Ensurepass
2013 Latest Cisco 350-001 Exam Section 4: Protocol Mechanics (10 Questions)

QUESTION NO: 1
What is the standard transport protocol and port used for SYSLOG messages?

A. UDP 514
B. TCP 520
C. UDP 530
D. TCP 540
E. UDP 535
Answer: A
Explanation:
For a complete list of TCP/UDP well known port numbers, see the following link:
http://www.iana.org/assignments/port-numbers
UDP 514This port has been left open for use by the SYSLOG service.

TCP and UDP Ports:
In addition to the standard network ports, Cisco Works uses these TCP and UDP ports:
Port Number Type Description
42340 TCP CiscoWorks2000 Daemon Manager, the tool that manages server processes
42342 UDP Osagent
42343 TCP JRun
42344 TCP ANI HTTP server
7500 UDP Electronic Switching System (ESS) Service port
7500 TCP ESS Listening port
7580 TCP ESS HTTP port
7588 TCP ESS Routing port
1741 TCP Port used for the CiscoWorks2000 HTTP server
161 UDP/TCP Standard port for SNMP Polling
162 UDP/TCP Standard port for SNMP Traps
514 UDP Standard port for SYSLOG
69 TCP/UDP Standard port for TFTP
23 TCP/UDP Standard port for Telnet
References: http://www.cisco.com/en/US/products/sw/ps5664/ps5669/products_tech_note09186a00802
http://www.cisco.com/en/US/products/sw/cscowork/ps4737/products_tech_note09186a00

QUESTION NO: 2 A new Syslog server is being installed in the Testking network to accept network management information. What characteristic applies to these Syslog messages? (Select three)
A. Its transmission is reliable.
B. Its transmission is secure.
C. Its transmission is acknowledged.
D. Its transmission is not reliable.
E. Its transmission is not acknowledged.
F. Its transmission is not secure.
Answer: D, E, F
Explanation:
Syslog is a method to collect messages from devices to a server running a syslog daemon. Logging to a central syslog server helps in aggregation of logs and alerts. Cisco devices can send their log messages to a Unix-style SYSLOG service. A SYSLOG service simply accepts messages, and stores them in files or prints them according to a simple configuration file. This form of logging is the best available for Cisco devices because it can provide protected long-term storage for logs. This is useful both in routine troubleshooting and in incident handling. Syslog uses UDP port 514. Since it is UDP based, the transmission is a best effort, and insecure.
Incorrect Answers:
A, C. Syslog uses UDP as the transport layer protocol, not TCP. Since UDP relies on an unreliable method of communication, syslog is not reliable.
B. Syslog has no way of providing a secure transmission by itself. Only by tunneling the syslog data through a secure channel such as IPSec can it be sent securely.

QUESTION NO: 3
A user is having problems reaching hosts on a remote network. No routing protocol is running on the router and it’s using only a default to reach all remote networks. An extended ping is used on the local router and a remote file server with IP address
10.5.40.1 is pinged. The results of the ping command produce 5 “U” characters. What does the result of this command indicate about the network?
A. An upstream router in the path to the destination does not have a route to the destination network.
B. The local router does not have a valid route to the destination network.
C. The ICMP packet successfully reached the destination, but the reply form the destination failed.
D. The ping was successful, but congestion was experienced in the path to the destination.
E. The packet lifetime was exceeded on the way to the destination host.
Answer: A
Explanation:
Even though the router is using a default route to get to all networks, at some point the packet is reaching a router that does not know how to reach the destination. The underlying reason for the failure is unknown, but when a ping is used and the response is a series of U replies, then the destination is unreachable by a router. Since the nearest router is using a default route, then the problem must be with an upstream router. The table below lists the possible output characters from the ping facility:
Character Description
! Each exclamation point indicates receipt of a reply.
. Each period indicates the network server timed out while waiting for a reply.
U A destination unreachable error PDU was received.
Q Source quench (destination too busy).
M Could not fragment.
? Unknown packet type.
& Packet lifetime exceeded.
Incorrect Answers:
B. The local router is using a default route, so all networks are considered to be known and reachable by the local router.
C. If the Ping packet could reach all the way to the remote host, a “U” response would not be generated.
D. This type of scenario would most likely result in a source quench response, which would be a Q.
E. This would mean a “&” response, as shown in the table above.

