New CCNA – New Questions 1

!
Question 1

Which three are the components of SNMP? (Choose three)

A. MIB
B. SNMP Manager
C. SysLog Server
D. SNMP Agent

Answer: A, B, D

Explanation

SNMP is an application-layer protocol that provides a message format for communication

between SNMP managers and agents. SNMP provides a standardized framework and a
common language used for the monitoring and management of devices in a network.
The SNMP framework has three parts:

+ An SNMP manager
+ An SNMP agent
+ A Management Information Base (MIB)

The SNMP manager is the system used to control and monitor the activities of network
hosts using SNMP. The most common managing system is called a Network Management
System (NMS). The term NMS can be applied to either a dedicated device used for
network management, or the applications used on such a device. A variety of network
management applications are available for use with SNMP. These features range from
simple command-line applications to feature-rich graphical user interfaces (such as the
CiscoWorks2000 line of products).

The SNMP agent is the software component within the managed device that maintains
the data for the device and reports these data, as needed, to managing systems. The
agent and MIB reside on the routing device (router, access server, or switch). To enable
the SNMP agent on a Cisco routing device, you must define the relationship between the
manager and the agent.

The Management Information Base (MIB) is a virtual information storage area for
network management information, which consists of collections of managed objects

(Reference: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/
fcf014.html#wp1017597)

Question 2

What are the popular destinations for Syslog messages to be saved?

A. Flash
B. The logging buffer RAM
C. The console terminal
D. Other terminals
E. Syslog server

Answer: B C E

Explanation

By default, switches send the output from system messages and debug privileged EXEC
commands to a logging process. The logging process controls the distribution of logging
messages to various destinations, such as the logging buffer (on RAM), terminal lines
(console terminal), or a UNIX syslog server, depending on your configuration. The
process also sends messages to the console.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/
release/12.1_9_ea1/configuration/guide/swlog.html#wp1024032)

Note: Syslog messages can be be written to a file in Flash memory. We can configure
this feature with (logging file flash:filename)

Question 3

Syslog was configured with a level 3 trap. Which 3 types of logs would be generated
(choose three)

A. Emergencies
B. Alerts
C. Critical
D. Errors
E. Warnings
F. Notification

Answer: A B C D (?)

Explanation

The Message Logging is divided into 8 levels as listed below:

Level
Keyword
Description
0
emergencies
System is unusable
1
alerts
Immediate action is needed
2
critical
Critical conditions exist
3
errors
Error conditions exist
4
warnings
Warning conditions exist
5
notification
Normal, but significant, conditions exist
6
informational
Informational messages
7
debugging
Debugging messages
The highest level is level 0 (emergencies). The lowest level is level 7. If you specify a
level with the “logging console level” command, that level and all the higher levels will
be displayed. For example, by using the “logging console warnings” command, all the
logging of emergencies, alerts, critical, errors, warnings will be displayed.

In this question level 3 trap is configured so Emergencies, Alerts, critical and Errors
messages are displayed. Although this question only requires to choose 3 correct
answers but maybe something is missing here.

Question 4

What are the benefit of using Netflow? (Choose three)

A. Network, Application & User Monitoring

B. Network Planning
C. Security Analysis
D. Accounting/Billing

Answer: A C D

Explanation

NetFlow traditionally enables several key customer applications including:

+ Network Monitoring – NetFlow data enables extensive near real time network
monitoring capabilities. Flow-based analysis techniques may be utilized to visualize
traffic patterns associated with individual routers and switches as well as on a network-
wide basis (providing aggregate traffic or application based views) to provide proactive
problem detection, efficient troubleshooting, and rapid problem resolution.
+ Application Monitoring and Profiling – NetFlow data enables network managers to
gain a detailed, time-based, view of application usage over the network. This
information is used to plan, understand new services, and allocate network and
application resources (e.g. Web server sizing and VoIP deployment) to responsively meet
customer demands.

+ User Monitoring and Profiling – NetFlow data enables network engineers to gain
detailed understanding of customer/user utilization of network and application
resources. This information may then be utilized to efficiently plan and allocate access,
backbone and application resources as well as to detect and resolve potential security
and policy violations.

+ Network Planning – NetFlow can be used to capture data over a long period of time
producing the opportunity to track and anticipate network growth and plan upgrades to
increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow
services data optimizes network planning including peering, backbone upgrade planning,
and routing policy planning. NetFlow helps to minimize the total cost of network
operations while maximizing network performance, capacity, and reliability. NetFlow
detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and
allows the analysis of new network applications. NetFlow will give you valuable
information to reduce the cost of operating your network.

+ Security Analysis – NetFlow identifies and classifies DDOS attacks, viruses and
worms in real-time. Changes in network behavior indicate anomalies that are clearly
demonstrated in NetFlow data. The data is also a valuable forensic tool to understand
and replay the history of security incidents.

