click below
click below
Normal Size Small Size show me how
CCIE R&S - Security
CCIE R&S - Written - Security
Question | Answer |
---|---|
What is the range for extended ACLs numbers? | 100-199, 2000-2699 |
What ending keyword is used in an ACL statement to get general information? | log |
What ending keyword is used in an ACL statement to get detailed information? | log input |
This type of ACL is compiled and put into a table for faster processing | Turbo ACL |
What is the function of uPRF? | To stop spoofed packets |
What is required to run uPRF? | CEF |
What two actions can be taken on a uPRF offending packet? | drop or log |
What interface command enables uPRF? | ip verify unicast reverse-path |
What two uPRF modes are there and what is the difference? What are the keywords? | Strict mode (rx) says the packet has to be on the correct interface, Loose mode (any) says that the router only has to have a route for that specific subnet |
What is a limitation of uPRF's visibility? | It can't see packets encapsulated inside tunnels |
What is IP Source Guard? | Protection against spoofing |
What is necessary for IP Source Guard to function? | DHCP Snooping |
How does CBAC work? | It watches traffic leave the network and temporarily permits return traffic |
Where can you apply the CBAC inspect rule? | In the inbound direction of the internal direction or the outbound direction of the external interface |
If an 'inspect' command and an 'access-group' command is on the same interface, which one is evaluated first? | access-group |
Which authentication protocol encrypts the password field only and uses UDP port 1812? | Radius |
Which authentication protocol encrypts the entire payload and uses TCP port 49? | Tacacs |
How many authentication methods are configurable on a single aaa command? | 4 |
What are the three switchport port-security violation options? | Protect, Restrict, Shutdown |
What is a gratuitous ARP? | Host sends ARP reply to broadcast address even though no request was sent |
How many messages per port per second can a host send by default when dynamic ARP inspection is enabled? | 15 |
In 802.1x what messages does the switch translate? | EAPoL and Radius |
In 802.1x, which device is the supplicant? | 802.1x client |
In 802.1x, which device is the authenticator? | Switch |
What two things must be configured globally along with the 'dot1x port-control' interface command for correct 802.1x operation? | aaa command, dot1x command to enable it |
In what two ways can storm limits be defined? | packet rate or interface bandwidth percentage |
What three actions can be taken if storm-control thresholds are passed? | Discard, Discard and shutdown port, Discard and send SNMP trap |
On which ports are storm-control commands effective on? | Physical only |
What is the purpose of the 'established' keyword in an ACL? | Matches packets with TCP ACK flag set to prevent SYN flood |
Explain the two modes of TCP Intercept. | Watch mode - Routers sends TCP reset if no 3 way handshake within configured time, Intercept mode - router acts a proxy |
What is a smurf attack? | Hosts sends large number of ICMP Echo Requests to subnet broadcast address |
What is a fraggle attack? | Host sends large number of UDP Echos to subnet broadcast address |
What is the six step process for configuring zone-based firewalls? | Create zones, Create zone pairs, Create class maps, Create policies, Assign policies to zone pairs, Apply interface to zones |