Show Home Subjects Expert solutions Create Log in Sign up Upgrade to remove ads Only A$47.99/year
Terms in this set (34)Understand how to mitigate threats at the access layer. You can mitigate threats at the access layer by using port security, DHCP snooping, dynamic ARP inspection, and identity based networking. Understand TACACS+ and RADIUS. TACACS+ is Cisco proprietary, uses TCP, and can separate services. RADIUS is an open standard, uses UDP, and cannot separate services Remember the differences between SNMPv2 and SNMPv3. SNMPv2 uses UDP but can use TCP; however, v2 still sends data to the NMS station in clear text, exactly like SNMP1, plus SNMPv2 implemented GETBULK and INFOrM messages. SNMPv3 uses TCP and authenticates users, plus it can use ACLs in the SNMP strings to prevent the NMS station from unauthorized use Understand FHRPs, especially HSRP. The FHRPs are HSRP, VRRP, and GLBP, with HSRP and GLBP being Cisco proprietary Remember the HSRP virtual address. The HSRP MAC address has only one variable piece in it. The first 24 bits still identify the vendor who manufactured the device (the organizationall unique identifier, or OUI). The next 16 bits in the addrss tell us that the MAC address is a well-known HSRP MAC address. Finally, the last 8 bits of the address are hexadecimal representation of the HSPRgroup number. 1. Which operation used by SNMP is the same as a trap but adds an acknowledgement that a trap does not provide? INFORM 2. Which operation is used by SNMP to get information from the MIB to an SNMP agent? GET 3. Which operation used by the SNMP agent to send a triggered piece of information to the SNMP manager? TRAP 4. Which operation is used to get information to the MIB from an snmp MANAGER? SET 5. This operation is used to list information from successive MIB objects within a specified MIB. WALK 6. You have different HSRP virtual IP addresses configured on peers. What is the result? Hosts stop working 7. You configure HSRP on peers with different group numbers. What is the result? You receive duplicate address warning 8. You configure your HSRP peers with different versions (v1 and v2). What is the result? Duplicate address warning 9. What is the multicast and port number used for both HSRP versions 1 and 2? 224.0.0.2, UDP
1985 1. How can you efficiently restrict the read-only function of a requesting SNMP management station based on the IP address? a. Place an ACL on the logical control plane? 2. What is the default priorty setting on an HSRP router? 100 3. Which of the following commands will enable AAA on a router? Aaa new-model 4. Which of the following will mitigate
access layer threats? (choose two.) Port security 5. Which of the following is not true about DHCP snooping? c. Dhcp snooping rate-limits DHCP traffic from trusted and untrusted sources 6. Which of the following are true about TACACS+? (choose two.) a. TACAS+ is a Cisco proprietary security mechanism d. TACACS+ offers multiprotocol support 7. Which of the following is not true about RADIUS? b. RADIUS separates AAA services 8. A switch is configured with the snmp-server community Cisco RO command running SNMPv2c. An NMS is trying to communicate to this router via SNMP, so what can be performed by the NMS?
(choose two) a. The NMS can only graph obtained results d. The NMS can use GETBULK and return many results 9. What is true regarding any type of FHRP? c. The FHRP provides default gateway redundancy 10. Which of the following are HSRP states? (choose two) a. INIT
11. Which command configures an interface to enable HSRP with the virtual router IP address 10.1.1.10? a. Standby 1 ip 10.1.1.10 12. Which command displays the status of all HSRP groups on a Cisco router or layer 3 switch? d. Show standby 13. Two routers are part of a HSRP standby group and there is no priority configured on the router for the HSRP group. Which of the following statements below is correct? d. One router will be active, the other standby 14. Which of the following statement is true about HSRP version 1 Hello packet? c. HSRP Hello packets are sent to the multicast address 224.0.0.2 with UDP port 1985 15. Routers HSRP1 and HSRP2 are in HSRP group 1. HSRP1 is the active router with priority of 120 and HSRP2 has the default priority. When HSRP1 reboots, HSRP2 will become the active router. Once HSRP1 comes back up, which of the following statements will be
true? (choose two) b. HSRP2 will stay the active router 16. What Is the multicast address and port number used for HSRP version 2? c. 224.0.0.102, UDP port 1985 17. Which is true regarding SNMP? (choose two) d. SNMPv3 provides the best security of the three versions 18. You want to configure RADIUS so your network devices have external authentication, but you also need to make sure you can fall back to local authentication. Which command will you use? d. aaa authentication login default group MyRadiusGroup local 19. what is true about DAI? c. DAI is required in order to build the MAC-to-IP bindings, which protect against man-in-the-middle attacks 20. The IEEE 802.1x standard allows you to implement identify-based networking on wired and wireless hosts by using client/server access control. There are three roles. Which of the following are these roles? Client Sets with similar termsCCNP Switch v7.1 Quiz - Chapter 6,First…33 terms abonifacio2 CTS 2655 Networking with Cicso routers98 terms royshi Cohort 5 Network+ Final Questions200 terms rmlaylin CMIT 350358 terms Davina_Williams4 Sets found in the same folder1.2 Network+7 terms jackeallenjrTEACHER 1.3 Network+23 terms jackeallenjrTEACHER Chapter 7 Managing a Cisco Internetwork20 terms Sidd_ 1.3 Part 2 Network+23 terms jackeallenjrTEACHER Other sets by this creatorFeb 25th. Ch. 20, 19 Lammelle, Odom Ch. 7, Ch. 8,2 terms aric_siegrist1 Feb. 24th, Ch. 22,21, Odom Ch.27,28.188 terms aric_siegrist1 122 terms aric_siegrist1 Other9 terms aric_siegrist1 Other Quizlet setsRetailing Chapter 7 Exam 2 Dr. Walton117 terms lexy_lynn2 MARKETING RESEARCH - LEARN SMART125 terms Zoelehman_ Pance 720 terms Matthew_Aoto Chapter 516 terms Lara_Xavier Related questionsQUESTION What feature in Windows Server 2016 is used to provide information about the certification authority (CA) used by your domain when a client is requesting DNS information for your domain? 11 answers QUESTION Which ports are used by Server Message Block (SMB)? 15 answers QUESTION Handheld electronic devices that typically contain personal productivity application used for calendaring, contact management, and note taking. Unlike smart phones, PDAs don't have telephony capabilities/ 4 answers QUESTION How will an SPI firewall handle a packet containing a TCP SYN segment 9 answers Which of the following is true about DHCP snooping?a. DHCP snooping validates DHCP messages received from untrusted sources and filters out invalid messages.
Which two options will mitigate access layer threats?Overview: Common access layer threats include unauthorized clients connecting to a LAN, rogue DHCP servers and VLAN hopping by way of double tagging. 802.1x, DHCP snooping and Nondefault native VLAN are techniques to mitigate access layer types of vulnerabilities.
Why should CDP be disabled on ports that face untrusted networks?Why should CDP be disabled on ports that face untrusted networks? A CDP can conflict with LLDP on ports facing untrusted networks. B Disabling CDP will prevent the device from participating in spanning tree with untrusted devices.
|