Network Services Flashcards
What protocol is used to synchronize the time on a network of machines?
Network Time Protocol (NTP)
What port does NTP use to communicate?
UDP port 123
NTP uses the concept of what to describe how many NTP hops away a machine is from an authoritative time source.
stratum
A stratum 2 server receives its time from what?
Stratum 1 server
Which level of stratum time server has a radio or atomic clock that is directly attached to it?
level 1 stratum
What command would you use to configure a client to use an NTP server?
ntp server ip-address [prefer] [source interface-id] command.
What does a NTP server do?
Provides accurate time information to clients.
What does a NTP client do?
Synchronizes its time to the server. This mode is most suited for file server and workstation clients that are not required to provide any form of time synchronization to other local clients.
What is a NTP peer?
Peers exchange time synchronization information. The peer mode is also commonly known as symmetric mode. It is intended for configurations where a group of low stratum peers operate as mutual backups for each other.
What is the most severe logging level?
Emergency (level 0)
What severity level is ALERT?
Severity 1 - Immediate action needed
What is the least severe level?
Debugging (level 7)
What severity level is WARNING?
severity 4
What severity level is INFORMATIONAL?
severity 6
What severity level is NOTIFICATION?
severity 5
How would configure a device to send log messages to a syslog server?
logging (hostname | ip address)
What SNMP component collects management data from managed devices via polling or trap messages?
SNMP Manager or NMS (Network Manager Server)
What is found on a managed network device, it locally organizes data and sends it to the manager?
SNMP Agent
Which SNMP version added a complex security model but was never widely accepted?
SNMPv2
Which SNMP version is the community standard but provides no security features besides a community string?
SNMPv2c
Which SNMP version supports authentication and encryption?
SNMPv3
What are the three components of NetFlow?
Flow Exporter, Flow Collector, Flow Analyzer
What is a flow exporter?
The router or network device in charge of collecting flow information and exporting it to a flow collector.
What is a flow collector?
A server that receives the exported flow information.
What is a flow analyzer?
An application that analyzes flow information collected by the flow collector.
What are some of the characteristics NetFlow can identify traffic flow?
Source and destination IP addresses, source and destination ports, and Differentiated Services Code Point (DSCP) or ToS markings.
What are the packet attributes in an IP flow?
IP source address, IP destination address, Source port, Destination port, Layer 3 protocol type, CoS, Router or switch interface
What is Cisco EEM?
Cisco IOS Embedded Event Manager (EEM) is a powerful and flexible tool to automate tasks and customize the behavior of Cisco IOS Software and the operation of a device.
With EEM, you can create and run programs or scripts directly on a router or switch. The scripts created are referred to as what?
EEM policies
EEM policies can programed by using which two methods?
A CLI-based interface (Applet) or a scripting language called Tool Command Interface (Tcl)
What are the two primary purpose of EEM scripts?
Assist in troubleshooting an issue and assist with a temporary workaround
What does a EEM server do?
The EEM server bridges the Cisco IOS subsystems used in the event detectors and the policies. Its primary purposes are to receive notifications from event detectors when an event of interest occurs, store the information about an event, publish events, register internal script directories, register Tcl scripts and applets, and process the actions taken by user-defined scripts.
What does a EEM detector do?
The event detectors in EEM are used to determine when an EEM event occurs. Event detectors are separate systems that provide an interface between the agent being monitored, like Simple Network Management Protocol (SNMP), and the EEM policies where an action can be implemented. The following are some examples of EEM event detectors:
What are some common EEM applet actions?
action cli: This action executes a Cisco IOS CLI command when an EEM applet is triggered.
action counter: This action sets or modifies a named counter when an EEM applet is triggered.
action decrement: This action decrements the value of a variable when an EEM applet is triggered.
action snmp-trap: This action generates an SNMP trap when an EEM applet is triggered.
action mail: This action sends a short email when an EEM applet is triggered.
action reload: This action reloads a Cisco IOS device when an EEM applet is triggered.
action syslog: This action writes a message to syslog when an EEM applet is triggered.
action put: This action enables the printing of data directly to the local tty when an EEM applet is triggered.
