Module 6.2

Question 1

Series of commands that control whether a device forwards or drops packets based on information found in the packet header

Answer 1

Access Control List (ACL)

Question 2

• They limit network traffic to increase network performance.
• They provide traffic flow control.
• They provide a basic level of security for network access.
• They filter traffic based on traffic type
• They screen hosts to permit or deny access to network services.

Answer 2

ACL

Question 3

Two types of Cisco IPv4 ACLs are

Answer 3

Standard and Extended

Question 4

Used to permit or deny traffic only from source IPv4 addresses. The destination of the packet and the ports involved are not evaluated.

Answer 4

Standard ACLs

Question 5

filter IPv4 packets based on several attributes that include:

• Protocol type
• Source IPv4 address
• Destination IPv4 address
• Source TCP or UDP ports
• Destination TCP or UDP ports
• Optional protocol type information for finer control

Answer 5

Extended ACLs

Question 6

Can be created using either a number or a name to identify the ACL and its list of statements.

Answer 6

Standard and extended

Question 7

Allows administrators to manage end devices such as servers, workstations, routers, switches, and security appliances, on an IP network.

Answer 7

Simple Network Management Protocol (SNMP)

Question 8

SNMP system consists of two elements

Answer 8

• SNMP manager that runs SNMP management software
• SNMP agents which are the nodes being monitored and managed

Question 9

A database on the agents that stores data and operational statistics about the device.

Answer 9

Management Information Base

Question 10

part of a network management system (NMS).

Answer 10

SNMP manager

Question 11

can collect information from an SNMP agent by using the “get” action and can change configurations on an agent by using the “set” action.

Answer 11

SNMP manager

Question 12

can forward information directly to a network manager by using “traps”.

Answer 12

SNMP agents

Question 13

Provides data to enable network and security monitoring, network planning, traffic analysis to include identification of network bottlenecks, and IP accounting for billing purposes

Answer 13

NetFlow

Question 14

NetFlow technology distinguishes packet flows using a combination of seven fields:

Answer 14

• Source IP address
• Destination IP address
• Source port number
• Destination port number
• Layer 3 protocol type
• Type of Service (ToS) marking
• Input logical interface

Question 15

Because network switches can isolate traffic, traffic sniffers or other network monitors, such as IDS, cannot access all the traffic on a network segment.

Answer 15

Packet analyzer (packet sniffer or traffic sniffer) limitation

Question 16

A feature that allows a switch to make duplicate copies of traffic passing through a switch, and then send it out a port with a network monitor attached. The original traffic is forwarded in the usual manner.

Answer 16

Port mirroring

Question 17

The most common method of accessing system messages.

Answer 17

Syslog protocol

Question 18

The syslog logging service provides three primary functions:

Answer 18

• The ability to gather logging information for monitoring and troubleshooting
• The ability to select the type of logging information that is captured
• The ability to specify the destination of captured syslog messages

Question 19

Important to synchronize the time across all devices on the network. When the time is not synchronized between devices, it will be impossible to determine the order of the events that have occurred in different parts of the network.

Answer 19

Network Time Protocol (NTP)

Question 20

Allows routers on the network to synchronize their time settings with an NTP server.

Answer 20

NTP protocol

Question 21

NTP networks use a hierarchical system of time sources. Each level in this hierarchical system.

Answer 21

stratum

Question 22

NTP servers are arranged in three levels known as strata:

Answer 22

Stratum 0
Stratum 1
Stratum 2 and lower strata

Question 23

An NTP network gets the time from authoritative time sources. These authoritative time sources, also referred to as devices, are high-precision timekeeping devices assumed to be accurate and with little or no delay associated with them

Answer 23

Stratum 0

Question 24

Devices are directly connected to the authoritative time sources. They act as the primary network time standard.

Answer 24

Stratum 1

Question 25

Are connected to stratum 1 devices through network connections. Synchronize their time using the NTP packets from stratum 1 servers. They could also act as servers for stratum 3 devices.

Answer 25

Stratum 2 and lower strata

Question 26

Three independent security functions provided by the AAA architectural framework are

Answer 26

authentication, authorization, and accounting.

Question 27

• Users and administrators must prove that they are who they say they are.
• Can be established using username and password combinations, challenge and response questions, token cards, and other methods.
• AAA provides a centralized way to control access to the network.

Answer 27

Authentication

Question 28

• After the user is authenticated, services determine which resources the user can access and which operations the user is allowed to perform.

Answer 28

Authorization

Question 29

• Records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made.
• Keeps track of how network resources are used.

Answer 29

Accounting

Question 30

A private network that is created over a public network, usually
the internet. Uses virtual connections that are routed through the internet from the organization to the remote site.

Answer 30

VPN