direction to prevent anunwanted user from connecting to an unsecured port.
46. Which three statements describe SSL-based VPNs? (Choose three.)
A symmetric algorithms are used for authentication and key exchange.
It is impossible to configure SSL and IPsec VPNs concurrently on the samerouter.
Special-purpose client software is required on the client machine.
Symmetric algorithms are used for bulk encryption.
The authentication process uses hashing technologies.
The application programming interface is used to extensively modify the SSLclient software.
The primary restriction of SSL VPNs is that they are currently supported onlyin hardware.
47.
Refer to the exhibit. What information can be obtained from the AAAconfiguration statements?

The authentication method list used for Telnet is named ACCESS.
The authentication method list used by the consoleport is named ACCESS.
The local database is checked first whenauthenticating console and Telnet access to the router.
If the TACACS+ AAA server is not available, nousers can establish a Telnet session with the router.
If the TACACS+ AAA server is not available, consoleaccess to the router can be authenticated using the local database.
48. Which two Cisco IPSmanagement and monitoring tools are examples of GUI-based, centrally managedIPS solutions? (Choose two.)
Cisco Adaptive Security Device Manager
Cisco IPS Device Manager
Cisco Router and Security Device Manager
Cisco Security Manager
Cisco Security Monitoring, Analysis, and Response System.
49.
Refer to the exhibit.Which AAA function and protocol is in use in the network?

The client is authorizing commands using the TACACS+protocol.
The client is authorizing commands using the RADIUS protocol.
The client is authenticating using the RADIUS protocol.
The client is authenticating using the TACACS+protocol
50. Which three OSI layers can be filtered by a stateful firewall? (Choose three.)
Layer 2
Layer 3
Layer 4
Layer 5
Layer 6
Layer 7
51.
Refer to the exhibit. Based on the SDM screenshown, which two actions will the signature take if an attack is detected?(Choose two.)

Reset the TCP connection to terminate the TCP flow.
Drop the packet and all future packets from thisTCP flow.
Generatean alarm message that can be sent to a syslog server.
Drop the packet and permit remaining packets from this TCP flow.
Create an ACL that denies traffic from the attacker IP address.
52. Which three switch security commands are required to enable port security on a portso that it will dynamically learn a single MAC address and disable the port if a host with any other MAC address is connected? (Choose three.)
switchport mode access
switchport mode trunk
switchportport-security
switchport port-security maximum 2
switchportport-security mac-address sticky
switchport port-security mac-addressmac-address
53. Whichstatement describes the SDM Security Audit wizard?
After the wizard identifies the vulnerabilities, theSDM One-Step Lockdown feature must be used to make all security-relatedconfiguration changes.
After the wizardidentifies the vulnerabilities, it automatically makes all security-relatedconfiguration changes.
The wizard autosenses the inside trusted and outside untrusted interfaces todetermine possible security problems that might exist.
The wizard is based on the Cisco IOS AutoSecure feature.
The wizard is enabled using the Intrusion Prevention task.
54. Which component of AAA is used to determine which resources a user canaccess and which operations the user is allowed to perform?
Auditing
accounting
authorization
authentication
55. Which two protocols allow SDM to gather IPS alertsfrom a Cisco ISR router? (Choose two.)
FTP
HTTPS
SDEE
SSH
Syslog
TFTP
56.
Refer to the exhibit. Which AAA command logs the activity of a PPP session?

aaa accounting connection start-stop group radius
aaa accounting connection start-stop group tacacs+
aaa accounting exec start-stop group radius
aaa accounting exec start-stop group tacacs+
aaa accounting network start-stop group radius
aaa accounting network start-stop group tacacs+
57.What is a feature of the TACACS+ protocol?
It combines authentication and authorization as oneprocess.
It encrypts theentire body of the packet for more secure communications.
It utilizes UDP to provide more efficient packet transfer.
It hides passwords during transmission using PAP and sends the rest of thepacket in plain text.
58.
Refer to the exhibit. Which interface configuration completes the CBACconfiguration on router R1?

R1(config)# interface fa0/0
R1(config-if)# ip inspect INSIDE in
R1(config-if)# ip access-group OUTBOUND in
R1(config)# interface fa0/1
R1(config-if)# ip inspect INSIDE in
R1(config-if)# ip access-group OUTBOUND in
R1(config)# interface fa0/1
R1(config-if)# ip inspect OUTBOUND in
R1(config-if)# ip access-group INSIDE out
R1(config)# interface fa0/0
R1(config-if)# ip inspect OUTBOUND in
R1(config-if)# ip access-group INSIDE in
R1(config)#interface fa0/1
R1(config-if)# ip inspect OUTBOUND in
R1(config-if)#ip access-group INSIDE in
59.
Refer to the exhibit. Which Cisco IOS security feature is implemented onrouter R2?

CBAC firewall
reflexive ACL firewall
zone-based policy firewall
AAA access control firewall
60.Which Cisco IOS privileged EXEC command can be used to verify that theCisco IOS image and configuration files have been properly backed up and secured?
Router# dir
Router# show archive
Router# show secure bootset
Router# show flash
61.Which device supports the use of SPAN to enable monitoring of malicious activity?
Cisco NAC
Cisco IronPort
Cisco Security Agent
Cisco Catalyst switch
62.Which three statements describe zone-based policyfirewall rules that govern interface behavior and the traffic moving betweenzone member interfaces? (Choose three.)
An interface can be assigned to multiple securityzones.
Interfaces can be assigned to a zone before the zone is created.
Pass, inspect,and drop options can only be applied between two zones.
If traffic is to flow between all interfaces in arouter, each interface must be a member of a zone.
Traffic is implicitly prevented from flowing by default among interfaces thatare members of the same zone.
To permit traffic to and from a zone member interface, a policy allowing orinspecting traffic must be configured between that zone and any other zone.
63.
Refer to the exhibit. Based on the SDM screen shown, which twoconclusions can be drawn about the IKE policy being configured? (Choose two.)

