- •CCIE Security Written Exam Blueprint
- •General Networking Topics
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Networking Basics—The OSI Reference Model
- •Ethernet Overview
- •Internet Protocol
- •Variable-Length Subnet Masks
- •Classless Interdomain Routing
- •Transmission Control Protocol
- •TCP Services
- •Routing Protocols
- •ISDN
- •IP Multicast
- •Asynchronous Communications and Access Devices
- •Foundation Summary
- •Requirements for FastEther Channel
- •Scenario
- •Scenario 2-1: Routing IP on Cisco Routers
- •Scenario Answers
- •Scenario 2-1 Answers: Routing IP on Cisco Routers
- •Application Protocols
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Domain Name System
- •Trivial File Transfer Protocol
- •File Transfer Protocol
- •Hypertext Transfer Protocol
- •Secure Socket Layer
- •Simple Network Management Protocol
- •Simple Mail Transfer Protocol
- •Network Time Protocol
- •Secure Shell
- •Foundation Summary
- •Scenario
- •Scenario Answers
- •Scenario 3-1 Solutions
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Cisco Hardware
- •show and debug Commands
- •Password Recovery
- •Basic Security on Cisco Routers
- •IP Access Lists
- •Foundation Summary
- •Scenario
- •Scenario Answers
- •Security Protocols
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Authentication, Authorization, and Accounting (AAA)
- •Remote Authentication Dial-In User Service (RADIUS)
- •Kerberos
- •Virtual Private Dial-Up Networks (VPDN)
- •Encryption Technology Overview
- •Internet Key Exchange (IKE)
- •Foundation Summary
- •Scenario
- •Scenario 5-1: Configuring Cisco Routers for IPSec
- •Scenario Answers
- •Scenario 5-1 Solutions
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •UNIX
- •Microsoft NT Systems
- •Common Windows DOS Commands
- •Cisco Secure for Windows and UNIX
- •Cisco Secure Policy Manager
- •Cisco Secure Intrusion Detection System and Cisco Secure Scanner
- •Cisco Security Wheel
- •Foundation Summary
- •Scenarios
- •Scenario 6-1: NT File Permissions
- •Scenario 6-2: UNIX File Permissions
- •Scenario Answers
- •Scenario 6-1 Solution
- •Scenario 6-2 Solution
- •Security Technologies
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Advanced Security Concepts
- •Cisco Private Internet Exchange (PIX)
- •Cisco IOS Firewall Security Feature Set
- •Public Key Infrastructure
- •Virtual Private Networks
- •Foundation Summary
- •Scenario
- •Scenario Answer
- •Scenario 7-1 Solution
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Network Security Policies
- •Standards Bodies and Incident Response Teams
- •Vulnerabilities, Attacks, and Common Exploits
- •Intrusion Detection System
- •Protecting Cisco IOS from Intrusion
- •Foundation Summary
- •Scenario
- •Scenario 8-1: Defining IOS Commands to View DoS Attacks in Real Time
- •Scenario Answer
- •Scenario 8-1 Solution
C H A P T E R 2
General Networking Topics
This chapter covers general networking concepts listed in the CCIE Security blueprint for the written exam. The CCIE blueprint lists some example topics that define general networking, including switching, TCP/IP, routed and routing protocols, PPP, ISDN, and asynchronous communications.
The CCIE Security written exam contains approximately 50 percent security questions and approximately 50 percent general networking questions. This chapter prepares you for the general networking questions. Although the CCIE Security written exam blueprint lists some specific networking topics, it does not, for example, mention Frame Relay, which might appear on the exam. This chapter covers many of the listed and a few of the unlisted general networking topics.
Although these topics are not extensively defined in the blueprint, the CCIE Security written exam might include topics taken from the CCIE Routing and Switching written exam blueprint. This chapter endeavors to cover all bases and provide quality test examples to ensure that you are well prepared to tackle the general networking questions you encounter in the examination.
This chapter covers the following topics:
•Networking basics—The OSI model, concepts, and functions. Topics include the seven layers of the OSI model and common examples (TCP/IP).
•Switching and bridging—The process today’s networks use to switch packets and traditional bridging methods. Virtual LANs, spanning tree, and Ethernet Channel are discussed.
•Routing IP—The most widely used routed protocol in today’s Internet, IP, and the routing protocols available on Cisco routers, such as RIP, EIGRP, OSPF, and BGP. IOS commands and configuration examples demonstrate the power of routing IP on Cisco routers.
