2013 Latest Cisco 350-001 Exam Section 6: Network Management (12

2013 Latest Cisco 350-001 Exam Section 6: Network Management (12 Questions)

QUESTION NO: 1 Which types of SNMPv1 messages are sent from the NMS (Network Management Station) using SNMP version 1 to the Agent?
A. Trap, Get and Set
B. Get, Set and Getnext
C. Get, Set, Getnext and GetBulk
D. Get, Set and GetBulk
E. Trap only
Answer: B
SNMP itself is a simple request/response protocol, and the SNMPv1 operations used by
the NMS are defined as below.
Get: Allows the NMS to retrieve an object variable from the agent.

GetNext: Allows the NMS to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a NMS wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. Set: Allows the NMS to set values for object variables within an agent.
Incorrect Answers:
A, E. SNMP traps are used by the agent to inform the NMS of some events.
C, D. GetBulk is used in SNMPv2, not version 1. SNMPv2 defines two new operations:
GetBulk and Inform. The GetBulk operation is used to efficiently retrieve large blocks of
data. The Inform operation allows one NMS to send trap information to another NMS and
to then receive a response. In SNMPv2, if the agent responding to GetBulk operations
cannot provide values for all the variables in a list, it provides partial results.

What is the difference between the community formats of SNMPv1 SNPMv2c?

A. With SNPMv1, communities are sent as clear text and on SNPMv2c they are encrypted.
B. On SNPMv1 communities are encrypted and on SNPMv2c they are sent as clear text.
C. There is no difference because both versions send encrypted communities.
D. There is no difference because both versions send communities as clear text.
E. SNMPv2c does not use communities.
Answer: D
The original Internet standard Network Management Framework, described in RFCs 1155, 1157, and 1213, is called the SNMP version 1 (SNMPv1) framework. Relevant portions of the proposed framework for version 2C of the Simple Network Management Protocol (SNMPv2C) are described in RFCs 1901 through 1908. SNMPv1 and SNMPv2c use a community string match for user authentication. Community strings provided a weak form of access control in earlier versions of SNMP. SNMPv3 provides much improved access control using strong authentication and should be preferred over SNMPv1 and SNMPv2c wherever it is supported. Both versions send communities as clear text messages.

QUESTION NO: 3 Network management tools use Management Information Base (MIB) information to monitor and manage networks. Which of the following is NOT part of the MIB-2 specification, as defined in RFC 1213? (Choose all that apply)
A. The System Group
B. The TCP Group
C. The Transmission Group
D. The Enterprises Group
E. The RMON Group
F. The ICMP Group
Answer: D, E
RFC 1213 defines the “Management Information Base for Network Management of TCP/IP-based internets: MIB-II” specification. It defines all of the following groups: System, Interfaces, Address Translation, IP, ICMP, TCP, UDP, EGP, Transmission, and SNMP. The RMON group is not part of RFC 1213, nor is the Enterprises Group

QUESTION NO: 4 Which statements are true about the purpose and functionality between SNMP and MIBs? (Select three)
A. A Management Information Base (MIB) is a collection of information that is organized hierarchically.
B. A Management Information Base (MIB) is a collection of network device information that is organized in a bulk transfer mode to the management station.
C. MIBs are accessed using a network-management protocol such as SNMP.
D. MIBs are accessed using a network-management protocol such as TCP.
E. MIBs are comprised of managed objects and are identified by the object identifiers.
F. MIBs are comprised of managed objects and are identified by the lmhosts table.
Answer: A, C, E
The Cisco MIB variables are accessible via the Simple Network Management Protocol ( SNMP), which is an application-layer protocol designed to facilitate the exchange of management information between network devices. The SNMP system consists of three parts: SNMP manager, SNMP agent, and MIB.
The MIB structure is logically represented by a tree hierarchy. The root of the tree is
unnamed and splits into three main branches: Consultative Committee for International
Telegraph and Telephone (CCITT), International Organization for Standardization (ISO),
and joint ISO/CCITT.
Finally, each group of MIB variables is accompanied by an illustration that indicates the
specific object identifier for each variable.

