Network Services

Question 1

What protocol is used to synchronize the time on a network of machines?

Answer 1

Network Time Protocol (NTP)

Question 2

What port does NTP use to communicate?

Answer 2

UDP port 123

Question 3

NTP uses the concept of what to describe how many NTP hops away a machine is from an authoritative time source.

Answer 3

stratum

Question 4

A stratum 2 server receives its time from what?

Answer 4

Stratum 1 server

Question 5

Which level of stratum time server has a radio or atomic clock that is directly attached to it?

Answer 5

level 1 stratum

Question 6

What command would you use to configure a client to use an NTP server?

Answer 6

ntp server ip-address [prefer] [source interface-id] command.

Question 7

What does a NTP server do?

Answer 7

Provides accurate time information to clients.

Question 8

What does a NTP client do?

Answer 8

Synchronizes its time to the server. This mode is most suited for file server and workstation clients that are not required to provide any form of time synchronization to other local clients.

Question 9

What is a NTP peer?

Answer 9

Peers exchange time synchronization information. The peer mode is also commonly known as symmetric mode. It is intended for configurations where a group of low stratum peers operate as mutual backups for each other.

Question 10

What is the most severe logging level?

Answer 10

Emergency (level 0)

Question 11

What severity level is ALERT?

Answer 11

Severity 1 - Immediate action needed

Question 12

What is the least severe level?

Answer 12

Debugging (level 7)

Question 13

What severity level is WARNING?

Answer 13

severity 4

Question 14

What severity level is INFORMATIONAL?

Answer 14

severity 6

Question 15

What severity level is NOTIFICATION?

Answer 15

severity 5

Question 16

How would configure a device to send log messages to a syslog server?

Answer 16

logging (hostname | ip address)

Question 17

What SNMP component collects management data from managed devices via polling or trap messages?

Answer 17

SNMP Manager or NMS (Network Manager Server)

Question 18

What is found on a managed network device, it locally organizes data and sends it to the manager?

Answer 18

SNMP Agent

Question 19

Which SNMP version added a complex security model but was never widely accepted?

Answer 19

SNMPv2

Question 20

Which SNMP version is the community standard but provides no security features besides a community string?

Answer 20

SNMPv2c

Question 21

Which SNMP version supports authentication and encryption?

Answer 21

SNMPv3

Question 22

What are the three components of NetFlow?

Answer 22

Flow Exporter, Flow Collector, Flow Analyzer

Question 23

What is a flow exporter?

Answer 23

The router or network device in charge of collecting flow information and exporting it to a flow collector.

Question 24

What is a flow collector?

Answer 24

A server that receives the exported flow information.

Question 25

What is a flow analyzer?

Answer 25

An application that analyzes flow information collected by the flow collector.

Question 26

What are some of the characteristics NetFlow can identify traffic flow?

Answer 26

Source and destination IP addresses, source and destination ports, and Differentiated Services Code Point (DSCP) or ToS markings.

Question 27

What are the packet attributes in an IP flow?

Answer 27

IP source address, IP destination address, Source port, Destination port, Layer 3 protocol type, CoS, Router or switch interface

Question 28

What is Cisco EEM?

Answer 28

Cisco IOS Embedded Event Manager (EEM) is a powerful and flexible tool to automate tasks and customize the behavior of Cisco IOS Software and the operation of a device.

Question 29

With EEM, you can create and run programs or scripts directly on a router or switch. The scripts created are referred to as what?

Answer 29

EEM policies

Question 30

EEM policies can programed by using which two methods?

Answer 30

A CLI-based interface (Applet) or a scripting language called Tool Command Interface (Tcl)

Question 31

What are the two primary purpose of EEM scripts?

Answer 31

Assist in troubleshooting an issue and assist with a temporary workaround

Question 32

What does a EEM server do?

Answer 32

The EEM server bridges the Cisco IOS subsystems used in the event detectors and the policies. Its primary purposes are to receive notifications from event detectors when an event of interest occurs, store the information about an event, publish events, register internal script directories, register Tcl scripts and applets, and process the actions taken by user-defined scripts.

Question 33

What does a EEM detector do?

Answer 33

The event detectors in EEM are used to determine when an EEM event occurs. Event detectors are separate systems that provide an interface between the agent being monitored, like Simple Network Management Protocol (SNMP), and the EEM policies where an action can be implemented. The following are some examples of EEM event detectors:

Question 34

What are some common EEM applet actions?

