1. OSI Layers 2. What is VLAN? 3. What is VTP? 4. How we can change VTP revision number 5.

In what mode we will add a switch in VTP domain 6. Difference between loadsharing & loadbalancing 7. What is ACS server, syslog server 8. How to add node in hpnnm nnm 9. How to add a node group in nnm 10. What is use of AAA and how we will configure it? 11. How many modules will be there in 7609? 12. What type of ports are available in 7609 router 13. Difference between HSRP and VRRP a) In VRRP preempt enabled by default, In HSRP Preempt disabled by default. b) In VRRP, In case priority is equal between Routers, Highest IP address Router will preempt but In HSRP, there are equal priority Routers then the one which is active Router remains active when the standby (former active) Router comes back. c) The maximum VRRP and HSRP priority value is 255

d) The maximum VRRP priority value that you can manually configure on the router is 254, In HSRP is maximum configurable priority is 255. e) Only one router can have a VRRP priority setting of 255. In HSRP multiple Routers can have a priority setting of 255. f) The Router that owns the IP address for the group automatically gets a VRRP priority setting of 255. There is no option to configure Virtual IP address of HSRP group as physical address to any Router in HSRP group.

14. How data flows in MPLS technology 15. OSPF states while forming neighborship 16. OSPF LSA types 17. Difference between point to point & MPLS links 18. What is external LSA 19. How to bind the mac-address 20. What is the use of port security? 21. Features of EIGRP 22. What is DUAL in EIGRP 23. Commands for configuring voice vlans 24- How to add voice vlans to switchports 25. Dhcp handshake process 26. Default lease time for DHCP 27.5 routers configured with HSRP, what are the states of each router 28. BGP attributes 29. Administrative distances of all roouting protocols 30. Etherchannel 31. What is the output voltage of 7609 router 32. How modules are placed in 7609 router 33. What is STP 34. How the election process will be happening in STP. 35. What is pvst 36. RSTP

37. STP states 38. How to break router password 39. How to upgrade ios in switch 40. What is OSPF 41. Function of link state routing protocol 42. Differences between OSI and TCP protocols 43. TCP 3way handshake process

Switch to Switch Connectivity 1. 2. 3. 4. 5. 6. Name the VTP Modes? How can you configure a switch port to be a trunk? What command do you use to allow Vlans on a trunk? How can you assign a vlan to a switch port? Can you explain PortFast on a switch? What the steps that PortFast ignore?

HSRP 1. Explain HSRP? 2. What command do you use to make sure that a wanted device is going to be an active mode? 3. How can you make all the Vlan uses the HSRP active device without using the switchport trunk allow vlan command? 4. What is the default priority number on HSRP? Spanning Tree 1. 2. 3. 4. Explain spanning tree? How can you configure a switch to be a root-bridge? What is the default priority on a switch? What command to use to change the priority on a switch?

Etherchannel Port Channel 1. Explain Etherchannel? 2. Can I bundle two different type of interface ex. a

fastethernet with gigabitethernet? 3. How can you configure Etherchannel? 4. Is Etherchannel a layer 2 or layer 3 technology? Routing Protocols 1. Explain EIGRP? 2. Explain BGP? 3. If you have two ISP provider and you want to have a primary line and backup, how can you control the flow from you side to the provider and coming back from the provider? 4. What is the AD for EIGRP and BGP 5. What command you use to establish neighbor with a BGP peer? 6. What command to use to advertise neighbor on EIGRP? Troubleshooting 1. Explain how trace route works? 2. What command to use to verify that BGP neighbor has been established? 3. What extra option do you have beside the basics when using ping?

1. Difference between hub, bridge and switch?2. What is mac address and why it is required?3. In layer 2 domain do we need ip address for communication?4. What is arp and why it is required?5. What is Spanning Tree Protocol aka STP?6. What is the difference between STP, MSTP, PVST and RSTP?7. Can we use the two same paths for same vlan?8. What is the difference between broadcast and collision domain?9. Define type of lan traffic.10. What is destination address of broadcast frame?11. Can we connect a switch to switch with straight cable?12. Define functions of switch.13. What is arp timeout?14. What is aging process?15. What is BPDU?16. What is path cost?17. Define selection criteria of STP root bridge.18. How to non bridge decide which port will elect as root port?19. If a nonroot bridge has two redundant ports with the same root path cost, how does the bridge choose which port will be the root port?20. Port states of spanning tree protocol.21. If the users face delay during initial login, what you will suggest to implement?22. Why spanning tree BPDU filter is used?23. Can I use BPDU filter on trunk ports?24. What is port security?25. I want to learn only a single mac from the

port, what need to be configured?26. Can we use spanning port-fast on trunk ports?27. If management ip address is changed, will users traffic will be dropped?28. Difference between trunk and access port?29. What is UDLD and why it is required?30. What is interface vlan on switch?

