Modules 1 - 2: OSPF Concepts and Configuration

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

to create an entry in a numbered ACL

A technician is tasked with using ACLs to secure a router. When would the technician use the 40 deny host 192.168.23.8 configuration option or command? to remove all ACLs from the router to create an entry in a numbered ACL to apply an ACL to all router interfaces to secure administrative access to the router

To secure administrative access to the router

A technician is tasked with using ACLs to secure a router. When would the technician use the access-class 20 in configuration option or command? to secure administrative access to the router to remove an ACL from an interface to remove a configured ACL to apply a standard ACL to an interface

To identify any IP address

A technician is tasked with using ACLs to secure a router. When would the technician use the any configuration option or command? to add a text entry for documentation purposes to generate and send an informational message whenever the ACE is matched to identify any IP address to identify one specific IP address

social enginerring

A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? spam social engineering DDoS anonymous keylogging

HQ# clear ip ospf process

After modifying the router ID on an OSPF router, what is the preferred method to make the new router ID effective? HQ# copy running-config startup-config HQ# resume HQ# clear ip route * HQ# clear ip ospf process

1

By default, what is the OSPF cost for any link with a bandwidth of 100 Mb/s or greater? 100 100000000 1 10000

1

By default, what is the OSPF cost for any link with a bandwidth of 100 Mb/s or greater? 100000000 10000 1 100

Devices on the 192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network. A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.

Consider the following access list. access-list 100 permit ip host 192.168.10.1 any access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo access-list 100 permit ip any any Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.) Only Layer 3 connections are allowed to be made from the router to any other network device. Devices on the 192.168.10.0/24 network are not allowed to reply to any ping requests. Devices on the 192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network. A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned. Only the network device assigned the IP address 192.168.10.1 is allowed to access the router.

Router R4 will become the DR and router R1 will become the BDR.

If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR? Router R4 will become the DR and router R1 will become the BDR. Router R2 will become the DR and router R3 will become the BDR. Router R1 will become the DR and router R2 will become the BDR. Router R4 will become the DR and router R3 will become the BDR.

A private key

If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it? a digital certificate a different public key a private key DH

192.168.1.100

If no router ID was manually configured, what would router Branch1 use as its OSPF router ID? R1 G0/0 - 10.1.0.1/16 Lo0 - 192.168.1.100 G0/1 - 10.0.0.1/16 R2 G0/1 - 10.0.0..2/16 10.0.0.1 10.1.0.1 192.168.1.100 209.165.201.1

when the routers are interconnected over a common Ethernet network

In an OSPF network when are DR and BDR elections required? when the two adjacent neighbors are interconnected over a point-to-point link when all the routers in an OSPF area cannot form adjacencies when the routers are interconnected over a common Ethernet network when the two adjacent neighbors are in two different networks

It tells the router which interface to turn on for the OSPF routing process.

In an OSPFv2 configuration, what is the effect of entering the command network 192.168.1.1 0.0.0.0 area 0? It allows all 192.168.1.0 networks to be advertised. It tells the router which interface to turn on for the OSPF routing process. It changes the router ID of the router to 192.168.1.1. It enables OSPF on all interfaces on the router.

True

In multiarea OSPF, OSPF is implemented using multiple areas, and all of them must be connected to the backbone area.

DoS

In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? address spoofing MITM session hijacking DoS

They are infected machines that carry out a DDoS attack.

In what way are zombies used in security attacks? They target specific individuals to gain corporate or personal information. They probe a group of machines for open ports to learn which services are running. They are maliciously formed code segments used to replace legitimate applications. They are infected machines that carry out a DDoS attack.

SYN flood attack

In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections? port scan attack SYN flood attack session hijacking attack reset attack

DNS cache poisoning

In which type of attack is falsified information used to redirect users to malicious Internet sites? DNS amplification and reflection ARP cache poisoning DNS cache poisoning domain generation

extended ACLs inbound on R1 G0/0 and G0/1

Many employees are wasting company time accessing social media on their work computers. The company wants to stop this access. What is the best ACL type and placement to use in this situation? extended ACL outbound on R2 WAN interface towards the internet standard ACL outbound on R2 WAN interface towards the internet standard ACL outbound on R2 S0/0/0 extended ACLs inbound on R1 G0/0 and G0/1

