22 - Implementing Network Services

Question 1

__ is used to synchronize timekeeping among a set of distributed time servers and clients. __ uses UDP port __ as both source and destination, which in turn runs over IP

Answer 1

NTP, NTP, 123

Question 2

An NTP client makes a __ with its server over its polling interval (_ to __ seconds) which dynamically changes over time depending on network conditions.

Answer 2

transaction, 64, 1024

Question 3

It is not possible to adjust the NTP __ on a router.

Answer 3

poll interval

Question 4

NTP can be configured to use __ messages instead. This reduces configuration complexity; however, the accuracy of timekeeping is marginally reduced because the flow is one way.

Answer 4

broadcast

Question 5

NTPv4 is an extension of NTPv3 and provides the following capabilities

Answer 5

• Supports IPv6
• Security is improved
• Using specific multicast groups, NTPv4 can automatically calculate its time-distribution hierarchy through an entire network
• In NTPv4 for IPv6, IPv6 multicast messages instead of IPv4 broadcast messages are used to send and received clock updates

Question 6

NTP uses the concept of a __ to describe how many NTP hops away a machine is from an authoritative time source.

Answer 6

stratum

Question 7

NTP mode: provides accurate time information to clients

Answer 7

server

Question 8

NTP mode: synchronises its time to the server

Answer 8

client

Question 9

NTP mode: exchange time synchronisation information.

Answer 9

peer

Question 10

NTP mode: Special “push” mode of NTP server.

Answer 10

broadcast/multicast

Question 11

You can secure NTP operation by using __ and __.

Answer 11

authentication, access lists

Question 12

Cisco devices support only __ authentication for NTP

Answer 12

MD5

Question 13

To configure NTP authentication:

Answer 13

• Define the NTP authentication key with the ntp authentication-key command.
• Enable NTP authentication by using the ntp authenticate command
• Tell the device which keys are valid by using the ntp trusted-key command.
• Specify the NTP server that requires authentication by using the ntp server ip_address key key_number command

Question 14

__ on the NTP server ensure that only authorised clients can synch with it. A lot of NTP synchronisation requests from the internet might overwhelm your NTP server devices. An attacker could use NTP queries to discover servers to which your device is synchronised and then, through an attack such as DNS cache poisoning, redirect your device to a system under its control.

Answer 14

access lists

Question 15

How do you configure NTP to peer with only a specified IP address?

Answer 15

• Access-list 1 permit host 10.1.0.15

* Ntp access-group peer 1

Question 16

How do you configure NTP to answer synch request from only 10.1.0.0/16 subnet devices?

Answer 16

• Access-list 1 permit 10.1.0.0 0.0.255.255

* Ntp access-group serve-only 1

Question 17

Where can Cisco devices display syslog messages or be configured to capture them in a log?

Answer 17

• Console – by default, logging is enabled on the console port
• AUX and VTY ports – to receive syslog messages, type the terminal monitor command.
• Memory buffer – logging to memory logs message to an internal buffer. The buffer is circular in nature so new messages overwrite older messages after the buffer is filled. The buffer size can be change but to prevent router from running out of memory, do not make the buffer size too large. Use the logging buffered command. To display messages that are logged in the buffer, use the show logging command.
• Syslog server – to log system messages to a remote host, use the logging host command.
• Flash memory – Logging to buffer poses an issue when trying to capture debugs for an intermittent issue or during high traffic. When the buffer is full, older messages are overwritten. And when the device reboots, all messages are lost. Using persistent logging allows to write logged messages to files on the routers flash disk. To log messages to flash, use the logging persistent command.

Question 18

What are the severity levels of syslog messages?

Answer 18

0. Emergency
1. Alert
2. Critical
3. Error
4. Warning
5. Notification
6. Informational
7. Debugging

Question 19

To limit messages logged based on severity, use the __command.

Answer 19

logging trap

Question 20

__ has become the standard for network management. It is a simple, easy to implement protocol that is supports by nearly all vendors. __ defines how management information is exchanged between __ managers and __ agents. It uses the UDP transport mechanism to retrieve and send management information, such as Management Information Base (MIB) variables.

Answer 20

SNMP

Question 21

There are two main components of SNMP:

Answer 21

• SNMP manager or NMS (Network Manager Server) – collects management data from managed devices via polling or trap messages
• SNMP agent – found on a managed network device, it locally organises data and sends it to the manager.

Question 22

__s are collections of definitions of the managed objects. SNMP agents keep the database of values for definitions written in the __.

