Добавил:
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
CCIE Self Study CCIE Security Exam Certification Guide - Cisco press.pdf
Скачиваний:
169
Добавлен:
24.05.2014
Размер:
10.23 Mб
Скачать

C H A P T E R 3

Application Protocols

This chapter covers some of today’s most widely used application protocols.

This chapter covers the following topics:

Domain Name System (DNS)—Topics in this section include how DNS is configured on Cisco routers and what port numbers are used when delivered across an IP network.

Trivial File Transfer Protocol (TFTP)—This section covers TFTP’s common uses, particularly on Cisco IOS-enabled routers. The process used to copy files to and from TFTP server is described.

File Transfer Protocol (FTP)—This section covers FTP and the advanced mechanisms used in this connection-orientated protocol to ensure data delivery.

Other Application Topics—Included are Hypertext Transfer Protocol (HTTP), Secure Socket Layer (SSL), Simple Network Management Protocol (SNMP), Simple Mail Transfer Protocol (SMTP), Network Time Protocol (NTP), Secure Shell (SSH), Lightweight Directory Access Protocol, and Active Directory. These sections cover some of the common configurations and IOS commands on Cisco routers that enable these applications.

NOTE SNMP, although not listed officially on the Cisco website, is a possible topic in the written examination.

“Do I Know This Already?” Quiz

The purpose of this assessment quiz is to help you determine how to spend your limited study time. If you can answer most or all these questions, you might want to skim the “Foundation Topics” section and return to it later as necessary. Review the “Foundation Summary” section and answer the questions at the end of the chapter to ensure that you have a strong grasp of the material covered. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. If you find these assessment questions difficult, read through the entire “Foundation Topics” section and review it until you feel comfortable with your ability to answer all these and the “Q & A” questions at the end of the chapter.

104 Chapter 3: Application Protocols

Answers to these questions can be found in Appendix A, “Answers to Quiz Questions.”

1RFC 1700 defines what well-known ports for DNS?

a.TCP port 21

b.TCP port 23

c.UDP port 21

d.UDP port 53

e.TCP/UDP port 53

2What supplies DNS security?

a.A default username/password pairing

b.A TFTP directory

c.A filename

d.A domain name

e.None of the above

3What IOS command will stop a Cisco router from querying a DNS server when an invalid IOS command is entered on the EXEC or PRIV prompt?

a.no ip domain-lookup

b.no ip dns-lookup

c.no ip dns-queries

d.no exec

4What does the following Global IOS configuration line accomplish?

ip host SimonisaCCIE 131.108.1.1 131.108.1.2

a.Defines the router name as SimonisaCCIE

b.Defines a local host name, SimonisaCCIE, mapped to IP addresses 131.108.1.1 and 131.108.1.2

c.Configures the IOS router for remote routing entries 131.108.1.1 and 131.108.1.2

d.Not a valid IOS command

e.Configures the local routers with the IP address 131.108.1.1 and 131.108.1.2 on boot up

“Do I Know This Already?” Quiz 105

5TFTP uses what predefined UDP port number?

a.21

b.22

c.23

d.53

e.69

6What IOS command will copy an IOS image from the current system flash to a TFTP server?

a.copy tftp image:

b.copy flash tftp

c.copy tftp flash

d.copy tftp tftp

7Suppose a client calls and advises you that an FTP data transaction is not allowing him to view the host’s directory structure. What are the most likely causes of the problem? (Choose all that apply.)

a.The client’s username/password is wrong.

b.The client’s FTP data port is not connected.

c.The host machine has denied him access because the password is wrong.

d.A serious network outage requires that you reload the router closest to the client.

e.An access list is stopping port 20 from detailing the directory list.

8FTP runs over what Layer 4 protocol?

a.IP

b.TCP

c.TFTP

d.DNS

e.UDP

106 Chapter 3: Application Protocols

9HTTPS traffic uses what TCP port number?

a.21

b.443

c.334

d.333

e.343

10SNMP is restricted on Cisco routers by what IOS command?

a.snmp-server enable

b.snmp-server community string

c.snmp-server ip-address

d.snmp-server no access permitted

11TFTP protocol uses which of the following?

a.Username/password pairs to authorize transfers

b.Uses TCP port 169

c.Uses UDP port 169

d.Can use UDP/TCP and port 69

e.None of the above

12Which of the following statements is true regarding SSL?

a.Every packet sent between host and client is authenticated.

b.Encryption is used after a simple handshake is completed.

c.SSL uses port 2246.

d.SSL is not a predefined standard.

e.SSL does not perform any data integrity checks.

13What is the HELO SMTP command used for?

a.To authenticate SMTP clients

b.To identify SMTP clients

c.This is an unknown standard

d.The HELO command is used in SNMP (not SMTP)

“Do I Know This Already?” Quiz 107

14POP3 clients can do what?

a.Receive SNMP queries

b.Send mail

c.Send SNMP queries

d.The POP3 protocol is a routing algorithm

15NTP uses what well-known TCP port?

a.23

b.551

c.21

d.20

e.123

f.321

16Secure Shell (SSH) is used to do what?

a.Disable spanning tree on Catalyst 5000 switches

b.Protect the data link layer only from attacks

c.Protect the TCP/IP host

d.Allow TCP/IP access to all networks without any security

e.SSH is used only in the data link layer

17Which of the following protocols can be authenticated? (Select the best four answers.)

a.Telnet

b.HTTP

c.HTTPS

d.Spanning tree

e.TFTP

f.FTP

108 Chapter 3: Application Protocols

18What is the community string value when the following IOS commands are entered in global configuration mode?

snmp-server community publiC RO snmp-server enable traps config snmp-server host 131.108.255.254 isdn

a.ISDN

b.Config

c.publiC

d.public

e.Public

f.More data required

19Which of the following best describes an SNMP inform request?

a.Requires no acknowledgment

b.Requires an acknowledgment from the SNMP agent

c.Requires an acknowledgment from the SNMP manager

d.Only SNMP traps can be implemented on Cisco IOS routers

20What UDP port number will SNMP traps be sent from?

a.21

b.22

c.161

d.162

21What TCP port number will an SNMP inform acknowledgment packet be sent to?

a.21

b.22

c.23

d.161

e.162

f.None of the above

“Do I Know This Already?” Quiz 109

22To restrict SNMP managers from the source network 131.108.1.0/30, what IOS command is required?

a.

ip http enable 131.108.1.1 131.108.1.2

b.

snmp community 131.108.1.1 131.108.1.2

c.

snmp-server community SimonisCool ro 4 access-list 4 permit 131.108.1.0 0.0.0.252

d.

snmp-server community SimonisCool ro 4

e.

snmp-server community SimonisCool ro 1 access-list 11 permit 131.108.1.0 0.0.0.252

Соседние файлы в предмете Сети и Телекоммуникации