Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
210 Cards in this Set
- Front
- Back
What is one authentication protocol for AAA server to secure telnet authentication ? |
TACACS+ |
|
What is 802.1x standard use for |
Use to secure port on a switch or access to wireless access point. |
|
What protocol is used for password, Biometric, Certificate for authentication? |
EAP ( Extensible authentication protocol) |
|
Where are the static routes saved on a router? |
Startup configuration |
|
What command will generate key encryption for SSH? |
Router(config)#crypto key generate rsa |
|
Which protocol is used by 802.1x for authentication from supplicants to authenticator. |
EAP |
|
What is a Radius server is used for? |
The AAA authentication Server |
|
How to turn off CDP on an interface? |
No cdp enable |
|
What mode create a CAPWAP tunnel to the WLC? |
Local mode |
|
Which type of security protocol offer both authentication and encryption via certificate signing? |
SSH |
|
What do you call the action of inspecting the source IP address of a packet to block packets from outside of the network spoofing internal addresses? |
Spoofing mitigation |
|
Which type of architecture is used with controller-based network ? |
Spine / leaf |
|
What WPA security protocol incorporated which allowed for better integrity of 802.11 transmission. |
802.11i standard of TKIP |
|
What does shaping do in Qos traffic |
Hold packets in the queue over the configured bit rate to cause delay. |
|
Which variable is checked to determine the location of the Ansible setting files? |
Ansible-config |
|
When does the window size is established during window sliding in tcp? |
During three way handshake |
|
What is port binding? |
Use by TCP and UDP to determine which upper layer created the request |
|
What is one requirements of window sliding? |
It is used for fixed length data segments and does not allow dat of different length to be padded |
|
Which port is used by GLBP(Gateway load balancing protocol)? |
UDP/3222 |
|
What is one best practice for NTP |
Always configure the time source to a DNS Adress. |
|
What command will configure a local user for ssh access? |
Username user1 password PASSWORD20! |
|
What happened when you convert a port to LAG? |
It load balance traffic across the network. |
|
What can be done to add more network to a WLC which only has 2 ports? |
Convert a port to trunk and create a VLAN. |
|
Which command will diagnose DHCP relay agent messages on a router? |
Debug IP DHCP server packet |
|
What happens to a packet when it reaches the local network? |
Destination MAC Adress is changed to the destination host MAC Adress. |
|
Where does port security works best |
In static environment |
|
Boot a router from a tftp server file: command |
Router# boot system (file) tftp://192.168.1.2(IP) |
|
What standard replace Rapd PVST+? |
802.1w |
|
What method prevent tempering with dat in transit |
Secure Layer socket. |
|
Which component connects vm NIC to the physical network? |
Virtual Switch (VS) |
|
How do you see how everything is connected? |
Provision => Hierarchy=> topology Icon(result plane) => |
|
What does the assurance swction in the DNA Center allows you to view? |
Overall health of Network devices |
|
What does the platform section of The DNA center allow you to do? |
Perform upgrade and search API Catalog. |
|
What does the policy section of the DNA allow you to do? |
Create policies based on applications, traffic and IP based access control list (ACL) |
|
What is the difference between full and adjacent in OSPF? |
Full (F)means fully synchronized Adjacent(2way) means they find each of the but LSBD have not been synchronized. |
|
What is Tacacs+ ( terminal acess controller access control system) |
protocol used for communication between switches and routers |
|
In spine leaf network what is the role of the leaf switch? |
Access and distribution |
|
What is the default port security violation mode? |
Shutdown |
|
How dhould routers be configured qith CHAP authentication? |
password must be the same on both devices |
|
What technology allows us to connect multiple sites with secure connection |
DMVPN |
|
DTP switch port which allows a port to create a trunk link if neighboring port is in trunk mode |
Dynamic desirable |
|
What is NAT protocol which can map a single inside address to one outside address |
PAT |
|
What kind of mode prevent routing protocols from sending hello messages |
Passive interface |
|
What does RSTP use to replace STP listening, blocking and disabled |
Discarding |
|
What tool is used to identify cause of traffic blockage between two devices |
ACL Path Analysis tool |
|
What mode allow administrators to see attempted authentication from end users |
Monitor mode |
|
What happened When security is disabled on a switch |
1 mac address can be learned |
|
What standard 802.1ab defines? |