Answer 34

action cli: This action executes a Cisco IOS CLI command when an EEM applet is triggered.

action counter: This action sets or modifies a named counter when an EEM applet is triggered.

action decrement: This action decrements the value of a variable when an EEM applet is triggered.

action snmp-trap: This action generates an SNMP trap when an EEM applet is triggered.

action mail: This action sends a short email when an EEM applet is triggered.

action reload: This action reloads a Cisco IOS device when an EEM applet is triggered.

action syslog: This action writes a message to syslog when an EEM applet is triggered.

action put: This action enables the printing of data directly to the local tty when an EEM applet is triggered.

Question 35

What are two commands you should use at the beginning of the actions in an applet because the applet assumes that the user is in EXEC mode, not privileged EXEC or config mode.

Answer 35

enable and configure terminal commands

Question 36

What command you would use to see the actions taking place when an applet is running?

Answer 36

debug event manager action cli

Question 37

What command would you use to show all the output for the configured actions while an applet is being executed?

Answer 37

debug event manager all

Question 38

What command do you use to manually run an EEM applet?

Answer 38

event manager run applet-name

Question 39

What command would you use to configure a device to act as an NTP server?

Answer 39

ntp master stratum-number

Question 40

What does NTP use to determine the number of hops to the authoritative time source?

Answer 40

Stratum

Question 41

What version of HSRP supports groups 0-255?

Answer 41

HSRPv1

Question 42

What version of HSRP supports groups 0-4095?

Answer 42

HSRPv2

Question 43

What’s the multicast address HSRPv1 uses?

Answer 43

224.0.0.2

Question 44

What’s the multicast address HSRPv2 uses?

Answer 44

Multicast address is 224.0.0.102

Question 45

What is the default version of HSRP?

Answer 45

HSRPv1

Question 46

What’s the HSRP state when the device is responsible for forwarding (routing) packets that are being sent to it and responding to all ARP requests for the virtual IP address?

Answer 46

Active

Question 47

In which HSRP state is the device not yet ready or able to participate in HSRP, possibly because the interface is not yet up.

Answer 47

Init or disabled

Question 48

In which HSRP state the device has not determined the virtual IP address and has not yet seen an authenticated hello message from the active device. In this state, the device still waits to hear from the active device.

Answer 48

Learn

Question 49

Which HSRP state is the device is receiving hello messages?

Answer 49

Listen

Question 50

Which HSRP state is the device sending and receiving hello messages?

Answer 50

Speak

Question 51

Which HSRP state is when the device is prepared to become the active device if the active device fails?

Answer 51

Standby

Question 52

The device with the ______ priority will be the active device?

Answer 52

highest

Question 53

If the HSRP priority is tied, what will break the tie?

Answer 53

The device with the higher interface IP address will become the active device.

Question 54

What is the default HSRP priority?

Answer 54

100

Question 55

What enables the HSRP router with the highest priority to immediately become the active router once it is available.

Answer 55

Preemption

Question 56

Is HSRP preemption enabled by default?

Answer 56

no

Question 57

What command allows you to enable preemption?

Answer 57

standby preemption

Question 58

What are the two ways to implement HSRP authentication?

Answer 58

Plaintext and MD5 authentication

Question 59

What indicates how long the HSRP hello time is valid?

Answer 59

HSRP hold time

Question 60

What’s the default HSRP hello time?

Answer 60

3 seconds

Question 61

What’s the default HSRP hold time?

Answer 61

10 seconds

Question 62

What VRRP role is analogous to the HSRP active role?

Answer 62

VRRP master

Question 63

What VRRP role is analogous to the HSRP standby role?

Answer 63

VRRP backup

Question 64

What does priority 0 indicate in VRRP?

Answer 64

It indicates that the current master has stopped participating in VRRP.

Question 65

What virtual IP parameter can you configure in VRRP that you cannot in HSRP?

Answer 65

VRRP allows you to use an IP address of one of the physical VRRP group members as the virtual IP address.

Question 66

What multicast address does VRRP use?

Answer 66

224.0.0.18

Question 67

Which FHRP can track both interfaces and objects?