4. How many interface in ASA Totally 5 Interfaces. 4 Ethernet Interfaces & 1 Ethernet Interface for Management 5. What is FWSW? 1. Cisco Firewall Services Module (FWSM)a high-speed, integrated firewall module for Cisco Catalyst 6500 switches and Cisco 7600 Series routersprovides the fastest firewall data rates in the industry 2. Up to four FWSMs can be installed in a single chassis 3. Based on Cisco PIX Firewall technology 4. The Cisco FWSM includes a number of advanced features that help reduce costs and operational complexity while enabling organizations to manage multiple firewalls from the same management platform. Features such as resource manager helps organizations limit the resources allocated to any security context at any time thus ensuring that one security context does not interfere with another. The transparent firewall feature configures the FWSM to act as a Layer 2 bridging firewall resulting in minimal changes to network topology.

6. Difference between PIX and ASA Cisco PIX:

raphical interface. VPN capabilities

interface etc concepts

irewall, Security Context and Modular Policy Cisco ASA: -malware security appliance Anti-X, and VPN. PS) and VPN concentrator. unwanted applications (e.g., P2P, games, instant messaging), phishing, and application-layer attacks. -in-one deviceor a unified threat management (UTM) device

Modular Policy 7. How translation happenings in ASA (TCP, UDP) 8. What is Modular Policy? 9. What are the Modules available in PIX and ASA? 10. Which IOS versions are youre worked in PIX and ASA 11. Explain about Security Context. Explain about Active/Standby and Active/Active 12. Explain about Dynamic NAT, Static NAT, Identity NAT, Static PAT, Dynamic PAT and Policy Based Nat? 13. Explain about Packet Filtering, proxy server and stateful inspection 14. What is Firewall? 15. How to forcefully active secondary firewall to active firewall? Mean which command 16. Static NAT syntax? 17. About SSL VPN? 18. Command for disable anti-spoofing in ASA 19. Types of license in ASA

20. Fail-over commands 21. Explain about VPN Phase I & Phase II 22. How many packets are exchanging in Main mode and aggressive mode? 23. What is PFS? 24. Commands for vpn 25. Command for allow administrative access of SSH on firewall 26. How fail-over working (Mechanism) 27. How Stateful fail-over works? 28. Example of Packet Filtering, proxy server and stateful inspection (router,isa,checkpoint) 29. Default Security level for inside and outside 30. What are all routing protocol can support in asa 31. Port no for ESP and AH 32. What is the difference between ESP and AH 33. What is spoofing and what is anti-spoofing 34. Stateful firewall working architecture. 35. How firewall process the packet (rule, route, nat) 36. Edit the access-list using access-list line number. 36. IOS versions of pix and asa (6.0, 7.0, and 8.0) major release are enough. 37. Pix appliances series and ASA appliance series 38. How layer2 firewall (transparent firewall) works in ASA (FWSW) 39. ASA Can do vpn with other vendor firewall? 40. Default inspection protocol in asa? 41. IS it support ISP redundancy? Yes. 42. ICMP mechanism by-default in firewall.(high-low echo-req allow) 43.ASA IOS Name(finesse) 44. Integrating with 3 rd party devices 45. Difference between checkpoint and ASA 46. What is Data Confidentiality? Data confidentiality This is done via encryption to protect data from eavesdropping attacks; supported encryption algorithms include DES, 3DES, and AES. 47. What is Data Integrity? Data integrity and authentication This is done via HMAC functions to verify that packets haven't been tampered with