Answer 22

MIB

Question 23

SNMPv1 introduced five message types:

Answer 23

• Get Request
• Get Next Request
• Set Request
• Get Response
• Trap

Question 24

SNMPv2 introduced two new message types:

Answer 24

• Get Bulk Request

* Inform Request

Question 25

SNMPv2 also added __-bit counters to accommodate faster network interfaces.

Answer 25

64

Question 26

SNMPv2 added a complex security model, which was never widely accepted. Instead a “lighter” version of SNMPv2 known as version __ was introduced and considered the de facto version 2 standard

Answer 26

2c

Question 27

SMNPv3 introduces three levels of security:

Answer 27

• noAuthNoPriv – no authentication is required, and no privacy (encryption) is provided
• authNoPriv – authentication is based on MD5 or SHA. No encryption is provided
• authPriv – in addition to authentication, CBC-DES encryption is used.

Question 28

__ is an embedded Cisco IOS Software tool that reports the usage statistics of measured resources with the network, giving network managers clear insight to the traffic for analysis

Answer 28

NetFlow

Question 29

NetFlow requires three main components:

Answer 29

• Flow exporter – router or network device that is in charge of collecting flow information and exporting it to the flow collector
• Flow collector – a server that receives the exported flow information
• Flow analyser – an application that analyses flow information collected by the flow collector.

Question 30

Routers and switches that support NetFlow can collect __ on all interfaces where NetFlow is enabled, and later export those statistics as NetFlow records toward at least one NetFlow collector.

Answer 30

IP statistics

Question 31

NetFlow identifies a traffic flow by identifying several characteristics within the __ (source and dest IP etc). One the traffic flow is identified, subsequent packets that match those attributes are regarded as part of that flow.

Answer 31

packet header

Question 32

The flow data that is collected is the NetFlow cache is useless unless and admin can access it. There are two primary methods to access NetFlow data, the __ or using an __ tool.

Answer 32

CLI, application reporting

Question 33

The following steps are used to implement NetFlow data report

Answer 33

• NetFlow is configured to capture flows to the NetFlow cache, it is referred to as the “NetFlow record”
• The NetFlow export is configured to send flows to the collector
• The NetFlow cache is searched for flows that have terminated, which are exported to the NetFlow collector server
• Approx 30-50 flows are bundled together and transported in UDP format to the NetFlow collector server, it is referred to as the “NetFlow monitor”
• The NetFlow collector software creates real-time or historical reports from the data

Question 34

A flow is ready for export when it is __ for a certain time, or if the flow is long lived and lasts greater than the active timer.

Answer 34

inactive

Question 35

__ is an extension of NetFlow v9. It provides additional functionality that allows you to export more info using the same NetFlow v9 datagram. __ provides flexibility, scalability of flow data beyond traditional NetFlow.

Answer 35

Flexible NetFlow

Question 36

Original and Flexible NetFlow both use the values in key fields in IP datagrams, such as __ or __ address, as the criteria for determining when a new flow must be created in the cache while network traffic is being monitored.

Answer 36

source, destination

Question 37

Traditionally, an IP flow is based on a set of seven IP packet attributes. Flexible NetFlow allows the flow to be __; key fields are configurable allowing detailed traffic analysis.

Answer 37

user-defined

Question 38

Traditionally NetFlow has a single cache and all applications use the same cache info. Flexible NetFlow has the capability to create __ flow caches or information databases to track NetFlow information.

Answer 38

multiple

Question 39

With traditional NetFlow, typically seven IP packet fields are tracked to create NetFlow information. In flexible NetFlow, the user __ what to track.

Answer 39

configures

Question 40

Traditional NetFlow typically tracks IP information such as IP address, ports, protocols, TCP flags and most security systems look for anomalies. Flexible NetFlow allows the user to track a wide range of IP information including all the fields in the__ header, various individual TCP flags.

Answer 40

IPv4/IPv6

Question 41

Cisco IOS __ is a unique subsystem withing Cisco IOS software. __ is a powerful and flexible tool to automate tasks and customise the behaviour of Cisco IOS software and the operation of a device.

Answer 41

Embedded Event Manager (EEM)

Question 42

EEM can be used to create and run programs or scripts directly on a router or switch. The scripts are referred to as EEM __ and can be programmed using a simple CLI based interface or using a scripting language tool called Tool Command Language (Tcl)

Answer 42

policies

Question 43

__ allows you to respond to real-time events, automate tasks, create customised commands, and take local automated actions based on conditions or events detected by the Cisco IOS software itself.

Answer 43

EEM

Question 44

Policies can invoke several built-in actions for easy __. Actions can consist of sending SNMP traps and syslog messages, executing or disabled CLI commands, sending email, reloading the device, or running TcL scripts.

Answer 44

automation