A.show interfaces
B.show protocols
C.show ip route
D.show frame-relay map
E.show frame-relay pvc
F.show ip protocols
Answer: A, D, E Explanation:
When troubleshooting connections between two directly connected routers over a frame relay network, the first step would be to issue the "show interfaces" command to ensure that the interfaces and line protocol is up for each. If they are indeed up, then the next step would be to troubleshoot the frame relay connection itself and looking at the status of the PVC by using the "show frame-relay map" and "show frame-relay pvc" commands.
Commonly Used Frame Relay Commands:
This section describes two Cisco IOS commands that are especially useful when configuring Frame Relay.
show frame-relay pvc
This command shows the status of the permanent virtual circuit (PVC), packets in and out, dropped packets if there is congestion on the line via forward explicit congestion notification (FECN) and backward explicit congestion notification (BECN), and so on. For a detailed description of the fields used with the show frame-relay pvc command, click here.
show frame-relay map
Use this command to determine if frame-relay inverse-arp resolved a remote IP address to a local DLCI. This command is not enabled for point-to-point subinterfaces. It is useful for multipoint interfaces and subinterfaces only.
Reference: http://www.cisco.com/en/US/partner/tech/tk713/tk237/technologies_tech_note09186a008014f8a7.shtml#topi
QUESTION NO: 6
A network administrator is having trouble with a remote router. The administrator connects to the router via telnet and types a debug command, but no debug output appears on the screen. What command should the administrator type to view the debug output?
A.TestKing1# show debug
B.TestKing1# debug all
Leading the way in IT testing and certification tools, www.testking.com
C.TestKing1# terminal monitor
D.TestKing1# no debug *
E.TestKing1# enable debug
Answer: C Explanation:
To display debug command output and system error messages for the current terminal and session, use the terminal monitor command in EXEC mode.
Remember that all terminal parameter-setting commands are set locally and do not remain in effect after a session is ended. By default, debug messages can be seen when connected to the router via the console, but not when using telnet.
QUESTION NO: 7
In the network below, a TestKing user is trying to send a file from a host on Network A to a server on Network Z. The file transfer fails. The host on Network A can communicate with other hosts on Network A. Which command, issued from router TestKing1, would be the most useful for troubleshooting this problem?
A.show version
B.show flash:
C.show interfaces
D.show history
E.show controllers serial
Leading the way in IT testing and certification tools, www.testking.com
F. None of the above
Answer: C Explanation:
This problem is most likely due to a communication problem with the ftp server. Using the show interface command can be used to verify the IP address, speed, errors,, configuration, etc. One of the first steps in troubleshooting any connectivity issue is to issue the "show interfaces" command to ensure that all of the interfaces are up and active.
Incorrect Answers:
A:This is used to verify the version of IOS that the router is using.
B:This is used to see the contents of the flash memory.
D:This command displays the past commands that were issued in the router.
E:This should only be used after it has been determined that the serial interface is indeed faulty.
Section 17: Implement basic router security (9 questions)
QUESTION NO: 1
In order to allow the establishment of a Telnet session with the TestKing2 router, which set of commands shown below, must be configured on it?
A.TestKing2(Confiig)#line vty 0 TestKing2(Config-line)#password cisco TestKing2(Config-line)#login
B.TestKing2(Config)#line console 0 TestKing2 (Config-line)#enable password cisco
C.TestKing2(config)#line vty 0 TestKing2(Config-line)#enable secret cisco TestKing2(Config-line)#ogin
Leading the way in IT testing and certification tools, www.testking.com
D.TestKing2(Config)#line vty 0 TestKing2(Config-line)#enable password cisco
E.TestKing2(config)#line console 0 TestKing2(Config-line)#enable secret cisco TestKing2(Config-line)#login
F.TestKing2(Config)#line console 0 TestKing2(Config-line)#password cisco TestKing2(Config-line)#login
G.None of the above
Answer: A
QUESTION NO: 2
Refer to the output shown below. Why was this message received?
A.The login command has not been set on CON 0.
B.The login command has not been set on the VTY ports.
C.No enable password has been set.
D.No VTY password has been set.
E.No enable secret password has been set.
F.No console password has been set.
Answer: D
Explanation:
Leading the way in IT testing and certification tools, www.testking.com
This error is generated due to no telnet being set. For security reasons, the Cisco router will not allow telnet access until a password has been set. You need to set the telnet password using the following example:
Router(config)#line vty 0 4 Router(config-line)#password telnet Router(Config-line)#login
QUESTION NO: 3
You wish to increase the security of all of the routers within the TestKing network. What can be done to secure the virtual terminal interfaces on a router? (Choose two)
A.Administratively shut down the interface.
B.Physically secure the interface.
C.Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D.Configure a virtual terminal password and login process.
E.Enter an access list and apply it to the virtual terminal interfaces using the access-class command.