LLDP |
|
What two characteristics of 802.1q protocol? |
* Modifies 802.3 frame, fcs must be recomputed. * It is a trunking protocol capable of carrying untagged frames. * Support marked and unmarked frames |
|
What is the default value for bridge priority? |
32768 |
|
Why will switch never learn broadcast address? |
Because it will never be the source address of frame. |
|
What is native VLAN Mismatch? |
When one trunk Vlan chosen to be native does match (10) or it's number is not specified on the other trunk |
|
On which options standard access list based on |
Destination address in wild card mask |
|
Which two Cisco are command used in troubleshooting can enable debug output to a remote location |
1- Login host Ip address 2- Terminal Monitor |
|
Which NTP type designate a router as an authoritative source for time |
Master |
|
What are the three advantages of using VLAN? |
Better security Efficient Bandwidth usage Mitigate broadcast storms |
|
What happens when a packet is being sent from one router to the next? |
* Source mac address change to router's own mac address * destination mac address is set to next hop mac address * Source and Destin Ip address never change. |
|
What does that indicate when the CLI says if we want to enter initial configuration dialog or not? |
No configuration file was found in NVRAM |
|
What is the binary pattern of unique local at PV6 address |
11111100 |
|
What term describes spanning tree network ports all on blocking or forwarding state? |
Converged |
|
What term describes spanning tree network ports all on blocking or forwarding state? |
Converged |
|
What hapened when a layer 2 is converged? |
* root bridge is elected * Port roles are selected |
|
What hapened when a layer 2 is converged? |
* root bridge is elected * Port roles are selected |
|
What hapened when a layer 2 is converged? |
* root bridge is elected * Port roles are selected |
|
Dynamic ARP (DAI) Uses trust states for interfaces what do they call? |
*Untrusted * Trusted |
|
How to enable DHCP snooping? |
Ip dhcp snooping |
|
What are wome denial of service attack? |
Smurfing Tcp syn flood attack Ping of death |
|
What are wome denial of service attack? |
Smurfing Tcp syn flood attack Ping of death |
|
What are FTP port numbers |
20 21 |
|
What are the two southbound API that provide communication of SDN Controller and SDN Data plane devices? |
Netconf Openflow |
|
What terms are related to Radius? |
Combine AAA Unidirectional CHAP UDP port 1812, 1645 |
|
What Qos mechanism that process exceed traffic, buffer it, with little delay send it again? |
Traffic shaping |
|
Which are Fast Ethernet technology? |
100 base-TX 100 base- FX |
|
How to enable syslog? |
Logging on |
|
In which type of attack routing table is manipulated? |
Rerouting |
|
What are the two types of site to site VPN? |
Extranet Intranet |
|
What are the two REST API info parameters? |
Header Verb |
|
How to configure ipv6 default route? |
IPv6 ::/0 2001:Abc:33:44::1 |
|
What is the default sequence of Loading IOS? |
Flash, TFTP, ROM |
|
What protocol is used to manage network devices? |
SNMP |
|
How to make an interface a trusted DHCP snooping? |
Ip dhcp snooping trust |
|
How to set syslog server as 1.1.1.1 |
Logging 1.1.1.1 |
|
How to set syslog server as 1.1.1.1 |
Logging 1.1.1.1 |
|
What are the first three bits of DSCP used for? |
Class selector codepoint |
|
What are the first three bits of DSCP used for? |
Class selector codepoint |
|
What are the first three bits of DSCP used for? |
Class selector codepoint |
|
What are the three way to determine authentication on a router? |
*Authentication - mode aaa *Authentication-mode none *Authentication -mode password |
|
What does the Dynamic ARP inspection(DAI) check to allow incoming MAC address in the table before accepting Arp packet. |
IP Mac binding Table |
|
What algorithm OSPF use? |
Dijkstra |
|
What are two state link protocol |
Is-Is OSPF |
|
Where does router look to boot the system |
NVRAM |
|
What is Network configuration management protocol used with SDN instead of SNMP |
Netconf |
|
Whoch protocol is a routed protocol? |
IP |
|
Which LAN switching method is used in CISCO Catalyst 5000? |
Store-and-forward switching method |
|
What is the role of the LLC sublayer? |
LLC sublayer stands for Logical Link Control.provide flow control using stop/start codes. provide error correction. |
|
What is BootP? |
BootP is a protocol that is used to boot diskless workstations that are connected to the network. Diskless workstations also use BootP in order to determine its own IP address as well as the IP address of the server PC. |
|
What is the function of the Application Layer in networking? |
synchronizes applications on the server and client. |
|
Where does frame relay operate in the osi model |
Data Link and Physical Layers. |
|
What is MTU? |
