Home
Subjects
Expert solutions
Create
Log in
Sign up
Upgrade to remove ads
Only A$47.99/year
- Other
- Computer Skills
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set (34)
Understand how to mitigate threats at the access layer.
You can mitigate threats at the access layer by using port security, DHCP snooping, dynamic ARP inspection, and identity based networking.
Understand TACACS+ and RADIUS.
TACACS+ is Cisco proprietary, uses TCP, and can separate services. RADIUS is an open standard, uses UDP, and cannot separate services
Remember the differences between SNMPv2 and SNMPv3.
SNMPv2 uses UDP but can use TCP; however, v2 still sends data to the NMS station in clear text, exactly like SNMP1, plus SNMPv2 implemented GETBULK and INFOrM messages. SNMPv3 uses TCP and authenticates users, plus it can use ACLs in the SNMP strings to prevent the NMS station from unauthorized use
Understand FHRPs, especially HSRP.
The FHRPs are HSRP, VRRP, and GLBP, with HSRP and GLBP being Cisco proprietary
Remember the HSRP virtual address.
The HSRP MAC address has only one variable piece in it. The first 24 bits still identify the vendor who manufactured the device (the organizationall unique identifier, or OUI). The next 16 bits in the addrss tell us that the MAC address is a well-known HSRP MAC address. Finally, the last 8 bits of the address are hexadecimal representation of the HSPRgroup number.
1. Which operation used by SNMP is the same as a trap but adds an acknowledgement that a trap does not provide?
INFORM
2. Which operation is used by SNMP to get information from the MIB to an SNMP agent?
GET
3. Which operation used by the SNMP agent to send a triggered piece of information to the SNMP manager?
TRAP
4. Which operation is used to get information to the MIB from an snmp MANAGER?
SET
5. This operation is used to list information from successive MIB objects within a specified MIB.
WALK
6. You have different HSRP virtual IP addresses configured on peers. What is the result?
Hosts stop working
7. You configure HSRP on peers with different group numbers. What is the result?
You receive duplicate address warning
8. You configure your HSRP peers with different versions (v1 and v2). What is the result?
Duplicate address warning
9. What is the multicast and port number used for both HSRP versions 1 and 2?
224.0.0.2, UDP
1985
224.0.0.12 UPD 1985
1. How can you efficiently restrict the read-only function of a requesting SNMP management station based on the IP address?
a. Place an ACL on the logical control plane?
b. Place an ACL on the line when configuring the RO community string.
c. Place an ACL on the VTY line
d. Place an ACL on all router interfaces
a. Place an ACL on the logical control plane?
2. What is the default priorty setting on an HSRP router?
a. 25
b. 50
c. 100
d. 125
100
3. Which of the following commands will enable AAA on a router?
a. Aaa enable
b. Enable aaa
c. New-model aaa
d. Aaa new-model
Aaa new-model
4. Which of the following will mitigate
access layer threats? (choose two.)
a. Port security
b. Access lists
c. Dynamic ARP inspection
d. AAA
Port security
b. Access lists
5. Which of the following is not true about DHCP snooping?
a. DHCP snooping validates DHCP messages received from untrusted sources and filters out invalid messages
b. DHCP snooping builds and maintains the DHCP snooping binding database, which contains the
information about untrusted hosts with leased IP addresses
c. Dhcp snooping rate-limits DHCP traffic from trusted and untrusted sources
d. DHCP snooping is a layer 2 security feature that acts like a firewall between hosts
c. Dhcp snooping rate-limits DHCP traffic from trusted and untrusted sources
6. Which of the following are true about TACACS+? (choose two.)
a. TACAS+ is a Cisco proprietary security
mechanism
b. TACACS+ uses UDP
c. TACACS+ combines authentication and authorization services as a single process-after users are authenticated, they are also authorized
d. TACACS+ offers multiprotocol support
a. TACAS+ is a Cisco proprietary security mechanism
d. TACACS+ offers multiprotocol support
7. Which of the following is not true about RADIUS?
a. RADIUS is an open standard protocol
b.
RADIUS separates AAA services
c. RADIUS uses UDP
d. RADIUS encrypts only the password in the access-request packet from the client to the server. The remainder of the packet is unencrypted
b. RADIUS separates AAA services
8. A switch is configured with the snmp-server community Cisco RO command running SNMPv2c. An NMS is trying to communicate to this router via SNMP, so what can be performed by the NMS?
(choose two)
a. The NMS can only graph obtained results
b. The NMS can graph obtained results and change the hostname of the router
c. The NMS can only change the hostname of the router
d. The NMS can use GETBULK and return many results
a. The NMS can only graph obtained results
d. The NMS can use GETBULK and return many results
9. What is true regarding any type of FHRP?
a. The FHRP
supplies hosts with routing information
b. The FHRP is a routing protocol
c. The FHRP provides default gateway redundancy
d. The FHRP is only standards-based
c. The FHRP provides default gateway redundancy
10. Which of the following are HSRP states? (choose two)
a. INIT
b. Active
c. Established
d. Idle
a. INIT
Active
11. Which command configures an interface to enable HSRP with the virtual router IP address 10.1.1.10?
a. Standby 1 ip 10.1.1.10
b. Ip hsrp 1 standby 10.1.1.10
c. Hsrp 1 ip 10.1.1.10
d. Standby 1 hsrp ip 10.1.1.10
a. Standby 1 ip 10.1.1.10
12. Which command displays the status of all HSRP groups on a Cisco router or layer 3 switch?
a. Show ip hsrp
b. Show hsrp
c. Show
standby hsrp
d. Show standby
e. Show hsrp groups
d. Show standby
13. Two routers are part of a HSRP standby group and there is no priority configured on the router for the HSRP group. Which of the following statements below is correct?