What are two commands you should use at the beginning of the actions in an applet because the applet assumes that the user is in EXEC mode, not privileged EXEC or config mode.
enable and configure terminal commands
What command you would use to see the actions taking place when an applet is running?
debug event manager action cli
What command would you use to show all the output for the configured actions while an applet is being executed?
debug event manager all
What command do you use to manually run an EEM applet?
event manager run applet-name
What command would you use to configure a device to act as an NTP server?
ntp master stratum-number
What does NTP use to determine the number of hops to the authoritative time source?
Stratum
What version of HSRP supports groups 0-255?
HSRPv1
What version of HSRP supports groups 0-4095?
HSRPv2
What’s the multicast address HSRPv1 uses?
224.0.0.2
What’s the multicast address HSRPv2 uses?
Multicast address is 224.0.0.102
What is the default version of HSRP?
HSRPv1
What’s the HSRP state when the device is responsible for forwarding (routing) packets that are being sent to it and responding to all ARP requests for the virtual IP address?
Active
In which HSRP state is the device not yet ready or able to participate in HSRP, possibly because the interface is not yet up.
Init or disabled
In which HSRP state the device has not determined the virtual IP address and has not yet seen an authenticated hello message from the active device. In this state, the device still waits to hear from the active device.
Learn
Which HSRP state is the device is receiving hello messages?
Listen
Which HSRP state is the device sending and receiving hello messages?
Speak
Which HSRP state is when the device is prepared to become the active device if the active device fails?
Standby
The device with the ______ priority will be the active device?
highest
If the HSRP priority is tied, what will break the tie?
The device with the higher interface IP address will become the active device.
What is the default HSRP priority?
100
What enables the HSRP router with the highest priority to immediately become the active router once it is available.
Preemption
Is HSRP preemption enabled by default?
no
What command allows you to enable preemption?
standby preemption
What are the two ways to implement HSRP authentication?
Plaintext and MD5 authentication
What indicates how long the HSRP hello time is valid?
HSRP hold time
What’s the default HSRP hello time?
3 seconds
What’s the default HSRP hold time?
10 seconds
What VRRP role is analogous to the HSRP active role?
VRRP master
What VRRP role is analogous to the HSRP standby role?
VRRP backup
What does priority 0 indicate in VRRP?
It indicates that the current master has stopped participating in VRRP.
What virtual IP parameter can you configure in VRRP that you cannot in HSRP?
VRRP allows you to use an IP address of one of the physical VRRP group members as the virtual IP address.
What multicast address does VRRP use?
224.0.0.18
Which FHRP can track both interfaces and objects?
HSRP
What is a Cisco-proprietary protocol, that protects data traffic from a failed device or circuit, and provides true load balancing within a subnet/VLAN between a grouping of redundant devices?
Gateway Load Balancing Protocol (GLBP)
Which logging severity level indicates that the system is unstable?
Emergency
Which logging severity level indicates a normal but significant condition?
Critical
All except which of the following are elements of a syslog message?
A. Sequence number
B. Timestamp
C. Severity
D. Notification
Notification is not an element of a syslog message, but it is a severity level.
Which of the following is not an IP packet attribute that IP flow in NetFlow is based on?
A. IP source address
B. IP destination address
C. Source port
D. Destination MAC address
D. Destination MAC address
Which of the following can track a wide range of packet information for Layer 2, IPv4, and IPv6 flows?
A. NetFlow Version 9
B. NetFlow Version 10
C. Flexible NetFlow
D. Flexible NetFlow Version 7
Flexible NetFlow
All except which of the following are components of Flexible NetFlow?
A. Flow record
Flow session
C. Flow monitor
D. Flow exporter
B. Flow session
What copies traffic from one or more ports, one or more EtherChannels, or one or more VLANs and sends the copied traffic to one or more destinations for analysis by a network analyzer or network sniffer?
SPAN
T/F: A destination port doesn’t have to reside on the same switch as the source port (for a local SPAN session).
False
T/F: In SPAN, a destination port cannot be a source port.
True
T/F: When configuring a local SPAN session, if the traffic direction is not configured, the source sends both transmitted (Tx) and received (Rx) traffic to the destination port to be monitored.
True
What command configures the source port for a SPAN session?
monitor session 1 source interface GigabitEthernet 0/0
What command configures the destination port for a SPAN session?
monitor session 1 destination interface GigabitEthernet 0/0
What command shows a local SPAN session?
show monitor session 1
What supports source ports, source VLANs, and destinations on different switches, facilitating remote monitoring of multiple switches across networks?
