CCIE Security FAQ Application Protocols


CCIE Security FAQ Application Protocols

Q1. RFC 1700 defines what well-known ports for DNS?
a. TCP port 21
b. TCP port 23
c. UDP port 21
d. UDP port 53
e. TCP/UDP port 53

Answer: e
Explanation: DNS is permitted by RFC 1700 to use both TCP/UDP port 53. Typically UDP is vendor configured for UDP port 53.

Q2. What supplies DNS security?
a. A default username/password pairing
b. A TFTP directory
c. A filename
d. A domain name
e. None of the above

Answer: e
Explanation: DNS has no form of security, so any device can request name-to-IP address mappings.

Q3. What IOS command will stop a Cisco router from querying a DNS server when an invalid IOS command is entered on the EXEC or PRIV prompt?
a. no ip domain-lookup
b. no ip dns-lookup
c. no ip dns-queries
d. no exec

Answer: a
Explanation: To disable DNS query lookup, the IOS command in global configuration mode is no ip domain-lookup.

Q4. What does the following Global IOS configuration line accomplish?

a. Defines the router name as SimonisaCCIE

b. Defines a local host name, SimonisaCCIE, mapped to IP addresses and

c. Configures the IOS router for remote routing entries and

d. Not a valid IOS command

e. Configures the local routers with the IP address and on boot up

Answer: b
Explanation: The ip host name ip address1 [ipaddress2 ipaddress3 ipaddress4 ipaddress5 ipaddress6 ipaddress7 ipaddress8] command configures a local address lookup for the name SimonisaCCIE. Up to 8 addresses can be used. The router will try first and, if no response is made by the remote host, the second address,, will be attempted from the command-line interface (CLI).

Q5. TFTP uses what predefined UDP port number?
a. 21
b. 22
c. 23
d. 53
e. 69

Answer: e
Explanation: TFTP uses UDP port number 69.

Q6. What IOS command will copy an IOS image from the current system flash to a TFTP server?
a. copy tftp image:
b. copy flash tftp
c. copy tftp flash
d. copy tftp tftp

Answer: b
Explanation: To copy an IOS image from the routers to system flash, the correct IOS command is copy flash tftp.

Q7. Suppose a client calls and advises you that an FTP data transaction is not allowing him to view the host’s directory structure. What are the most likely causes of the problem? (Choose all that apply.)
a. The client’s username/password is wrong.

b. The client’s FTP data port is not connected.

c. The host machine has denied him access because the password is wrong.

d. A serious network outage requires that you reload the router closest to the client.

e. An access list is stopping port 20 from detailing the directory list.

Answer: b and e
Explanation: The FTP data port is used to view the directory and could be blocked because of an access list or a fault with the client’s software when establishing the FTP 20 connection.

Q8. FTP runs over what Layer 4 protocol?
a. IP
b. TCP
d. DNS
e. UDP

Answer: b
Explanation: The FTP application is a connection-orientated protocol and is part of the TCP/IP protocol suite. FTP ensures data is delivered by running data with a TCP overhead.

Q9. HTTPS traffic uses what TCP port number?
a. 21
b. 443
c. 334
d. 333
e. 343

Answer: b
Explanation: HTTPS runs over TCP port 443.

Q10. SNMP is restricted on Cisco routers by what IOS command?
a. snmp-server enable
b. snmp-server community string
c. snmp-server ip-address
d. snmp-server no access permitted

Answer: b
Explanation: To restrict SNMP access, the correct IOS command is snmp-server community string. Without the correct string, NMS stations will not be able to access a router with SNMP queries. You can disable SNMP on a router and restrict SNMP access with the IOS command no snmp-server.

Q11. TFTP protocol uses which of the following?
a. Username/password pairs to authorize transfers
b. Uses TCP port 169
c. Uses UDP port 169
d. Can use UDP/TCP and port 69
e. None of the above

Answer: d
Explanation: TFTP is defined in RFC 1700 and is permitted to use TCP/UDP port 69 only.

Q12. Which of the following statements is true regarding SSL?
a. Every packet sent between host and client is authenticated.
b. Encryption is used after a simple handshake is completed.
c. SSL uses port 2246.
d. SSL is not a predefined standard.
e. SSL does not perform any data integrity checks.

Answer: b
Explanation: After the hosts have negotiated with valid username/password pairs, SSL will start to encrypt all data. After the handshake, packets are not authenticated. SSL uses TCP port 443. RFC 2246 defines SSL.

Q13. What is the HELO SMTP command used for?
a. To authenticate SMTP clients
b. To identify SMTP clients
c. This is an unknown standard
d. The HELO command is used in SNMP (not SMTP)

Answer: b
Explanation: The HELO command identifies the client to the SMTP server.

Q14. POP3 clients can do what?
a. Receive SNMP queries
b. Send mail
c. Send SNMP queries
d. The POP3 protocol is a routing algorithm

Answer: b
Explanation: POP3 clients send mail to POP3 servers. SMTP is not part of the POP3 standard.

