Network Monitoring

Question 1

Network monitoring tools

Answer 1

Syslog. SNMP, Netflow

Question 2

Common Layer 2 attacks

Answer 2

CDP Reconnaissance Attack
Telnet attacks
MAC address table flooding attack
VLAN attacks
DHCP attacks

Question 3

Collecting and displaying messages as they appear on a Cisco device console display

Answer 3

Syslog

Question 4

A protocol used for Time Synchronization across devices in network monitoring.

Answer 4

NTP

Question 5

A protocol that allows network devices to send its system messages across the network to syslog servers

Answer 5

Syslog

Question 6

Used to manage IP network devices over the network with its rich set of data records and data trees to both retrieve and configure(change) information from networking devices & workstations.

Answer 6

SNMP

Question 7

Log errors based on severity level 0 to 7 with level 0 as most severe

Answer 7

Syslog

Question 8

Has 3 components

Answer 8

SNMP

Question 9

SNMP commands

Answer 9

Get-request, set request, get bulk-requests, trap

Question 10

Components in SNMP

Answer 10

NetFlow, SPAN, IP SLA

Question 11

Command to disable CDP globally

Answer 11

no cdp run

Question 12

Types of telnet attacks

Answer 12

Brute Force password Attack

Telnet DoS attack

Question 13

Attacker exceeds the MAC address table capacity using fake MAC address causing the switch to be in fail-open mode and broadcasts all frames allowing the attacker to capture those frames

Answer 13

MAC address flooding attack

Question 14

Attacker can gain VLAN access by configuring a host to spoof a switch and use the 802.1Q trunking protocol and DTP to trunk with the connecting switch

Answer 14

Vlan Attack

Question 15

Methods to mitigate VLAN Attacks

Answer 15

Explicitly configure access links
Disable auto trunking
Manually enable trunk links
Implement port security

Question 16

Types of DHCP attacks

Answer 16

DHCP spoofing attack

DHCP starvation attack

Question 17

Methods to mitigate DHCP attacks

Answer 17

configure DHCP snooping

configure port security

Question 18

Ways to secure layer 2 of a network

Answer 18

use secure variants of protocols such as SSH,SCP,SSL
Use strong passwords and change often.
Enable CDP on select ports
Select telnet access

Question 19

Elements of SNMP

Answer 19

SNMP manager,, agents, Management Information Base (MIB)

Question 20

Collects information from an SNMP agent using the “get” action. Changes configurations on an agent using the “set” action

Answer 20

SNMP Manager

Question 21

manage the nodes

Answer 21

SNMP Agents

Question 22

Stores data and operational statistics about the managed device

Answer 22

Management Information Base (MIB)

Question 23

unsolicited messages alerting the SNMP manager to a condition or event such as improper user authentication or link status

Answer 23

Traps

Question 24

Types of community strings

Answer 24

Read only

Read write

Question 25

Which SNMP version supports authentication and encrypts packets over the network to provide secure access to devices

Answer 25

SMNPv3

Question 26

3 security feature in SNMPv3

Answer 26

Message integrity and authentication Encryption access control

Question 27

Configuring community and access level in SNMP

Answer 27

snmp-server | community string ro | rw command

Question 28

SNMP best practices

Answer 28

Use ACLs | Recommended due to security

Question 29

Port mirroring allows a switch to copy and send ethernet frames from specific ports to the destination port connected to a packet analyzer

Answer 29

SPAN

Question 30

What is an SNMP management agent?

Answer 30

software that is installed on devices managed by SNMP

Question 31

What are the 2 span implementation?

Answer 31

Local Span | Remote Span

Question 32

Traffic on a switch is mirrored to another port on that switch

Answer 32

Local SPAN

Question 33

Allows source and destination ports to be in different switches

Answer 33

Remote SPAN

Question 34

RSPAN Sessions

Answer 34

1 - used as the source | 2 - used to copy or receive the traffic from a VLAN

Question 35

SNMP polling consume network resources (CPU& bandwidth) and slow in responses. Due to NMS periodically pools the SNMP agents resided on the managed devices

Answer 35

SNMP Traps

Question 36

uses generated traffic to measure network performance bet devices across multiple networks and locations.

Answer 36

IP SLA

Question 37

Collecting IP operational data from IP networks. or network and security monitoring, network planning, traffic analysis, and IP accounting

Answer 37

NetFlow

Question 38

Network Documentation

Answer 38

logical topology diagram physical topology diagram end-system configuration files baseline performance level

Question 39

Network performance baseline used for ?

Answer 39

Study/analyzing the network behavioral across different period time frame

Question 40

two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks

Answer 40

untrusted port, trusted DHCP port

Question 41

replying to GET request and SET request messages that are sent by an NMS

Answer 41

get-response

Question 42

retrieving multiple rows in a table in a single transmission

Answer 42

get-bulk-request

Question 43

Which protocol defines port-based authentication to restrict unauthorized hosts from connecting to the LAN through publicly accessible switch ports?

Answer 43

802.1x

Question 44

Which protocol or service can be configured to send unsolicited messages to alert the network administrator about a network event such as an extremely high CPU utilization on a router?

Answer 44

SNMP