Remote span (RSPAN)
To configure RSPAN, you need to create an RSPAN VLAN and trunk it between the switches.
True
What supports source ports, source VLANs, and destinations on different switches across Layer 3 links, providing remote monitoring of multiple switches across a network?
Encapsulated Remote SPAN (ERSPAN)
ERSPAN uses what kind of tunnel to carry traffic between switches?
GRE tunnel
T/F: ERSPAN source sessions copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs.
False. Each ERSPAN source session can have either ports or VLANs as sources, but not both.
Which version of SPAN requires the source and destination of a session to be on the same device?
Local SPAN
Which of the following can be used for capturing packets from one device and sending the capture across a Layer 3 routed link to another destination?
ERSPAN
Which Cisco IOS feature allows for the monitoring of traffic on one or more ports or VLANs and sends the traffic to one or more destinations?
ERSPAN
What element of a syslog message refers to the sources and cause of a system message?
Facility
When logging severity level 2 is configured, what is actually logged? (Choose all that apply.)
A. Emergency
B. Notification
C. Alert
D. Critical
A. Emergency
C. Alert
D. Critical
Which of the following are components for configuring Flexible NetFlow?
A. Flow record
B. Flow monitor
C. Flow exporter
D. Sequence number
E. Flow sampler
A. Flow record
B. Flow monitor
C. Flow exporter
E. Flow sampler
What command is used to show the type of session, the source port for each traffic direction, and the destination port for SPAN sessions?
show monitor session
What type of SPAN requires a special VLAN for moving the monitored traffic?
RSPAN
What protocol is used between routers to build a multicast tree and track which multicast packets to forward to each other and to their locally connected LANs?
Protocol Independent Multicast (PIM)
What protocol is used between hosts on a LAN and routers on that LAN to track which multicast groups hosts belong to?
Internet Group Management Protocol (IGMP)
The hosts that belong to a multicast group are referred to as what?
Group members
Multicast host group addresses can be in the range 224.0.0.0 to what?
224.0.0.0 to 239.255.255.255
What is the multicast address range reserved for link-local addresses?
224.0.0.0–224.0.0.255
What is the multicast address range reserved for globally scoped addresses?
224.0.1.0–238.255.255.255
What is the multicast address range reserved for source-specific multicast (SSM) addresses?
232.0.0.0–232.255.255.255
What is the multicast address range reserved for GLOP addresses?
233.0.0.0–233.255.255.255. Reserved for statically defined addresses by organizations that already have an assigned autonomous system (AS) domain number
What is the multicast address range reserved for limited-scope addresses?
239.0.0.0–239.255.255.255. Reserved as administrative or limited-scope addresses for use in private multicast domains
What is a network device that sends query messages to discover which network devices are members of a particular multicast group?
A Querier
What is a receiver, including a router, that sends report messages (in response to query messages) to inform the querier of host membership? They use IGMP messages to join and leave multicast groups.
Host
Which version of IGMP is defined in RFC 2236, extends IGMP functionality by providing features such as the IGMP leave process to reduce leave latency, group-specific queries, and an explicit maximum query response time?
IGMPv2
Which version of IGMP supports SSM?
IGMPv3
Which version of IGMP is defined in RFC 1112, primarily uses a query/response model that enables the multicast router and multilayer switch to find which multicast groups are active (that is, have one or multiple hosts interested in a multicast group) on the local subnet?
IGMPv1
What does a receiver send to the local router when it wants to receive a multicast stream from a multicast source?
unsolicited membership report, referred to as an IGMP join
What is an IPv6 protocol that a host uses to request multicast data for a particular multicast group?
Multicast Listener Discovery (MLD)
What is defined in RFC 4541, examines the Layer 2 IP multicast traffic within a VLAN to discover the ports where interested receivers reside?
IGMP snooping
What type of tree has its root at the source and branches forming a spanning tree through the network to the receivers?
Source tree
What type of tree uses the shortest path through the network, and is also referred to as the shortest path tree (SPT)?
Source tree
What type of tree uses a single common root placed at some chosen point in the network?
Shared tree
What is a concept in multicast forwarding that enables routers to forward multicast traffic down the distribution tree correctly?
Reverse-path forwarding (RPF)
What PIM forwarding mode uses a push model to initially flood multicast traffic throughout the network?
PIM Dense Mode (PIM-DM)
What PIM forwarding mode uses a pull model to deliver multicast traffic?
