IT0103 S1-S2 (Finals Reviewer) Canvas
Router(config)# access-list 95 permit any Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.) Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255 Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0 Router(config)# access-list 95 host 172.16.0.0 Router(config)# access-list 95 permit any Router(config)# access-list 95 deny any Router(config)# access-list 95 172.16.0.0 255.255.255.255
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0 Router1(config)# access-list 10 permit host 192.168.15.23
A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.) Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0 Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0 Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255 Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255 Router1(config)# access-list 10 permit host 192.168.15.23
The dead interval will now be 60 seconds.
A network engineer has manually configured the hello interval to 15 seconds on an interface of a router that is running OSPFv2. By default, how will the dead interval on the interface be affected? The dead interval will now be 30 seconds. The dead interval will now be 60 seconds. The dead interval will not change from the default value. The dead interval will now be 15 seconds.
the OSPF process ID on R1
A network technician issues the following commands when configuring a router:R1(config)# router ospf 11R1(config-router)# network 10.10.10.0 0.0.0.255 area 0What does the number 11 represent? the area number where R1 is located the cost of the link to R1 the OSPF process ID on R1 the autonomous system number to which R1 belongs the administrative distance that is manually assigned to R1
to create an entry in a numbered ACL
A technician is tasked with using ACLs to secure a router. When would the technician use the 40 deny host 192.168.23.8 configuration option or command? to remove all ACLs from the router to secure management traffic into the router to create an entry in a numbered ACL to display all restricted traffic
to secure administrative access to the router
A technician is tasked with using ACLs to secure a router. When would the technician use the access-class 20 in configuration option or command? to remove all ACLs from the router to secure administrative access to the router to secure management traffic into the router to display all restricted traffic
to identify any IP address
A technician is tasked with using ACLs to secure a router. When would the technician use the any configuration option or command? to identify any IP address to generate and send an informational message whenever the ACE is matched to add a text entry for documentation purposes to identify one specific IP address
to apply an extended ACL to an interface
A technician is tasked with using ACLs to secure a router. When would the technician use the ip access-group 101 in configuration option or command? to apply an ACL to all router interfaces to create an entry in a numbered ACL to secure administrative access to the router to apply an extended ACL to an interface
to remove a configured ACL
A technician is tasked with using ACLs to secure a router. When would the technician use the no ip access-list 101 configuration option or command? to secure administrative access to the router to remove all ACLs from the router to remove a configured ACL to apply an ACL to all router interfaces
to add a text entry for documentation purposes
A technician is tasked with using ACLs to secure a router. When would the technician use the remark configuration option or command? to add a text entry for documentation purposes You Answered to identify one specific IP address to generate and send an informational message whenever the ACE is matched to restrict specific traffic access through an interface
social engineering
A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? anonymous keylogging social engineering DDoS spam
router(config-router)# network 172.16.1.0 255.255.255.0 area 0
An OSPF router has three directly connected networks; 172.16.0.0/16, 172.16.1.0/16, and 172.16.2.0/16. Which OSPF network command would advertise only the 172.16.1.0 network to neighbors? router(config-router)# network 172.16.0.0 0.0.15.255 area 0 router(config-router)# network 172.16.1.0 255.255.255.0 area 0 router(config-router)# network 172.16.1.0 0.0.255.255 area 0 router(config-router)# network 172.16.1.0 0.0.0.0 area 0
1
By default, what is the OSPF cost for any link with a bandwidth of 100 Mb/s or greater? 100 10000 100000000 1
Devices on the 192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network. A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.
Consider the following access list.access-list 100 permit ip host 192.168.10.1 anyaccess-list 100 deny icmp 192.168.10.0 0.0.0.255 any echoaccess-list 100 permit ip any anyWhich two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.) Only Layer 3 connections are allowed to be made from the router to any other network device. Devices on the 192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network. A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned. Only the network device assigned the IP address 192.168.10.1 is allowed to access the router. Devices on the 192.168.10.0/24 network are not allowed to reply to any ping requests.
a private key
If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it? different public key DH a private key a digital certificate
outside global
In NAT terms, what address type refers to the globally routable IPv4 address of a destination host on the Internet? outside local inside local outside global inside global
when the routers are interconnected over a common Ethernet network
In an OSPF network when are DR and BDR elections required? when the two adjacent neighbors are in two different networks when the two adjacent neighbors are interconnected over a point-to-point link when all the routers in an OSPF area cannot form adjacencies when the routers are interconnected over a common Ethernet network
DoS
In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? MITM DoS address spoofing session hijacking
They are infected machines that carry out a DDoS attack.
In what way are zombies used in security attacks? They target specific individuals to gain corporate or personal information. They are maliciously formed code segments used to replace legitimate applications. They are infected machines that carry out a DDoS attack. They probe a group of machines for open ports to learn which services are running.