1st Down State 2nd Init State 3rd Two-way State 4th Exstart State 5th Exchange State 6th Loading State 7th Full State

Match the OSPF state with the order in which it occurs. First state Second State Third State Fourth State Fifth State Sixth State Seventh State Initial State Active State Full State Exchange State Down State Exstart State Passive State Two-way State Loading State

if the router no longer receives hello packets

What indicates to a link-state router that a neighbor is unreachable? if the router no longer receives hello packets if the router receives an update with a hop count of 16 if the router receives an LSP with previously learned information if the router no longer receives routing updates

Topology changes in one area do not cause SPF recalculations in other areas.

What is a benefit of multiarea OSPF routing? Topology changes in one area do not cause SPF recalculations in other areas. Routers in all areas share the same link-state database and have a complete picture of the entire network. A backbone area is not required. Automatic route summarization occurs by default between areas.

It can stop malicious packets

What is a feature of an IPS? It can stop malicious packets. It is deployed in offline mode. It has no impact on latency. It is primarily focused on identifying possible incidents.

to discover neighbors and build adjacencies between them

What is a function of OSPF hello packets? to send specifically requested link-state records to discover neighbors and build adjacencies between them to ensure database synchronization between routers to request specific link-state records from neighbor routers

Init Two-way Down Explanation: OSPF operation progresses through 7 states for establishing neighboring router adjacency, exchanging routing information, calculating the best routes, and reaching convergence. The Down, Init, and Two-way states are involved in the phase of neighboring router adjacency establishment.

Which three OSPF states are involved when two routers are forming an adjacency? (Choose three.) Exchange Init ExStart Two-way Loading Down

the use of multiple areas

What is used to facilitate hierarchical routing in OSPF? the use of multiple areas frequent SPF calculations autosummarization the election of designated routers

extended

What type of ACL offers greater flexibility and control over network access? numbered standard named standard extended flexible

Public

What type of address is 64.101.198.197? public private

Worm

What type of malware has the primary objective of spreading across the network? worm virus Trojan horse botnet

0.3.255.255

What wild card mask will match networks 172.16.0.0 through 172.19.0.0? 0.0.3.255 0.252.255.255 0.3.255.255 0.0.255.255

any IP address that is configured using the router-id command

What will an OSPF router prefer to use first as a router ID? a loopback interface that is configured with the highest IP address on the router any IP address that is configured using the router-id command the highest active interface IP that is configured on the router the highest active interface that participates in the routing process because of a specifically configured network statement

every 30 minutes

When an OSPF network is converged and no network topology change has been detected by a router, how often will LSU packets be sent to neighboring routers? every 5 minutes every 10 minutes every 30 minutes every 60 minutes

database description

Which type of OSPFv2 packet contains an abbreviated list of the LSDB of a sending router and is used by receiving routers to check against the local LSDB? database description link-state update link-state request link-state acknowledgment

hacktivist

Which type of hacker is motivated to protest against political and social issues? hacktivist cybercriminal script kiddie vulnerability broker

Access-list 101 permit tcp any host 192.168.1.1 eq 80

Which ACE will permit a packet that originates from any network and is destined for a web server at 192.168.1.1? access-list 101 permit tcp any host 192.168.1.1 eq 80 access-list 101 permit tcp host 192.168.1.1 eq 80 any access-list 101 permit tcp host 192.168.1.1 any eq 80 access-list 101 permit tcp any eq 80 host 192.168.1.1

LSU (link state updates)

Which OPSF packet contains the different types of link-state advertisements? hello DBD LSR LSU LSAck

link-state database

Which OSPF data structure is identical on all OSPF routers that share the same area? forwarding database link-state database adjacency database routing table

man-in-the-middle attack

Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication? man-in-the-middle attack SYN flood attack DoS attack ICMP attack