MTU stands for Maximum Transmission Unit. It refers to the maximum packet size that can be sent out onto the data line without the need to fragment it. |
|
What is 100BaseFX? |
Ethernet that makes use of fiber optic cable |
|
How does cut-through LAN switching work? |
Router immediately forward data after reading its destination address |
|
What is latency? |
amount of time delay a device take to forward a data frame |
|
What some benefits of LAN switching. |
allows full duplex data transmission and reception- media rate adaption- easy and efficient migration |
|
What is HDLC (High-Level Data Link Control?) |
Cisco proprietary protocol . It is the default encapsulation operated within CISCO routers. |
|
What are the different IPX access lists? |
1- Standard.2. Extended. |
|
What is the difference between standard and extended access list |
Standard Access List can only filter the source or destination IP address. An Extended Access List uses the source and destination IP addresses, port, socket, and protocol when filtering a network. |
|
How do you configure a Cisco router to route IPX?8i |
Enable ipx with the "IPX routing" command. The Configure each interface wit a network number & Encapsulation method, |
|
In which mode you test and debug the router? |
privileged mode |
|
What are the different memories used in a CISCO router? |
NVRAM stores the startup configuration file.- DRAM stores the configuration file that is being executed.- Flash Memory - stores the Cisco IOS. |
|
How does Hold-downs work? |
Hold-downs prevent regular update messages from reinstating a downed link by removing that link from update messages. It uses triggered updates to reset the hold-down timer. |
|
what command must be used if you want to delete the configuration data that is stored in the NVRAM? |
erase startup-config |
|
In how many ways you can access the router? |
In how many ways you can access the router? |
|
What does the clock rate do? |
enables the routers or DCE equipment to communicate appropriately. |
|
What command do we give if router IOS is stuck? |
Cntrl+Shift+F6 and X |
|
What route entry will be assigned to dead or invalid route in case of RIP? |
16 hops |
|
What causes a triggered update to reset the router hold-down timer? |
hold-down timer has already expired, or when the router received a processing task that incidentally was proportional to the number of links in the internetwork. |
|
Utilizing RIP, what is the limit when it comes to the number of hops? |
15 hop counts. Anything higher than 15 indicates that the network is considered unreachable. |
|
What is one advantage of EIGRP? |
EIGRP only sends incremental updates, decreasing the workload on the router and the amount of data that needs to be transferred. |
|
What is the use of “service Password Encryption”? |
Service Password Encryption command encrypts plain text password into type 7 password. These are not very much secure and can be easily decrypted. |
|
What are the three key features of URL filtering? |
Predefined URL categoriesMalware protection |
|
How many types of RIP message? |
Two types of message Request and Response. |
|
What is the TCP and BGP port number? |
BGP is 179 and TCP is 0. |
|
What will be the net mask for /24? |
0.0.0.255 |
|
What will be net mask for the /16? |
255.255.0.0 |
|
What is difference between the STP and RSTP? |
STP to prevent the loop addressRSTP reduce the port forwarding time |
|
What is a Multi-Homed Host? |
characterized as a hub associated with more than one systems. Like a PC can be associated with both Home system and a VPN. |
|
What does ospf use as measurement? |
Cost |
|
What is multicast routing? |
utilized to appropriate information (for instance, sound/video gushing communicates) to numerous beneficiaries. |
|
What are the criteria essential for a compelling and productive system? |
Execution Dependability Secure |
|
What is another name for OSI |
802.xx |
|
What is VTP |
vlan tracking protocol. We generally create vlan on server and all created vlan replicate to client. Can create same VLAN in 30 devices simultaneously |
|
What all mode of VTP we have? |
We have 3 modes of VTP ServerTransparentClient. |
|
Condition to configure VTP? |
VTP domain and VTP password should be same. |
|
Can Transparent Mode participate in VTP process? |
No, But it passes the vlaan information to client act as transit device. |
|
What is vlan.dat file? |
Vlan.dat file contain all information of created vlan. If we delete vlan.dat file from Device then we will lose all instance of vlan. |
|
What all types of STP we use? |
STP (spanning tree protocol)RSPT ( Rapid spanning tree protocol)CST(common spaning tree protocol)PVST (per vlan spanning tree protocol)RPVST (Rapid per vlan spanning tree protocol |
|
What are the various RIP loop prevention technologies? |
Split Horizon, Route poisoning, Hold down timer |
|