SYN flood attack
In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections? session hijacking attack SYN flood attack reset attack port scan attack
DNS cache poisoning
In which type of attack is falsified information used to redirect users to malicious Internet sites? DNS amplification and reflection ARP cache poisoning DNS cache poisoning domain generation
dead interval hello interval
To establish a neighbor adjacency two OSPF routers will exchange hello packets. Which two values in the hello packets must match on both routers? (Choose two.) router ID dead interval router priority list of neighbors hello interval
to facilitate router participation in the election of the designated router to uniquely identify the router within the OSPF domain
What are the two purposes of an OSPF router ID? (Choose two.) to facilitate the establishment of network convergence to enable the SPF algorithm to determine the lowest cost path to remote networks to uniquely identify the router within the OSPF domain to facilitate the transition of the OSPF neighbor state to Full to facilitate router participation in the election of the designated router
show ip ospf neighbor
What command would be used to determine if a routing protocol-initiated relationship had been made with an adjacent router? show ip interface brief ping show ip protocols show ip ospf neighbor
financial gain
What commonly motivates cybercriminals to attack networks as compared to hactivists or state-sponsored hackers? status among peers political reasons financial gain fame seeking
port numbers
What does NAT overloading use to track multiple internal hosts that use one inside global address? MAC addresses IP addresses autonomous system numbers port numbers
Router(config-std-nacl)#
What does the CLI prompt change to after entering the command ip access-list standard aaa from global configuration mode? Router(config-line)# Router(config)# Router(config-router)# Router(config-if)# Router(config-std-nacl)#
Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations.
What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when implemented inbound on the f0/0 interface? All traffic from 172.16.4.0/24 is permitted anywhere on any port. The command is rejected by the router because it is incomplete. Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations. All TCP traffic is permitted, and all other traffic is denied.
Topology changes in one area do not cause SPF recalculations in other areas.
What is a benefit of multiarea OSPF routing? Topology changes in one area do not cause SPF recalculations in other areas. A backbone area is not required. Automatic route summarization occurs by default between areas. Routers in all areas share the same link-state database and have a complete picture of the entire network.
End-to-end IPv4 traceability is lost.
What is a disadvantage when both sides of a communication use PAT? End-to-end IPv4 traceability is lost. Host IPv4 addressing is complicated. The flexibility of connections to the Internet is reduced. The security of the communication is negatively impacted.
It can stop malicious packets.
What is a feature of an IPS? It can stop malicious packets. It is deployed in offline mode. It is primarily focused on identifying possible incidents. It has no impact on latency.
a network scanning technique that indicates the live hosts in a range of IP addresses.
What is a ping sweep? a network scanning technique that indicates the live hosts in a range of IP addresses. a query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain. a scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services. a software application that enables the capture of all network packets that are sent across a LAN.
Place identical restrictions on all vty lines.
What is considered a best practice when configuring ACLs on vty lines? Remove the vty password since the ACL restricts access to trusted users. Place identical restrictions on all vty lines. Use only extended access lists. Apply the ip access-group command inbound.
1
What is the default router priority value for all Cisco OSPF routers? 0 10 1 255
It allows many inside hosts to share one or a few inside global addresses.
What is the purpose of the overload keyword in the ip nat inside source list 1 pool NAT_POOL overload command? It allows external hosts to initiate sessions with internal hosts. It allows a pool of inside global addresses to be used by internal hosts. It allows a list of internal hosts to communicate with a specific group of external hosts. It allows many inside hosts to share one or a few inside global addresses.
Use the no keyword and the sequence number of the ACE to be removed.
What is the quickest way to remove a single ACE from a named ACL? Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router. Use the no keyword and the sequence number of the ACE to be removed. Use the no access-list command to remove the entire ACL, then recreate it without the ACE. Create a new ACL with a different number and apply the new ACL to the router interface.
Configure a value using the router-id command.
What is the recommended Cisco best practice for configuring an OSPF-enabled router so that each router can be easily identified when troubleshooting routing issues? Use the highest active interface IP address that is configured on the router. Use the highest IP address assigned to an active interface participating in the routing process. Use a loopback interface configured with the highest IP address on the router. Configure a value using the router-id command.
