ICND1-105 Part 9 (ch33-36) Network Device Management
SSH
A TCP/IP application layer protocol that supports terminal emulation between a client and server, using dynamic key exchange and encryption to keep the communications private.
IOS File System (IFS)
A file system created by a Cisco device that uses IOS.
IOS image
A file that contains the IOS.
log message
A message generated by any computer, but including Cisco routers and switches, for which the device OS wants to notify the owner or administrator of the device about some event.
NTP Client/Server Mode
A mode of operation with the Network Time Protocol (NTP) in which the device acts as bot an NTP client, synchronizing its time with some servers, and as an NTP server, supplying time information to clients.
Network Time Protocol (NTP)
A protocol used to synchronize time-of-day clocks so that multiple devices use the same time of day. which allows log messages to be more easily matched based on their timestamps.
universal device identifier (UDI)
A number that Cisco assigns to each router to uniquely identify the router's type and unique serial number, for the purpose of enabling the IOS software licensing process to work.
running-config file
In Cisco IOS switches and routers, the name of the file that resides in RAM memory, holding the device's currently used configuration.
startup-config file
In Cisco IOS switches routers, the name of the file that resides in NVRAM memory, holding the device's configuration that will be loaded into RAM as the running-config file when the device next reloaded or powered on.
login banner
In Cisco router or switch, a text message that the router/switch displays for the user during the login process.
configuration register
In Cisco routers, a 16 bit, user-configurable value that determines how the router functions during initialization. In software, the bit position is set by specifying a hexadecimal value using configuring commands.
message of the day
One type of login banner that can defined on a Cisco router or switch.
device hardening
A security term referring to whatever activities one might do to secure a device or type of device, for instance, by securing login access to a router or switch, and using ACLs to limit what users can login to a router or switch.
syslog server
A server application that collects syslog messages from many devices over the network, and provides reporting capabilities on these system messages. Some can even respond to select system messages with certain actions such as emailing and paging.
IOS feature set
A set of related features that can be enabled on a router to enable certain functionality. For example, the Security feature set would enable the capability to have the router act a firewall in the network.
ROMMON
A shorter name for ROM Monitor, which is a low-level operating system that can be loaded into Cisco routers for several seldom-needed maintenance tasks, including password recovery and loading a new IOS when flash memory has been corrupted.
code integrity
A software security term that refers to how likely that the software (code) being used is the software supplied by the vendor.
md5 hash
A specific mathematical algorithm intended for use in various security protocols. In the context of Cisco routers and switches, the devices store the MD5 hash of certain passwords, rather that the passwords themselves, in an effort to make the device more secure.
flash memory
A type of read/write permanent memory that retains its contents even with no power applied to the memory, and uses no moving parts, making the memory less likely to fail over time.
local username
A username (with matching password), configured on a router or switch. It is considered local because it exists on the router or switch, and not on a remote server.
configuration archive
An IOS concept by which some IOS file system is defined as a place to store configuration archives of a Cisco router or switch, allowing automatic and manual archive, and easier restore.
setup mode
An option on Cisco IOS switches and routers that prompts the user for base configuration information, resulting in new running-config and startup-config files.
NTP client
Any device that attempts to use the Network Time Protocol (NTP) to synchronize its time by adjusting the local devices's time based on NTP messages received from a server.
NTP Server
Any device that uses Network Time Protocol (NTP) to help synchronize time-of-day clocks for other devices by telling other devices its current time.
CDP
Cisco Discovery Protocol. A media- and protocol-independent device-discovery protocol that runs on most Cisco-manufactured equipment, including routers, access servers, and swtiches. Using CDP, a device can advertise its existence to other devices and receive information about other devices on the same LAN or on the remote side of a WAN.
IOS
Cisco Internetwork Operating System Software that provides the majority of a router's or switch's features, with the hardware providing the remaining features.
product authorization key (PAK)
During the IOS licensing process, the number that Cisco assigns a customer the right to enable an IOS feature set on one of that customer's routers of a particular model series (chosen at the time the PAK was purchased).
NVRAM
Nonvolatile RAM. A type of random-access memory (RAM) that retains its contents when a unit is powered off.
LLDP
Link Layer Discovery Protocol. An IEEE standard protocol (IEEE 802. 1AB) that defines messages, encapsulated directly in Ethernet frames so they do not rely on a working IPv4 or IPv6 network, for the purpose of giving devices a means of announcing basic device information to other devices on the LAN. It is a standardized protocol similar to Cisco Discovery Protocol (CDP).
