Practice Known Questions
Stay up to date with your due questions
Complete 5 questions to enable practice
Exams
Exam: Test your skills
Test your skills in exam mode
Learn New Questions
Manual Mode [BETA]
The course owner has not enabled manual mode
Specific modes
Learn with flashcards
multiple choiceMultiple choice mode
SpeakingAnswer with voice
TypingTyping only mode
CCNA - Leaderboard
CCNA - Details
Levels:
Questions:
183 questions
🇬🇧 | 🇬🇧 |
When receiving a packet, it stops at the Interface,how to Forward/Route the Packet ? | First let’s check the longest match for this prefix then decide which routing protocol should handle this task finally, the desired protocol will submit it’s own “Rules” (Metrics) To route the packet |
What is two type of dynamic routing protocol? with examples | 1-distance vector : R & D cares about shortest way 2-Link static : Is-Is & OSPF cares about bandwidth |
General info about static protocol | - the only method of manually routing a specific packet To a specific route - has no metric - manual routing - the first next-hop can either be the egress interface Port ID Or, the next reachable IP Address - Available for IPv4 & IPv6 |
What is Static Route Flavors: ? | - Default Route: every un-mentioned subnet to be routed here also, can be a default Gateway. - Floating Static: a hidden back-up plan. |
What is (OSPF) ? | Open shortest path first protocol - Dynamic Routing Protocol - administrative Distance = 110 - Metric = Cost (lesser = Better) - was use Dijkstra algorithm . - now use SPF algorithm for route decision . - Process ID for multiple instances - Area ID for Data Base isolation |
What is Link-State Advertisements ? | Negotiation between OSPF Routers. - it contains: - LSRequest: provide the missing Information - LSUpdate: reply for the LSR - LSAcknowledgement: reply for the LSU |
Why we use LSA (Link State Advertisement) ? | In OSPF Protocol, when there is missing information for the data base (LSDB) |
What is P2P in ospf routers ? | - a Neighboring router can be a P2P neighbor - in this case no problems |
What happened when a switch become between routers using ospf ? | - broadcast storm will happen - elections must take place |
How elections happens in ospf to choose the DR ? | - only One router should update the topology (DR) - a DR (Designated Router): Highest Router Priority (0-255), Def=128 Or Highest Router ID - Router ID (R.ID): 32-bit Address - DR needs BDR (second best of everything) |
What is DHCP ? | Dynamic Host-Configuration Protocol (DHCP) - A Dynamic/Automatic method to assign IP Addresses . - Not only IP Addresses: - Subnet Masks - Gateways - DNS!! - Assignment will be for a specific amount of time (default 24 hrs.) |
What is DNS ? | - Domain Name Server: resolve a URL to an IP Address and vice-versa . - also, there is a reverse DNS (for that vice-versa thing) |
Which method and port does DNS use ? | UDP port 53 . |
Assignment time of DHCP ? | - after 50% of assignment time begins, some checks will happen for each Client, and again after 87.5% of the assignment time, another check Will take place. |
What if the first router (Gateway) wasn’t a DHCP Server!!?? | - there will be a “Helper-Address” . - known as “DHCP Relay” . - help redirecting the broadcast message from the first Gateway to the Correct DHCP Server . |
What is (FHRP) ? | First Hop Redundancy Protocol . what if the gateway went down!!!!!!!! - a redundant gateway must be there . |
What protocols will FHRP use ? | - Hot-Standby Redundancy Protocol (HSRP)(cisco only ). - 2 Gateways - No Load-Balancing - Virtual-Router Redundancy Protocol (VRRP) (same of above but open standard) - Gateway Load-Balancing Protocol (GLBP)( cisco only) - 4 Gateways , Load balancing . |
What is (NAT) ? | Network Address Translation - Private IP Addresses don’t carry Internet! - Public IP Addresses can’t be assigned to private devices! - Then!!!, NAT will translate Private to Public and vice-versa *NAT is done ONLY ONLY by Routers, no Switches, no MLS’s |
Two ways to apply NAT ? | - it can be: Static: one-one translating Dynamic: Group-Group Translating |