What are the 2 components an SNMP managed network consists of? |
Network management station and Agent |
|
What are the types of Subnettinng? |
VLSM- Variable Length Subnet MaskFLSM-Fixed Length Subnet Mask |
|
What do you mean by Revision number in VTP? |
used for changing or editing in the VLAN, increment by 1. For the security reason while adding new switches we should always check the revision number. |
|
What is BPDU Guard? |
When an attacker is trying to send a BPDU packet with ‘0’ priority values by any tool then port will consider it as error invisible state. |
|
What is the port number used for FTP, TELNET and SMTP? |
21-FTP23-TELNET25-SMTP |
|
What is Uplink fast? |
When the root port undergoes down alternate link up without any delay it is known as Uplink fast. |
|
What is native VLAN? |
Untagged VLANS |
|
What is PREMPT in HSRP? |
If the active router goes down, then backup router will become active and when the active router comes up by PREMPT command it will remain in active state. |
|
What is the multicast address which is used in HSRP? |
is 224.0.0.2. |
|
What is MSTP |
MSTP is open standard for fast convergence and to avoid load. |
|
How to verify SSH connection was secured? |
Ssh-v 2 -I admin IP |
|
Which six byte field in a basic Ethernet frame must be an individual address? |
SA |
|
What parameters are used to calculate OSPF cost in Cisco Routers? |
Bandwidth : cost = 108/bandwidth |
|
During which phase of PPPoe is PPP authentication performed? |
The PPP session Phase |
|
What are the two phases of PPPoe? |
* Active discovery Phase - client clocate server (access concentrator - session ID Assigned - PPPOE layer is established * Session Phase: - negotiation & authentication performed - data is transfered with PPPoe Header - PPPOE function as layer 2 encapsulation method |
|
What is the effect of the passive-interface on a router? |
It prevents the router from sending Updates. |
|
What are the two enhancement of OSPF3 over OSPF2? |
* it can support multiple ipv6 subnet on a single Link. * It routes over links rather than networks |
|
What does these interface signal mean? |
Serial is up line is up: port operational Serial is up line is down: layer 2 problem Serial is down line is down: Layer 1 issues Serial is administratively down, line is Down: Port disable |
|
What are the three components that composed the SNMP Framework? |
MID, Agent, Manager |
|
How is EIGRP for ipv6 configuration done? |
* Configure directly on interface * Have shutdown features |
|
What command will configure OSPF? |
Router# ospf 1 network 10.1.1.0 0.0.0.255 area 0. |
|
Which mode is compatible with trunk access and desirable port |
Dynamic auto |
|
Which prefix OSPF3 use when multiple ipv6 is configured in one interface? |
All prefix on the interface |
|
Which two commands canbbe used to verify netflow is operational? |
Show ip flow export Show ip cache flow |
|
Which part of the PPPoe server has info ro configure client PPPoe an IP address? |
Virtual Template Interface |
|
What are the virtual Mac address ranges of HSRP? |
Version 1: 0000.0c07.ACxx Version 2: 000.0c9F.Fxxx IPV6: 0005.73A0.0000 through 0005.73AF0.0FFF |
|
Which command show you DHCP conflict? |
Show ip dhcp conflict |
|
Which trunk port mode allow port to create a trunk automatically in DTP(Dynamic trunking Protocol) |
Dynamic desirable |
|
Which option describe the purpose of traffic policies? |
It drops traffics that exceed the CIR |
|
Which component isolate users in policies? |
Access control |
|
What authentication type is used in SMNPv2? |
Community string |
|
What are some usueful dns commands and what they do? |
* Ip domain lookup source-interface Enable dns lookup on an interface * Ip name server Enable dns server on the device * Ip dns server Identify a dns server * ip domain-name Specify a sequence of Domain Name * Ip host Specify defaul domain to append to unqualified hosts * Ip domain list Map an ip address to a host name |
|
What are the two minimum components of DHCP Binding? |
Ip address, hardware address |
|
What are two commands to verify trunk links? |
Show int trunk Show int switchport |
|
Ipv6 addresses and their purpose |
* EIGRPv6 FF05::2 *Link local on segment FF02::A * OSPF 3 FF02::6 * PIM Routers FF02::1 * Site-local router FF02::5 OSPF3 Designated Routers FF02::D |
|
Why are duplex mismatch hard to diagnose? |
* interface will still say up/up * Symptoms is intermittent |
|
How does router choose route when they are several routes? |
Most specific route (longest match) Shortest administrative Distance |
|
In which byte packet traffic cab marked? |
DSCP Byte |
|
What is the order of DHCP client State |
1- bound 2- selecting 3- Renewing 4- Rebinding 5- initializing 6- Requesting |
|
What are two things to do when troubleshooting dns client? |
Ping the server See if server name is configured on client |
|
