|
QUESTION 21 What does a "yellow" sensor icon signify in the Cisco Secure Intrusion Detection System/HP Open View interface?
A. A "yellow" sensor icon means that a sensor daemon had logged a level 4 or 5 alarm.
B. A "yellow" sensor icon means that the director that the sensor reports to is operating in degraded mode.
C. A "yellow" sensor icon means that a sensor daemon had logged a level 3 alarm.
D. A "yellow" sensor icon means that the device that the sensor detected being attacked is inoperative due to the attack. Answer: C Explanation: Alarm level 3 and 4 are medium. Medium severity is displayed in yellow, then icon medium severity is a yellow flag. by default events at level 1 and 2 are low, events at level 3 and 4 are medium, level 5 and higher are high. Cisco Secure intrusion detection system by Earl Carter p. 148, 213, 214
QUESTION 22 Symptoms:
- -Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
- -Console logging: level warning, 0 messages logged
- -Monitor logging: level informational, 0 messages logged
-Buffer logging: level informational, 0 message lines logged Note: Router 1's CPU is usually above 25% busy switching packets Scenario: Host A cannot reach the FTP Server, but can reach Host B. The Cisco Highway network administrator suspects that packets are traveling from network 10.1.5.0 to the FTP Server, but not returning. The administrator logs into the console port of Router 1. When Host A sends a ping to the FTP Server, the administrator executes a "debug ip packet" command on the router. Exhibit: The Cisco Highway administrator does not see any output. What are the additional commands that he could use to see the packets flowing from Ethernet 0 to Ethernet 1?
A. terminal monitor
B. configure terminal logging console debug
C. configure terminal no logging buffered
D. configure terminal logging console debug interface ethernet1 no ip route-cache
E. configure terminal interface ethernet0 no ip route-cache Answer: D Explanation:
By default, the network server sends the output from debug commands and system error messages to the console. If you use this default, monitor debug output using a virtual terminal connection, rather than the console port. To redirect debug output, use the logging command options within configuration mode as described 7 debugging messages. LOG_DEBUG When multicast fast switching is enabled (like unicast routing), debug messages are not logged. If you want to log debug messages, disable fast switching. To limit the types of messages that are logged to the console, use the logging console router configuration command. Use the ip route-cache interface configuration command to control the use of high-speed switching caches for IP routing. To disable any of these switching modes, use the no form of this command.
QUESTION 23 When implementing network security at a specific site what would be your first step?
A. Hire a qualified consultant to install a firewall and configure your router to limit access to known traffic.
B. Run software to identify flaws in your network perimeter.
C. You must design a security policy.
D. You have to purchase and install a firewall for network protection.
E. You need to install access-control lists in your perimeter routers, to ensure that only known traffic is getting through your router. Answer: C Explanation: A Network security policy defines a framework to protect the assets connected to a network based on a risk assessment analysis. A network security policy defines the access limitations and rules for accessing various assets connected to a network. It is the source of information for users and administrators as they set up, use, and audit the network. CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 8
QUESTION 24 Why would you advice the new Cisco Highway trainee technician to select L2TP as a tunnel protocol for a VPN Client?
A. L2TP makes use of TCP as a lower level protocol to result in connection oriented transmissions, resulting in more reliable delivery.
B. L2TP makes use of PPP so address allocation and authentication is built into the protocol instead of IPSec extended function reliant, like mode config and a-auth.
C. L2TP does not permit wildcard pre-shared keys usage, which is not as secure as some other methods.
D. L2TP has less overhead than GRE. Answer: B Explanation: L2TP uses UDP which is connectionless protocol CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 243 L2TP, which stands for Layer 2 Tunneling Protocol, is an IETF standard emerging that combines Layer 2 Forwarding protocol (L2F) and Point-to-Point Tunneling protocol (PPTP).
L2TP has all the security benefits of PPP, including multiple per user authentication options (CHAP, PAP, and MS-CHAP). It also can authenticate the tunnel end points, which prevents potential intruders from building a tunnel and accessing precious corporate data. To ensure further data confidentiality, Cisco recommends adding IPSec to any L2TP implementation. Depending on the corporation's specific network security requirements, L2TP can be used in conjunction with tunnel encryption, end-to-end data encryption, or end-to-end application encryption. L2TP header: 16 bytes maximum (in case all options are used, RFC 2661) 24 (bit) for the GRE overhead
QUESTION 25 Which network layers are examined by CBAC to make filtering decisions in the IOS Firewall Feature Set environment? (Choose all that apply.)