ROM
Read-only memory. A type of nonvolatile memory that can be read but not written to by the microprocessor.
SCP
Secure Copy Protocol. A method to securely copy files that uses the authentication and encryption services of SSH; can be used to copy files to/from Cisco devices.
universal image
The Cisco IOS universal image contains all feature sets for the specific device for which it was made. The administrator just needs to license an enable the specific features he or she desires.
boot field
The low-order 4 bits of the configuration register in a Cisco router. The value in the boot field in part tells router where to look for a Cisco IOS image to load.
NTP synchronization
The process with the Network Time Protocol (NTP) by which different devices send messages, exchanging the devices' current-time-of-day clock information and other data, so that some devices adjust their clocks to the point that the time-of-day clocks list the same time (often accurate to at least the same second).
telnet
The standard terminal-emulation application layer protocol in the TCP/IP protocol stack. Telnet is used for remote terminal connection, enabling users to log in to remote systems and use resources as if they were connected to a local system. Telnet is defined in RFC 854.
36.3 What command enables you to show the UDI of your Cisco router? a. *show udi*, b. *show license udi*, c. *show base udi*, d. *show udi base*
b. *show license udi*
34.5 A single-line ACL has been added to a router configuration using the command *ip access-list 1 permit 172.16.4.0 0.0.1.255.* The configuration also includes the *iip access-class 1 in* command VTY configuration mode.. Which answer accurately describes how the router uses ACL 1? a. Hosts in subnet 172.16.4.0/23 alone can telnet into the router., b. CLI users cannot telnet from the router to hosts in subnet 172.16.4.0/23 alone., c. Hosts in subnet 172.16.4.0/23 alone can log in but cannot reach enable mode of the router., d. The router will only forward packets with source addresses in subnet 172.16.4.0 /23.
a. Hosts in subnet 172.16.4.0/23 alone can telnet into the router.
35.6 What type of router memory used to store the configuration used by the router when it is up and working? a. RAM, b. ROM, c. Flash, d. NVRAM
a. RAM
33.3 Which of the following is accurate about the NTP client function on a Cisco router? a. The client synchronizes its time-of-day clock based on the NTP server., b. It counts CPU cycles of the local router CPU to more accurately keep time., c. The client synchronizes its serial line clock rate based on the NTP server., d. The client must be connected to the same subnet as an NTP server.
a. The client synchronizes its time-of-day clock based on the NTP server
36.2 What is the name of the new Cisco IOS image file that provides access to all major IOS features? a. Universal, b. Full, c. Complete, d. Enhanced
a. Universal
35.1 An engineer needs to put a new IOS image into a router's flash memory as part of an IOS upgrade. Which of the following could the engineer do to move files into the router? a. Use the *copy ftp flash* command to copy files using FTP., b. Use the *copy flash tftp* command to copy files using TFTP into flash. c. Use the *copy scp flash* command to copy files into flash using SCP. d. Use the *ios restore* command to copy into flash from the file archive.
a. Use the *copy ftp flash* command to copy files into flash using FTP.
35.5 You have forgotten your privileged mode password and cannot access global configuration mode. During the password recovery process, how can you change the configuration register if you cannot remember enough passwords to get into configuration mode of the router? a. Using ROMMON mode, b. Using the Setup Utility, c. Using the GUI for configuring the device, d. Using password reset mode
a. Using ROMMON mode
34.2. The IOS commands store passwords as clear text, but you can then encrypt the passwords with the *service password-encryption* global command. By comparison, other commands store a computed hash of the password, rather than storing the password. Comparing the two options, which one answer is the //most accurate //about why one method is better than the other? a. Using hashes is preferred because encrypted IOS passwords can be easily decrypted., b.Using hashes is preferred of the large CPU effort required for encryption., c. Using encryption is preferred because it provides stronger password protection., d. Using encryption is preferred because of the large CPU effort required for hashes.
a. Using hashes is preferred because encrypted IOS passwords can be easily decrypted.
36.5 Which of the following answers lists a CLI command on a router that is useful when installing a right-to-use license onto a 2901 router that uses Cisco IOS licensing and an IOS universal image? a. * license boot module c2900 technology-package* //technology-package//, b. *license boot module technology-package* //technology package *install*, c. *license install* //url technology-package//, d. *license install* //url//
a. license boot
34.1 Imagine that you have configured the *enable secret* command, followed by the *enable password* command, form the console. You log out of switch and log back in at the console. Which command defines the password that you had to enter to access privileged mode? a. *enable password*, b. *enable secret*, c. Neither, d. The *password* command, if it's configured.
b. *enable password*
33.4 Router R2 uses NTP in client/server mode. Which of the following correctly describes the use of the NTP configuration commands on Router R2? (Choose two answers.) a. The *ntp server* command enables R2's NTP server function., b. The *ntp server* command makes R2 an NTP client and references a server., c. The *ntp master* command enables R2's NTP server function., d. The *ntp master* command enables R2's client function and references the server.
b. The *ntp server* command makes R2 an NTP client and references a server. c. The *ntp master* command enables R2's NTP server function.