What is PAT ? | It provides wider options as one address can be used for more than one device by specifying the IP address with the port number . - PAT (Port Address Translation) . - also called NAPT, or NAT-Overload - PAT will do a one-65535 Translation!!! |
What is NTP ? | - we have to stay synchronized - give a precise information, with real timing and date - either by setting an inner clock manually - or asking someone to inform us about timing. - each network device can either be a Server or a Client |
Which method and port does NTP use ? | Uses UDP = 123 |
What Stratum (NTP server ) is needed ? | - how preferred and accurate this source is starts from 0 – 15. the closest, the better. - by default: a cisco router = 8 |
Which command NTP use to tells " That is NTP server " ? | Ntp server <some IP > |
What is SNMP ? | Simple Network Management Protocol (SNMP) . - Monitor Networks from a single point of view - Server/Agent Relationship |
Which method and port does SNMP use ? | - uses UDP 161/162 |
Server/agent in SNMP ? | - the server is thee requester (and recorder) - at the agent side: - MIB Object (The Factory) - Agent (The Messenger) |
- SNMP versions ? | - v1: obsolete [dead] - v2c: enhanced [dead] - v3: supports Authentication & Encryption [alive] ptrg an example of GUI program using SNMP |
What is Syslog ? | System Loggings (Syslog) - stay aware of “everything” - know all what’s happening behind the scenes (or even in front of) - starts from the obvious informations up to “Emergencys” |
Server/client in Syslog ? | - Server can be a Normal Server that collects all the loggings - Server can use the “Syslog” or “Splunk” Software - client is the networking device that generates logs |
What is the message '0' (syslog) ? | 0 = Emergency |
What is the message '1' (syslog) ? | 1 = Alert |
What is the message '2' (syslog) ? | 2 = Critical |
What is the message '3' (syslog) ? | 3 = Error |
What is the message '4' (syslog) ? | 4 = Warning |
What is the message '5' (syslog) ? | 5 = Notification |
What is the message '6' (syslog) ? | 6 = Information |
What is the message '7' (syslog) ? | 7 = Debug |
What is QoS ? | Quality of Service (QoS) - if traffic was more than bandwidth! - if congestion WILL happen, can some traffic be more preferred than another!? - Generally, UDP will be preferred over TCP (TCP will automatically do A retransmission). |
What is classification and Marking, Queueing ? (Qof) | - Classification & Marking: classifying the traffic according to its importance (Very High, High, Med, Low) - Queueing: - giving a specific priority to every type of packet (giving the priority of "very high" to the "UDP" traffic) - dividing the Transmission capacity with respect to the priority (giving 40% to the very high, 20% to the high, etc.) |
What is policing and Shaping ? (QoS) | - Policing & Shaping: - Policing is counting the traffic before transmitting it, and limiting it (limit the FTP traffic to be transmitted at maximum of only 2Mbps) *counting the desired traffic, and dropping all that exceeds - Shaping limits the Queued traffic to a certain amount of traffic, and what EXCEEDS, wait at the queue . |
What is SSH ? | Secure Shell (SSH) - A secured and trusted method to log in a device remotely. - encrypt the transmitted information - uses the server/client relationship - a replacement for Telnet - needs an application for (Microsoft Windows Users) . |
What port and method does SSH use ? | What uses tcp port 22 |
What is FTP ? | File Transfer Protocol (FTP) - can devices transfer data between them? - data like Files, Software Images, Configs saved as Texts |
What port and method does SSH use ? | - FTP uses TCP 20,21! - 2 TCP ports for 2 reasons: - TCP 21 (Control Channel): to establish connection between Server and Client - TCP 20 (Data Channel): to transfer Data between Server and Client |
Trivial FTP (TFTP) ? | - uses UDP 69 - UDP so, unreliable, but still has it’s uses . |
What does mean Asset ? | Everything valuable (Docs, Info’s, etc.) |
What does mean Threat ? | Danger to Asset (Hacker, SW BUG, Environmental Disaster) |
