Network Services Flashcards

1
Q

What protocol is used to synchronize the time on a network of machines?

A

Network Time Protocol (NTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What port does NTP use to communicate?

A

UDP port 123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

NTP uses the concept of what to describe how many NTP hops away a machine is from an authoritative time source.

A

stratum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A stratum 2 server receives its time from what?

A

Stratum 1 server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which level of stratum time server has a radio or atomic clock that is directly attached to it?

A

level 1 stratum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What command would you use to configure a client to use an NTP server?

A

ntp server ip-address [prefer] [source interface-id] command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does a NTP server do?

A

Provides accurate time information to clients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does a NTP client do?

A

Synchronizes its time to the server. This mode is most suited for file server and workstation clients that are not required to provide any form of time synchronization to other local clients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a NTP peer?

A

Peers exchange time synchronization information. The peer mode is also commonly known as symmetric mode. It is intended for configurations where a group of low stratum peers operate as mutual backups for each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the most severe logging level?

A

Emergency (level 0)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What severity level is ALERT?

A

Severity 1 - Immediate action needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the least severe level?

A

Debugging (level 7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What severity level is WARNING?

A

severity 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What severity level is INFORMATIONAL?

A

severity 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What severity level is NOTIFICATION?

A

severity 5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How would configure a device to send log messages to a syslog server?

A

logging (hostname | ip address)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What SNMP component collects management data from managed devices via polling or trap messages?

A

SNMP Manager or NMS (Network Manager Server)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is found on a managed network device, it locally organizes data and sends it to the manager?

A

SNMP Agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which SNMP version added a complex security model but was never widely accepted?

A

SNMPv2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which SNMP version is the community standard but provides no security features besides a community string?

A

SNMPv2c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which SNMP version supports authentication and encryption?

A

SNMPv3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are the three components of NetFlow?

A

Flow Exporter, Flow Collector, Flow Analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a flow exporter?

A

The router or network device in charge of collecting flow information and exporting it to a flow collector.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a flow collector?

A

A server that receives the exported flow information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a flow analyzer?

A

An application that analyzes flow information collected by the flow collector.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are some of the characteristics NetFlow can identify traffic flow?

A

Source and destination IP addresses, source and destination ports, and Differentiated Services Code Point (DSCP) or ToS markings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are the packet attributes in an IP flow?

A

IP source address, IP destination address, Source port, Destination port, Layer 3 protocol type, CoS, Router or switch interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is Cisco EEM?

A

Cisco IOS Embedded Event Manager (EEM) is a powerful and flexible tool to automate tasks and customize the behavior of Cisco IOS Software and the operation of a device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

With EEM, you can create and run programs or scripts directly on a router or switch. The scripts created are referred to as what?

A

EEM policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

EEM policies can programed by using which two methods?

A

A CLI-based interface (Applet) or a scripting language called Tool Command Interface (Tcl)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What are the two primary purpose of EEM scripts?

A

Assist in troubleshooting an issue and assist with a temporary workaround

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What does a EEM server do?

A

The EEM server bridges the Cisco IOS subsystems used in the event detectors and the policies. Its primary purposes are to receive notifications from event detectors when an event of interest occurs, store the information about an event, publish events, register internal script directories, register Tcl scripts and applets, and process the actions taken by user-defined scripts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What does a EEM detector do?

A

The event detectors in EEM are used to determine when an EEM event occurs. Event detectors are separate systems that provide an interface between the agent being monitored, like Simple Network Management Protocol (SNMP), and the EEM policies where an action can be implemented. The following are some examples of EEM event detectors:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What are some common EEM applet actions?

A

action cli: This action executes a Cisco IOS CLI command when an EEM applet is triggered.

action counter: This action sets or modifies a named counter when an EEM applet is triggered.

action decrement: This action decrements the value of a variable when an EEM applet is triggered.

action snmp-trap: This action generates an SNMP trap when an EEM applet is triggered.

action mail: This action sends a short email when an EEM applet is triggered.

action reload: This action reloads a Cisco IOS device when an EEM applet is triggered.

action syslog: This action writes a message to syslog when an EEM applet is triggered.

action put: This action enables the printing of data directly to the local tty when an EEM applet is triggered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What are two commands you should use at the beginning of the actions in an applet because the applet assumes that the user is in EXEC mode, not privileged EXEC or config mode.

A

enable and configure terminal commands

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What command you would use to see the actions taking place when an applet is running?

A

debug event manager action cli

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What command would you use to show all the output for the configured actions while an applet is being executed?

A

debug event manager all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What command do you use to manually run an EEM applet?

A

event manager run applet-name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What command would you use to configure a device to act as an NTP server?

A

ntp master stratum-number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What does NTP use to determine the number of hops to the authoritative time source?

A

Stratum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What version of HSRP supports groups 0-255?