QUESTION NO: 5 Which options are true regarding the privacy capability using cryptography and the authentication method for SNMPv1, SNMPv2c and SNMPv3? (Choose all that apply)
A. SNMPv1 has no privacy and uses community for authentication.
B. SNMPv2c has privacy and uses community for authentication.
C. SNMPv2c has privacy and uses usernames for authentication.
D. SNMPv3 has privacy and use community for authentication.
E. SNMPv3 has privacy and uses usernames for authentication.
Answer: A, E
SNMPv1 and SNMPv2 use the notion of communities to establish trust between managers and agents. An agent is configured with three community names: read-only,
on the computer. The three community strings control different kinds of activities. As its name implies, the read-only community string lets you read data values, but doesn’t let you modify the data. For example, it allows you to read the number of packets that have been transferred through the ports on your router, but doesn’t let you reset the counters.
community string, you can read the counters, reset their values, and even reset the interfaces or do other things that change the router’s configuration. Finally, the trap community string allows you to receive traps (asynchronous notifications) from the agent.
SNMPv3 not only encrypts all transmissions but also enables the responder (usually an SNMP agent) to authenticate the user generating the request, guarantee the integrity of the message using a digital signature, and apply complex and granular access-control rules to each request. It also lets the administrator specify these levels of protection in varied combinations (unsecured, authenticated and authenticated with encryption). In addition, any number of access-control rules can be applied at the SNMP agent or manager. While this level of security was completely impractical in hardware 10 years ago, today’s infrastructure devices have enough RAM and CPU cycles to support not only this advanced SNMP security but also full-fledged Web management services–all in firmware.

Which security features are defined in SNMPv3? (Select all that apply)

A. Authentication
B. Domain checking
C. Accounting
D. Privacy
Answer: A, D
SNMP Version 3 (SNMPv3) adds security and remote configuration capabilities to the
previous versions. The SNMPv3 architecture introduces the User-based Security Model
(USM) for message security and the View-based Access Control Model (VACM) for
access control.
The principal security enhancements defined in SNMP version 3 is authentication,
privacy, and access control.

Incorrect Answers:
B, C. SNMP version 3 provides no defines no mechanisms for checking the domain or accounting.

What SNMP message type reports events to the NMS reliably?

A. Get
B. Response
C. Inform
D. Trap
E. Get Bulk

Answer: C
SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send acknowledgments when it receives traps. The sender cannot determine if the traps were received. However, an SNMP entity that receives an inform request acknowledges the message with an SNMP response PDU. If the sender never receives the response, the inform request can be sent again. Thus, informs are more likely to reach their intended destination. However, informs consume more resources in the agent and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in memory until a response is received or the request times out. Also, traps are sent only once, while an inform message may be retried several times. The retries increase traffic and contribute to a higher overhead on the network.

The TestKing LAN is displayed below:
What should the Cisco IOS commands look like in the TestKing1 router to perform the exhibit?
A. logging source-interface fastethernet 0/0 logging
logging facility sys9 logging on
B. logging logging trap debugging logging facility sys9 logging source-interface serial0 logging on
C. logging logging trap debugging logging facility sys9 logging source-interface ethernet1 logging on
D. logging logging trap 7 logging source-interface serial 1 logging origin-id ip
Answer: C
In the example displayed above, the syslog server resides at so we will want to send all SNMP traps to this IP address. In addition, the source interface information that should be sent to this server is the ethernet 1 interface, since this is the address used for all messages sent to the server. Incorrect Answers:
A. In this example the wrong interface source is uses. In addition, the logging level information that should be sent to the server is not specified.
B. Here the wrong interface is configured as the logging source
D. This choice specified the wrong source interface, as well as the wrong IP address of the syslog server.

QUESTION NO: 9 SNMP version 3 has been implemented throughout the TestKing network. On SNMPv3 which message types are classified as Unconfirmed Class PDU? Select all that apply.
A. Get
B. Trap
C. Inform
D. Report
E. Response
Answer: B, D, E
Explanation: SNMP PDU Classes
SNMPv1 originally defined six PDUs. The number of PDUs was expanded and some changes made to their name and use in SNMPv2 and SNMPv3. The current SNMP Framework categorizes the PDUs into different classes. These classes describe both the function of each message type and the kind of communication they use to perform their task (polling versus interrupting). Table 210 shows the main SNMPv2/SNMPv3 PDU classes, describes them, and shows which PDUs are in each class in SNMPv2/SNMPv3. These classes were not used in SNMPv1 but for clarity I also show which messages from SNMPv1 fall into the classes conceptually: The GetBulkRequest-PDU and InformRequest-PDU messages are new in SNMPv2/v3. The GetResponse-PDU message was renamed just Response-PDU (since it is in fact a response and not a message that “gets” anything), and the new Trapv2-PDU replaces Trap-PDU. There are three other “special” classes defined by the current SNMP Framework. The Internal class contains a special message called Report-PDU defined for internal SNMP communication. The SNMP standards also provide two classes called Confirmed and Unconfirmed, used to categorize the messages in my table above based on whether or not they are acknowledged. The Report-PDU, Trapv2-PDU, and Response-PDU messages are considered Unconfirmed and the rest are Confirmed.
Table 210: SNMP PDU (Message) Classes
SNMPv3 PDU Class Description SNMPv1 PDUs SNMPv2/SNMPvPDUs 3
Read Messages that read management information from a managed device using a polling mechanism. GetRequest-PDU, GetNextRequest-PD GetRequest-PDU, GetNextRequest-PGetBulkRequest-PU DU, DU
Write Messages that change management information on a managed device to affect the device’s operation. SetRequest-PDU SetRequest-PDU
Response Messages sent in response to a previous request. GetResponse-PDU Response-PDU
Notification Messages used by a device to send an interrupt-like notification to an SNMP manager. Trap-PDU Trapv2-PDU, InformRequest-PDU