QUESTION NO: 4
What protocols are considered to be UDP small servers? (Choose all that apply)
A. Echo
B. Daytime
C. Chargen
D. Discard
E. DHCP
F. Finger
Answer: A, C, D
Explanation:
TCP and UDP small servers are servers (daemons, in Unix parlance) that run in the router
which are useful for diagnostics.
The UDP small servers are:

1.
Echo: Echoes the payload of the datagram you send.

2.
Discard: Silently pitches the datagram you send.

3.
Chargen: Pitches the datagram you send and responds with a 72 character string of
ASCII characters terminated with a CR+LF.
These 3 servers are enabled when the “service UDP-small-servers” command.
Reference:
http://www.cisco.com/warp/public/66/23.html

Incorrect Answers:
B. Daytime: Returns system date and time, if correct. It is correct if you are running Network Time Protocol (NTP) or have set the date and time manually from the exec level. The command to use is telnet x.x.x.x daytime. Daytime is a TCP small server.
E. Although DHCP uses UDP, it is not considered a UDP small server by Cisco.
F. The router also offers finger service and async line bootp service, which can be independently turned off with the configuration global commands no service finger and no ip bootp server, respectively. This is in addition to the TCP and UDP small servers.

QUESTION NO: 5
Which protocols are considered to be TCP small servers? (Choose all that apply).
A. Echo
B. Time
C. Daytime
D. Chargen
E. Discard
F. Finger
G. DHCP
Answer: A, C, D, E

Explanation:
TCP and UDP small servers are servers (daemons, in Unix parlance) that run in the router
which are useful for diagnostics.
TCP Small Servers are enabled with the service tcp-small-servers command
The TCP small servers are:

*
Echo: Echoes back whatever you type by using the telnet x.x.x.x echo command.

*
Chargen: Generates a stream of ASCII data. The command to use is telnet x.x.x.x
chargen.

*
Discard: Throws away whatever you type. The command to use is telnet x.x.x.x discard.

*
Daytime: Returns system date and time, if correct. It is correct if you are running
Network Time Protocol (NTP) or have set the date and time manually from the exec
level. The command to use is telnet x.x.x.x daytime.
Replace x.x.x.x with the address of your router. Most routers inside Cisco run the small
servers.
Incorrect Answers:

F.
DHCP is not considered a UDP small server by Cisco.

G.
The router also offers finger service and async line bootp service, which can be
independently turned off with the configuration global commands no service finger and
no ip bootp server, respectively. This is in addition to the TCP and UDP small servers.

QUESTION NO: 6
Which of the following statements are NOT true regarding the TCP sliding window protocol? (Choose all that apply)
A. It allows the transmission of multiple frames before waiting for an acknowledgement.
B. The size of the sliding window can only increase or stay the same.
C. The initial window offer is advertised by the sender.
D. The receiver must wait for the window to fill before sending an ACK.
E. The sender need not transmit a full window’s worth of data.
F. The receiver is required to send periodic acknowledgements.
Answer: B, C
Explanation:
The sliding window algorithm allows for the window size to decrease slowing down the transmission of data. TCP uses a window of sequence numbers to implement flow control. The receiver indicates the amount of data to be sent. The receiver sends a window with every ACK that indicates a range of acceptable sequence numbers beyond the last received segment. The window allows the receiver to tell the sender how many bytes to transmit. Therefore, the statements in B and C are not true (the question asked for the false statements, not the true ones).
Incorrect Answers:
A, F. In TCP, a sender transmits only a limited amount of data before the receiver must send an acknowledgement. Windows usually include multiple packets, but if the sender doesn’t get acknowledgements within a set time, all the packets must be retransmitted. D, E. Both of these are true statements regarding the TCP sliding window mechanism.
Additional Info:
In Win 2000 and XP, the default TCP window size is 16K bytes – meaning no more than 11 frames can be outstanding without an acknowledgement. For 11 frames at 12 microseconds each, any delay of 132 microseconds or more would cause retransmissions.