A. Transport
B. Presentation
C. Data Link
D. Application
E. Network Answer: A, D, E Explanation: CBAC intelligently filters TCP and UDP packets based on application-layer protocol session information and can be used for intranets, extranets and the Internet. You can configure CBAC to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network you want to protect. (In other words, CBAC can inspect traffic for sessions that originate from the external network.) However, CBAC examines not only network layer and transport layer information but also examines the application-layer protocol information (such as FTP connection information) to learn about the state of the TCP or UDP session.
QUESTION 26 Why should a Route Reflector be used in a BGP environment?
A. Route Reflector is used to overcome issues of split-horizon within BGP.
B. Route Reflector is used to reduce the number of External BGP peers by allowing updates to reflect without the need to be fully meshed.
C. Route Reflector is used to allow the router to reflect updates from one Internal BGP speaker to another without the need to be fully meshed.
D. Route Reflector is used to divide Autonomous Systems into mini-Autonomous Systems, allowing the reduction in the number of peers.
E. None of the above. Answer: C Explanation: "Route reflectors are useful when an AS contains a large number of IBGP peers. Unless EBGP routes are redistributed into the autonomous systems' IGP, all IBGP peers must be fully meshed. Route reflectors offer an alternative to fully meshed IBGP peers." CCIE Professional Development Routing TCP/IP Volume II by Jeff Doyle and Jennifer Dehaven Carroll
QUESTION 27 What reaction can be expected from the host when a router sends an ICMP packet, with the Type 3 (host unreachable) and Code 4 (DF bit set) flags set, back to the originating host?
A. The host should reduce the size of future packets it may send to the router.
B. This scenario is not possible because the packet will be fragmented and sent to the original destination.
C. The sending station will stop sending packets, due to the router not expecting to see the DF bit in the incoming packet.
D. The sending station will clear the DF bit and resend the packet.
E. If the router has an Ethernet interface, this cannot occur because the MTU is fixed at 1500 bytes. Any other interface may legally generate this packet. Answer: D Explanation: Another ICMP message warns that a desired host is unreachable because of a problem with fragmenting a datagram sending.host.net:icmp:tagret.host unreachable - need to frag (mtu 1500) Network Intrusion Detection third edition by Stephen Northcutt and Judy Novak pg 67
QUESTION 28 To what does "message repudiation" refer to what concept in the realm of email security?
A. Message repudiation means a user can validate which mail server or servers a message was passed through.
B. Message repudiation means a user can claim damages for a mail message that damaged their reputation.
C. Message repudiation means a recipient can be sure that a message was sent from a particular person.
D. Message repudiation means a recipient can be sure that a message was sent from a certain host.
E. Message repudiation means a sender can claim they did not actually send a particular message. Answer: E Explanation: A quality that prevents a third party from being able to prove that a communication between two other parties ever took place. This is a desirable quality if you do not want your communications to be traceable. Non-repudiation is the opposite quality-a third party can prove that a communication between two other parties took place. Non-repudiation is desirable if you want to be able to trace your communications and prove that they occurred. Repudiation - Denial of message submission or delivery.
QUESTION 29 What is the finction of a RARP?
A. A RARP is sent to map a hostname to an IP address.
B. A RARP is sent to map an IP address to a hostname.
C. A RARP is sent to map an MAC address to an IP address.
D. A RARP is sent to map a MAC address to a hostname.
E. A RARP is sent to map and IP address to a MAC address. Answer: C Explanation: RARP is used to translate hardware interface addresses to protocol addresses
QUESTION 30 Exhibit: aaa authentication login default local tacacs aaa authorization exec default tacacs aaa authentication login vty tacacs local aaa authorization exec vty tacacs if-authenticated username abc password xuz line vty 0 4 exec-timeout 0 0 What will happen if a person Telnets into the router if it is running IOS 11.3 as configured in the exhibit, and the TACACS server is down?
A. Using the local username, the user will pass authentication but fail authorization.
B. The user will be able to gain access using the local username and password, since list vty will be checked.
C. Using the local username, the user will bypass authentication and authorization since the server is down.
D. The user will receive a message saying "The TACACS+ server is down, please try again later". Answer: B Explanation: aaa authentication login vty tacacs local aaa authorization exec vty tacacs if-authenticated This lines in the config mean that the vty lines are to use tacacs first but the timeout expires and authentication then goes to the local database If-authenticated states that if authenticated before do not authenticate again.
Search and Find Anything Here
|
|
Print
this Page
