1,The Kerberos protocol
The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server(and vice versa)across an insecure network connection. After a client and server has used Kerberos to prove their identity,they can also encrypt all their communications to assure privacy and data integrity as they go about their business.
Kerberos is a network authentication protocol developed by MIT. Kerberos can provide authentication only. It doesn't have the capability to perform authorization. Some sites with existing Kerberos servers use Kerberos for authentication ,while using TACACS+ or RADIUS for authorization.
Encryption in Kerberos is based on DES, the Data Encryption Standard. The encryption library implements those routines. Several methods of encryption are provided, with tradeoffs between speed and security. An extension to the DES Cypher Block Chaining
(CBC) mode, called the Propagating CBC mode, is also provided. In CBC, an error is propagated only through the current block of the cipher, whereas in PCBC, the error is propagated throughout the message. This renders the entire message useless if an error
occurs, rather than just a portion of it. The encryption library is an independent module, and may be replaced with other DES implementations or a different encryption library.
2,The following lines are used in Cisco IOS:
0 is specified for the console line
TTY lines 1-16 are used for the asynchronous lines
line 17 is reserved for the aux port
3,Frame Relay supports two types of interfaces:point-to-point and multipoint.The one you choose determines whether you need to use the configuration commands that ensure IP address to data-link connection identifier(DLCI) mappings. After configuring the PVC itself, you must tell the router which PVC to use in order to reach a specific destination.
• Point-to-point subinterface - With point-to-point subinterfaces, each pair of routers has its own subnet. If you put the PVC on a point-to-point subinterface, the router assumes
that there is only one point-to-point PVC configured on the subinterface.Therefore, any IP packets with a destination IP address in the same subnet are forwarded on this VC. This is the
simplest way to configure the mapping and is therefore the recommended method. Use the frame-relay interface-dlci command to assign a DLCI to a specified Frame Relay subinterface
• Multipoint networks - Multipoint networks have three or more routers in the same subnet.
If you put the PVC in a point-to-multipoint subinterface or in the main interface (which is multipoint by default), you need to either configure a static mapping or enable inverse Address Resolution Protocol (ARP) for dynamic mapping.
In order to ensure that Inverse ARP resolves addresses across a hub and spoke topology, it is best to use single point to point subinterfaces for each PVC at the hub site. Alternatively,
use static map entries on the spoke routers. Since the remote spoke routers can already ping the hub site, there is no need to add static entries on the hub router.
4,What command should you use to specify RADIUS as the method of user authentication when no other method list has been defined?
answer: aaa authentication ppp default radius
5,To better accommodate for the growing number of remote access users, TestKing is implementing CiscoSecure. Which of the following are the three major components of Cisco Secure?
answer: RDBMS, Netscape Fast Track Server, AAA Server
6,What command should you use to enable AAA authentication regardless of the supported login authentication methods to use?
answer:aaa authentication login
7,What AAA command should you use to specify the local username database as the authentication method for use on lines running PPP when no other method list has been defined?
answer:aaa authentication ppp default local
8,Link compression supports which of the following compression algorithms?
answer:Stac, Predictor
We refer to the data compression schemes used in internetworking devices as lossless compression algorithms. These schemes reproduce the original bit streams exactly, with no degradation or loss. This feature is required by routers and other devices to transport data across the network. The two most commonly used compression algorithms on internetworking devices are the Stacker compression and the Predictor data compression algorithms
9,If CBWFQ is being used, which three commands can be configured within each traffic class?
answer:bandwidth, queue-limit, random-detect
To comfigure CBWFQ, perform the tasks in the following sections. The first three sections are required; the remaining sections are options:
Defining Class Maps
Configuring Class Policy in the Policy Map
Attaching the Service Policy and Enabling CBWFQ
Modifying the Bandwidth for an Existing Policy Map Class
Modifying the Queue Limit for an Existing Policy Map Class
Configuring the Bandwidth limiting factor
deleting classes
deleting policy maps
verifying configuration of policy maps and their classes
10,To successfully attach a policy map to an interface or a VC, the aggregate of the configured minimum bandwidths of the classes comprising the policy map must be less than or equal to 75 percent of the interface bandwidth or the bandwidth allocated to the VC. The default maximum reservable bandwidth value of 75 percent is designed to leave sufficient bandwidth for overhead traffic, such as routing protocol updates and Layer 2 keepalives. It also covers Layer 2 overhead for packets matching defined traffic classes or the clas-default class
阅读(1972) | 评论(0) | 转发(0) |
