Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CCIE R&S - Security
CCIE R&S - Written - Security
| Question | Answer |
|---|---|
| What is the range for extended ACLs numbers? | 100-199, 2000-2699 |
| What ending keyword is used in an ACL statement to get general information? | log |
| What ending keyword is used in an ACL statement to get detailed information? | log input |
| This type of ACL is compiled and put into a table for faster processing | Turbo ACL |
| What is the function of uPRF? | To stop spoofed packets |
| What is required to run uPRF? | CEF |
| What two actions can be taken on a uPRF offending packet? | drop or log |
| What interface command enables uPRF? | ip verify unicast reverse-path |
| What two uPRF modes are there and what is the difference? What are the keywords? | Strict mode (rx) says the packet has to be on the correct interface, Loose mode (any) says that the router only has to have a route for that specific subnet |
| What is a limitation of uPRF's visibility? | It can't see packets encapsulated inside tunnels |
| What is IP Source Guard? | Protection against spoofing |
| What is necessary for IP Source Guard to function? | DHCP Snooping |
| How does CBAC work? | It watches traffic leave the network and temporarily permits return traffic |
| Where can you apply the CBAC inspect rule? | In the inbound direction of the internal direction or the outbound direction of the external interface |
| If an 'inspect' command and an 'access-group' command is on the same interface, which one is evaluated first? | access-group |
| Which authentication protocol encrypts the password field only and uses UDP port 1812? | Radius |
| Which authentication protocol encrypts the entire payload and uses TCP port 49? | Tacacs |
| How many authentication methods are configurable on a single aaa command? | 4 |
| What are the three switchport port-security violation options? | Protect, Restrict, Shutdown |
| What is a gratuitous ARP? | Host sends ARP reply to broadcast address even though no request was sent |
| How many messages per port per second can a host send by default when dynamic ARP inspection is enabled? | 15 |
| In 802.1x what messages does the switch translate? | EAPoL and Radius |
| In 802.1x, which device is the supplicant? | 802.1x client |
| In 802.1x, which device is the authenticator? | Switch |
| What two things must be configured globally along with the 'dot1x port-control' interface command for correct 802.1x operation? | aaa command, dot1x command to enable it |
| In what two ways can storm limits be defined? | packet rate or interface bandwidth percentage |
| What three actions can be taken if storm-control thresholds are passed? | Discard, Discard and shutdown port, Discard and send SNMP trap |
| On which ports are storm-control commands effective on? | Physical only |
| What is the purpose of the 'established' keyword in an ACL? | Matches packets with TCP ACK flag set to prevent SYN flood |
| Explain the two modes of TCP Intercept. | Watch mode - Routers sends TCP reset if no 3 way handshake within configured time, Intercept mode - router acts a proxy |
| What is a smurf attack? | Hosts sends large number of ICMP Echo Requests to subnet broadcast address |
| What is a fraggle attack? | Host sends large number of UDP Echos to subnet broadcast address |
| What is the six step process for configuring zone-based firewalls? | Create zones, Create zone pairs, Create class maps, Create policies, Assign policies to zone pairs, Apply interface to zones |
Created by:
ajballer15
Popular Computers sets