Traffic is only forwarded from SDM-trusted Cisco routers.
Security testing is performed and the results are saved as a text file stored in NVRAM.
The router is tested for potential security problems and any necessary changes are made.
All traffic entering the router is quarantined and checked for viruses before being forwarded.
The username and password are not configured correctly.
The authentication method is not configured correctly.
The HTTP timeout policy is not configured correctly.
The vtys are not configured correctly.
The TCP/IP information is forwarded to a 10.0.1.3 to be supplied to DHCP clients.
The TCP/IP information is used by DHCP clients that are configured to request a configuration from R1.
The TCP/IP information is supplied to any DHCP client on the network connected to the FastEthernet 0/0 interface of R1.
The TCP/IP information is applied to each packet that enters R1 through the FastEthernet 0/0 interface that are hosts on the 10.0.1.0 /24 network except packets from addresses 10.0.1.2, 10.0.1.16, and 10.0.1.254.
Malicious software that copies itself into other executable programs
tricks users into running the infected software
A set of computer instructions that lies dormant until triggered by a specific event
Exploits vulnerabilities with the intent of propagating itself across a network
The 10.1.1.225 host is exchanging packets with the 192.168.0.10 host.
The native 10.1.200.254 address is being translated to 192.168.0.10.
The 192.168.0.0/24 network is the inside network.
Port address translation is in effect.
Company B has a higher volume of POTS voice traffic than Company A.
Company B shares the conection to the DSLAM with more clients than Company A.
Company A only uses microfilters on branch locations.
Company A is closer to the service provider.
It matches the incoming packet to the access-list 201 permit any any statement and allows the packet into the router.
It reaches the end of ACL 101 without matching a condition and drops the packet because there is no access-list 101 permit any any statement.
It matches the incoming packet to the access-list 101 permit ip any 192.168.1.0 0.0.0.255 statement, ignores the remaining statements in ACL 101, and allows the packet into the router.
It matches the incoming packet to the access-list 201 deny icmp 192.168.1.0 0.0.0.255 any statement, continues comparing the packet to the remaining statements in ACL 201 to ensure that no subsequent statements allow FTP, and then drops the packet.
This network is experiencing congestion.
The Frame Relay connection is in the process of negotiation.
Data is not flowing in this network.
The network is discarding eligible packets.
The DLCI is globally significant.
Configure DHCP and static NAT.
Configure dynamic NAT for ten users.
Configure static NAT for all ten users.
Configure dynamic NAT with overload.
A new WAN service supporting only IPv6
NAT overload to map inside IPv6 addresses to outside IPv4 address
A manually configured IPv6 tunnel between the edge routers R1 and R2
Static NAT to map inside IPv6 addresses of the servers to an outside IPv4 address and dynamic NAT for the rest of the inside IPv6 addresses
HQ(config-subif)#frame-relay interface-dlci 103 on Serial 0/0/0.1 • HQ(config-subif)#frame-relay interface-dlci 203 on Serial 0/0/0.2
HQ(config-subif)#frame-relay interface-dlci 301 on Serial 0/0/0.1 • HQ(config-subif)# frame-relay interface-dlci 302 on Serial 0/0/0.2
HQ(config-subif)#frame-relay map ip 172.16.1.1 103 broadcast on Serial 0/0/0.1 • HQ(config-subif)#frame-relay map ip 172.16.2.2 203 broadcast on Serial 0/0/0.2
HQ(config-subif)#frame-relay map ip 172.16.1.1 301 broadcast on Serial 0/0/0.1 • HQ(config-subif)#frame-relay map ip 172.16.2.2 302 broadcast on Serial 0/0/0.2
A network utilization baseline should quickly reveal application availability.
A period of 24 to 48 hours should provide a sufficient baseline to track normal network activity.
It is easier to start with monitoring all available data inputs on application servers, and then fine-tune to fewer variables along the way.
When it is practical, network administrators should attempt to automate the collection of performance data and stay away from manual collection.