Answer 67

HSRP

Question 68

What is a Cisco-proprietary protocol, that protects data traffic from a failed device or circuit, and provides true load balancing within a subnet/VLAN between a grouping of redundant devices?

Answer 68

Gateway Load Balancing Protocol (GLBP)

Question 69

Which logging severity level indicates that the system is unstable?

Answer 69

Emergency

Question 70

Which logging severity level indicates a normal but significant condition?

Answer 70

Critical

Question 71

All except which of the following are elements of a syslog message?

A. Sequence number

B. Timestamp

C. Severity

D. Notification

Answer 71

Notification is not an element of a syslog message, but it is a severity level.

Question 72

Which of the following is not an IP packet attribute that IP flow in NetFlow is based on?

A. IP source address

B. IP destination address

C. Source port

D. Destination MAC address

Answer 72

D. Destination MAC address

Question 73

Which of the following can track a wide range of packet information for Layer 2, IPv4, and IPv6 flows?

A. NetFlow Version 9

B. NetFlow Version 10

C. Flexible NetFlow

D. Flexible NetFlow Version 7

Answer 73

Flexible NetFlow

Question 74

All except which of the following are components of Flexible NetFlow?

A. Flow record

Flow session

C. Flow monitor

D. Flow exporter

Answer 74

B. Flow session

Question 75

What copies traffic from one or more ports, one or more EtherChannels, or one or more VLANs and sends the copied traffic to one or more destinations for analysis by a network analyzer or network sniffer?

Answer 75

SPAN

Question 76

T/F: A destination port doesn’t have to reside on the same switch as the source port (for a local SPAN session).

Answer 76

False

Question 77

T/F: In SPAN, a destination port cannot be a source port.

Answer 77

True

Question 78

T/F: When configuring a local SPAN session, if the traffic direction is not configured, the source sends both transmitted (Tx) and received (Rx) traffic to the destination port to be monitored.

Answer 78

True

Question 79

What command configures the source port for a SPAN session?

Answer 79

monitor session 1 source interface GigabitEthernet 0/0

Question 80

What command configures the destination port for a SPAN session?

Answer 80

monitor session 1 destination interface GigabitEthernet 0/0

Question 81

What command shows a local SPAN session?

Answer 81

show monitor session 1

Question 82

What supports source ports, source VLANs, and destinations on different switches, facilitating remote monitoring of multiple switches across networks?

Answer 82

Remote span (RSPAN)

Question 83

To configure RSPAN, you need to create an RSPAN VLAN and trunk it between the switches.

Answer 83

True

Question 84

What supports source ports, source VLANs, and destinations on different switches across Layer 3 links, providing remote monitoring of multiple switches across a network?

Answer 84

Encapsulated Remote SPAN (ERSPAN)

Question 85

ERSPAN uses what kind of tunnel to carry traffic between switches?

Answer 85

GRE tunnel

Question 86

T/F: ERSPAN source sessions copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs.

Answer 86

False. Each ERSPAN source session can have either ports or VLANs as sources, but not both.

Question 87

Which version of SPAN requires the source and destination of a session to be on the same device?

Answer 87

Local SPAN

Question 88

Which of the following can be used for capturing packets from one device and sending the capture across a Layer 3 routed link to another destination?

Answer 88

ERSPAN

Question 89

Which Cisco IOS feature allows for the monitoring of traffic on one or more ports or VLANs and sends the traffic to one or more destinations?

Answer 89

ERSPAN

Question 90

What element of a syslog message refers to the sources and cause of a system message?

Answer 90

Facility

Question 91

When logging severity level 2 is configured, what is actually logged? (Choose all that apply.)

A. Emergency

B. Notification

C. Alert

D. Critical

Answer 91

A. Emergency
C. Alert
D. Critical

Question 92

Which of the following are components for configuring Flexible NetFlow?

A. Flow record

B. Flow monitor

C. Flow exporter

D. Sequence number

E. Flow sampler

Answer 92

A. Flow record
B. Flow monitor
C. Flow exporter
E. Flow sampler

Question 93

What command is used to show the type of session, the source port for each traffic direction, and the destination port for SPAN sessions?

Answer 93

show monitor session

Question 94

What type of SPAN requires a special VLAN for moving the monitored traffic?

Answer 94

RSPAN

Question 95

What protocol is used between routers to build a multicast tree and track which multicast packets to forward to each other and to their locally connected LANs?