QUESTION NO: 10 In SNMP, which of the following choices is not part of the MIB-2, as defined in RFC 1213?
A. System
B. Enterprises
C. Transmission
Answer: B, E
From RFC 1213, the following list the various groups in MIB-II
system OBJECT IDENTIFIER ::= { mib-2 1 }
interfaces OBJECT IDENTIFIER ::= { mib-2 2 }
at OBJECT IDENTIFIER ::= { mib-2 3 }
ip OBJECT IDENTIFIER ::= { mib-2 4 }
icmp OBJECT IDENTIFIER ::= { mib-2 5 }
tcp OBJECT IDENTIFIER ::= { mib-2 6 }
udp OBJECT IDENTIFIER ::= { mib-2 7 }
egp OBJECT IDENTIFIER ::= { mib-2 8 }
— historical (some say hysterical)
— cmot OBJECT IDENTIFIER ::= { mib-2 9 }
transmission OBJECT IDENTIFIER ::= { mib-2 10 }
snmp OBJECT IDENTIFIER ::= { mib-2 11 }
Reference: http://www.faqs.org/rfcs/rfc1213.html

QUESTION NO: 11 SNMP is being used to provide network information to the TestKing Network Operations Center. In SNMP, what is an example of a managed device (sometimes called network elements)?
A. Routers and Switches
B. Hubs and Bridges
C. Printers, Firewalls and Servers
D. All of the above
Answer: D
SNMP Basic Components: An SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (NMSs). A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers. An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP. An NMS executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network. Reference: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm

QUESTION NO: 12 What feature among the following choices can be used to transport monitoring session traffic from a TestKing Catalyst switch across a routed IP network to a sniffer on a remote site?
A. Protocol filtering
E. None of the above
Answer: D
Explanation: ERSPAN Overview:
ERSPAN supports source ports, source VLANs, and destination ports on different switches, which provides remote monitoring of multiple switches across your network ERSPAN consists of an ERSPAN source session, routable ERSPAN GRE-encapsulated traffic, and an ERSPAN destination session. You separately configure ERSPAN source sessions and destination sessions on different switches. To configure an ERSPAN source session on one switch, you associate a set of source ports or VLANs with a destination IP address, ERSPAN ID number, and optionally with a VRF name. To configure an ERSPAN destination session on another switch, you associate the destination ports with the source IP address, ERSPAN ID number, and optionally with a VRF name. . The ERSPAN source session copies traffic from the source ports or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the ERSPAN destination session. The ERSPAN destination session switches the traffic to the destination ports. ERSPAN Configuration:
Incorrect Answers:
A: Filtering can not be used to send traffic to a remote protocol analyzer.
B: Local Span is used to send traffic to a local sniffer as described below:
A local SPAN session is an association of source ports and source VLANs with one or more destination ports. You configure a local SPAN session on a single switch. Local SPAN does not have separate source and destination sessions. Figure52-1 Example SPAN Configuration
C: RSPAN supports source ports, source VLANs, and destination ports on different switches, which provides remote monitoring of multiple switches across your network RSPAN consists of an RSPAN source session, an RSPAN VLAN, and an RSPAN destination session. You separately configure RSPAN source sessions and destination sessions on different switches. The traffic for each RSPAN session is carried as Layer2 nonroutable traffic over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches. All participating switches must be trunk-connected at Layer2. Figure52-2 RSPAN Configuration
Topic 4: IP Routing (88 Questions)
Ensurepass offers Latest 2013 CCIE 350-001 Real Exam Questions , help you to pass exam 100%.