Network Services Flashcards
1
Q
What protocol is used to synchronize the time on a network of machines?
A
Network Time Protocol (NTP)
2
Q
What port does NTP use to communicate?
A
UDP port 123
3
Q
NTP uses the concept of what to describe how many NTP hops away a machine is from an authoritative time source.
A
stratum
4
Q
A stratum 2 server receives its time from what?
A
Stratum 1 server
5
Q
Which level of stratum time server has a radio or atomic clock that is directly attached to it?
A
level 1 stratum
6
Q
What command would you use to configure a client to use an NTP server?
A
ntp server ip-address [prefer] [source interface-id] command.
7
Q
What does a NTP server do?
A
Provides accurate time information to clients.
8
Q
What does a NTP client do?
A
Synchronizes its time to the server. This mode is most suited for file server and workstation clients that are not required to provide any form of time synchronization to other local clients.
9
Q
What is a NTP peer?
A
Peers exchange time synchronization information. The peer mode is also commonly known as symmetric mode. It is intended for configurations where a group of low stratum peers operate as mutual backups for each other.
10
Q
What is the most severe logging level?
A
Emergency (level 0)
11
Q
What severity level is ALERT?
A
Severity 1 - Immediate action needed
12
Q
What is the least severe level?
A
Debugging (level 7)
13
Q
What severity level is WARNING?
A
severity 4
14
Q
What severity level is INFORMATIONAL?
A
severity 6
15
Q
What severity level is NOTIFICATION?
A
severity 5
16
Q
How would configure a device to send log messages to a syslog server?
A
logging (hostname | ip address)
17
Q
What SNMP component collects management data from managed devices via polling or trap messages?
A
SNMP Manager or NMS (Network Manager Server)
18
Q
What is found on a managed network device, it locally organizes data and sends it to the manager?
A
SNMP Agent
19
Q
Which SNMP version added a complex security model but was never widely accepted?
A
SNMPv2
20
Q
Which SNMP version is the community standard but provides no security features besides a community string?
A
SNMPv2c
21
Q
Which SNMP version supports authentication and encryption?
A
SNMPv3
22
Q
What are the three components of NetFlow?
A
Flow Exporter, Flow Collector, Flow Analyzer
23
Q
What is a flow exporter?
A
The router or network device in charge of collecting flow information and exporting it to a flow collector.
24
Q
What is a flow collector?
A
A server that receives the exported flow information.
25
What is a flow analyzer?
An application that analyzes flow information collected by the flow collector.
26
What are some of the characteristics NetFlow can identify traffic flow?
Source and destination IP addresses, source and destination ports, and Differentiated Services Code Point (DSCP) or ToS markings.
27
What are the packet attributes in an IP flow?
IP source address, IP destination address, Source port, Destination port, Layer 3 protocol type, CoS, Router or switch interface
28
What is Cisco EEM?
Cisco IOS Embedded Event Manager (EEM) is a powerful and flexible tool to automate tasks and customize the behavior of Cisco IOS Software and the operation of a device.
29
With EEM, you can create and run programs or scripts directly on a router or switch. The scripts created are referred to as what?
EEM policies
30
EEM policies can programed by using which two methods?
A CLI-based interface (Applet) or a scripting language called Tool Command Interface (Tcl)
31
What are the two primary purpose of EEM scripts?
Assist in troubleshooting an issue and assist with a temporary workaround
32
What does a EEM server do?
The EEM server bridges the Cisco IOS subsystems used in the event detectors and the policies. Its primary purposes are to receive notifications from event detectors when an event of interest occurs, store the information about an event, publish events, register internal script directories, register Tcl scripts and applets, and process the actions taken by user-defined scripts.
33
What does a EEM detector do?
The event detectors in EEM are used to determine when an EEM event occurs. Event detectors are separate systems that provide an interface between the agent being monitored, like Simple Network Management Protocol (SNMP), and the EEM policies where an action can be implemented. The following are some examples of EEM event detectors:
34
What are some common EEM applet actions?
action cli: This action executes a Cisco IOS CLI command when an EEM applet is triggered.
action counter: This action sets or modifies a named counter when an EEM applet is triggered.
action decrement: This action decrements the value of a variable when an EEM applet is triggered.
action snmp-trap: This action generates an SNMP trap when an EEM applet is triggered.
action mail: This action sends a short email when an EEM applet is triggered.
action reload: This action reloads a Cisco IOS device when an EEM applet is triggered.
action syslog: This action writes a message to syslog when an EEM applet is triggered.
action put: This action enables the printing of data directly to the local tty when an EEM applet is triggered.