Creating a network baseline data helps determine device thresholds for alerting.
PPP with PAP
PPP with CHAP
HDLC with PAP
HDLC with CHAP
Data link layer
When the remote router is a non-Cisco router
When the remote router does not support Inverse ARP
When the local router is using IOS Release 11.1 or earlier
When broadcast traffic and multicast traffic over the PVC must be controlled
When globally significant rather than locally significant DLCIs are being used
Access list entries should filter in the order from general to specific.
One access list per port per protocol per direction is permitted.
Standard ACLs should be applied closest to the source while extended ACLs should be applied closest to the destination.
There is an implicit deny at the end of all access lists.
Statements are processed sequentially from top to bottom until a match is found.
Broadband Internet site-to-site VPN connections
Satellite based network connections
Dedicated point-to-point circuits
Frame Relay PVCs
Improper LMI type
PPP negotiation failure
A CSU/DSU terminates a digital local loop.
A modem terminates a digital local loop.
A CSU/DSU terminates an analog local loop.
A modem terminates an analog local loop.
A router is commonly considered a DTE device.
Named ACLs are less efficient than numbered ACLs.
Standard ACLs should be applied closest to the core layer.
ACLs applied to outbound interfaces are the most efficient.
Extended ACLs should be applied closest to the source that is specified by the ACL.
The PVC to R3 must be point-to-point.
LMI types must match on each end of a PVC.
The ietf parameter is missing from the frame-relay map ip 10.10.10.3 203 command.
The PVCs at R2 use different encapsulation types. A single port can only support one encapsulation type.
The wildcard mask and subnet mask perform the same function.
The wildcard mask is always the inverse of the subnet mask.
A "0" in the wildcard mask identifies IP address bits that must be checked.
A "1" in the wildcard mask identifies a network or subnet bit.
MAC address of the Orlando router
MAC address of the DC router
Lower latency and jitter
Variable bandwidth capacity
Fewer physical router interfaces
Show controllers indicates cable type DCE V.35. show interfaces s0/0/0 indicates serial down, line protocol down.
show controllers indicates cable type DCE V.35. show interfaces s0/0/0 indicates serial up, line protocol down
Show controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial up, line protocol down.
Show controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial down, line protocol down.
VPN link establishment and maintenance is provided by LCP.
DLCI addresses are used to identify each end of the VPN tunnel.
VPNs use virtual Layer 3 connections that are routed through the Internet.
Only IP packets can be encapsulated by a VPN for tunneling through the Internet.
Apply the ACL in the inbound direction.
Apply the ACL on the FastEthernet 0/0 interface.
Reverse the order of the TCP protocol statements in the ACL.
Modify the second entry in the list to permit tcp host 192.168.10.10 any eq telnet
The commands overwrite the existing Managers ACL.
The commands are added at the end of the existing Managers ACL.
The network administrator receives an error stating that the ACL already exists.
The commands will create a duplicate Managers ACL containing only the new commands being entered.
It creates a basis for legal action if necessary.
It defines a process for managing security violations.
It defines acceptable and unacceptable use of network resources.
The remote access policy is a component of the security policy that governs acceptable use of e-mail systems.
It is kept private from users to prevent the possibility of circumventing security measures.
The clock rate must be 56000.
The usernames are misconfigured.
The IP addresses are on different subnets.
The CHAP passwords must be different on the two routers.
Interface serial 0/0/0 on CTRL must connect to interface serial 0/0/1 on BR_1.
All TCP traffic is permitted, and all other traffic is denied.
The command is rejected by the router because it is incomplete.
All traffic from 172.16.4.0/24 is permitted anywhere on any port.
Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations.
Use the copy tftp: flash: command
Boot the router to bootROM mode and enter the b command to load the IOS manually
Telnet from another router and issue the show running-config command to view the password
Boot the router to ROM monitor mode and configure the router to ignore the startup configuration when it initializes
The router forwards the frame to all ports in the network and learns the address from the reply frame.