A

HSRPv1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What version of HSRP supports groups 0-4095?

A

HSRPv2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What’s the multicast address HSRPv1 uses?

A

224.0.0.2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What’s the multicast address HSRPv2 uses?

A

Multicast address is 224.0.0.102

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is the default version of HSRP?

A

HSRPv1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What’s the HSRP state when the device is responsible for forwarding (routing) packets that are being sent to it and responding to all ARP requests for the virtual IP address?

A

Active

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

In which HSRP state is the device not yet ready or able to participate in HSRP, possibly because the interface is not yet up.

A

Init or disabled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

In which HSRP state the device has not determined the virtual IP address and has not yet seen an authenticated hello message from the active device. In this state, the device still waits to hear from the active device.

A

Learn

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which HSRP state is the device is receiving hello messages?

A

Listen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which HSRP state is the device sending and receiving hello messages?

A

Speak

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which HSRP state is when the device is prepared to become the active device if the active device fails?

A

Standby

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

The device with the ______ priority will be the active device?

A

highest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

If the HSRP priority is tied, what will break the tie?

A

The device with the higher interface IP address will become the active device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is the default HSRP priority?

A

100

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What enables the HSRP router with the highest priority to immediately become the active router once it is available.

A

Preemption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Is HSRP preemption enabled by default?

A

no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What command allows you to enable preemption?

A

standby preemption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What are the two ways to implement HSRP authentication?

A

Plaintext and MD5 authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What indicates how long the HSRP hello time is valid?

A

HSRP hold time

60
Q

What’s the default HSRP hello time?

A

3 seconds

61
Q

What’s the default HSRP hold time?

A

10 seconds

62
Q

What VRRP role is analogous to the HSRP active role?

A

VRRP master

63
Q

What VRRP role is analogous to the HSRP standby role?

A

VRRP backup

64
Q

What does priority 0 indicate in VRRP?

A

It indicates that the current master has stopped participating in VRRP.

65
Q

What virtual IP parameter can you configure in VRRP that you cannot in HSRP?

A

VRRP allows you to use an IP address of one of the physical VRRP group members as the virtual IP address.

66
Q

What multicast address does VRRP use?

A

224.0.0.18

67
Q

Which FHRP can track both interfaces and objects?

A

HSRP

68
Q

What is a Cisco-proprietary protocol, that protects data traffic from a failed device or circuit, and provides true load balancing within a subnet/VLAN between a grouping of redundant devices?

A

Gateway Load Balancing Protocol (GLBP)

69
Q

Which logging severity level indicates that the system is unstable?

A

Emergency

70
Q

Which logging severity level indicates a normal but significant condition?

A

Critical

71
Q

All except which of the following are elements of a syslog message?

A. Sequence number

B. Timestamp

C. Severity

D. Notification

A

Notification is not an element of a syslog message, but it is a severity level.

72
Q

Which of the following is not an IP packet attribute that IP flow in NetFlow is based on?

A. IP source address

B. IP destination address

C. Source port

D. Destination MAC address

A

D. Destination MAC address

73
Q

Which of the following can track a wide range of packet information for Layer 2, IPv4, and IPv6 flows?

A. NetFlow Version 9

B. NetFlow Version 10

C. Flexible NetFlow

D. Flexible NetFlow Version 7

A

Flexible NetFlow

74
Q

All except which of the following are components of Flexible NetFlow?

A. Flow record

Flow session

C. Flow monitor

D. Flow exporter

A

B. Flow session

75
Q

What copies traffic from one or more ports, one or more EtherChannels, or one or more VLANs and sends the copied traffic to one or more destinations for analysis by a network analyzer or network sniffer?

A

SPAN

76
Q

T/F: A destination port doesn’t have to reside on the same switch as the source port (for a local SPAN session).

A

False

77
Q

T/F: In SPAN, a destination port cannot be a source port.

A

True

78
Q

T/F: When configuring a local SPAN session, if the traffic direction is not configured, the source sends both transmitted (Tx) and received (Rx) traffic to the destination port to be monitored.

A

True

79
Q

What command configures the source port for a SPAN session?

A

monitor session 1 source interface GigabitEthernet 0/0

80
Q

What command configures the destination port for a SPAN session?

A

monitor session 1 destination interface GigabitEthernet 0/0

81
Q

What command shows a local SPAN session?

A

show monitor session 1

82
Q

What supports source ports, source VLANs, and destinations on different switches, facilitating remote monitoring of multiple switches across networks?

A

Remote span (RSPAN)

83
Q

To configure RSPAN, you need to create an RSPAN VLAN and trunk it between the switches.

A

True

84
Q

What supports source ports, source VLANs, and destinations on different switches across Layer 3 links, providing remote monitoring of multiple switches across a network?