+ Accounting/Billing – NetFlow data provides fine-grained metering (e.g. flow data

includes details such as IP addresses, packet and byte counts, timestamps, type-of-
service and application ports, etc.) for highly flexible and detailed resource utilization
accounting. Service providers may utilize the information for billing based on time-of-
day, bandwidth usage, application usage, quality of service, etc. Enterprise customers
may utilize the information for departmental charge-back or cost allocation for resource
utilization.

(Reference: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/
products_implementation_design_guide09186a00800d6a11.html#wp1030045)

Question 5

Which protocol can cause overload on a CPU of a managed device?

A. Netflow
B. WCCP
C. IP SLA
D. SNMP

Answer: D
Explanation

Sometimes, messages like this might appear in the router console:

%SNMP-3-CPUHOG: Processing [chars] of [chars]

They mean that the SNMP agent on the device has taken too much time to process a
request.

You can determine the cause of high CPU use in a router by using the output of the
show process cpu command.

Note: A managed device is a part of the network that requires some form of monitoring
and management (routers, switches, servers, workstations, printers…).

(Reference: http://www.cisco.com/en/US/tech/tk648/tk362/
technologies_tech_note09186a00800948e6.shtml)

Question 6

Which one of these is a valid HSRP Virtual Mac Address?

A. 0000.0C07.AC01
B. 0000.5E00.0110
C. 0007.B400.1203
D. 0000.C007.0201

Answer: A

Explanation

With HSRP, two or more devices support a virtual router with a fictitious MAC address
and unique IP address. There are two version of HSRP.

+ With HSRP version 1, the virtual router’s MAC address is 0000.0c07.ACxx , in which xx
is the HSRP group.
+ With HSRP version 2, the virtual MAC address if 0000.0C9F.Fxxx, in which xxx is the
HSRP group.

Note: Another case is HSRP for IPv6, in which the MAC address range from
0005.73A0.0000 through 0005.73A0.0FFF.

-> A is correct.

(Good resource for HSRP: http://www.cisco.com/en/US/docs/switches/datacenter/sw/

5_x/nx-os/unicast/configuration/guide/l3_hsrp.html)

Question 7

What are the three things that the Netflow uses to consider the traffic to be in a same
flow?
A. IP address
B. Interface name
C. Port numbers
D. L3 protocol type
E. MAC address

Answer: A C D

Question 8

What is the alert message generated by SNMP agents called (choose two) ?

A. TRAP
B. INFORM
C. GET
D. SET

Answer: A B

Explanation

A TRAP is a SNMP message sent from one application to another (which is typically on a
remote host). They’re purpose is merely to notify the other application that something
has happened, has been noticed, etc. The big problem with TRAPs is that they’re
unacknowledged so you don’t actually know if the remote application received your oh-
so-important message to it. SNMPv2 PDUs fixed this by introducing the notion of an
INFORM, which is nothing more than an acknowledged TRAP.

Question 9

Which three features are added in SNMPv3 over SNMPv2?

A. Message Integrity
B. Compression
C. Authentication
D. Encryption
E. Error Detection

Answer: A C D

Explanation

Cisco IOS software supports the following versions of SNMP:

+ SNMPv1 – The Simple Network Management Protocol: A Full Internet Standard,

defined in RFC 1157. (RFC 1157 replaces the earlier versions that were published as RFC
1067 and RFC 1098.) Security is based on community strings.
+ SNMPv2c – The community-string based Administrative Framework for SNMPv2.
SNMPv2c (the “c” stands for “community”) is an Experimental Internet Protocol defined
in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations
and data types of SNMPv2p (SNMPv2 Classic), and uses the community-based security
model of SNMPv1.

+ SNMPv3 – Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol

defined in RFCs 2273 to 2275. SNMPv3 provides secure access to devices by a
combination of authenticating and encrypting packets over the network. The security
features provided in SNMPv3 are as follows:

– Message integrity: Ensuring that a packet has not been tampered with in transit.
– Authentication: Determining that the message is from a valid source.
– Encryption: Scrambling the contents of a packet prevent it from being learned by an
unauthorized source.

(Reference: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/
fcf014.html#wp1010901)

Question 10

What is SNMPv3 authentication protocol?

Answer: HMAC-MD5 or HMAC-SHA (Maybe either of them will appear in the exam)

Question 11

Which three statements about Syslog utilization are true? (Choose three)

A. Utilizing Syslog improves network performance.

B. The Syslog server automatically notifies the network administrator of network
problems.
C. A Syslog server provides the storage space necessary to store log files without using
router disk space.
D. There are more Syslog messages available within Cisco IOS than there are
comparable SNMP trap messages.
E. Enabling Syslog on a router automatically enables NTP for accurate time stamping.
F. A Syslog server helps in aggregation of logs and alerts.

Answer: C D F

Question 12

What NetFlow component can be applied to an interface to track IPv4 traffic?

A. flow monitor
B. flow record
C. flow sampler
D. flow exporter
Answer: A

Question 13

What command visualizes the general NetFlow data on the command line?

A. show ip flow export

B. show ip flow top-talkers
C. show ip cache flow
D. show mls sampling
E. show mls netflow ip

Answer: C

Explanation

The “show ip cache flow” command displays a summary of the NetFlow accounting
statistics.