If a TCP connection does not complete the three-way handshake within a particular time period, TCP intercept sends a TCP reset to the server, cleaning up the connection.
Which TCP intercept mode does this statement best describe?
Highlight for answer: Watch mode.
By default, when does a Cisco router switch over from the root-path-tree to the source-specific SPT?
Highlight for answer: When the first packet is received from the shared tree. You can change this with the ‘ip pim spt-threshold’ command.
A port in the Spanning Tree state of ‘blocking’ does not allow any type of traffic – true or false?
Highlight for answer: False – BPDUs are still allowed over the link.
Does an OSFP stub explicitly filter Type-4 LSAs, or is their absence in an OSPF stub area simply due to being unnecessary because the Type-5 LSAs have been filtered?
Highlight for answer: Actually, I don’t know the answer to this question. I was thinking about it today. In an OSFP stub area Type-5 LSAs are explicitly filtered. There are no Type-4 LSAs present either. I don’t know if they are explicitly filtered, or they are just never generated because the Type 5 LSA is filtered/never created? It’s my understanding (possibly a misunderstanding) that the ASBR generates the Type-4 LSA, so…it must be explicity filtered at the ABR, right? <–This is WRONG! 🙂
Thank you for the comments (big ups to Ivan P, Zeeshan, and Pavel Sefanov). I think that I have this cleared up in my head now:
The ABR generates the Type-4 LSA. If the area is configured as a stub area, the ABR filters the Type-5 LSAs(generated by the ASBR) and does not generate a Type-4 LSA. So, technically, an OSPF stub configuration only explicitly filters Type-5 LSAs, but it implicitly filters Type-4 LSAs as well as there is no need for the ABR to generate a Type-4 LSA.
So if you were to tell a co-worker that both Type-5 and Type-4 LSAs are filtered, you would be technically wrong. 😦
Ivan Pepelnjak from Cisco IOS Hints and Tricks wrapped it up nicely:
To make it more explicit: the type-4 LSA is the glue that ties together a type-5 LSA originated by an out-of-area ASBR with the ABR flooding type-5 into the area. If there are no type-5 LSAs, type-4 LSAs are not needed (you will also not see them for ASBRs in the same area).
What are the two tables that CEF utilizes to switch packets?
Highlight for answer: Forwarding Information Base(FIB) and [CEF] adjacency table.
What are the three tables that EIGRP uses?
Highlight for answer: EIGRP neighbor table, EIGRP topology table, and the IP routing table.
Which Spanning Tree convergence improvement utilizes Root Link Query (RLQ) BPDUs to detect indirect link failures?
Highlight for answer: BackboneFast
Which two commands can be used to disable the executive timeout feature?
Highlight for answer: no exec-timeout or exec-timeout 0 0
Given the output below, how long will it take for a MAC address to age out?
Rack1SW1(config-if)#do sh port-security int f0/4
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : aaaa.bbbb.cccc:1
Security Violation Count : 0
Highlight for answer: By setting ‘switchport port-security aging’ to 0(the default), aging is disabled and the MAC address will never age out.
When applied outbound to a neighbor in BGP, what is the order of preference between prefix-lists, filter-lists, distribute-lists, and route-maps?
Highlight for answer: 1) *prefix-list, *distribute-list, 2) filter-list, 3) route-map
*The attributes prefix-list and distribute-list are mutually exclusive, and only one command (neighbor prefix-list or neighbor distribute-list) can be applied to each inbound or outbound direction for a particular neighbor.