CCNP Infrastructure Security • Complete Question Bank
Complete CCNP Infrastructure Security question bank — all 0 questions with answers and detailed explanations.
A network engineer runs the following command on Router R1:
R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.0.0.2 1 FULL/DR 00:00:38 192.168.1.2 GigabitEthernet0/0 10.0.0.3 1 2WAY/DROTHER 00:00:32 192.168.1.3 GigabitEthernet0/0 10.0.0.4 1 FULL/BDR 00:00:35 192.168.1.4 GigabitEthernet0/0
Based on this output, what can be concluded?
A network engineer runs the following command on Switch SW1:
SW1# show spanning-tree vlan 10
VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 0011.2233.4455 Cost 19 Port 1 (GigabitEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0011.2233.4466 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- -------------------------------- Gi0/1 Root FWD 19 128.1 P2p Gi0/2 Altn BLK 19 128.2 P2p Gi0/3 Desg FWD 19 128.3 P2p
Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show ip access-lists 101
Extended IP access list 101
10 permit tcp 192.168.1.0 0.0.0.255 any eq 80 (100 matches)
20 deny tcp any any eq 23 (50 matches)
30 permit ip any any (200 matches)Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global --- 203.0.113.10 192.168.1.10 --- --- --- 203.0.113.11 192.168.1.11 --- --- tcp 203.0.113.10:1024 192.168.1.10:1024 198.51.100.5:80 198.51.100.5:80
Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show policy-map interface GigabitEthernet0/0
GigabitEthernet0/0
Service-policy input: QOS_POLICY
Class-map: VOICE (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip dscp ef (46) Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 police cir 1000000 bc 31250 be 31250 conformed 0 bytes; actions: transmit exceeded 0 bytes; actions: drop violated 0 bytes; actions: drop
Class-map: class-default (match-any) 100 packets, 12000 bytes 5 minute offered rate 8000 bps, drop rate 0 bps Match: any Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 100/12000
Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show aaa sessions
Total sessions since last reset: 10
Session Id: 5 Unique Id: 5 User Name: admin
IP Address: 192.168.1.100
Idle Time: 0:00:05 Timeout: 0:10:00 Type: SSH Method: local
Session Id: 6 Unique Id: 6 User Name: neteng
IP Address: 10.0.0.2
Idle Time: 0:02:30 Timeout: 0:10:00 Type: SSH Method: tacacs+
Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show vrf brief
Name Default RD Protocols Interfaces CUSTOMER_A 65000:100 ipv4 Gi0/0.100 CUSTOMER_B 65000:200 ipv4 Gi0/0.200 MANAGEMENT 65000:999 ipv4 Gi0/1
Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show ip bgp summary
BGP router identifier 10.0.0.1, local AS number 65001 BGP table version is 10, main routing table version 10
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.1.2 4 65002 1024 1020 10 0 0 02:30:15 5 192.168.1.3 4 65003 500 498 10 0 0 00:15:20 3 10.0.0.2 4 65004 0 0 0 0 0 never Active
Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show mpls ldp neighbor
Peer LDP Ident: 10.0.0.2:0; Local LDP Ident 10.0.0.1:0 TCP connection: 10.0.0.2.646 - 10.0.0.1.49231 State: Oper; Msgs sent/rcvd: 100/95; Downstream Up time: 01:23:45 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 192.168.1.2 Addresses bound to peer LDP Ident:
10.0.0.2 192.168.1.2
Based on this output, what can be concluded?
Examine the following interface configuration on a Cisco IOS-XE switch: ```
interface GigabitEthernet0/1 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security violation restrict switchport port-security mac-address sticky
``` What is the effect of this configuration?
Consider the following configuration on a Cisco IOS-XE router: ```
ip access-list extended BLOCK_SSH deny tcp any any eq 22 permit ip any any
!
line vty 0 4
access-class BLOCK_SSH in ``` Which statement is true about this configuration?
Examine the following CoPP configuration on a Cisco IOS-XE router: ``` class-map match-all CONTROL-PLANE match access-group name COPP-ACL ! policy-map COPP-POLICY
class CONTROL-PLANE
police 1000000 200000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY ``` What is the effect of this configuration?
Consider the following DHCP snooping configuration on a Cisco IOS-XE switch: ```
ip dhcp snooping ip dhcp snooping vlan 10 interface GigabitEthernet0/1 ip dhcp snooping trust
!
interface GigabitEthernet0/2 ip dhcp snooping limit rate 10
``` Which statement is true?
Examine the following BGP configuration on a Cisco IOS-XE router: ```
router bgp 65000
bgp default local-preference 150
neighbor 10.1.1.1 remote-as 65001 neighbor 10.1.1.1 password cisco123 neighbor 10.1.1.1 route-map SET-MED out
! route-map SET-MED permit 10 set metric 50 ``` What is the effect of the route-map on outbound updates to 10.1.1.1?
Consider the following IPv6 access-list on a Cisco IOS-XE router: ``` ipv6 access-list PERMIT_ICMP
permit icmp any any echo-request permit icmp any any echo-reply deny ipv6 any any
!
interface GigabitEthernet0/0
ipv6 traffic-filter PERMIT_ICMP in ``` What is the effect of this configuration?