The destination host IP address is embedded in the DLCI.
The router searches Inverse ARP tables for maps of DLCIs to IP addresses.
A table of static mappings can be searched.
The router broadcasts a request for the required IP address.
Interface fa0/0/0, inbound
Interface fa0/0/0, outbound
Interface fa0/0/1, inbound
Interface fa0/0/1, outbound
SSH is unable to pass through NAT.
There are incorrect access control list entries.
The access list has the incorrect port number for SSH.
The ip helper command is required on S0/0/0 to allow inbound connections.
The bandwidth has been set to the value of a T1 line.
Encapsulation should of this inteface be changed to PPP.
There is no failure indicated in an OSI Layer 1 or Layer 2.
The physical connection between the two routers has failed.
The IP address of S0/0 is invalid, given the subnet mask being used.
Source 192.168.1.2 - Destination 192.168.4.2
Source 192.168.3.1 - Destination 192.168.3.2
Source 192.168.2.1 - Destination 192.168.3.2
Source 192.168.3.1 - Destination 192.168.4.2
RIPng is incompatible with dual-stack technology.
All interfaces have been configured with the incorrect IPv4 addresses.
RIPv1 or RIPv2 needs to be configured in addition to RIPng to successfully use IPv4.
When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are shut down in favor of the newer technology.
Perform a baseline test and compare the current values to values that were obtained in previous weeks.
Interview departmental secretaries and determine if they think load time for web pages is improved.
Compare the hit counts on the company web server for the current week to the values that were recorded from previous weeks.
Performance on the intranet can be determined by monitoring load times of company web pages from remote sites.
From R2, validate that interface Fa0/0 is operational.
From the TFTP server, verify that the software on the TFTP server is operational.
From the TFTP server, confirm there is enough room on the TFTP server for the Cisco IOS software.
From the console session, make sure that R1 has a route to the network where the TFTP server resides.
Defines which addresses can be translated
Defines which addresses are assigned to a NAT pool
Defines which addresses are allowed out of the router
Defines which addresses can be accessed from the inside network
Changes to the network will reveal problems that are caused by the new patches.
Scheduling will be more difficult if the network and software teams work independently.
It will be difficult to isolate the problem if two teams are implementing changes independently.
Results from changes will be easier to reconcile and document if each team works in isolation.
Once a good password is created, do not change it.
Deliberately misspell words when creating passwords.
Create passwords that are at least 8 characters in length.
Use combinations of upper case, lower case, and special characters.
Write passwords in locations that can be easily retrieved to avoid being locked out.
Traffic that is destined for 172.16.4.1 and 172.16.4.5 will be dropped by the router.
Traffic will not be routed from clients with addresses between 172.16.4.1 and 172.16.4.5.
The DHCP server function of the router will not issue the addresses between 172.16.4.1 and 172.16.4.5.
The router will ignore all traffic that comes from the DHCP servers with addresses 172.16.4.1 and 172.16.4.5.
Security options are build into IPv6.
IPv6 addresses require less router overhead to process.
IPv6 can only be configured on an interface that does not have IPv4 on it.
There is no way to translate between IPv4 addresses and IPv6 addresses.
When enabled on a router, IPv6 can automatically configure link-local IPv6 addresses on all interfaces.
The serial interfaces are in different subnets.
The RIPng process is not enabled on interfaces.
The RIPng network command is not configured.
The RIPng processes do not match between Router1 and Router2.
demilitarized zone (DMZ)
The 192.168.1.1 address has not been excluded from the DHCP pool.
The pool of addresses for the 192Network pool is incorrect.
The default router for the 192Network pool is incorrect.
The 192.168.1.1 address is already configured on Fa0/0.
Exchange information about the status of virtual circuits
Map DLCIs to network addresses
Provide flow control
Provide congestion notification
Send keepalive packets to verify operation of the PVC