•PPP, ISDN, Frame Relay, IP Multicast, and Async—Two of the most widely used dialup protocols are PPP and ISDN. Frame Relay is covered briefly to ensure that you have a good understanding of the common terminology used in today’s networks. IP multicast and async protocols are also covered.
12 Chapter 2: General Networking Topics
“Do I Know This Already?” Quiz
This assessment quiz will help you determine how to spend your limited study time. If you can answer most or all these questions, you might want to skim the “Foundation Topics” section and return to it later as necessary. Review the “Foundation Summary” section and answer the questions at the end of the chapter to ensure that you have a strong grasp of the material covered. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. If you find these assessment questions difficult, read through the entire “Foundation Topics” section and review it until you feel comfortable with your ability to answer all these and the “Q & A” questions at the end of the chapter.
Answers to these questions can be found in Appendix A, “Answers to Quiz Questions.”
1Which layer of the OSI model is responsible for converting frames into bits and bits into frames?
a.Physical
b.Network
c.Transport
d.LLC sublayer
e.Data Link
2Routing occurs at what layer of the OSI model?
a.Physical
b.Network
c.Transport
d.LLC sublayer
e.Data link
3Bridging occurs at what layer of the OSI model?
a.Physical
b.Network
c.Transport
d.Data link
4Which of the following is not part of the OSI model?
a.Network layer
b.Physical layer
c.Operational layer
d.Application layer
“Do I Know This Already?” Quiz 13
5IP operates at what layer of the OSI model?
a.Layer 1
b.Layer 2
c.Layer 3
d.Layer 4
e.Layer 5
f.Layer 6
g.Layer 7
6On which layer of the OSI model is data commonly referred to as segments?
a.Layer 4
b.Layer 3
c.Layer 2
d.Layer 1
7On which layer of the OSI model is data commonly referred to as packets?
a.Layer 1
b.Layer 2
c.Layer 4
d.Layer 3
8Which layer of the OSI model transmits raw bits?
a.Layer 1
b.Layer 2
c.Layer 3
d.Layer 4
9Which of the following protocols is not routable?
a.IP
b.IPX
c.NetBEUI
d.NetBIOS
14 Chapter 2: General Networking Topics
10Which of the following is not a required step to enable FastEther Channel (FEC)?
a.Ensure that all ports share the same speed at 10 Mbps.
b.Ensure that all ports share the same parameter such as speed.
c.Ensure that all ports operate at 100 Mbps.
d.Only eight ports can be bundled into a logical link or trunk.
11How is FastEther Channel best defined?
a.A bundle of 10-Mbps ports on a switch
b.Another name for half duplex 100 Mbps
c.Not available on Cisco Catalyst switches
d.The ability to bundle 100 Mbps ports into a logical link
e.Only supported with Gigabit ports
12On what OSI layer does bridging occur?
a.Layer 1
b.Layer 2
c.Layer 3
d.Both Layer 1 and 2
13In spanning tree, what is a BPDU?
a.A break protocol data unit
b.A routable frame
c.A bridge protocol data unit
d.A frame sent out by end stations
14An incoming frame on a Layer 2 switch is received on port 10/1 on a Catalyst 5000. If the destination address is known through port 10/2, what happens?
a.The frame is discarded.
b.The frame is sent via port 10/2.
c.The frame is broadcast to all ports on the switch.
d.The frame is sent back via 10/1.
e.None of the above.
“Do I Know This Already?” Quiz 15
15Which of the following are the four possible states of spanning tree?
a.Listening, learning, blocking, broadcasting
b.Listening, learning, blocking, connecting
c.Discovering, learning, blocking, connecting
d.Listening, learning, blocking, forwarding
16How many bits make up an IP address?
a.64 bits
b.48 bits
c.32 bits
d.24 bits
e.8 bits
17Identify the broadcast address for the subnet 131.108.1.0/24.
a.131.108.1.1
b.131.108.1.254
c.131.108.1.255
d.131.108.1.2
e.More data required
18Convert the following address to binary: 131.1.1.1/24
a.10000011.1.1.1
b.10000011.00000010.1.1
c.10000011.1.1.01010101
d.10000011.1.1.11111111
16 Chapter 2: General Networking Topics
19How many subnets are possible in VLSM if the Class C address 131.108.255.0 is used with the subnet mask 255.255.255.252 in the fourth octet field?
a.None
b.100
c.255
d.254
e.253
f.252
g.64
h.62
20How many hosts are available when a /26 subnet mask is used?