R1# show ip ospf interface serial0/0/1

Which command did an administrator issue to produce this output? R1# show ip ospf interface serial0/0/1 R1# show ip route ospf R1# show ip ospf R1# show ip ospf neighbor

show ip ospf interface serial 0/0/0

Which command will a network engineer issue to verify the configured hello and dead timer intervals on a point-to-point WAN link between two routers that are running OSPFv2? show ipv6 ospf interface serial 0/0/0 show ip ospf neighbor show ip ospf interface fastethernet 0/1 show ip ospf interface serial 0/0/0

access-list 1 permit 192.168.10.96 0.0.0.31

Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1? access-list 1 permit 192.168.10.128 0.0.0.63 access-list 1 permit 192.168.10.0 0.0.0.255 access-list 1 permit 192.168.10.96 0.0.0.31 access-list 1 permit 192.168.10.0 0.0.0.63

confidentiality

Which objective of secure communications is achieved by encrypting data? authentication availability confidentiality integrity

DHCP

Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack? DHCP DNS ICMP HTTP or HTTPS

Integrity

Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?​ nonrepudiation authentication integrity confidentiality

access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23

Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet? access-list 103 deny tcp host 192.168.10.0 any eq 23 access-list 103 permit tcp host 192.168.10.1 eq 80 access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23 access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet​​ access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23

exchanging link-state advertisements

Which step in the link-state routing process is described by a router flooding link-state and cost information about each directly connected link? building the topology table selecting the router ID exchanging link-state advertisements injecting the default route

Choosing the best route

Which step in the link-state routing process is described by a router inserting best paths into the routing table? declaring a neighbor to be inaccessible executing the SPF algorithm load balancing equal-cost paths choosing the best route

executing the SPF algorithm

Which step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination? load balancing equal-cost paths declaring a neighbor to be inaccessible choosing the best route executing the SPF algorithm

Establishing neighboring adjacencies

Which step in the link-state routing process is described by a router sending Hello packets out all of the OSPF-enabled interfaces? electing the designated router establishing neighbor adjacencies injecting the default route exchanging link-state advertisements

Change the subnet mask of interface FastEthernet 0/0 to 255.255.255.0. Each interface on the link connecting the OSPF routers must be in the same subnet for an adjacency to be established. The IP address subnet mask on FastEthernet interface 0/0 must be changed to 255.255.255.0.

Which task has to be performed on Router 1 for it to establish an OSPF adjacency with Router 2? Issue the clear ip ospf process command. Change the subnet mask of interface FastEthernet 0/0 to 255.255.255.0. Remove the passive interface command from interface FastEthernet 0/0. Add the network 10.0.1.0 0.0.0.255 area 0 command to the OSPF process.

An SSH connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16.

A network administrator configures an ACL on the router. Which statement describes the result of the configuration? An SSH connection is allowed from a workstation with IP 172.16.45.16 to a device with IP 192.168.25.18. An SSH connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16. A Telnet connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16. A Telnet connection is allowed from a workstation with IP 172.16.45.16 to a device with IP 192.168.25.18.

The sequence of the ACEs is incorrect.

A network administrator has configured ACL 9 as shown. Users on the 172.31.1.0 /24 network cannot forward traffic through router CiscoVille. What is the most likely cause of the traffic failure? The established keyword is not specified. The sequence of the ACEs is incorrect. The port number for the traffic has not been identified with the eq keyword. The permit statement specifies an incorrect wildcard mask.

The R1 dead timer expires between hello packets from R2.

A network administrator has configured the OSPF timers to the values that are shown in the graphic. What is the result of having those manually configured timers? R1 Hello Timer: 5 Dead Interval: 20 R2 Hello Timer: 25 Dead Interval: 100 R1 automatically adjusts its own timers to match the R2 timers. The R1 dead timer expires between hello packets from R2. The hello timer on R2 expires every ten seconds. The neighbor adjacency has formed.

ACL 10 is removed from the running configuration.

A network administrator is configuring a standard IPv4 ACL. What is the effect after the command no access-list 10 is entered? ACL 10 is removed from both the running configuration and the interface Fa0/1. ACL 10 is removed from the running configuration. ACL 10 is disabled on Fa0/1. ACL 10 will be disabled and removed after R1 restarts.

Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255 Router(config)# access-list 95 permit any

A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.) Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0 Router(config)# access-list 95 permit any Router(config)# access-list 95 host 172.16.0.0 Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255 Router(config)# access-list 95 172.16.0.0 255.255.255.255 Router(config)# access-list 95 deny any

5 deny 172.23.16.0 0.0.15.255

A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement? 30 deny 172.23.16.0 0.0.15.255 15 deny 172.23.16.0 0.0.15.255 5 deny 172.23.16.0 0.0.15.255 5 deny 172.23.16.0 0.0.255.255

Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0 Router1(config)# access-list 10 permit host 192.168.15.23

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.) Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0 Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255 Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255 Router1(config)# access-list 10 permit host 192.168.15.23 Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0

R2(config-if)# ip access-group 101 in R2(config)# interface fastethernet 0/0 R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1

A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.) R2(config)# interface fastethernet 0/1 R2(config-if)# ip access-group 101 out R2(config)# access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 R2(config-if)# ip access-group 101 in R2(config)# access-list 101 permit ip any any R2(config)# interface fastethernet 0/0 R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1

The dead interval will now be 60 seconds.

A network engineer has manually configured the hello interval to 15 seconds on an interface of a router that is running OSPFv2. By default, how will the dead interval on the interface be affected? The dead interval will not change from the default value. The dead interval will now be 30 seconds. The dead interval will now be 60 seconds. The dead interval will now be 15 seconds.

the OSPF process ID on R1

A network technician issues the following commands when configuring a router: R1(config)# router ospf 11 R1(config-router)# network 10.10.10.0 0.0.0.255 area 0 What does the number 11 represent? the OSPF process ID on R1 the cost of the link to R1 the autonomous system number to which R1 belongs the administrative distance that is manually assigned to R1 the area number where R1 is located

The ACL is implicitly denying access to all the servers.

A new network policy requires an ACL denying FTP and Telnet access to a Corp file server from all interns. The address of the file server is 172.16.1.15 and all interns are assigned addresses in the 172.18.200.0/24 network. After implementing the ACL, no one in the Corp network can access any of the servers. What is the problem? Inbound ACLs must be routed before they are processed. The ACL is implicitly denying access to all the servers. Named ACLs require the use of port numbers. The ACL is applied to the interface using the wrong direction.

To apply an extended ACL to an interface

A technician is tasked with using ACLs to secure a router. When would the technician use the 'ip access-group 101 in' configuration option or command? to apply an extended ACL to an interface to secure management traffic into the router to secure administrative access to the router to display all restricted traffic

All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.

An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface Fa0/0. Which conclusion can be drawn from this configuration?​ The ACL should be applied outbound on all interfaces of R1. The ACL should be applied to the FastEthernet 0/0 interface of R1 inbound to accomplish the requirements. All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet. Only traffic from the 172.16.4.0/24 subnet is blocked, and all other traffic is allowed.​ An extended ACL must be used in this situation.

router(config-router)# network 172.16.1.0 255.255.255.0 area 0

An OSPF router has three directly connected networks; 172.16.0.0/16, 172.16.1.0/16, and 172.16.2.0/16. Which OSPF network command would advertise only the 172.16.1.0 network to neighbors? router(config-router)# network 172.16.1.0 0.0.255.255 area 0 router(config-router)# network 172.16.0.0 0.0.15.255 area 0 router(config-router)# network 172.16.1.0 255.255.255.0 area 0 router(config-router)# network 172.16.1.0 0.0.0.0 area 0

Ping packets will be permitted. SSH packets will be permitted.

An administrator first configured an extended ACL as shown by the output of the show access-lists command. The administrator then edited this access-list by issuing the commands below. Router(config)# ip access-list extended 101 Router(config-ext-nacl)# no 20 Router(config-ext-nacl)# 5 permit tcp any any eq 22 Router(config-ext-nacl)# 20 deny udp any any Which two conclusions can be drawn from this new configuration?​ (Choose two.) TFTP packets will be permitted.​ Ping packets will be permitted. Telnet packets will be permitted. SSH packets will be permitted. All TCP and UDP packets will be denied.​

The traffic is dropped

An administrator has configured a standard ACL on R1 and applied it to interface serial 0/0/0 in the outbound direction. What happens to traffic leaving interface serial 0/0/0 that does not match the configured ACL statements? The traffic is dropped. The source IP address is checked and, if a match is not found, traffic is routed out interface serial 0/0/1. The resulting action is determined by the destination IP address. The resulting action is determined by the destination IP address and port number.