origin authentication
What is the term used to describe a guarantee that the message is not a forgery and does actually come from whom it states? origin authentication risk mitigation exploit
exploit
What is the term used to describe a mechanism that takes advantage of a vulnerability? threat vulnerability mitigation exploit
threat
What is the term used to describe a potential danger to a company's assets, data, or network functionality? exploit asset threat vulnerability
hacktivists
What is the term used to describe gray hat hackers who publicly protest organizations or governments by posting articles, videos, leaking sensitive information, and performing network attacks? hacktivists state-sponsored hacker white hat hackers grey hat hackers
symmetric encryption algorithm
What is the term used to describe the same pre-shared key or secret key, known by both the sender and receiver to encrypt and decrypt data? risk data integrity mitigation symmetric encryption algorithm
black hat hackers
What is the term used to describe unethical criminals who compromise computer and network security for personal gain, or for malicious reasons? vulnerability broker hacktivists script kiddies black hat hackers
Correct! the use of multiple areas
What is used to facilitate hierarchical routing in OSPF? frequent SPF calculations the election of designated routers the use of multiple areas autosummarization
the inside local and the inside global
What two addresses are specified in a static NAT configuration? the inside local and the outside global the inside global and the outside local the outside global and the outside local the inside local and the inside global
extended
What type of ACL offers greater flexibility and control over network access? flexible named standard numbered standard extended
private
What type of address is 10.131.48.7? public private
private
What type of address is 10.2.5.1? public private
public
What type of address is 15.4.8.65? public private
public
What type of address is 165.49.31? private public
private
What type of address is 172.16.5.8? private public
private
What type of address is 172.16.5.8? public private
private
What type of address is 172.17.5.9? public private
public
What type of address is 172.35.4.8? private public
private
What type of address is 192.168.3.1? private public
private
What type of address is 192.168.5.8? public private
private
What type of address is 192.168.7.1? private public
public
What type of address is 200.5.6.8? private public
public
What type of address is 25.25.25.25? private public
public
What type of address is 73.5.8.6? private public
0.3.255.255
What wild card mask will match networks 172.16.0.0 through 172.19.0.0? 0.3.255.255 0.0.255.255 0.0.3.255 0.252.255.255
any IP address that is configured using the router-id command
What will an OSPF router prefer to use first as a router ID? the highest active interface that participates in the routing process because of a specifically configured network statement any IP address that is configured using the router-id command a loopback interface that is configured with the highest IP address on the router the highest active interface IP that is configured on the router
every 30 minutes
When an OSPF network is converged and no network topology change has been detected by a router, how often will LSU packets be sent to neighboring routers? every 5 minutes every 60 minutes every 30 minutes every 10 minutes
access-list 101 permit tcp any host 192.168.1.1 eq 80
Which ACE will permit a packet that originates from any network and is destined for a web server at 192.168.1.1? access-list 101 permit tcp any host 192.168.1.1 eq 80 access-list 101 permit tcp host 192.168.1.1 eq 80 any access-list 101 permit tcp host 192.168.1.1 any eq 80 access-list 101 permit tcp any eq 80 host 192.168.1.1
link-state database
Which OSPF data structure is identical on all OSPF routers that share the same area? adjacency database link-state database forwarding database routing table
man-in-the-middle attack
Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication? man-in-the-middle attack DoS attack SYN flood attack ICMP attack
show ip protocols
Which command is used to verify that OSPF is enabled and also provides a list of the networks that are being advertised by the network?? show ip protocols show ip interface brief show ip route ospf show ip ospf interface
show ip ospf interface serial 0/0/0
Which command will a network engineer issue to verify the configured hello and dead timer intervals on a point-to-point WAN link between two routers that are running OSPFv2? show ip ospf interface fastethernet 0/1 show ip ospf interface serial 0/0/0 show ip ospf neighbor show ipv6 ospf interface serial 0/0/0
DHCP
Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack? ICMP DNS HTTP or HTTPS DHCP
integrity
Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms? confidentiality integrity nonrepudiation authentication
Internal threats can cause even greater damage than external threats.
Which statement accurately characterizes the evolution of threats to network security? Internal threats can cause even greater damage than external threats. Threats have become less sophisticated while the technical knowledge needed by an attacker has grown. Early Internet users often engaged in activities that would harm other users. Internet architects planned for network security from the beginning.
They filter traffic based on source IP addresses only.
Which statement describes a characteristic of standard IPv4 ACLs? They can be configured to filter traffic based on both source IP addresses and source ports. They are configured in the interface configuration mode. They can be created with a number but not with a name. They filter traffic based on source IP addresses only.
Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.
Which statement describes a difference between the operation of inbound and outbound ACLs? On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured. Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed. Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers. In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria.
exchanges link-state advertisements
Which step does an OSPF-enabled router take immediately after establishing an adjacency with another router? chooses the best path builds the topology table executes the SPF algorithm exchanges link-state advertisements
Init Two-way Down
Which three OSPF states are involved when two routers are forming an adjacency? (Choose three.) Exchange Init Loading ExStart Two-way Down
host any
Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.) gt most host any all some
ICMP message type destination UDP port number
Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.) destination MAC address source TCP hello address computer type ICMP message type destination UDP port number
database description
Which type of OSPFv2 packet contains an abbreviated list of the LSDB of a sending router and is used by receiving routers to check against the local LSDB? link-state update link-state acknowledgment link-state request database description
hacktivist
Which type of hacker is motivated to protest against political and social issues? script kiddie hacktivist cybercriminal vulnerability broker