and are being received from a valid peer; in other words, to prevent a man-in-the-middle or session hijacking attack. Supported HMAC functions include MD5 and SHA-1. 48. Anti-replay Anti-replay detection This is done by including encrypted sequence numbers in data packets to ensure that a replay attack doesn't occur from a man-in-the-middle device. 49. Explain about Main mode and explain mode in Phase I? ISAKMP/IKE Phase 1 is basically responsible for setting up the secure management connection. However, there are two modes for performing these three steps: Main, Aggressive Modes Main Mode: Main mode performs three two-way exchanges totaling six packets. The three exchanges are the three steps listed in the last section: negotiate the security policy to use for the management connection, use DH to encrypt the keys for the encryption algorithm and HMAC function negotiated in Step 1, and perform device authentication using either preshared keys, RSA encrypted nonces, or RSA signatures (digital certificates). Main mode has one advantage: the device authentication step occurs across the secure management connection, because this connection was built in the first two steps. Therefore, any identity information that the two peers need to send to each other is protected from eavesdropping attacks. This is the Cisco default mode for site-to-site sessions and for remote access connections that use certificates for device authentication. Aggressive Mode: In aggressive mode, two exchanges take place. The first exchange contains a list of possible policies to use to protect the management connection, the public key from the public/private key combination created by DH, identity information, and verification of the identity information (for example, a signature). All of this is squeezed into one packet. The second exchange is an acknowledgment of the receipt of the first packet, sharing the encrypted keys (done by DH), and whether or not the management connection has been established successfully. Aggressive mode has one main advantage over main mode: it is quicker in establishing the secure management connection.

However, its downside is that any identity information is sent in clear text; so if someone was eavesdropping on the transmission, they could see the actual identity information used to create the signature for device authentication. This shouldn't be a security issue, but if you are concerned about this, you can always use main mode. As I mentioned in the last section, main mode is the default mode for Cisco VPNs with one exception: Aggressive mode is the default mode with the Cisco remote access VPN if the devices will be using group pre-shared keys for device authentication. 50. Explain about Transport mode and Tunnel mode in Phase II? Phase 2 Connection Modes As I mentioned in the last two sections, there are two types of modes that AH and ESP can use to transport protected information to a destination: Transport mode, Tunnel mode In transport mode, the real source and destination of the user data are performing the protection service. It becomes more difficult to manage as you add more and more devices using this connection mode. This mode is commonly used between two devices that need to protect specific information, like TFTP transfers of configuration files or syslog transfers of logging messages. In tunnel mode, intermediate devices (typically) are performing the protection service for the user data. This connection mode is used for site-to-site and remote access connections. Because the original IP packet is protected and embedded in AH/ESP and an outer IP header is added, the internal IP packet can contain private IP addresses. Plus, if you're using ESP for encryption, the real source and destination of the user data is hidden from eavesdroppers. The main advantage of tunnel mode over transport mode is that the protection service function can be centralized on a small number of devices, reducing the amount of configuration and management required. Both of these modes were discussed in detail in Chapter 1, "Overview of VPNs." 51. PPTP?

PPTP: PPTP originally was developed by Microsoft to provide a secure remote access solution where traffic needed to be transported from a client, across a public network, to a Microsoft server (VPN gateway). One of the interesting items about PPTP's implementation is that it is an extension of the Point-to-Point Protocol (PPP). Because PPTP uses PPP, PPTP can leverage PPP's features. For example, PPTP allows the encapsulation of multiple protocols, such as IP, IPX, and NetBEUI, via the VPN tunnel. Also, PPP supports the use of authentication via PAP, CHAP, and MS-CHAP. PPTP can use this to authenticate devices. 52. L2TP? L2TP: L2TP is a combination of PPTP and L2F. It is defined in RFCs 2661 and 3438. L2TP took the best of both PPTP and L2F and integrated them into a single protocol. Like PPTP, L2TP uses PPP to encapsulate user data, allowing the multiple protocols to be sent across a tunnel. L2TP, like PPTP, extends the PPP protocol. As an additional security enhancement, L2TP can be placed in the payload of an IPsec packet, combining the security advantages of IPsec and the benefits of user authentication, tunnel address assignment and configuration, and multiple protocol support with PPP. This combination is commonly referred to as L2TP over IPsec or L2TP/IPsec. The remainder of this chapter is devoted to an overview of L2TP, how it is implemented, and the advantages it has over PPTP.