A

Encapsulated Remote SPAN (ERSPAN)

85
Q

ERSPAN uses what kind of tunnel to carry traffic between switches?

A

GRE tunnel

86
Q

T/F: ERSPAN source sessions copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs.

A

False. Each ERSPAN source session can have either ports or VLANs as sources, but not both.

87
Q

Which version of SPAN requires the source and destination of a session to be on the same device?

A

Local SPAN

88
Q

Which of the following can be used for capturing packets from one device and sending the capture across a Layer 3 routed link to another destination?

A

ERSPAN

89
Q

Which Cisco IOS feature allows for the monitoring of traffic on one or more ports or VLANs and sends the traffic to one or more destinations?

A

ERSPAN

90
Q

What element of a syslog message refers to the sources and cause of a system message?

A

Facility

91
Q

When logging severity level 2 is configured, what is actually logged? (Choose all that apply.)

A. Emergency

B. Notification

C. Alert

D. Critical

A

A. Emergency
C. Alert
D. Critical

92
Q

Which of the following are components for configuring Flexible NetFlow?

A. Flow record

B. Flow monitor

C. Flow exporter

D. Sequence number

E. Flow sampler

A

A. Flow record
B. Flow monitor
C. Flow exporter
E. Flow sampler

93
Q

What command is used to show the type of session, the source port for each traffic direction, and the destination port for SPAN sessions?

A

show monitor session

94
Q

What type of SPAN requires a special VLAN for moving the monitored traffic?

A

RSPAN

95
Q

What protocol is used between routers to build a multicast tree and track which multicast packets to forward to each other and to their locally connected LANs?

A

Protocol Independent Multicast (PIM)

96
Q

What protocol is used between hosts on a LAN and routers on that LAN to track which multicast groups hosts belong to?

A

Internet Group Management Protocol (IGMP)

97
Q

The hosts that belong to a multicast group are referred to as what?

A

Group members

98
Q

Multicast host group addresses can be in the range 224.0.0.0 to what?

A

224.0.0.0 to 239.255.255.255

99
Q

What is the multicast address range reserved for link-local addresses?

A

224.0.0.0–224.0.0.255

100
Q

What is the multicast address range reserved for globally scoped addresses?

A

224.0.1.0–238.255.255.255

101
Q

What is the multicast address range reserved for source-specific multicast (SSM) addresses?

A

232.0.0.0–232.255.255.255

102
Q

What is the multicast address range reserved for GLOP addresses?

A

233.0.0.0–233.255.255.255. Reserved for statically defined addresses by organizations that already have an assigned autonomous system (AS) domain number

103
Q

What is the multicast address range reserved for limited-scope addresses?

A

239.0.0.0–239.255.255.255. Reserved as administrative or limited-scope addresses for use in private multicast domains

104
Q

What is a network device that sends query messages to discover which network devices are members of a particular multicast group?

A

A Querier

105
Q

What is a receiver, including a router, that sends report messages (in response to query messages) to inform the querier of host membership? They use IGMP messages to join and leave multicast groups.

A

Host

106
Q

Which version of IGMP is defined in RFC 2236, extends IGMP functionality by providing features such as the IGMP leave process to reduce leave latency, group-specific queries, and an explicit maximum query response time?

A

IGMPv2

107
Q

Which version of IGMP supports SSM?

A

IGMPv3

108
Q

Which version of IGMP is defined in RFC 1112, primarily uses a query/response model that enables the multicast router and multilayer switch to find which multicast groups are active (that is, have one or multiple hosts interested in a multicast group) on the local subnet?

A

IGMPv1

109
Q

What does a receiver send to the local router when it wants to receive a multicast stream from a multicast source?

A

unsolicited membership report, referred to as an IGMP join

110
Q

What is an IPv6 protocol that a host uses to request multicast data for a particular multicast group?

A

Multicast Listener Discovery (MLD)

111
Q

What is defined in RFC 4541, examines the Layer 2 IP multicast traffic within a VLAN to discover the ports where interested receivers reside?

A

IGMP snooping

112
Q

What type of tree has its root at the source and branches forming a spanning tree through the network to the receivers?

A

Source tree

113
Q

What type of tree uses the shortest path through the network, and is also referred to as the shortest path tree (SPT)?

A

Source tree

114
Q

What type of tree uses a single common root placed at some chosen point in the network?

A

Shared tree

115
Q

What is a concept in multicast forwarding that enables routers to forward multicast traffic down the distribution tree correctly?

A

Reverse-path forwarding (RPF)

116
Q

What PIM forwarding mode uses a push model to initially flood multicast traffic throughout the network?

A

PIM Dense Mode (PIM-DM)

117
Q

What PIM forwarding mode uses a pull model to deliver multicast traffic?

A

PIM Sparse Mode (PIM-SM)

118
Q

What PIM forwarding mode uses shared trees and requires the use of an RP?