34.4 The following command was copied and pasted into configuration mode when a user was telnetted into a Cisco switch: *image* *banner login this is the login banner* Which of the following is true about what occurs the next time a user logs in from the console? a. No banner text is displayed. , b. The banner text "his is" is displayed., c. The banner text "this is the login banner configured, no text defined" is displayed.
b. The banner text "his is" is displayed.
35.2 What is the first step a typical Cisco router takes during the boot process when attempting to locate an operating system to load? a. The router looks for an image on a TFTP server., b. The router checks its configuration register boot field., c. The router boots to ROMMON. , d. The router looks in flash memory for a Cisco IOS image file.
b. The router looks for an image on a TFTP server.
34.3 A network engineer issues a *show running-config* command and sees only one line of output that mentions the *enable secret* command, as follows: *image* Which of the following is true about users of this router? a. A user must type $1$ZGMA$e8cmvkz4UjiJhVp7.maLE1 to reach enable mode., b. The router will hash the clear-text password that the user types to compare to the hashed password. c. A *no service password-encryption* configuration command would decrypt this password. , d. The router will decrypt the password in the configuration to compare to the clear-text password typed by the user.
b. The router will hash the clear-text password that the user types to compare to the hashed password.
33.2 What command limits the messages sent to a syslog server to levels 4 through 0? a. *logging trap 0-4*, b. *logging trap 0,1,2,3,4*, c. *logging trap 4*, d. *logging trap through 4*
c. *logging trap 0,1,2,3,4*
35.3 After your Cisco router boots, what is a simple way to verify the Cisco IOS image that was loaded and the location from which it was copied into RAM?, s. *show running-config, b. *show boot*, c. *show cisco ios*, d. *show version*
c. *show cisco ios*
36.4 Which of the following answers lists a CLI command on a router that is useful when installing a paid for technology package licensing and an IOS universal image? a. *license boot module c2900 technology-package* //technology-package//, b. *license boot module technology-package* //technology package// *install*, c.*license install* //url technology-package, d. *license install* //url//
d. *license install* //url//
36.1 Imagine a Cisco router model X. Cisco produced IOS software for this model of router such that its customer could pay for baseline features, additional data features. With this traditional method of software production from Cisco, for a single IOS version, how many IOS images would be available for this one router model X? a. 1, b. 2, c. 3, d. >3
d. >3
33.1 What level of logging to the console is the default for a Cisco device? a. Informational, b. Errors, c. Warnings, d. Debugging
d. Debugging
35.4 Which value in the configuration register controls how the router boots? a. The third hexadecimal character, b. The second hexadecimal character, c. The first hexadecimal character, d. The last hexadecimal character
d. The last hexadecimal character
35.7 An engineer has made dozens of configuration changes to a router's configuration in the previous hour. The engineer wants to revert back to a configuration that he had previously saved to an external FTP server. Which facilities would allow the engineer to go back to using the exact same running configuration that the router had an hour ago without reloading router? a. Use the *copy ftp running-config* command, b. Use the *copy ftp startup-config* command, c. Use the *archive restore ftp* command, d. Use the *config replace* command
d. Use the *config replace* command
33.5 Imagine that a switch connects through an Ethernet cable to a router, and router's host name is Hannah. Which of the following commands could tell you information about the IOS version on Hannah without establishing a Telnet connection to Hannah? (Choose two answers.) a .*show neighbors Hannah*, b. *show cdp*, c. * show cdp neighbors*, d. *show cdp neighbors Hannah*, e. *show cdp entry Hannah*, f. *show cdp neighbors detail*
e. *show cdp entry Hannah* f. *show cdp neighbors detail*
33.6 A switch is cabled to a router whose host name is Hannah. Which of the following LLDP commands could identify Hannah's model of hardware? (Choose two answers.) a. *show neighbors*, b. *show neighbors Hannah*, c. *show lldp*, d. *show lldp interface*, e. *show lldp neighbors*, f. *show lldp entry Hannah*
e. *show lldp neighbors* f. *show lldp entry Hannah*