Q15. NTP uses what well-known TCP port?
a. 23
b. 551
c. 21
d. 20
e. 123
f. 321

Answer: e
Explanation: NTP uses UDP or TCP, and the port number is 123.

Q16. Secure Shell (SSH) is used to do what?
a. Disable spanning tree on Catalyst 5000 switches
b. Protect the data link layer only from attacks
c. Protect the TCP/IP host
d. Allow TCP/IP access to all networks without any security
e. SSH is used only in the data link layer

Answer: c
Explanation: SSH is used to protect TCP/IP hosts.

Q17. Which of the following protocols can be authenticated? (Select the best four answers.)
a. Telnet
d. Spanning tree
f. FTP

Answer: a, b, c, and f

Q18. What is the community string value when the following IOS commands are entered in global configuration mode?

b. Config
c. publiC
d. public
e. Public
f. More data required

Answer: c
Explanation: The community string is defined by the command snmp-server community community string, which, in this case, is set to publiC. The community string is case sensitive.

Q19. Which of the following best describes an SNMP inform request?
a. Requires no acknowledgment
b. Requires an acknowledgment from the SNMP agent
c. Requires an acknowledgment from the SNMP manager
d. Only SNMP traps can be implemented on Cisco IOS routers

Answer: c
Explanation: SNMP inform requests require an acknowledgment from the SNMP manager. SNMP hosts will continue sending the SNMP inform request until an acknowledgment is received.

Q20. What UDP port number will SNMP traps be sent from?
a. 21
b. 22
c. 161
d. 162

Answer: d
Explanation: SNMP traps are sent by SNMP agents (such as routers) over UDP port 162.

Q21. What TCP port number will an SNMP inform acknowledgment packet be sent to?
a. 21
b. 22
c. 23
d. 161
e. 162
f. None of the above

Answer: d
Explanation: SNMP inform acknowledgments are sent over UDP (not TCP) port number 161.

Q22. To restrict SNMP managers from the source network, what IOS command is required?





Answer: c
Explanation: The SNMP server community name must be defined with the following command:

The access list number definition must follow (in this case, number 4). The access list range is between 1 and 99 only.

Q23. According to RFC 1700, what is the well-known TCP/UDP port used by DNS?

Answer: RFC 1700 defines the well-known ports for the whole TCP/IP protocol suite. For DNS, the well-known port for TCP/UDP is number 53.

Q24. What does the IOS command no ip domain-lookup accomplish?

Answer: This IOS command disables DNS queries for network administrators connected to a Cisco console or vty line.

Q25. What is the correct IOS syntax to specify local host mapping on a Cisco router?

Answer: Local host mappings to IP addresses are accomplished using the following
IOS command:

Up to eight IP addresses can be assigned to one name.

Q26. TFTP uses what well-known, defined TCP/UDP port?

Answer: TFTP uses port number 69.

Q27. What is the correct IOS command to copy a file from a TFTP server to the system flash?

Answer: The IOS command is copy tftp flash. To copy a file from the system flash to
the TFTP server, the IOS command is copy flash tftp.

Q28. Define the two modes of FTP.

Answer: FTP can be configured for the following two modes:

  • Active mode
  • Passive mode

Q29. FTP uses what TCP port numbers?

Answer: FTP uses well-known port numbers 20 and 21.

Q30. What well-known port do Secure Socket Layer (SSL) and Secure Shell (SSH) use?

Answer: SSL uses well-known port number 443. Secure Shell uses well-known TCP port 22.

Q31. Define SNMP and give an example.

Answer: Simple Network Management Protocol (SNMP) is an application layer protocol that is used to manage IP devices. SNMP is part of the TCP/IP application layer suite. SNMP allows network administrators the ability to view and change network parameters and monitor connections locally and remotely. Cisco routers can be configured to send SNMP traps to network managing stations to alert administrators. For example, SNMP traps may indicate a router with low memory or high CPU usage.

Q32. What well-known UDP ports are used by SNMP?

Answer: RFC 1700 defines the SNMP ports as 161 and 162. TCP can also be used, but vendors typically only implement SNMP with UDP. SNMP port 161 is used to query SNMP devices, and SNMP port 162 is used to send SNMP traps. SNMP runs over UDP and is secured by a well-known community string that is case sensitive.

Q33. What IOS command enables SNMP on a Cisco IOS router?

Answer: The command syntax is snmp-server community string access-rights. The access-rights options are RO and RW.

Q34. Which TCP/UDP port numbers are defined for use by Network Time Protocol or NTP?

Answer: NTP can use TCP and UDP port number 123.

Q35. When defining a stratum value on a Cisco router, what is the range and what value is closest to an atomic clock?

Answer: The stratum value ranges from 1 to 15. 1 represents an atomic clock, which is the most accurate clock available. The default stratum value on Cisco routers is 8.

Q36. Secure Shell (SSH) allows what to be accomplished when in use?