0.0.0.63

An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 128.107.0.0 255.255.255.192. What wildcard mask would the administrator use in the OSPF network statement? 0.0.63.255 0.0.0.63 0.0.0.3 0.0.0.7

0.0.1.255

An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.223.0 255.255.254.0. What wildcard mask would the administrator use in the OSPF network statement? 0.0.1.255 0.0.7.255 0.0.15.255 0.0.31.255

0.0.0.127

An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 64.102.0.0 255.255.255.128. What wildcard mask would the administrator use in the OSPF network statement? 0.0.31.255 0.0.0.63 0.0.63.255 0.0.0.127

Standard ACL outbound on R2 WAN interface towards the internet

Internet privileges for an employee have been revoked because of abuse but the employee still needs access to company resources. What is the best ACL type and placement to use in this situation? standard ACL inbound on R2 WAN interface connecting to the internet standard ACL outbound on R2 WAN interface towards the internet standard ACL inbound on R1 G0/0 standard ACL outbound on R1 G0/0

Establish and maintain adjacencies Hello Packets Advertise new information Link-state update packets Compare local topology to that sent by another router Database description packet Query another router for additional information Link-state request packet

Link-state update packet Database description packet Hello packet Link-state request packet Establish and maintain adjacencies Advertise new information Confirm receipt of an update Compare local topology to that sent by another router Query another router for additional information

Adjaceny Database This is where the details of the neighboring routers can be found. Shortest Path First This is the algorithm used by OSPF Single-area OSPF All the routers are in the backbone area Link-state database This is where you can find the topology table.

Match the description of the terms: This is the algorithm used by OSPF. This is where the details of the neighboring routers can be found. This is where you can find the topology table. All the routers are in the backbone area. Adjaceny database Shortest Path First Single-Area OSPF DUAL Link-state database Mulitarea OSPF

R0-A

On which router or routers would a default route be statically configured in a corporate environment that uses single area OSPF as the routing protocol? R0-A ISP, R0-A, R0-B, and R0-C ISP R0-B and R0-C ISP and R0-A R0-A, R0-B, and R0-C

If the DR fails, the new DR will be router B.

Suppose that routers B, C, and D have a default priority, and router A has a priority 0. Which conclusion can be drawn from the DR/BDR election process?​ If the priority of router C is changed to 255, then it will become the DR. Router A will become the DR and router D will become the BDR.​ If the DR fails, the new DR will be router B. If a new router with a higher priority is added to this network, it will become the DR.

R1 Gi0/1.12 Outbound

The Gigabit interfaces on both routers have been configured with subinterface numbers that match the VLAN numbers connected to them. PCs on VLAN 10 should be able to print to the P1 printer on VLAN 12. PCs on VLAN 20 should print to the printers on VLAN 22. What interface and in what direction should you place a standard ACL that allows printing to P1 from data VLAN 10, but stops the PCs on VLAN 20 from using the P1 printer? (Choose two.) inbound R2 S0/0/1 R1 Gi0/1.12 outbound R1 S0/0/0 R2 Gi0/1.20

DDoS

The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring? adware DDoS phishing social engineering spyware

The commands are added at the end of the existing Managers ACL.

The named ACL "Managers" already exists on the router. What will happen when the network administrator issues the commands that are shown in the exhibit? #ip access-list extended Managers #deny tcp 192.168.1.0 0.0.0.255 any eq telnet #deny tcp 192.168.1.0 0.0.0.255 any eq www #deny tcp 192.168.1.0 0.0.0.255 any eq ftp The commands are added at the end of the existing Managers ACL. The commands overwrite the existing Managers ACL. The commands are added at the beginning of the existing Managers ACL. The network administrator receives an error that states that the ACL already exists.

standard ACL inbound on R1 vty lines

The network administrator has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement to use in this situation? extended ACL outbound on R2 WAN interface towards the internet standard ACL inbound on R1 vty lines extended ACLs inbound on R1 G0/0 and G0/1 extended ACL outbound on R2 S0/0/1

Apply an inbound extended ACL on R1 Gi0/0

The student on the H1 computer continues to launch an extended ping with expanded packets at the student on the H2 computer. The school network administrator wants to stop this behavior, but still allow both students access to web-based computer assignments. What would be the best plan for the network administrator? Apply an inbound standard ACL on R1 Gi0/0. Apply an inbound extended ACL on R2 Gi0/1. Apply an outbound extended ACL on R1 S0/0/1. Apply an inbound extended ACL on R1 Gi0/0. Apply an outbound standard ACL on R2 S0/0/1.