35
What are two commands you should use at the beginning of the actions in an applet because the applet assumes that the user is in EXEC mode, not privileged EXEC or config mode.
enable and configure terminal commands
36
What command you would use to see the actions taking place when an applet is running?
debug event manager action cli
37
What command would you use to show all the output for the configured actions while an applet is being executed?
debug event manager all
38
What command do you use to manually run an EEM applet?
event manager run applet-name
39
What command would you use to configure a device to act as an NTP server?
ntp master stratum-number
40
What does NTP use to determine the number of hops to the authoritative time source?
Stratum
41
What version of HSRP supports groups 0-255?
HSRPv1
42
What version of HSRP supports groups 0-4095?
HSRPv2
43
What's the multicast address HSRPv1 uses?
224.0.0.2
44
What's the multicast address HSRPv2 uses?
Multicast address is 224.0.0.102
45
What is the default version of HSRP?
HSRPv1
46
What's the HSRP state when the device is responsible for forwarding (routing) packets that are being sent to it and responding to all ARP requests for the virtual IP address?
Active
47
In which HSRP state is the device not yet ready or able to participate in HSRP, possibly because the interface is not yet up.
Init or disabled
48
In which HSRP state the device has not determined the virtual IP address and has not yet seen an authenticated hello message from the active device. In this state, the device still waits to hear from the active device.
Learn
49
Which HSRP state is the device is receiving hello messages?
Listen
50
Which HSRP state is the device sending and receiving hello messages?
Speak
51
Which HSRP state is when the device is prepared to become the active device if the active device fails?
Standby
52
The device with the ______ priority will be the active device?
highest
53
If the HSRP priority is tied, what will break the tie?
The device with the higher interface IP address will become the active device.
54
What is the default HSRP priority?
100
55
What enables the HSRP router with the highest priority to immediately become the active router once it is available.
Preemption
56
Is HSRP preemption enabled by default?
no
57
What command allows you to enable preemption?
standby preemption
58
What are the two ways to implement HSRP authentication?
Plaintext and MD5 authentication
59
What indicates how long the HSRP hello time is valid?
HSRP hold time
60
What's the default HSRP hello time?
3 seconds
61
What's the default HSRP hold time?
10 seconds
62
What VRRP role is analogous to the HSRP active role?
VRRP master
63
What VRRP role is analogous to the HSRP standby role?
VRRP backup
64
What does priority 0 indicate in VRRP?
It indicates that the current master has stopped participating in VRRP.
65
What virtual IP parameter can you configure in VRRP that you cannot in HSRP?
VRRP allows you to use an IP address of one of the physical VRRP group members as the virtual IP address.
66
What multicast address does VRRP use?
224.0.0.18
67
Which FHRP can track both interfaces and objects?
HSRP
68
What is a Cisco-proprietary protocol, that protects data traffic from a failed device or circuit, and provides true load balancing within a subnet/VLAN between a grouping of redundant devices?
Gateway Load Balancing Protocol (GLBP)
69
Which logging severity level indicates that the system is unstable?
Emergency
70
Which logging severity level indicates a normal but significant condition?
Critical
71
All except which of the following are elements of a syslog message?
A. Sequence number
B. Timestamp
C. Severity
D. Notification
Notification is not an element of a syslog message, but it is a severity level.
72
Which of the following is not an IP packet attribute that IP flow in NetFlow is based on?
A. IP source address
B. IP destination address
C. Source port
D. Destination MAC address
D. Destination MAC address
73
Which of the following can track a wide range of packet information for Layer 2, IPv4, and IPv6 flows?
A. NetFlow Version 9
B. NetFlow Version 10
C. Flexible NetFlow
D. Flexible NetFlow Version 7
Flexible NetFlow
74
All except which of the following are components of Flexible NetFlow?
A. Flow record
Flow session
C. Flow monitor
D. Flow exporter
B. Flow session
75
What copies traffic from one or more ports, one or more EtherChannels, or one or more VLANs and sends the copied traffic to one or more destinations for analysis by a network analyzer or network sniffer?
SPAN
76
T/F: A destination port doesn't have to reside on the same switch as the source port (for a local SPAN session).
False
77
T/F: In SPAN, a destination port cannot be a source port.
True
78
T/F: When configuring a local SPAN session, if the traffic direction is not configured, the source sends both transmitted (Tx) and received (Rx) traffic to the destination port to be monitored.
True
79
What command configures the source port for a SPAN session?
monitor session 1 source interface GigabitEthernet 0/0
80
What command configures the destination port for a SPAN session?
monitor session 1 destination interface GigabitEthernet 0/0
81
What command shows a local SPAN session?
show monitor session 1
82
What supports source ports, source VLANs, and destinations on different switches, facilitating remote monitoring of multiple switches across networks?
