Interconnecting Cisco Networking Devices Part 2 (ICND2 v3.0)
Question No: 11 – (Topic 1)
What is a difference between TACACS and RADIUS in AAA?
Only TACACS allows for separate authentication.
Only RADIUS encrypts the entire access-request packet.
Only RADIUS uses TCP.
Only TACACS couples authentication and authorization.
Explanation: Authentication and Authorization
RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization.
TACACS uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS for authorization and accounting. For example, with TACACS , it is possible to use Kerberos authentication and TACACS authorization and accounting. After a NAS authenticates on a Kerberos server, it requests authorization information from a TACACS server without having to re-authenticate. The NAS informs the TACACS server that it has successfully authenticated on a Kerberos server, and the server then provides authorization information.
During a session, if additional authorization checking is needed, the access server checks with a TACACS server to determine if the user is granted permission to use a particular command. This provides greater control over the commands that can be executed on the access server while decoupling from the authentication mechanism.
Question No: 12 – (Topic 1)
Which statement about DTP is true?
It uses the native VLAN.
It negotiates a trunk link after VTP has been configured.
It uses desirable mode by default.
It sends data on VLAN 1.
Disabling Dynamic Trunking Protocol (DTP)
Cisco#39;s Dynamic Trunking Protocol can facilitate the automatic creation of trunks between two switches. When two connected ports are configured in dynamic mode, and at least one of the ports is configured as desirable, the two switches will negotiate the formation of a trunk across the link. DTP isn#39;t to be confused with VLAN Trunking Protocol (VTP), although the VTP domain does come into play.
DTP on the wire is pretty simple, essentially only advertising the VTP domain, the status of the interface, and it#39;s DTP type. These packets are transmitted in the native (or access) VLAN every 60 seconds both natively and with ISL encapsulation (tagged as VLAN 1) when DTP is enabled.
Question No: 13 – (Topic 1)
Which statement about switch access ports is true?
They drop packets with 802.1Q tags.
A VLAN must be assigned to an access port before it is created.
They can receive traffic from more than one VLAN with no voice support
By default, they carry traffic for VLAN 10.
Answer: A Explanation:
quot;If an access port receives a packet with an 802.1Q tag in the header other than the access VLAN value, that port drops the packet without learning its MAC source address.quot;
Question No: 14 – (Topic 1)
Which feature can you use to monitor traffic on a switch by replicating it to another port or ports on the same switch?
copy run start
the ICMP Echo IP SLA
Explanation: A source port, also called a monitored port, is a switched or routed port that you monitor for network traffic analysis. In a single local SPAN session or RSPAN source session, you can monitor source port traffic, such as received (Rx), transmitted (Tx), or bidirectional (both). The switch supports any number of source ports (up to the maximum number of available ports on the switch) and any number of source VLANs.
A source port has these characteristics:
->It can be any port type, such as EtherChannel, Fast Ethernet, Gigabit Ethernet, and so forth.
->It can be monitored in multiple SPAN sessions.
->It cannot be a destination port.
->Each source port can be configured with a direction (ingress, egress, or both) to monitor. For EtherChannel sources, the monitored direction applies to all physical ports in the group.
->Source ports can be in the same or different VLANs.
->For VLAN SPAN sources, all active ports in the source VLAN are included as source ports.
Question No: 15 – (Topic 1)
Refer to the exhibit.
Router edge-1 is unable to establish OSPF neighbor adjacency with router ISP-1. Which two configuration changes can you make on edge-1 to allow the two routers to establish adjacency? (Choose two.)
Set the subnet mask on edge-1 to 255 255.255.252.
Reduce the MTU on edge-1 to 1514.
Set the OSPF cost on edge-1 to 1522.
Reduce the MTU on edge-1 to 1500.
Configure the ip ospf mtu-ignore command on the edge-1 Gi0/0 interface.
Explanation: A situation can occur where the interface MTU is at a high value, for example 9000, while the real value of the size of packets that can be forwarded over this interface is 1500.
If there is a mismatch on MTU on both sides of the link where OSPF runs, then the OSPF adjacency will not form because the MTU value is carried in the Database Description (DBD) packets and checked on the other side.
Question No: 16 – (Topic 1)
Which type of topology is required by DMVPN?
Question No: 17 – (Topic 1)
Which two pieces of information are provided by the show controllers serial 0 command? (Choose two.)
the type of cable that is connected to the interface.
The uptime of the interface
the status of the physical layer of the interface
the full configuration of the interface
the interface#39;s duplex settings
Answer: A,C Explanation:
The show controller command provides hardware-related information useful to troubleshoot and diagnose issues with Cisco router interfaces. The Cisco 12000 Series uses a distributed architecture with a central command-line interface (CLI) at the Gigabit Route Processor (GRP) and a local CLI at each line card.
Question No: 18 – (Topic 1)
Which statement about the router configurations is correct?
PPP PAP is authentication configured between Branch2 and R1.
Tunnel keepalives are not configured for the tunnel0 interface on Branch2 and R2.
The Branch2 LAN network 192.168.11 0/24 is not advertised into the EIGRP network.
The Branch3 LAW network 192.168.10.0/24 is not advertised into the EIGRP network.
PPP CHAP is authentication configured between Branch1 and R1.
Question No: 19 – (Topic 1)
How can you disable DTP on a switch port?
Configure the switch port as a trunk.
Add an interface on the switch to a channel group.
Change the operational mode to static access.
Change the administrative mode to access.
Question No: 20 – (Topic 1)
Which two components are used to identify a neighbor in a BGP configuration? (Choose two.)
autonomous system number
Answer: A,E Explanation:
Use the show ip bgp neighbors (registered customers only) command to display information about the TCP and Border Gateway Protocol (BGP) connections and verify if the BGP peer is established. The output of the show ip bgp neighbors command below shows the BGP state as #39;Established#39;, which indicates that the BGP peer relationship has been established successfully.
R1-AGS# show ip bgp neighbors | include BGP
BGP neighbor is 10.10.10.2, remote AS 400, internal link
BGP version 4, remote router ID 22.214.171.124 BGP state = Established, up for 00:04:20 BGP table version 1, neighbor version 1 R1-AGS#
The show ip bgp neighbors command has been used above with the modifier | include BGP. This makes the output more readable by filtering the the command output and displaying the relevant parts only.
In addition, the show ip bgp summary (registered customers only) command can also be used to display the status of all BGP connections, as shown below.
R1-AGS(9)# show ip bgp summary
BGP router identifier 10.1.1.2, local AS number 400 BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.10.10.2 4 400 3 3 1 0 0 00:00:26 0
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|