Monday, August 04, 2008

Had a little Blogger issue yesterday, so let's catch up with the answers to Saturday's questions!

CCNA Certification And CCENT Certification:

You want to hardcode the first 12 ports on a Cisco switch to all run at 100 MBPS and full-duplex. What single command will allow you to do this?

Answer: First, go into interface range configuration mode with the interface range command:

SW1(config)#interface range fast 0/1 - 12

The commands you enter at this point will be added to all interfaces in that range. You can enter the speed 100 and duplex full commands here to have all interfaces in that range set to those values.

CCNA Security Certification / CCNP ISCW Exam:

What's the difference between stateful and stateless packet filtering?

Answer: Stateless packet filtering is generally referred to simply as packet filtering. Packet filtering works much like an ACL. It's common to filter packets on one or more of the following:

1. Source IP address or port number
2. Destination IP address or port number
3. Protocol

Sounds great, right? There are some problems with this technique. Packet filtering only considers the values in the ACL - there's no attempt to determine if this packet is part of an already-existing connection, or attempting to create one. With protocols that use random port numbers at times - FTP, for example - there can be some real problems establishing a connection.

Stateful packet filtering does monitor the connection state, and that's particularly important when it comes to preventing TCP attacks. A stateful firewall will not only monitor the state of the TCP connection, but also the sequence numbers. Stateful firewalls accomplish this by keeping a session table, or state table.

CCNP Certification / BSCI Exam:

Which of the following does NOT have to match between prospective OSPF neighbors?

A. Process ID

B. Hello timer

C. Dead timer

D. Stub flag setting

Answer: D. Two OSPF routers can be using different process numbers and still become neighbors.

CCNP Certification / BCMSN Exam:

Which of the following describes the default setting for DHCP Snooping?

A. It's off.

B. It's on.

C. When it's active, all interfaces are untrusted.

D. When it's active, all interfaces are trusted.

E. When it's active, trunking interfaces are trusted and all others are untrusted.

Answer: A, C. DHCP Snooping is off by default, and when you enable it, all interfaces are untrusted.

CCNP / ONT Exam:

What is the full command to configure cRTP on the following interface?

R1(config)#int serial0
R1(config-if)#encap frame

Answer: To configure RTP Header Compression on this interface, enter the ip rtp header-compression command. In this example, IOS Help displays our options with this command.

R3(config)#int s0/0/0
R3(config-if)#ip rtp header-compression ?

ietf-format Compressing using IETF format
iphc-format Compress using IPHC format
passive Compress only for destinations which send compressed headers

R3(config-if)#ip rtp header-compression

See you later today with more questions here on the blog, a new CCNA Security tutorial, and two new practice exams - one for the CCNA and another for the CCNP BSCI exam!

To your success,

Chris Bryant

CCIE #12933

No comments:

Blog Archive