Remote span (RSPAN)
83
To configure RSPAN, you need to create an RSPAN VLAN and trunk it between the switches.
True
84
What supports source ports, source VLANs, and destinations on different switches across Layer 3 links, providing remote monitoring of multiple switches across a network?
Encapsulated Remote SPAN (ERSPAN)
85
ERSPAN uses what kind of tunnel to carry traffic between switches?
GRE tunnel
86
T/F: ERSPAN source sessions copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs.
False. Each ERSPAN source session can have either ports or VLANs as sources, but not both.
87
Which version of SPAN requires the source and destination of a session to be on the same device?
Local SPAN
88
Which of the following can be used for capturing packets from one device and sending the capture across a Layer 3 routed link to another destination?
ERSPAN
89
Which Cisco IOS feature allows for the monitoring of traffic on one or more ports or VLANs and sends the traffic to one or more destinations?
ERSPAN
90
What element of a syslog message refers to the sources and cause of a system message?
Facility
91
When logging severity level 2 is configured, what is actually logged? (Choose all that apply.)
A. Emergency
B. Notification
C. Alert
D. Critical
A. Emergency
C. Alert
D. Critical
92
Which of the following are components for configuring Flexible NetFlow?
A. Flow record
B. Flow monitor
C. Flow exporter
D. Sequence number
E. Flow sampler
A. Flow record
B. Flow monitor
C. Flow exporter
E. Flow sampler
93
What command is used to show the type of session, the source port for each traffic direction, and the destination port for SPAN sessions?
show monitor session
94
What type of SPAN requires a special VLAN for moving the monitored traffic?
RSPAN
95
What protocol is used between routers to build a multicast tree and track which multicast packets to forward to each other and to their locally connected LANs?
Protocol Independent Multicast (PIM)
96
What protocol is used between hosts on a LAN and routers on that LAN to track which multicast groups hosts belong to?
Internet Group Management Protocol (IGMP)
97
The hosts that belong to a multicast group are referred to as what?
Group members
98
Multicast host group addresses can be in the range 224.0.0.0 to what?
224.0.0.0 to 239.255.255.255
99
What is the multicast address range reserved for link-local addresses?
224.0.0.0–224.0.0.255
100
What is the multicast address range reserved for globally scoped addresses?
224.0.1.0–238.255.255.255
101
What is the multicast address range reserved for source-specific multicast (SSM) addresses?
232.0.0.0–232.255.255.255
102
What is the multicast address range reserved for GLOP addresses?
233.0.0.0–233.255.255.255. Reserved for statically defined addresses by organizations that already have an assigned autonomous system (AS) domain number
103
What is the multicast address range reserved for limited-scope addresses?
239.0.0.0–239.255.255.255. Reserved as administrative or limited-scope addresses for use in private multicast domains
104
What is a network device that sends query messages to discover which network devices are members of a particular multicast group?
A Querier
105
What is a receiver, including a router, that sends report messages (in response to query messages) to inform the querier of host membership? They use IGMP messages to join and leave multicast groups.
Host
106
Which version of IGMP is defined in RFC 2236, extends IGMP functionality by providing features such as the IGMP leave process to reduce leave latency, group-specific queries, and an explicit maximum query response time?
IGMPv2
107
Which version of IGMP supports SSM?
IGMPv3
108
Which version of IGMP is defined in RFC 1112, primarily uses a query/response model that enables the multicast router and multilayer switch to find which multicast groups are active (that is, have one or multiple hosts interested in a multicast group) on the local subnet?
IGMPv1
109
What does a receiver send to the local router when it wants to receive a multicast stream from a multicast source?
unsolicited membership report, referred to as an IGMP join
110
What is an IPv6 protocol that a host uses to request multicast data for a particular multicast group?
Multicast Listener Discovery (MLD)
111
What is defined in RFC 4541, examines the Layer 2 IP multicast traffic within a VLAN to discover the ports where interested receivers reside?
IGMP snooping
112
What type of tree has its root at the source and branches forming a spanning tree through the network to the receivers?
Source tree
113
What type of tree uses the shortest path through the network, and is also referred to as the shortest path tree (SPT)?
Source tree
114
What type of tree uses a single common root placed at some chosen point in the network?
Shared tree
115
What is a concept in multicast forwarding that enables routers to forward multicast traffic down the distribution tree correctly?
Reverse-path forwarding (RPF)
116
What PIM forwarding mode uses a push model to initially flood multicast traffic throughout the network?