A

PIM Sparse Mode (PIM-SM)

119
Q

In what mode does the router handles both dense groups and sparse groups at the same time?

A

PIM Sparse-Dense Mode

120
Q

What is an enhancement of the PIM protocol that is designed for efficient many-to-many communications within a PIM domain?

A

Bidirectional PIM (Bidir-PIM)

121
Q

What is an extension of the PIM protocol that provides an efficient data delivery mechanism in one-to-many communications?

A

Source-Specific Multicast (SSM)

122
Q

What acts as the meeting place for sources and receivers of multicast data in a shared tree?

A

Rendezvous point (RP)

123
Q

What’s the term for statically configuring an RP for a multicast group range on every router in the multicast domain?

A

Static RP.

124
Q

What is a Cisco-proprietary method that automates the distribution of group-to-RP mappings in a PIM network?

A

Auto-RP

125
Q

In Auto-RP, what type of RPs advertise their willingness to become RPs by sending RP announcement messages at 60-second intervals to the well-known multicast group address 224.0.1.39 (CISCO-RP-ANNOUNCE)?

A

Candidate RPs

126
Q

In Auto-RP, what receives the RP announcement messages from the RPs and arbitrate conflicts?

A

RP mapping agents

127
Q

Which of the following is not an IP packet attribute that IP flow in NetFlow is based on?

IP source address

IP destination address

Source port

Destination MAC address

A

The destination MAC address is not one of the packet attributes that IP flow is based on

128
Q

Which of the following can track a wide range of packet information for Layer 2, IPv4, and IPv6 flows?

NetFlow Version 9

NetFlow Version 10

Flexible NetFlow

Flexible NetFlow Version 7

A

Flexible NetFlow

129
Q

All except which of the following are components of Flexible NetFlow?

Flow record

Flow session

Flow monitor

Flow exporter

A

Flow session

130
Q

What section of the Netflow config do you point to IP address of the collector and what destination port it will listen to?

A

Flow exporter

131
Q

When configuring netflow, what do you apply to the interface you want monitor?

A

Flow monitor

132
Q

What are assigned to Flexible NetFlow flow monitors to define the cache used for storing flow data?

A

Flow record

133
Q

What element of a syslog message refers to the sources and cause of a system message?

Sequence number

Timestamp

Severity

Facility

A

Facility

134
Q

When logging severity level 2 is configured, what is actually logged? (Choose all that apply.)

Emergency

Notification

Alert

Critical

A

Emergency
Alert
Critical

135
Q

Which of the following are components for configuring Flexible NetFlow? (Choose four.)

Flow record

Flow monitor

Flow exporter

Sequence number

Flow sampler

A

Flow record

Flow monitor

Flow exporter

Flow sampler

136
Q

What type of SPAN requires a special VLAN for moving the monitored traffic?

A

RSPAN. The traffic for each RSPAN session is carried as Layer 2 nonroutable traffic over a user-specified RSPAN VLAN dedicated to that RSPAN session in all participating switches.

137
Q

What command is used to show the type of session, the source port for each traffic direction, and the destination port for SPAN sessions?

A

show monitor session

138
Q

Is an IP SLA responder required for IP SLA to function?

A

No

139
Q

True or false: When configuring IP SLA, you cannot configure multiple IP SLA instances on a single device.

A

False

140
Q

IP SLA can be used to monitor which of the following? (Choose three.)

Syslog messages

Packet loss

Server/website responses and downtime

Delay

A

Packet loss

Server/website responses and downtime

Delay

141
Q

Which switch command can you issue to verify the configuration for a specific ERSPAN session when the SPAN session is encapsulated and routed across a Layer 3 network?

show monitor | include erspan-source
show running-config | include erspan-source
show monitor session erspan-source
show erspan-source

A

show monitor session erspan-source

142
Q

What was the first version of NTP to introduce time synchronization support for IPv6?

NTPv3
NTPv4
NTPv5
NTPv6

A

NTPv4

143
Q

You are configuring RSPAN from Switch A to Switch B. On Switch B, you want to configure VLAN 11 as the destination for packets that are sent to Switch A.

Which of the following commands are you most likely to issue on Switch B?

monitor session 1 destination vlan 11
monitor session 1 destination remote vlan 11
monitor session 1 source vlan 11
monitor session 1 source remote vlan 11

A

monitor session 1 destination remote vlan 11

144
Q

What is the mac-address HSRPv1 uses?

0000.0c07.acXX
0000.0c9f.fxxxx
0005.73a0.0xxx

A

0000.0c07.acXX

145
Q

What is the mac-address HSRPv2 uses?

0000.0c07.acXX
0000.0c9f.fxxxx
0005.73a0.0xxx

A

0000.0c9f.fxxxx