QUESTION NO: 7 A new data T1 line is being installed. What choices do you have for provisioning the framing types? (Choose all that apply)
A. B8ZS
B. SF
C. AMI
D. LLC
E. ESF
F. All of the above
Answer: B, E
Explanation:
SuperFraming and Extended SuperFraming are the two T1 framing types.
Incorrect Answers:
A, C. B8ZS and AMI are coding options and are not used for framing. Two typical combinations that T1’s are provisioned are B8ZS/ESF and AMI/SF.
D. LLC (Logical Link Control) is not related to T1.

QUESTION NO: 8

The TestKing network is shown in the following exhibit:

The host sends a 1500 byte TCP packet to the Internet with the DF (Don’t Fragment) bit set.
Will router TK1 be able to forward this packet to router TK2?
A. Yes, it will ignore the DF bit and fragment the packet because routers do not recognize the DF bit.
B. Yes, it will forward the packet without fragmenting it because the DF bit is set.
C. No, it will drop the packet and wait for the host to dynamically decrease its MTU size.
D. Yes, it will fragment the packet, and send back ICMP type 3 code 4 (fragmentation needed but DF bit set) messages back to the host.
E. No, it will drop the packet, and send back ICMP type 3 code 4 (fragmentation needed but DF bit set) message back to the host.
Answer: E
Explanation:
Since the DF bit in the IP packet is set, the router will not be allowed to fragment the packet. Also the MTU size on the routers serial interface is restricted to 576, hence the packet will not be allowed to pass through and it will be dropped.
Incorrect Answers:
A. Routers do indeed recognize the DF bit and will adhere to it.
B. With the DF bit set, the packet will not be fragmented, and since 1500 bytes is too large to go through the 576 byte interface, it will be dropped.
C. In this case, router will always send an ICMP error code back to the source stating what the problem is before dropping it.
D. With the DF bit set the router is not allowed to fragment the packet.

QUESTION NO: 9
With regard to TCP headers, what control bit tells the receiver to reset the TCP connection?
A. ACK
B. SYN
C. SND
D. PSH
E. RST
F. CLR
Answer: E
Explanation:
The RST flag resets the TCP connection.
Incorrect Answers:
A. ACK is used to acknowledge data that has been sent.
B. SYN is used to synchronize the sequence numbers.
C. SND is not a TCP control bit.
D. PSH is used to tell the receiver to pass the information to the application.
F. CLR is not a valid TCP control bit.

QUESTION NO: 10
The TestKing RIP network is displayed below:

What statement is correct regarding the configuration in the figure?
A. The RIP metric between TestKing1 and TestKing3 remains “1”.
B. The RIP metric between TestKing1 and TestKing3 is “2” because the offset-list command is changing the metric to “2”.
C. The RIP metric between TestKing1 and TestKing3 is “3” because the offset-list command is changing the metric to “3” by adding 2 to the existing metric.
D. The RIP metric cannot be changed and Load sharing will be done between the two paths that exist from TestKing1 and TestKing3 (and vice-versa) because the offset-list command is specifying that there be a 2:1 load sharing ratio for the two paths.
Answer: C
Explanation:
The offset value is added to the routing metric. An offset list with an interface type and interface number is considered extended and takes precedence over an offset list that is not extended. Therefore, if an entry passes the extended offset list and the normal offset list, the offset of the extended offset list is added to the metric. In this case, an offset of 2 is added to the routing update, making the total RIP metric 3.

Ensurepass offers Latest 2013 CCIE 350-001 Real Exam Questions , help you to pass exam 100%.

Comments are closed.