Which type of routing exchange the entire routing table? |
Distance vector protocols |
|
What two STP port states RSTP combine for faster convergence? |
Listening Blocking |
|
What are tree characteristics of satellites internet? |
* upload speed about 10% of download speed * Use by mostly rural users * 10 time faster than analog modem |
|
Which process is associated with Spanning tree convergence? |
Electing designated ports |
|
What command do we use to see SNMP version? |
Show snmp pending |
|
What is the difference between CSU/DSU and modem |
* CSD/DSU convert digital signal to lese line. * Modem convert digital signal to phone line |
|
What is a statement that is true |
*there can only be one access layer per direction, per layer 3 leáse |
|
What is a Native VLAN |
VLAN whose traffic traverses on the 802.1Q trunk without any VLAN tag |
|
What does the 802.1q protocol does when assigned to Native VLANs? |
assigns untagged traffic on a native VLAN |
|
What port and Multicast address Ripng (Rip New Generation) use? |
521 has multicast address of FF02::9 |
|
How do we view Ipv6 route? |
Show ipv6 route |
|
What four Criterias make a BPDU superior? |
*lower root bridge ID * Lower path cost *Lower sending Bridge ID * Lower sending port Bridge ID |
|
What is Bandwidth? |
The capacity of a medium to carry data |
|
What is DAI ( Dynamic ARP inspection)? |
security feature that validates Address Resolution Protocol (ARP) |
|
How does Dai (Dynamic ARP inspection protect systems? |
DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. |
|
What are some Attacks Dynamic ARP inspection protect a system from? |
ARP poisoning, Man- in - the middle. |
|
How does dynamic ARP Inspection (DAI) prevent ARP poisoning? |
It entercept all ARP to ensure only valid ARP request and responses are relayed. |
|
How does DAI determine an ARP message is valid? |
1- Based on Valid Mac Address to Ip address binding stored in trusted database build at runtime by DHCP Snooping.
2- Based on user configured ACL
3- based on Invlaid IP, When Mac address does not Match Header's address. |
|
What is the Two state of DAI ( dynamic ARP Inspection)? |
Trusted and untrusted Packets arriving on trusted interfaces bypass all DAI validation checks, while those arriving on untrusted interfaces go through the DAI validation process |
|
What interfaces or ports that are trusted and untrusted? |
ports connected to host ports are configured as untrusted, while all ports connected to switches are configured as trusted. |
|
What happened when a device is configured as untrusted wrongly? |
Loss of Connectivity. ARP packets will drop. |
|
What happened when one switch is interconnected with a switch but one does not run DAI? |
It can easily Poison the other switch even if it runs DAI, Because DAi only protect the Switch from untrusted interfaces directly Connected to it and not the whole network but trust other switches. |
|
What will happen if an entry is valid in DHCP snooping database but is denied By ARP ACL? |
It will still be denied . ARP ACLs have precedence over entries in the DHCP snooping database. ARP Packets are first compared to user-configured ARP ACLs |
|
How does DAI prevent DDOS attacks? |
incoming ARP packets is rate-limited to 15 packets per second for untrusted interfaces. Trusted interfaces has no limits |
|
In what mode a port be when the rate of incoming ARP packets exceeds the configured limit? |
Errdisabled State port remains in that state until an administrator intervenes or enable errdisabled recovery for port to work after a timeout automatically |
|
When can a physical port join a channel running DAI? |
when the trust state of the physical port and of the channel match. Otherwise, the physical port remains suspended in the channel |
|
What is best Practice when configuring DAI? |
Create a DHCP server which provide IP address for all switches. so all Switches has all IP & Mac address binding available |
|
What is the command to view ARP inspection on a switch? |
show ip arp inspection vlan 1 |
|
How to enable DAI on VLAN? |
S1(config)# ip arp inspection vlan 1S1(config)# end |
|
What is SLSM ( static length subnet mask?) |
When the subnet mask is fixed throughout the IP network, meaning the subnet mask is the same for every subnet. |
|
What is VLSM Variable Length Subnet Mask (VLSM) |
network and host bits assigned to a subnet can vary based on the number of hosts the subnet is required to support. |
|
What is the benefits of implementing VLSM? |
implementing VLSM provides more levels of hierarchy within the IP address space because a subnet can be further subnetted. More levels of hierarchy provide opportunities for route aggregation, also called route summarization |
|
What is an advantage of Route summarization? |
Route summarization improves the efficiency of routing protocols and the overall routing process |