What doe smean Vulnerability ? | Vulnerability: Weakness (old Bug, missing Patch) |
What is the three type of mitigation ? | 1- logical/technical mitigation 2-physical mitigation 3-Administrative |
How we apply logical mitigation ? | Type 1: Technical/Logical Mitigation: - Choosing the Correct Firewall - Choosing the Correct IPS - Choosing the Correct Design! |
How we apply Administrative mitigation ? | - Things that you (The Network Admin.) decides and consider - Like Policies & Procedures (The company agreed policies & procedures) - Written documents - Background check for new employees - Security awareness/periodically. and password length, complexity, and age of the password . |
What is the alternatives for password ? | - 2 Factor/Multi-Factor Authentication - Done by using some biometrics and certificates. - Besides passwords - Can be Physical Card (Identity Card) - One-Time Password (Mobile phone App) - Iris Scan, Fingerprints, Face recognition . |
What is physical mitigation ? | This is an in-reality protection - like securing the devices inside racks - racks should have licked metal/glass door - all racks should be installed in a secured DC - Racks and DCs can be secured using Keys, Cards, Fingerprints |
What if the device wasn’t locked properly (physically) , if someone did connect to the Console/AUX ports!!!! | Console and Auxiliary ports can be protected - either by configuring a specified password for each port . - or by using a local credentials and applying them upon the ports . |
How we protect privilege mode ? | *even if a user did login to a device, limit his access by assigning “enable secret/password” use command enable password 1234567 |
What command we must use to protect AUX and console ports ? | Line console/aux 0 password 2456789 login end |
How we can set local credential ? | Command : username afaf privilege 15 password 12356 line console 0 login local end |
What is VPN ? | Virtual Private Networks (VPN) - How Virtual? And How Private? - Tunnels will be established - Full separation - End-to-End Encryption |
What is the 2 type of VPN ? | - site to site vpn - client vpn |
What is the 2 type of site to site vpn ? | - Peer-to-Peer VPN : - needs and IGP for Routing and Forwarding (Underlay) - the IGP will be exchange at the edges with the ISP - Overlay VPN : - obtain a circuit from the ISP - IGP will be yours all the way |
What is client vpn ? | - Client VPN - for an end user - requires a software - established remotely - credentials are needed - the Tunnel will be “PC – Router” |
What is ACL ? | Access Control List (ACL) - specific permissions for users/ networks - allow or deny rules only - allow or deny some hosts/networks from internet . - applying these specification on ports not the whole of router . |
What is the types of ACL ? | - Standard: uses source host/network to decide the permissions - range of 1-99 - NO specific permissions . - Extended: uses source & destination hosts/networks/ports/services - range of 100-199 . - specific in detail permissions. - Named: A Combination, Hierarchy Mode, Name . we apply ACL on checkpoints (inside/outside) . |
Some important command of standard ACL ? | - access-list <give number> deny 10.10.10.1 0.0.0.3 - acces-list <give nimber> permit any -to applly it inside interface : ip access-group <give number> out/ins sho access-lists |
Some important command of Extended Named ACL ? | - ip access-list extended Afaf - deny ip 19.10.10.1 10.10.1.0.0 0.0.0.15 --> deny this network from reaching this network . - deny ip host 19.10.10.1 10.10.1.0.0 0.0.0.15 --> deny this host from reaching this network . - permit ip any any . - applying it on interface : ip access-group Afaf in |
What is port security ? | - Switch Ports connects you immediately - A limitation is needed to the switch ports - This limitation includes: - The No. of learned MAC Addresses. - Only “Statically” assigned MAC Addresses are allowed to connect. - A combination of the 2 above. |