PIM Sparse Mode (PIM-SM)
What PIM forwarding mode uses shared trees and requires the use of an RP?
PIM Sparse Mode (PIM-SM)
In what mode does the router handles both dense groups and sparse groups at the same time?
PIM Sparse-Dense Mode
What is an enhancement of the PIM protocol that is designed for efficient many-to-many communications within a PIM domain?
Bidirectional PIM (Bidir-PIM)
What is an extension of the PIM protocol that provides an efficient data delivery mechanism in one-to-many communications?
Source-Specific Multicast (SSM)
What acts as the meeting place for sources and receivers of multicast data in a shared tree?
Rendezvous point (RP)
What’s the term for statically configuring an RP for a multicast group range on every router in the multicast domain?
Static RP.
What is a Cisco-proprietary method that automates the distribution of group-to-RP mappings in a PIM network?
Auto-RP
In Auto-RP, what type of RPs advertise their willingness to become RPs by sending RP announcement messages at 60-second intervals to the well-known multicast group address 224.0.1.39 (CISCO-RP-ANNOUNCE)?
Candidate RPs
In Auto-RP, what receives the RP announcement messages from the RPs and arbitrate conflicts?
RP mapping agents
Which of the following is not an IP packet attribute that IP flow in NetFlow is based on?
IP source address
IP destination address
Source port
Destination MAC address
The destination MAC address is not one of the packet attributes that IP flow is based on
Which of the following can track a wide range of packet information for Layer 2, IPv4, and IPv6 flows?
NetFlow Version 9
NetFlow Version 10
Flexible NetFlow
Flexible NetFlow Version 7
Flexible NetFlow
All except which of the following are components of Flexible NetFlow?
Flow record
Flow session
Flow monitor
Flow exporter
Flow session
What section of the Netflow config do you point to IP address of the collector and what destination port it will listen to?
Flow exporter
When configuring netflow, what do you apply to the interface you want monitor?
Flow monitor
What are assigned to Flexible NetFlow flow monitors to define the cache used for storing flow data?
Flow record
What element of a syslog message refers to the sources and cause of a system message?
Sequence number
Timestamp
Severity
Facility
Facility
When logging severity level 2 is configured, what is actually logged? (Choose all that apply.)
Emergency
Notification
Alert
Critical
Emergency
Alert
Critical
Which of the following are components for configuring Flexible NetFlow? (Choose four.)
Flow record
Flow monitor
Flow exporter
Sequence number
Flow sampler
Flow record
Flow monitor
Flow exporter
Flow sampler
What type of SPAN requires a special VLAN for moving the monitored traffic?
RSPAN. The traffic for each RSPAN session is carried as Layer 2 nonroutable traffic over a user-specified RSPAN VLAN dedicated to that RSPAN session in all participating switches.
What command is used to show the type of session, the source port for each traffic direction, and the destination port for SPAN sessions?
show monitor session
Is an IP SLA responder required for IP SLA to function?
No
True or false: When configuring IP SLA, you cannot configure multiple IP SLA instances on a single device.
False
IP SLA can be used to monitor which of the following? (Choose three.)
Syslog messages
Packet loss
Server/website responses and downtime
Delay
Packet loss
Server/website responses and downtime
Delay
Which switch command can you issue to verify the configuration for a specific ERSPAN session when the SPAN session is encapsulated and routed across a Layer 3 network?
show monitor | include erspan-source
show running-config | include erspan-source
show monitor session erspan-source
show erspan-source
show monitor session erspan-source
What was the first version of NTP to introduce time synchronization support for IPv6?
NTPv3
NTPv4
NTPv5
NTPv6
NTPv4
You are configuring RSPAN from Switch A to Switch B. On Switch B, you want to configure VLAN 11 as the destination for packets that are sent to Switch A.
Which of the following commands are you most likely to issue on Switch B?
monitor session 1 destination vlan 11
monitor session 1 destination remote vlan 11
monitor session 1 source vlan 11
monitor session 1 source remote vlan 11
monitor session 1 destination remote vlan 11
What is the mac-address HSRPv1 uses?
0000.0c07.acXX
0000.0c9f.fxxxx
0005.73a0.0xxx
0000.0c07.acXX
What is the mac-address HSRPv2 uses?
0000.0c07.acXX
0000.0c9f.fxxxx
0005.73a0.0xxx
0000.0c9f.fxxxx