Answer 95

Protocol Independent Multicast (PIM)

Question 96

What protocol is used between hosts on a LAN and routers on that LAN to track which multicast groups hosts belong to?

Answer 96

Internet Group Management Protocol (IGMP)

Question 97

The hosts that belong to a multicast group are referred to as what?

Answer 97

Group members

Question 98

Multicast host group addresses can be in the range 224.0.0.0 to what?

Answer 98

224.0.0.0 to 239.255.255.255

Question 99

What is the multicast address range reserved for link-local addresses?

Answer 99

224.0.0.0–224.0.0.255

Question 100

What is the multicast address range reserved for globally scoped addresses?

Answer 100

224.0.1.0–238.255.255.255

Question 101

What is the multicast address range reserved for source-specific multicast (SSM) addresses?

Answer 101

232.0.0.0–232.255.255.255

Question 102

What is the multicast address range reserved for GLOP addresses?

Answer 102

233.0.0.0–233.255.255.255. Reserved for statically defined addresses by organizations that already have an assigned autonomous system (AS) domain number

Question 103

What is the multicast address range reserved for limited-scope addresses?

Answer 103

239.0.0.0–239.255.255.255. Reserved as administrative or limited-scope addresses for use in private multicast domains

Question 104

What is a network device that sends query messages to discover which network devices are members of a particular multicast group?

Answer 104

A Querier

Question 105

What is a receiver, including a router, that sends report messages (in response to query messages) to inform the querier of host membership? They use IGMP messages to join and leave multicast groups.

Answer 105

Host

Question 106

Which version of IGMP is defined in RFC 2236, extends IGMP functionality by providing features such as the IGMP leave process to reduce leave latency, group-specific queries, and an explicit maximum query response time?

Answer 106

IGMPv2

Question 107

Which version of IGMP supports SSM?

Answer 107

IGMPv3

Question 108

Which version of IGMP is defined in RFC 1112, primarily uses a query/response model that enables the multicast router and multilayer switch to find which multicast groups are active (that is, have one or multiple hosts interested in a multicast group) on the local subnet?

Answer 108

IGMPv1

Question 109

What does a receiver send to the local router when it wants to receive a multicast stream from a multicast source?

Answer 109

unsolicited membership report, referred to as an IGMP join

Question 110

What is an IPv6 protocol that a host uses to request multicast data for a particular multicast group?

Answer 110

Multicast Listener Discovery (MLD)

Question 111

What is defined in RFC 4541, examines the Layer 2 IP multicast traffic within a VLAN to discover the ports where interested receivers reside?

Answer 111

IGMP snooping

Question 112

What type of tree has its root at the source and branches forming a spanning tree through the network to the receivers?

Answer 112

Source tree

Question 113

What type of tree uses the shortest path through the network, and is also referred to as the shortest path tree (SPT)?

Answer 113

Source tree

Question 114

What type of tree uses a single common root placed at some chosen point in the network?

Answer 114

Shared tree

Question 115

What is a concept in multicast forwarding that enables routers to forward multicast traffic down the distribution tree correctly?

Answer 115

Reverse-path forwarding (RPF)

Question 116

What PIM forwarding mode uses a push model to initially flood multicast traffic throughout the network?

Answer 116

PIM Dense Mode (PIM-DM)

Question 117

What PIM forwarding mode uses a pull model to deliver multicast traffic?

Answer 117

PIM Sparse Mode (PIM-SM)

Question 118

What PIM forwarding mode uses shared trees and requires the use of an RP?

Answer 118

PIM Sparse Mode (PIM-SM)

Question 119

In what mode does the router handles both dense groups and sparse groups at the same time?

Answer 119

PIM Sparse-Dense Mode

Question 120

What is an enhancement of the PIM protocol that is designed for efficient many-to-many communications within a PIM domain?

Answer 120

Bidirectional PIM (Bidir-PIM)

Question 121

What is an extension of the PIM protocol that provides an efficient data delivery mechanism in one-to-many communications?

Answer 121

Source-Specific Multicast (SSM)

Question 122

What acts as the meeting place for sources and receivers of multicast data in a shared tree?

Answer 122

Rendezvous point (RP)

Question 123

What’s the term for statically configuring an RP for a multicast group range on every router in the multicast domain?