list of neighbors hello interval

To establish a neighbor adjacency two OSPF routers will exchange hello packets. Which two values in the hello packets must match on both routers? (Choose two.) dead interval router priority list of neighbors router ID hello interval

to uniquely identify the router within the OSPF domain to facilitate router participation in the election of the designated router

What are the two purposes of an OSPF router ID? (Choose two.) to uniquely identify the router within the OSPF domain to facilitate router participation in the election of the designated router to enable the SPF algorithm to determine the lowest cost path to remote networks to facilitate the establishment of network convergence to facilitate the transition of the OSPF neighbor state to Full

The router has not had any Telnet packets from 10.25.80.22 that are destine for 10.23.77.101

What can be determined from this output? The ACL is missing the deny ip any any ACE. The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts. Because there are no matches for line 10, the ACL is not working. The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.

Attempting to write more data to a memory location than that location can hold.

What causes a buffer overflow? launching a security countermeasure to mitigate a Trojan horse downloading and installing too many software updates at one time attempting to write more data to a memory location than that location can hold sending too much information to two or more interfaces of the same device, thereby causing dropped packets sending repeated connections such as Telnet to a particular device, thus denying other data sources

show ip ospf neighbor

What command would be used to determine if a routing protocol-initiated relationship had been made with an adjacent router? ping show ip ospf neighbor show ip interface brief show ip protocols

Financial gain

What commonly motivates cybercriminals to attack networks as compared to hactivists or state-sponsored hackers? financial gain fame seeking status among peers political reasons

routers that have the same link-state information in their LSDBs

What does an OSPF area contain? routers that share the same router ID routers whose SPF trees are identical routers that have the same link-state information in their LSDBs routers that share the same process ID

Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations.

What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when implemented inbound on the f0/0 interface? All TCP traffic is permitted, and all other traffic is denied. Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations. All traffic from 172.16.4.0/24 is permitted anywhere on any port. The command is rejected by the router because it is incomplete.

a network scanning technique that indicates the live hosts in a range of IP addresses.

What is a ping sweep? a query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain. a scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services. a software application that enables the capture of all network packets that are sent across a LAN. a network scanning technique that indicates the live hosts in a range of IP addresses.

Place identical restrictions on all vty lines.

What is considered a best practice when configuring ACLs on vty lines? Place identical restrictions on all vty lines. Remove the vty password since the ACL restricts access to trusted users. Apply the ip access-group command inbound. Use only extended access lists.

65 Explanation: The formula used to calculate the OSPF cost is as follows: Cost = reference bandwidth / interface bandwidth The default reference bandwidth is 10^8 (100,000,000); therefore, the formula is Cost = 100,000,000 bps / interface bandwidth in bps Thus the cost to reach the A LAN 172.16.1.0/24 from B is as follows: Serial link (1544 Kbps) from B to A cost => 100,000,000 / 1,544,000 = 64 Gigabit Ethernet link on A cost => 100,000,000 / 1,000,000,000 = 1 Total cost to reach 172.16.1.0/24 = 64 + 1 = 65

What is the OSPF cost to reach the router A LAN 172.16.1.0/24 from B? 782 74 128 65

It appears as useful software but hides malicious code.

What is the best description of Trojan horse malware? It is malware that can only be distributed over the Internet. It appears as useful software but hides malicious code. It is software that causes annoying but not fatal computer problems. It is the most easily detected form of malware.

1

What is the default router priority value for all Cisco OSPF routers? 0 1 10 255

a 32-bit number formatted like an IPv4 address

What is the format of the router ID on an OSPF-enabled router? a unique router host name that is configured on the router a unique phrase with no more than 16 characters a 32-bit number formatted like an IPv4 address an 8-bit number with a decimal value between 0 and 255 a character string with no space

Use the no keyword and the sequence number of the ACE to be removed.