a.254
b.62
c.64
d.126
21How many hosts are available in a Class C or /24 network?
a.255
b.254
c.253
d.0
e.More data required
22You require an IP network to support at most 62 hosts. What subnet mask will accomplish this requirement?
a.255.255.255.255
b.255.255.255.252
c.255.255.255.224
d.255.255.255.192
e.255.255.255.240
“Do I Know This Already?” Quiz 17
23Which of the following are multicast addresses? (Choose all that apply.)
a.224.0.0.5
b.224.0.0.6
c.221.0.0.5
d.192.1.1.1
e.131.108.1.1
24Which of the following routing protocols does not support VLSM?
a.RIPv1
b.RIPv2
c.OSPF
d.EIGRP
e.BGP
25What is the source TCP port number when a Telnet session is created by a PC to a Cisco router?
a.23
b.Not a known variable
c.21
d.20
e.69
26What best describes the ARP process?
a.DNS resolution
b.Mapping an IP address to a MAC address
c.Mapping a next-hop address to outbound interface on a Cisco router
d.Both a and b
27If two Cisco routers are configured for HSRP and one router has a default priority of 100 and the other 99, which router assumes the role of active router?
a.The default priority cannot be 100.
b.The router with a higher priority.
c.The router with the lowest priority.
d.Neither router because Cisco routers do not support HSRP; only clients do.
18 Chapter 2: General Networking Topics
28 A Cisco router has the following route table:
R1#show ip route
131.108.0.0/16 is variably subnetted, 17 subnets, 2 masks
C131.108.255.0/24 is directly connected, Serial0/0
C131.108.250.0/24 is directly connected, Serial0/1
O131.108.254.0/24 [110/391] via 131.108.255.6, 03:33:03, Serial0/1
[110/391] via 131.108.255.2, 03:33:03, Serial0/0
R131.108.254.0/24 [120/1] via 131.108.255.6, 03:33:03, Serial0/1
[120/1] via 131.108.255.2, 03:33:03, Serial0/
What is the preferred path to 131.108.254.0/24? (Choose the best two answers.)
a.Via Serial 0/0
b.Via Serial 0/1
c.None
d.To null0
29IP RIP runs over what TCP port number?
a.23
b.21
c.69
d.520
e.None of the above
30IP RIP runs over what UDP port number?
a.23
b.21
c.69
d.520
31 An OSPF virtual link should |
|
. |
a.Never be used
b.Allow nonpartitioned areas access to the backbone
c.Allow partitioned areas access to the backbone
d.Not be used in OSPF, but in ISDN
“Do I Know This Already?” Quiz 19
32What is the BGP version most widely used today?
a.1
b.2
c.3
d.4
e.5
f.6
33What is the destination port number used in a Telnet session?
a.23
b.69
c.21
d.161
34In what fields does the IP checksum calculate the checksum value?
a.Data only
b.Header and data
c.Header only
d.Not used in an IP packet
35The TCP header checksum ensures integrity of what data in the TCP segment?
a.The data only.
b.The header only.
c.The data and header.
d.There are no TCP header checksums; IP covers the calculation.
36ISDN BRI channels are made up of what?
a.1 × 64 kbps channel and one D channel at 64 kbps
b.2 × 64 kbps channels and one D channel at 64 kbps
c.2 × 64 kbps channels and one D channel at 16 kbps
d.32 × 64 kbps channels and one D channel at 16 kbps
20 Chapter 2: General Networking Topics
37What services can ISDN carry?
a.Data only
b.Data and voice only
c.Voice and video
d.Data, voice, and video
38Place the following steps in the correct order for PPP callback, as specified in RFC 1570.
1.A PC user (client) connects to the Cisco access server.
2.The Cisco IOS Software validates callback rules for this user/line and disconnects the caller for callback.
3.PPP authentication is performed.
4.Callback process is negotiated in the PPP link control protocol (LCP) phase.
5.The Cisco Access Server dials the client.
a.1, 2, 3, 4, 5
b.1, 3, 2, 5, 4
c.1, 4, 5, 3, 2
d.5, 4, 3, 2, 1
39What hardware port is typically designed to connect a Cisco router for modem access?
a.The console port
b.The vty lines
c.The auxiliary port
d.The power switch
e.The Ethernet interface
40The AS5300 series router can support which of the following incoming connections?
a.Voice
b.Dialup users via PSTN
c.ISDN
d.All the above