PIM Dense Mode (PIM-DM)
117
What PIM forwarding mode uses a pull model to deliver multicast traffic?
PIM Sparse Mode (PIM-SM)
118
What PIM forwarding mode uses shared trees and requires the use of an RP?
PIM Sparse Mode (PIM-SM)
119
In what mode does the router handles both dense groups and sparse groups at the same time?
PIM Sparse-Dense Mode
120
What is an enhancement of the PIM protocol that is designed for efficient many-to-many communications within a PIM domain?
Bidirectional PIM (Bidir-PIM)
121
What is an extension of the PIM protocol that provides an efficient data delivery mechanism in one-to-many communications?
Source-Specific Multicast (SSM)
122
What acts as the meeting place for sources and receivers of multicast data in a shared tree?
Rendezvous point (RP)
123
What's the term for statically configuring an RP for a multicast group range on every router in the multicast domain?
Static RP.
124
What is a Cisco-proprietary method that automates the distribution of group-to-RP mappings in a PIM network?
Auto-RP
125
In Auto-RP, what type of RPs advertise their willingness to become RPs by sending RP announcement messages at 60-second intervals to the well-known multicast group address 224.0.1.39 (CISCO-RP-ANNOUNCE)?
Candidate RPs
126
In Auto-RP, what receives the RP announcement messages from the RPs and arbitrate conflicts?
RP mapping agents
127
Which of the following is not an IP packet attribute that IP flow in NetFlow is based on?
IP source address
IP destination address
Source port
Destination MAC address
The destination MAC address is not one of the packet attributes that IP flow is based on
128
Which of the following can track a wide range of packet information for Layer 2, IPv4, and IPv6 flows?
NetFlow Version 9
NetFlow Version 10
Flexible NetFlow
Flexible NetFlow Version 7
Flexible NetFlow
129
All except which of the following are components of Flexible NetFlow?
Flow record
Flow session
Flow monitor
Flow exporter
Flow session
130
What section of the Netflow config do you point to IP address of the collector and what destination port it will listen to?
Flow exporter
131
When configuring netflow, what do you apply to the interface you want monitor?
Flow monitor
132
What are assigned to Flexible NetFlow flow monitors to define the cache used for storing flow data?
Flow record
133
What element of a syslog message refers to the sources and cause of a system message?
Sequence number
Timestamp
Severity
Facility
Facility
134
When logging severity level 2 is configured, what is actually logged? (Choose all that apply.)
Emergency
Notification
Alert
Critical
Emergency
Alert
Critical
135
Which of the following are components for configuring Flexible NetFlow? (Choose four.)
Flow record
Flow monitor
Flow exporter
Sequence number
Flow sampler
Flow record
Flow monitor
Flow exporter
Flow sampler
136
What type of SPAN requires a special VLAN for moving the monitored traffic?
RSPAN. The traffic for each RSPAN session is carried as Layer 2 nonroutable traffic over a user-specified RSPAN VLAN dedicated to that RSPAN session in all participating switches.
137
What command is used to show the type of session, the source port for each traffic direction, and the destination port for SPAN sessions?
show monitor session
138
Is an IP SLA responder required for IP SLA to function?
No
139
True or false: When configuring IP SLA, you cannot configure multiple IP SLA instances on a single device.
False
140
IP SLA can be used to monitor which of the following? (Choose three.)
Syslog messages
Packet loss
Server/website responses and downtime
Delay
Packet loss
Server/website responses and downtime
Delay
141
Which switch command can you issue to verify the configuration for a specific ERSPAN session when the SPAN session is encapsulated and routed across a Layer 3 network?
show monitor | include erspan-source
show running-config | include erspan-source
show monitor session erspan-source
show erspan-source
show monitor session erspan-source
142
What was the first version of NTP to introduce time synchronization support for IPv6?
NTPv3
NTPv4
NTPv5
NTPv6
NTPv4
143
You are configuring RSPAN from Switch A to Switch B. On Switch B, you want to configure VLAN 11 as the destination for packets that are sent to Switch A.
Which of the following commands are you most likely to issue on Switch B?
monitor session 1 destination vlan 11
monitor session 1 destination remote vlan 11
monitor session 1 source vlan 11
monitor session 1 source remote vlan 11
monitor session 1 destination remote vlan 11
144
What is the mac-address HSRPv1 uses?
0000.0c07.acXX
0000.0c9f.fxxxx
0005.73a0.0xxx
0000.0c07.acXX
145
What is the mac-address HSRPv2 uses?
0000.0c07.acXX
0000.0c9f.fxxxx
0005.73a0.0xxx
0000.0c9f.fxxxx
