Senior Acquisitions Editor: Kenyon Brown Development Editor: Kim Wimpsett

Chapter 16: Network Device Management and Security

Download 11,7 Mb.

Pdf ko'rish

bet	776/792
Sana	31.03.2022
Hajmi	11,7 Mb.
	#521163

1 ... 772 773 774 775 776 777 778 779 ... 792

Bog'liq
CCNA Routing and Switching Complete Study Guide Exam 100-105, Exam 200-105, Exam 200-125 ( PDFDrive )

Chapter 16: Network Device Management and Security
1. B. You can enter the ACL directly in the SNMP configuration to provide security, using either a number or a
name.
2. C. 100. By setting a higher number then the default on a router, you are making that router the active
router. Setting preempt would assure that if the active router went down, it would become the active router
again when it comes back up.
3. D. To enable the AAA commands on a router or switch, use the global configuration command
aaa new-
model
.
4. A, C. To mitigate access layer threats, use port security, DHCP snooping, dynamic ARP inspection, and
identity based networking.
5. D. DHCP snooping validates DHCP messages, builds and maintains the DHCP snooping binding database,
and rate-limits DHCP traffic for trusted and untrusted source.
6. A, D. TACACS+ uses TCP, is Cisco proprietary, and of fers multiprotocol support as well as separated AAA
services.
7. B. Unlike with TACACS+, separating AAA services is not an option when configuring RADIUS.
8. A, D. With a read-only community string, no changes can be made to the router. However, SNMPv2c can
use GETBULK to create and return multiple requests at once.
9. C. The idea of a first hop redundancy protocol is to provide redundancy for a default gateway.
10. A, B. A router interface can be in many states with HSRP; the states are shown in Table 2.1.
11. A. Only option A has the correct sequence to enable HSRP on an interface.
12. D. This is a question that I used in a lot of job interviews on prospects. The
show standby
command is
your friend when dealing with HSRP.
13. D. There is nothing wrong with leaving the priorities at the defaults of 100. The first router up will be the
active router.
14. C. In version 1, HSRP messages are sent to the multicast IP address 224.0.0.2 and UDP port 1985. HSRP
version 2 uses the multicast IP address 224.0.0.102 and UDP port 1985.
15. B, C. If HSRP1 is configured to preempt, then it will become active because of the higher priority; if not,
HSRP2 will stay the active router.
16. C. In version 1, HSRP messages are sent to the multicast IP address 224.0.0.2 and UDP port 1985. HSRP
version 2 uses and the multicast IP address 224.0.0.102 and UDP port 1985.
17. C, D. SNMPv2c introduced the GETBULK and INFORM SNMP messages but didn’t have any different security
than SNMPv1. SNMPv3 uses TCP and provides encryption and authentication.
18. D. The correct answer is option D. Take your newly created RADIUS group and use it for authentication,
and be sure to use the keyword
local
at the end.
19. B. DAI, used with DHCP snooping, tracks IP-to-MAC bindings from DHCP transactions to protect against
ARP poisoning. DHCP snooping is required in order to build the MAC-to-IP bindings for DAI validation.
20. A, D, E. There are three roles involved in using client/server access control for identity-based networking on
wired and wireless hosts: The client, also referred to as a supplicant, is software that runs on a client and is
802.1x compliant. The authenticator is typically a switch that controls physical access to the network and is
a proxy between the client and the authentication server. The authentication server (RADIUS) is a server
that authenticates each client before it can access any services.

Download 11,7 Mb.

Do'stlaringiz bilan baham:

1 ... 772 773 774 775 776 777 778 779 ... 792