What is the quickest way to remove a single ACE from a named ACL? Use the no keyword and the sequence number of the ACE to be removed. Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router. Create a new ACL with a different number and apply the new ACL to the router interface. Use the no access-list command to remove the entire ACL, then recreate it without the ACE.

to more accurately reflect the cost of links greater than 100 Mb/s

What is the reason for a network engineer to alter the default reference bandwidth parameter when configuring OSPF? to force that specific link to be used in the destination route to more accurately reflect the cost of links greater than 100 Mb/s to enable the link for OSPF routing to increase the speed of the link

Configure a value using the router-id command.

What is the recommended Cisco best practice for configuring an OSPF-enabled router so that each router can be easily identified when troubleshooting routing issues? Configure a value using the router-id command. Use the highest active interface IP address that is configured on the router. Use a loopback interface configured with the highest IP address on the router. Use the highest IP address assigned to an active interface participating in the routing process.

Exploit

What is the term used to describe a mechanism that takes advantage of a vulnerability? mitigation exploit vulnerability threat

Threat

What is the term used to describe a potential danger to a company's assets, data, or network functionality? vulnerability threat asset exploit

symmetric encryption algorithm

What is the term used to describe the same pre-shared key or secret key, known by both the sender and receiver to encrypt and decrypt data? symmetric encryption algorithm data integrity exploit risk

Internal threats can cause even greater damage than external threats.

Which statement accurately characterizes the evolution of threats to network security? Internet architects planned for network security from the beginning. Early Internet users often engaged in activities that would harm other users. Internal threats can cause even greater damage than external threats. Threats have become less sophisticated while the technical knowledge needed by an attacker has grown.

They filter traffic based on source IP addresses only.

Which statement describes a characteristic of standard IPv4 ACLs? They are configured in the interface configuration mode. They can be configured to filter traffic based on both source IP addresses and source ports. They can be created with a number but not with a name. They filter traffic based on source IP addresses only.

Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.

Which statement describes a difference between the operation of inbound and outbound ACLs? Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed. In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria. On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured. Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers.

exchanges link-state advertisements

Which step does an OSPF-enabled router take immediately after establishing an adjacency with another router? builds the topology table exchanges link-state advertisements chooses the best path executes the SPF algorithm

building the topology table

Which step in the link-state routing process is described by a router building a link-state database based on received LSAs?

When converged, all routers in an area have identical topology tables. It is a link-state database that represents the network topology. The table can be viewed via the show ip ospf database command.

Which three statements describe features of the OSPF topology table? (Choose three.) It is a link-state database that represents the network topology. Its contents are the result of running the SPF algorithm. When converged, all routers in an area have identical topology tables. The topology table contains feasible successor routes. The table can be viewed via the show ip ospf database command. After convergence, the table only contains the lowest cost route entries for all

R2 will be elected DR. R1 will be elected BDR. The R4 router ID is 172.16.1.1.

Which three statements describe the results of the OSPF election process of the topology that is shown in the exhibit? (Choose three.) R3 will be elected BDR. The R4 FastEthernet 0/0 priority is 128. The R4 router ID is 172.16.1.1. R1 will be elected BDR. The router ID on R2 is the loopback interface. R2 will be elected DR.

access-list 1 permit 192.168.10.0 0.0.0.127 access-list 5 permit 192.168.10.0 0.0.0.63 access-list 5 permit 192.168.10.64 0.0.0.63

Which two ACLs would permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface? (Choose two.) access-list 1 permit 192.168.10.0 0.0.0.127 access-list 2 permit host 192.168.10.9 access-list 2 permit host 192.168.10.69 access-list 5 permit 192.168.10.0 0.0.0.63 access-list 5 permit 192.168.10.64 0.0.0.63 access-list 3 permit 192.168.10.128 0.0.0.63 access-list 4 permit 192.168.10.0 0.0.0.255

Host Any

Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.) host most gt some any all

destination UDP port number ICMP message type

Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.) destination UDP port number computer type destination MAC address ICMP message type source TCP hello address


Kaugnay na mga set ng pag-aaral

Mathematics Vocabulary6th, 7th,8th, Algebra, and Geometry

View Set

MicroEcon 247 Practice Mid-term Exam part 2, Units 1 to 5 (from quizzes-for-grade)

View Set

APES semester 2 midterm chapter 15

View Set

Chapter 19: Share-Based Compensation and Earnings Per Share

View Set

OSCE Pertinent Positives and Negatives

View Set