It will use digital certificates for authentication.
It will use apredefined key for authentication.
It will use a very strong encryption algorithm.
It will be the default policy with the highest priority.
64.The use of 3DES within the IPsec framework is anexample of which of the five IPsec building blocks?
authentication
confidentiality
Diffie-Hellman
integrity
nonrepudiation
65.Which statement describes the operation of the IKE protocol?
It uses IPsec to establish the key exchange process.
It uses sophisticated hashing algorithms to transmit keys directly across a network.
It calculates shared keys based on the exchange of a series of data packets.
It uses TCP port 50 to exchange IKE information between the security gateways
66.Which three types of views are available when configuring the Role-BasedCLI Access feature? (Choose three.)
superuser view
root view
superview
CLI view
admin view
config view
67.Which statement describes a MAC address table overflow attack?
An attacker alters the MAC address in a frame to matchthe address of a target host.
Frames flood the LAN, creating excessive traffic and degrading network performance.
The attacking host broadcasts STP configuration and topology change BPDUs to force spanning-tree recalculations.
A software tool floods a switch with frames containing randomly generated sourceand destination MAC and IP addresses.
68.When configuring a class map for zone-based policy firewall, how are thematch criteria applied when using the match-all parameter?
Traffic must match all of the match criteria specified in the statement.
Traffic must match the first criteria in the statement.
Traffic must match at least one of the match criteria statements.
Traffic must match according to an exclusive disjunction criteria.
69.Which three statements describe limitations in using privilege levelsfor assigning command authorization? (Choose three.)
There is no access control to specific interfaces on a router.
The root user must be assigned to each privilege level defined.
Commands set on a higher privilege level are not available for lower privileged users.
Views are required to define the CLI commands that each user can access.
Creating a user account that needs access to most but not all commands can be a tediousprocess.
It is required that all 16 privilege levels be defined, whether they are usedor not.
70.What is an important difference between network-based and host-basedintrusion prevention?
Host-based IPS is more scalable than network-basedIPS.
Host-based IPS can work in promiscuous mode or inline mode.
Network-based IPS is better suited for inspection of SSL and TLS encrypted dataflows.
Network-based IPS provides better protection against OS kernel-level attacks onhosts and servers.
Network-basedIPS can provide protection to hosts without the need of installing specializedsoftware on each one.
71.
Refer to the exhibit. Based on the output from the show secure bootset command on router R1, which three conclusions can be drawn regarding Cisco IOS Resilience? (Choose three.)

A copy of the Cisco IOS image file has been made.
A copy of the router configuration file has been made.
The Cisco IOS image file is hidden and cannot be copied, modified, or deleted.
The Cisco IOS image filename will be listed when the show flash command isissued on R1.
The copy tftp flash command was issued on R1.
The secure boot-config command was issued on R1.
72.Which element ofthe Cisco Threat Control and Containment solution defends against attempts toattack servers by exploiting application and operating system vulnerabilities?
threat control for email
threat control for endpoints
threat controlfor infrastructure
threat control for systems
73.
Refer to the exhibit. Based on the SDM NTP Server Details screen, which two conclusions can be drawn from the information entered and check boxes checked? (Choose two.)

NTPv1 is being configured.
The IP address of the NTP server is 10.1.1.2.
The IP address of the NTP client is 10.1.1.2.
NTP messages will be sent and received on interface Serial0/0/0 for this router.
NTP routing updates will be sent and received on interface Serial0/0/0 of the NTP server.
74.Which two statements match a type of attack with an appropriate example?(Choose two.)
To conduct an access attack, an attacker uses L0phtCrack to obtain a Windows server password.
To conduct an access attack, an attacker uses Wireshark to capture interesting network traffic.
To conduct a reconnaissance attack, an attacker initiates a ping of death attack to a targeted server.
To conduct a DoS attack, an attacker uses handler systems and zombies to obtain a Windows server password.
To conducta DoS attack, an attacker initiates a smurf attack by sending a large number ofICMP requests to directed broadcast addresses.
To conduct a reconnaissance attack, an attacker creates a TCP SYN flood causing the server to spawn many half-open connections and become unresponsive.
75.The use of which two options are required for IPsec operation? (Choosetwo.)
AH protocols for encryption and authentication
Diffie-Hellmanto establish a shared-secret key
IKE to negotiate the SA
PKI for pre-shared-key authentication
SHA for encryption
76.Which three security services are provided by digital signatures? (Choose three.)
authenticatesthe source
authenticates the destination
guarantees data has not changed in transit
provides nonrepudiation of transactions
provides nonrepudiation using HMAC functions
provides confidentiality of digitally signed data
77.Which three statements should be considered when applying ACLs to aCisco router? (Choose three.)
Place generic ACL entries at the top of the ACL.
Place more specific ACL entries at the top of the ACL.
Router-generated packets pass through ACLs on the router without filtering.
ACLs always search for the most specific entry before taking any filtering action.
A maximum of three IP access lists can be assigned to an interface perdirection (in or out).
An access list applied to any interface without a configured ACL allows all traffic to pass.
78.Which consideration is important when implementing syslog in a network?
Enable the highest level of syslog available to ensurelogging of all possible event messages.
Log all messages to the system buffer so that they can be displayed whenaccessing the router.
Synchronizeclocks on all network devices with a protocol such as Network Time Protocol.
UseSSH to access syslog information.
Read more ...

Advertisment