Answer 123

Static RP.

Question 124

What is a Cisco-proprietary method that automates the distribution of group-to-RP mappings in a PIM network?

Answer 124

Auto-RP

Question 125

In Auto-RP, what type of RPs advertise their willingness to become RPs by sending RP announcement messages at 60-second intervals to the well-known multicast group address 224.0.1.39 (CISCO-RP-ANNOUNCE)?

Answer 125

Candidate RPs

Question 126

In Auto-RP, what receives the RP announcement messages from the RPs and arbitrate conflicts?

Answer 126

RP mapping agents

Question 127

Which of the following is not an IP packet attribute that IP flow in NetFlow is based on?

IP source address

IP destination address

Source port

Destination MAC address

Answer 127

The destination MAC address is not one of the packet attributes that IP flow is based on

Question 128

Which of the following can track a wide range of packet information for Layer 2, IPv4, and IPv6 flows?

NetFlow Version 9

NetFlow Version 10

Flexible NetFlow

Flexible NetFlow Version 7

Answer 128

Flexible NetFlow

Question 129

All except which of the following are components of Flexible NetFlow?

Flow record

Flow session

Flow monitor

Flow exporter

Answer 129

Flow session

Question 130

What section of the Netflow config do you point to IP address of the collector and what destination port it will listen to?

Answer 130

Flow exporter

Question 131

When configuring netflow, what do you apply to the interface you want monitor?

Answer 131

Flow monitor

Question 132

What are assigned to Flexible NetFlow flow monitors to define the cache used for storing flow data?

Answer 132

Flow record

Question 133

What element of a syslog message refers to the sources and cause of a system message?

Sequence number

Timestamp

Severity

Facility

Answer 133

Facility

Question 134

When logging severity level 2 is configured, what is actually logged? (Choose all that apply.)

Emergency

Notification

Alert

Critical

Answer 134

Emergency
Alert
Critical

Question 135

Which of the following are components for configuring Flexible NetFlow? (Choose four.)

Flow record

Flow monitor

Flow exporter

Sequence number

Flow sampler

Answer 135

Flow record

Flow monitor

Flow exporter

Flow sampler

Question 136

What type of SPAN requires a special VLAN for moving the monitored traffic?

Answer 136

RSPAN. The traffic for each RSPAN session is carried as Layer 2 nonroutable traffic over a user-specified RSPAN VLAN dedicated to that RSPAN session in all participating switches.

Question 137

What command is used to show the type of session, the source port for each traffic direction, and the destination port for SPAN sessions?

Answer 137

show monitor session

Question 138

Is an IP SLA responder required for IP SLA to function?

Answer 138

No

Question 139

True or false: When configuring IP SLA, you cannot configure multiple IP SLA instances on a single device.

Answer 139

False

Question 140

IP SLA can be used to monitor which of the following? (Choose three.)

Syslog messages

Packet loss

Server/website responses and downtime

Delay

Answer 140

Packet loss

Server/website responses and downtime

Delay

Question 141

Which switch command can you issue to verify the configuration for a specific ERSPAN session when the SPAN session is encapsulated and routed across a Layer 3 network?

show monitor | include erspan-source
show running-config | include erspan-source
show monitor session erspan-source
show erspan-source

Answer 141

show monitor session erspan-source

Question 142

What was the first version of NTP to introduce time synchronization support for IPv6?

NTPv3
NTPv4
NTPv5
NTPv6

Answer 142

NTPv4

Question 143

You are configuring RSPAN from Switch A to Switch B. On Switch B, you want to configure VLAN 11 as the destination for packets that are sent to Switch A.

Which of the following commands are you most likely to issue on Switch B?

monitor session 1 destination vlan 11
monitor session 1 destination remote vlan 11
monitor session 1 source vlan 11
monitor session 1 source remote vlan 11

Answer 143

monitor session 1 destination remote vlan 11

Question 144

What is the mac-address HSRPv1 uses?

0000.0c07.acXX
0000.0c9f.fxxxx
0005.73a0.0xxx

Answer 144

0000.0c07.acXX

Question 145

What is the mac-address HSRPv2 uses?

0000.0c07.acXX
0000.0c9f.fxxxx
0005.73a0.0xxx

Answer 145

0000.0c9f.fxxxx