Take Assessment – TSHOOT Chapter 9 – CCNP TSHOOT: Troubleshooting and Maintaining Cisco IP Networks (Version 6.0) – Answers – 2012 – 2013
When audit trails are enabled with the ip inspect audit-trail command, which messages will appear in the syslog?
all packets that enter the specified interface
all TCP packets
all stateful inspection sessions
all packets that match an ACL
Refer to the exhibit. An administrator has implemented a stateful IOS firewall configuration that allows internal users access to Internet websites. However, users have reported that they cannot do so. Based on the configuration in the exhibit, what change should be made to allow the firewall to function as planned?
R1(config)# interface Fa0/1
R1(config-if)# no ip access-group DENY out
R1(config-if)# ip access-group DENY in
R1(config)# no ip inspect name FWALL http
R1(config)# ip inspect name DENY http
x R1(config)# interface Fa0/1
R1(config-if)# no ip inspect FWALL out
R1(config-if)# ip inspect FWALL in
R1(config)# no ip access-list extended DENY
R1(config)# ip access-list extended DENY
R1(config-ext-nacl)# permit ip any any
Which two security features could be implemented in the network control plane? (Choose two.)
x which devices will exchange routing updates
who can alter the configuration of a network device
which locations can alter the configuration of network devices
x which device will become the root device in an STP selection process
who can access network device operational logs and interface statistics
Refer to the exhibit. Router R1 no longer receives routing updates from other EIGRP neighbors. Based on the output in the exhibit, what could be the cause of this problem?
Interface FastEthernet 0/0 has been configured as a passive interface.
Interface FastEthernet 0/0 has not been configured to support authentication.
Interface FastEthernet 0/0 is administratively shut down.
The EIGRP peer has not been configured to support authentication.
There are no valid EIGRP neighbors connected to interface FastEthernet 0/0.
Refer to the exhibit. A legitimate user experienced a problem while attempting to gain access to the router EXEC shell. To investigate the situation, a network administrator issued debug tacacs and debug aaa authentication commands on the router. Based on the provided output, what could be the problem?
The user credentials are rejected by the TACACS+ server.
The user credentials stored in the local database do not match the credentials on the TACACS+ server.
The user fails the authentication because the TACAS+ server does not have a profile set up to authorize CHAP.
The user fails the authentication because router R1 cannot connect to the TACACS+ server.
Refer to the exhibit. Which statement about the debug radius authentication output is correct?
The RADIUS server is unreachable.
The user raduser has been authenticated.
The IP address of the RADIUS server is 10.1.50.252.
The user raduser is on a device with the IP address of 10.1.50.1.
Refer to the exhibit. Based on the debug aaa authentication and debug tacacs outputs, which statement is true?
The authentication process verifies the user credentials to the local database.
The first method defined by the default authentication method list is TACACS+.
The user with the IP address 172.31.60.15 has been authorized to use privileged EXEC mode.
The attempt of a remote user with the IP address 172.31.60.15 to log in to the router is unsuccessful.
Refer to the exhibit. The network administrator has decided to create an IPsec tunnel between the HQ and BRANCH routers. What two changes must be made to the existing ACL in order to allow the formation of the tunnel? (Choose two.)
ICMP must be denied.
UDP port 500 must be permitted.
TCP ports 50 and 51 must be permitted.
The ESP and AH protocols must be permitted.
IP must be permitted between the two ends of the tunnel.
The established keyword must be removed from statement 10.
Refer to the exhibit. A network administrator is attempting to connect a branch office to headquarters through a VPN tunnel. The tunnel is reported as being active at both ends, but the 10.2.2.0/24 network is not appearing in the routing table at the branch end. The administrator has determined that the problem is with the branch office configuration. Based on the output as shown, why is the 10.2.2.0/24 network not appearing in the routing table?
The tunnel protocol is improperly set.
The tunnel key has been improperly configured.
The tunnel encapsulation is improperly configured.
The tunnel bandwidth is insufficient for EIGRP updates.
The tunnel destination end point has been improperly configured.
What is the first step in troubleshooting connectivity issues in a secured network environment?
Determine when the connectivity problem first appeared.
Determine if the connectivity problem is affecting all users.
Determine if disabling all security features on the network re-establishes connectivity.
Determine if any access lists were added or modified immediately prior to the reporting of the connectivity problems.
Determine if the user should have connectivity based on the security policy of the organization and the type of traffic being generated.
Refer to the exhibit. Based on the provided debug aaa authorization and debug tacacs command output, which statement is true?
x The authorization method used for user Admin was TACACS+.
The user Admin attempted to gain Telnet access to the device.
The AAA security server authorized the user Admin to perform the requested command.
The AAA security server has authorized the user Admin to use privilege level 15 EXEC commands.
A network administrator has received a report from a user about being unable to access the server that houses employee records. The server is on a restricted VLAN and the user workstation is not assigned to this VLAN. What step should the administrator take next?
Move the workstation to a port that is configured for the VLAN.
Add the port connected to the workstation to the VLAN and test connectivity.
Move the server to a trunk link so that multiple VLANs can access the records.
Review the security policy to determine if the user should have access to the VLAN.
Refer to the exhibit. What is the expected behavior of the configured firewall when internal hosts attempt to access web sites on the Internet?
The rule FWALL will inspect all HTTP traffic for viruses before allowing the traffic through.
Hosts from the Internet will be allowed to initiate sessions with internal hosts that are using HTTP.
Because all IP traffic is blocked by the access-list DENY, internal hosts cannot reach Internet hosts.
HTTP sessions that are initiated from internal hosts to Internet hosts will be tracked and allowed, until closed or when the idle timer expires.
What would be the outcome of the no service password-recovery command enabled on the router?
The secret password can be recovered but not the original configuration.
The original configuration of the device can be recovered but not the secret password.
The original configuration and passwords of the device can be recovered using the password recovery procedure.
The original configuration and passwords of the device cannot be recovered using the password recovery procedure.
Refer to the exhibit. A network administrator issued the show ip inspect sessions command on R1 to investigate the status of the firewall. What two facts can be determined from the output? (Choose two.)
The limit of one HTTP session has been reached.
The firewall has been configured to monitor SIS traffic.
The session will be blocked because of the NAT configuration on R1.
The firewall is tracking an HTTP session that was initiated by an internal trusted host.
Return traffic from the untrusted Internet host on port 80 will be permitted.
What is considered a control plane issue?
x A wrong key is used by OSPF.
An ACL is blocking TCP traffic to a server.
SSH is not enabled on the VTY lines of a switch.
The network administrator account is disabled on the RADIUS server.
Which three control plane protocols influence the data structures used by the data plane to forward unicast packets in the core network? (Choose three.)
Dynamic Host Configuration Protocol (DHCP)
First Hop Redundancy Protocols (FHRP)
x Address Resolution Protocol (ARP)
multicast routing protocols
x unicast routing protocols
x Spanning Tree Protocol (STP)
Which technology prevents CPU overloading of infrastructure devices?
Simple Network Management Protocol
Cisco Express Forwarding
x Control Plane Policing
Access Control Lists
Refer to the exhibit. A network technician has just configured router East to establish a tunnel to router West. After the configuration is applied, tunnel 1 is flapping. What needs to be done to stop this flapping?
Make tunnel 1 on router East an EIGRP passive interface.
Set the default gateway of Computer1 to 220.127.116.11.
Add a static route on router East out S0/0/0 to 18.104.22.168.
Change the configuration on router East such that the destination of tunnel 1 is 192.168.0.2.
Which two features should be enabled to secure DHCP and ARP? (Choose two.)
IP Source Guard
Dynamic ARP Inspection