Thursday, July 03, 2008

It's Thursday, July 3, and here are the answers to yesterday's Cisco practice exam questions - plus a tutorial on global synchronization at no extra charge! ;)

Be sure to read today and yesterday's blog posts for the latest on the new CCNA Security, Voice, and Wireless certifications, including a new CCNA Security tutorial!

CCNA Certification:

What character or combination of characters indicates a statically configured default route?

Answer: An "S*" next to a route indicates that it is a default static route. If there were no asterisk next to the "S", that indicates a regular static route.

CCNA Security Exam:

What is a honeypot? What purpose does it serve in today's networks?

Answer: With so much emphasis put on network security, it sounds really strange that we would invite attacks on a server. That's exactly what we do when we create a honeypot! A honeypot isn't just an unprotected network device - we're actually inviting attacks.

There's a method to the madness, though!

Honeypots serve a dual purpose. First, they lure network attackers away from our production servers. If you have one server that's an easy target and then others that are not, you can bet that easy target will be the first one attacked.

Honeypots aren't just a diversionary tactic, though. As network attacks on the honeypot begin and the packets are analyzed, this information can be used to identify new attacks - and to help create signatures to defend against them.

CCENT Certification Question:

Which one of the following networking terms is not associated with the same OSI layer as the others?

A. router

B. packet



Answer: C. TCP runs at the Transport layer of the OSI model. The other three terms are associated with the Network layer.

CCNP Certification / BSCI Exam:

If an IPv6 address begins with "FF", what kind of address is it?

A. broadcast

B. unicast

C. anycast

D. multicast

Answer: D. Any IPv6 address beginning with "FF" is a multicast. IPv6 does not use broadcasts.

CCNP Certification / BCMSN Exam:

You've configured an Etherchannel and note that the trunk has gone down. You check the interfaces on one switch and note that two are "err-disabled". The corresponding ports on the other switch are not. What should you do?

A. Nothing - that's the normal and desired behavior.

B. Shut and reopen the err-disabled interfaces.

C. Shut and reopen the non-err-disabled interfaces.

D. Use the err-abled command on the err-disabled interfaces.

Answer: B. After finishing the config, shut and reopen the err-disabled interfaces. If the configuration is correct, that will do the trick.


Name three separate actions that can be taken when certain traffic matches a signature in IPS.

Answer: Here are four actions that can be taken when a signature matches network traffic:

Drop the packets

A TCP Reset can be sent

Block traffic from the source IP or the connection as a whole for "X" minutes, "X" being a configurable value

Send an alarm message to a management device or to the log

CCNP / ONT Exam:

What is global synchronization? If it's good, describe the benefits. If it's bad, describe why it's bad.

Answer: Here's a quick tutorial on global synchronization.

When a queue is full, packets that are trying to queue up for transmission literally have nowhere to be put! These packets are then subject to tail drop, which is a fancy way of saying "you're being dropped because we have no place to put you".

You know that TCP has a detection and recovery scheme when it comes to missing segments, so tail drop is no big deal, right? Quite the opposite, it's a huge deal.

The problem starts innocently enough, as the senders realize their TCP packets are being dropped. As we'd expect, the senders then throttle back on their transmission speed. After doing so, the senders will then gradually speed their transmission rates back up.

As multiple senders increase their tranmission rates, the queue will fill up again, and the senders will again almost simultaneously slow their tranmission rates, followed by another near-simultaneous increase.

As a result of this global synchronization, the links are perpetually in one of two states - congested or underused. Basically, the network ends up being either hammered or not being used to its full potential, and those are both circumstances we want to avoid.

New questions posted later today, and be sure to read all of the recent blog posts for the latest information on the new CCNA certifications, including a new CCNA Security tutorial!

To your success,

Chris Bryant
CCIE #12933

No comments:

Blog Archive