Important things i should do when applying port security ? | *All Cisco Switch Ports are “Dynamic” by Default, Make them Access *Static Ports DON’T have timers, assign timers *Those “Statically” assigned MACs are called “Sticky” |
What will be the reaction when an unallowed MAC/s hits? (port security) | Violation the Behavior : 1-Shutdown the port (Default) 2-Protect (Silently) 3-Strict (log it) |
What is DHCP snooping ? | - Rouge DHCP Servers will respond to your “Discovery” message. - Computers will take/accept the first offer they receive. - Snooping will trust an interface to make it the: Only interface allowed to receive Broadcast Messages. - Applied on a specific VLAN . *Rouge Servers will Act as a “Man in the Middle”, which is an attack. |
Important command in DHCP snooping ? | Ip DHCP snooping vlan 1 - apply it on specific interface : ip dhcp snooping trust . - then go to the trusted dhcp server : ip dhcp rely information trust-all . |
What is DAI ? | Dynamic ARP Inspection ARP is a Broadcast, thus, everyone will know about you trying to Reach your GW for any purpose - Someone might manipulate you and claim that he is the GW!!!! *Man in the Middle detected - DAI will allow only trusted interfaces to receive and forward Broadcast. |
How DAI will work ? | - It will cooperate with the DHCP Snooping DB to perform - After inspecting, it will either Forward the ARP, or Drop it (LOG) *Static IPs don’t use DHCP, SO!! Drop the ARP ! solution ? Trust the Port , Or Create ARP ACL |
What is AAA ? | Authentication, Authorization, and Accounting - AAA are the Security mechanisms for the MGM Plane - you can control everything about everyone allowed/denied From accessing the Network . |
Authentication ? | - Verifies Credentials - Contacts the AAA Server to check the eligibility of those Credentials. |
Authorization ? | - Determines the Credentials Powers - Contacts the AAA Server to check the Privileges of those Credentials |
Accounting ? | - Determines some Limitations - Calculates Statistics |
Wireless Principles ? | - So, what happens in the wireless world? - Electro-Magnetic field to encode data (0,1) - Encoding will be done by changing the frequency of a wave - that is measured by Hertz - and Hertz: the change in frequency/second - then, Modulation will express the Zeros and Ones |
Wi-Fi generation .. | - there are Wi-Fi generations (like Ethernet Categories) - starts from 802.11a (2 Mbps) – 802.11ax (14 Gbps) - will i really get a 14 Gbps!!!! Wirelessly!!!! (version 6) no because that needs a Ideal conditions . |
What is transceiver ? and what it does ? | - The Encoder now, the one who turns the Zeros and Ones To that “Electro-Magnetic” field, is called a Trans/ceiver . - The more transceivers available, the more data encoded - Then, a transceiver, will push the field, through an Antenna *also, the more antennas, the more data. |
Transceiver and antennas needs what to make them work ? | - To generate and push data through the air, there must a power to Do so! So, a power source is also needed. - this power source might be a battery or an AC adapter . |
What is Wireless Network Components ? | 1-Wi-Fi Client (End Point): also called a “Station” . 2- Wi-Fi Access Points (AP) . 3- Wi-Fi Controllers (optional ) . |
What is stations ? | (End Point): also called a “Station” - Generates/Consumes Data - Have Transceivers (to encode data) - Have Antennas (to push the data) - It will need Power |
What is AP ? | Wi-Fi Access Points (AP) - GW for the stations - Stations talks through the AP - also have Transceivers - also have Antennas |
What is Wi-Fi Controllers ? | - Controls APs (central point of management) - Controls Access for clients (AAA) |
What is the 3 types of wifi networks ? | - Ad-Hoc - Point to Point (NO APs), as Bluetooth and wifi direct in samsung devices. - Infrastructure - AP between stations - Mesh - APs talking together (Wirelessly), like when we have extenders in hotels . |
What is (BSS) ? | Basic Service Set (BSS): A single AP and it’s coverage area |
What is (BSSID) ? | Basic Service Set Identifier (BSSID): The MAC address of that AP . |
What is (SSID) ? | Service Set Identifier (SSID): Name of the WLAN . |