CCNP SWITCH Chapter 7 Exam Answers (Version 7) – Score 100%

1. Which three commands are necessary to configure NTP authentication between devices? (Choose three.)

• ntp trusted-key authentication 1
• ntp authentication
• ntp authentication-key 1 md5
• ntp trusted-key 1
• ntp md5 authentication-key 1
• ntp authenticate

2. What is the command to configure a device to be an authoritative NTP server?

• ntp synchronize 172.16.1.1
• ntp server 172.16.1.1
• ntp master 172.16.1.1
• ntp peer 172.16.1.1

3. Which statement is true about 802.1x port-based authentication?

• If the host does not receive a response to a start frame, it goes into the shutdown mode.
• Authentication can only be initiated by the switch.
• Authentication can only be initiated by the host.
• When a host comes up that is attached to a switch port, the authentication server queries the host for 802.1x authentication information.
• Authentication can be initiated by either the switch or the host.

4. Which SNMP message is sent from the manager?

• inform request
• get response
• set request
• trap

5. Refer to the exhibit. Given the configuration on the ALSwitch, what is the end result?

• disables 802.1x port-based authentication and causes the port to allow normal traffic without authenticating the client
• globally disables 802.1x authentication
• forces all hosts that are attached to a port to authenticate before being allowed access to the network
• enables 802.1x authentication on the port

6. Which two statements are true about NTP? (Choose two.)

• Stratum 1 devices have directly attached radio or atomic clock.
• Stratum number represents the distance from a reference clock.
• Higher stratum number always indicates greater quality and reliability.
• Network devices will always synchronize with NTP server with the highest stratum number.
• Stratum numbers are directly related to the routing metric.

7. Which SNMP version provides authentication and encryption for transmission of critical data between managed devices?

• SNMPv3authPriv
• SNMPv3 authNoPriv
• SNMPV2
• SNMPv3noAuthnoPriv

8. Refer to the exhibit. A switch is being configured to support AAA authentication on the console connection. Given the information in the exhibit, which three statements are correct? (Choose three.)

• The login authentication admin line console command is required.
• The none keyword specifies that a user cannot log in if all other methods have failed.
• The none keyword enables any user logging in to successfully authenticate if all other methods return an error.
• The configuration creates an authentication list that uses a TACACS+ server as the first authentication method, the local username database as the second method, the enable password as the third method, and none as the last method.
• The authentication login admin line console command is required.
• The configuration creates an authentication list that uses a named access list called group as the first authentication method, a TACACS+ server as the second method, the local username database as the third method, the enable password as the fourth method, and none as the last method.

9. In a AAA architecture, what is the name of the role given to the client running 802.1x software?

• authentication server
• authenticator
• supplicant
• AAA peer

10. Refer to the exhibit. Which feature does a SNMP manager need in order to set a parameter on switch ACSW1?

• a manager using an SNMP string of K44p0ut
• a manager using host 172.16.128.50
• a manager using authPriv
• a manager using SNMPv1, 2, or 2c

11. What are three advantages of implementing the AAA framework model in a network? (Choose three.)

• Standardized authentication methods
• Username and passwords are stored in a local database for scalability.
• Faster convergence
• Increased flexibility and control of access configuration
• Offers automatic failover solutions for gateway redundancy
• Multiple backup systems

12. What SNMP attribute provides the best security?

• authNoPriv
• SNMPv2
• authPriv
• noAuthNoPriv
• community string

13. Refer to the exhibit. Network policy dictates that security functions should be administered using AAA. Which configuration would create a default login authentication list that uses RADIUS as the first authentication method, the enable password as the second method, and the local database as the final method?

SW-1(config)# aaa new-model
SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group-radius enable local none

SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius local

SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius enable local

SW-1(config)# aaa new-model
SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group radius enable local none

SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group radius enable local

14. Which three are characteristics of the SNTP protocol? (Choose three.)

• SNTP is a simplified, client-only version of the NTP.
• SNTP provides complex filtering.
• SNTP cannot be used to provide times services to other services.
• Provides a secure means for NTP transmissions.
• SNTP can be used to provide time services to other systems.
• SNTP and NTP cannot coexist on the same device because they use the same port number.

15. Match the term with the correct definition.

• Authentication – Prevents unauthorized clients from connecting to a LAN through Switch ports.
• Authorization – Allows for the collection of information concerning user activity.
• Accounting – Allows for the control of the level of access that users have.