Answer: Secure Shell (SSH) is a protocol that provides a secure connection to a router. Cisco IOS supports version 1 of SSH. SSH enables clients to make a secure and encrypted connection to a Cisco router.

Q37. What is the difference between an SNMP inform request and an SNMP trap?

Answer: The major difference between a trap and an inform request is that an SNMP agent (when ending a trap) has no way of knowing if an SNMP trap was received by the SNMP manager. On the other hand, an SNMP inform request packet will be sent continually until the sending SNMP manager receives an SNMP acknowledgment.

Q38. What does the SNMP MIB refer to?

Answer: The Management Information Base (MIB) is a virtual information storage area for network management information, which consists of collections of managed objects. MIB modules are written in the SNMP MIB module language, as defined in STD 58, RFC 2578, RFC 2579, and RFC 2580.

Q39. What is the SNMP read-write community string for the following router configuration?

Answer: The read-write community string is set to Simon (case sensitive). The readonly community attribute is set to simon.

Q40. Before you can TFTP a file from a Cisco router to a UNIX- or Windows-based system, what is the first step you must take after enabling the TFTP server daemon on both platforms?

Answer: On a UNIX server where the TFTP server daemon is installed, the file to be copied must have the appropriate access rights. In UNIX, the Touch command allows a TFTP request. In other words, to copy a file from a Cisco IOS router to a UNIX host, the file must already exist on the host. For a Windows-based platform, the software must be configured to permit file creation on the Windows-based file system.

Q41. What IOS command can be implemented to restrict SNMP access to certain networks by applying access lists? Can you apply standard, extended, or both?

Answer: The IOS command is as follows:

number refers to a standard access list, ranging from 1 to 99 only, that defines the remote hosts or subnets that are permitted SNMP access. The correct SNMP community string must also be correctly configured on the SNMP manger and agent to allow SNMP communication.

Q42. Does TFTP have a mechanism for username and password authentication?

Answer: TFTP is a connectionless protocol (UDP) that has no method to authenticate username or password. The TFTP packet format has no field enabling the username or password to be exchanged between two TCP/IP hosts. TFTP security (configurable on UNIX and Windows platforms) on the TFTP server is accomplished by allowing a predefined file on the server to be copied to the host TFTP server.

Q43. Can you use your Internet browser to configure a Cisco router? If so, how?

Answer: To view the router’s home page, use a Web browser pointed to http://a.b.c.d, where a.b.c.d is the IP address of your router or access server. If a name has been set, use http://router-name, and use the DNS server to resolve the IP address.To enable HTTP on a Cisco router, use the IOS command ip http in global
configuration mode.

Q44. A network administrator defines a Cisco router to allow HTTP requests but forgets to add the authentication commands. What is the default username and password pairing that allows HTTP requests on the default TCP port 80? Can you predefine another TCP port for HTTP access other than port 80?

Answer: By default Cisco IOS routers configured for HTTP access use the router’s local host name as the username and the enable or secret password as the password.The IOS command ip http [0-65535] allows the network administrator to define a new port number other than 80, which is the default setting.

Q45. What happens when a network administrator types the host name Router1 at the router prompt? (Select the best two answers.)
a. DNS queries are disabled; nothing will be translated.

b. The name Router1 is mapped to the IP address

c. The administrator could also type CCIE to reach the same IP address (

d. Because DNS is disabled with the command no ip domain-lookup, the router assumes this is an invalid IOS command and returns the error “% Unknown command or computer name, or unable to find computer address.”

e. Local DNSs are case-sensitive so you can only type Router1 to map to

Answer: b and c. The host name Router1 (not case-sensitive) is mapped to with the command ip host Router1 Also, the IOS command CCIE is mapped to the same name with the IOS command ip host CCIE you look at the IP address assigned to the Ethernet 0/0, it’s the local IP address.
Therefore, if a user types Router1 or CCIE, they will be return to the same router.The following sample display demonstrates this fact:
Both the DNS names, CCIE and Router1, are translated to the same IP address,

Q46. The following commands are entered on the router named R1. What are the TFTP server address and TFTP filename stored on the router on board flash?

Answer: The TFTP server address is and the filename requested is c2600-jo3s56i mz.121-5.T10.bin. However, the last command entered is the destination filename, which defines the names stored locally on the system flash. In this case, the network administrator types the filename c2600-c1.

Q47. R1 supplies an NTP clock source to a remote router. What is the NTP’s peer IP address,and what is the MD5 password used to ensure that NTP sessions are authenticated?

Answer: R1 is configured statically to peer to the remote NTP IP address, (ntp peer key 1). The MD5 password is configured but, unfortunately, the configuration will not display the MD5 passwords (encrypted), so it cannot be derived.

Q48. What is the SNMP read-write access community string for the following configuration?

Answer: The read-only (RO) community string is named public, and the read-write (RW) community string is set to publiC. Community strings are case-sensitive.

More Resources

About the author


Leave a Comment