a. Both routers will be in the active state
b. Both routers will be in the standby state
c. Both routers will be in the listen state
d. One router will be
active, the other standby
d. One router will be active, the other standby
14. Which of the following statement is true about HSRP version 1 Hello packet?
a. HSRP Hello packets are sent to multicast address 224.0.0.5
b. HSRP RP Hello packets are sent to the multicast address 224.0.0.2 with TCP port 1985
c. HSRP Hello packets are sent to the multicast address 224.0.0.2 with UDP port 1985
d. HSRP Hello
packets are sent to the multicast address 224.0.0.10 with UDP port 1986
c. HSRP Hello packets are sent to the multicast address 224.0.0.2 with UDP port 1985
15. Routers HSRP1 and HSRP2 are in HSRP group 1. HSRP1 is the active router with priority of 120 and HSRP2 has the default priority. When HSRP1 reboots, HSRP2 will become the active router. Once HSRP1 comes back up, which of the following statements will be
true? (choose two)
a. HSRP1 will become the active router
b. HSRP2 will stay the active router
c. HSRP1 will become the active router if it is also configured to preempt
d. Both routers will go into speak state
b. HSRP2 will stay the active router
16. What Is the multicast address and port number used for HSRP version 2?
a. 224.0.0.2 UDP port 1985
b. 224.0.0.2, TCP port 1985
c. 224.0.0.102,
UDP port 1985
d. 224.0.0.102, TCP port 1985
c. 224.0.0.102, UDP port 1985
17. Which is true regarding SNMP? (choose two)
a. SNMPv2c offers more security than SNMPv1
b. SNMPv3 uses TCP and introduced the GETBULK operation
c. SNMPv2c introduced the INFORM operation
d. SNMPv3 provides the best security of the three versions
d. SNMPv3 provides the best security of the three versions
18. You want to configure RADIUS so your network devices have external authentication, but you also need to make sure you can fall back to local authentication. Which command will you use?
a. aaa authentication login local group MYRadiusGroup
b. aaa authentication login group MYRadiusGroup fallback local
c. aaa authentication login default group MYRadiusGroup external local
d. aaa authentication login default group
MyRadiusGroup local
d. aaa authentication login default group MyRadiusGroup local
19. what is true about DAI?
a. It must use TCP, BootP, and DHCP snooping in order to work
b. DHCP snooping is required in order to build the MAC-toip BINDINGS FOR dai VALIDATION
c. DAI is required in order to build the MAC-to-IP bindings, which protect against man-in-the-middle attacks
d. DAI tracks ICMP-to-MAC bindings
from Dhcp
c. DAI is required in order to build the MAC-to-IP bindings, which protect against man-in-the-middle attacks
20. The IEEE 802.1x standard allows you to implement identify-based networking on wired and wireless hosts by using client/server access control. There are three roles. Which of the following are these roles?
a. Client
b. Forwarder
c. Security access control
d. Authenticator
e.
Authentication server
Client
Authenticator
Authentication Server
CCNP Switch v7.1 Quiz - Chapter 6,First…
33 terms
abonifacio2
CTS 2655 Networking with Cicso routers
98 terms
royshi
Cohort 5 Network+ Final Questions
200 terms
rmlaylin
CMIT 350
358 terms
Davina_Williams4
Sets found in the same folder1.2 Network+
7 terms
jackeallenjrTEACHER
1.3 Network+
23 terms
jackeallenjrTEACHER
Chapter 7 Managing a Cisco Internetwork
20 terms
Sidd_
1.3 Part 2 Network+
23 terms
jackeallenjrTEACHER
Other sets by this creatorFeb 25th. Ch. 20, 19 Lammelle, Odom Ch. 7, Ch. 8,
2 terms
aric_siegrist1
Feb. 24th, Ch. 22,21, Odom Ch.27,28.
188 terms
aric_siegrist1
1
22 terms
aric_siegrist1
Other
9 terms
aric_siegrist1
Other Quizlet setsRetailing Chapter 7 Exam 2 Dr. Walton
117 terms
lexy_lynn2
MARKETING RESEARCH - LEARN SMART
125 terms
Zoelehman_
Pance 7
20 terms
Matthew_Aoto
Chapter 5
16 terms
Lara_Xavier
Related questionsQUESTION
What feature in Windows Server 2016 is used to provide information about the certification authority (CA) used by your domain when a client is requesting DNS information for your domain?
11 answers
QUESTION
Which ports are used by Server Message Block (SMB)?
15 answers
QUESTION
Handheld electronic devices that typically contain personal productivity application used for calendaring, contact management, and note taking. Unlike smart phones, PDAs don't have telephony capabilities/
4 answers
QUESTION
How will an SPI firewall handle a packet containing a TCP SYN segment
9 answers