Answer: D, E
Explanation:
There are a total of 5 logical Virtual terminal interfaces in a Cisco router (lines 0-4) and they are used for remote access into the device via telnet. Configuring these interfaces correctly with a login and password information can be used for security, as each user will be prompted for a password in order to obtain access. A second method is to use the "access-class" command. Combined with an access list, this command can be used to specify the hosts or networks that will be allow access to the device.
Incorrect Answers:
A.Virtual terminal interfaces are logical interfaces that can not be manually shut down.
B.Virtual terminal lines are logical interfaces that reside within a router, so there is nothing that can be physically secured.
C.This command is used with access-lists for LAN and WAN interfaces, but is not used for the VTY lines.
QUESTION NO: 4
Leading the way in IT testing and certification tools, www.testking.com
On router TK1, the TestKing network administrator issued the "service password-encryption" command. What is the effect of this configuration command?
A.Only passwords configured after the command has been entered will be encrypted.
B.Only the enable password will be encrypted.
C.It will encrypt all current and future passwords.
D.Only the enable secret password will be encrypted.
E.It will encrypt the secret password and remove the enable secret password from the configuration.
F.None of the above
Answer: C
QUESTION NO: 5
You want the text "Unauthorized access prohibited!" to be displayed before the login prompt every time someone tries to initiate a Telnet session to a TestKing router, as shown in the example below:
Router#telnet 192.168.15.1
Trying 192.168.15.1 ... Open
Unauthorized access prohibited!
User Access Verification
Password:
Which command can be used to configure this message?
A.login banner x Unauthorized access prohibited! X
B.banner exec y Unauthorized access prohibited! Y
C.banner motd x Unauthorized access prohibited! X
D.vtv motd "Unauthorized access prohibited!"
E.None of the above
Answer: C
Explanation:
Leading the way in IT testing and certification tools, www.testking.com
The message text that is displayed when users log into the router is called the "message of the day" banner, and is it can be changed with the "banner motd" command as shown in answer choice C.
QUESTION NO: 6
A TestKing router was configured as shown below:
A TestKing.com technician is connected to the router console port. After configuring the commands displayed in the exhibit, the technician log out and then logs back in at the console. Which password does the technician need to enter at the router prompt get back into the privileged EXEC mode?
A.testking1
B.testking2
C.testking3
D.A password would not be required.
Answer: B Explanation:
testking2 is the answer because the enable secret password is used to log back to the router before the enable password is used. The enable secret password always overwrites the enable password.
Answer C is incorrect because this is for the vty and not the console, so it will be required for the initial telnet login.
Leading the way in IT testing and certification tools, www.testking.com
QUESTION NO: 7
Refer to the graphic. Although the console password was set to "testking", it displays in the router configuration as shown. What command caused the password to be stored like this?
A.TestKing1(config)# encrypt password
B.TestKing1(config)# password-encryption md 7
C.TestKing1(config-line)# exec-timeout 1 55
D.TestKing1(config)# service password-encryption
E.None of the above
Answer: D Explanation:
Certain types of passwords, such as Line passwords, by default appear in clear text in the configuration text file. You can use the service password-encryption command to make them more secure. Once this command is entered, each password configured is automatically encrypted and thus rendered illegible inside the configuration file (much as the Enable/Enable Secret passwords are). Securing Line passwords is doubly important in networks on which TFTP servers are used, because TFTP backup entails routinely moving config files across networks-and config files, of course, contain Line passwords.
QUESTION NO: 8
The TestKing1 and TestKing2 routers are connected together as shown below:
Leading the way in IT testing and certification tools, www.testking.com
Users on the TestKing1 LAN are able to successfully access the resources on the TestKing2 network. However, users on TestKing1 are unable to telnet to the TestKing2 router. What do you suspect are the likely causes of this problem? (Select two answer choices)
A.PPP authentication configuration problem.
B.A misconfigured IP address or subnet mask
C.An access control list
D.A defective serial cable.
E.No clock rate on interface s0 on TestKing2
F.A missing vty password.
Answer: C, F
Explanation:
An ACL or a router configured without a VTY password will prevent users from being able to telnet into a router.
Incorrect Answers:
A, B, D, E. We know that the network is connected together and communicating back and forth because of the two way CHAP authentication happening. In addition, the LAN users are able to get to each other with no problems. Therefore A is incorrect, B is incorrect, D is incorrect, and E is incorrect.
QUESTION NO: 9 DRAG DROP
You work as a network administrator at TestKing.com.
Leading the way in IT testing and certification tools, www.testking.com
Your boss, Mrs. Tess King, is interested in password configuration commands. Match the commands below with the appropriate tasks. Note that one of the commands will not be used.
Answer:
Explanation:
Leading the way in IT testing and certification tools, www.testking.com
