|
|
1. | Will the following login class provide superuser privileges while preventing the user’s ability to enter the configuration mode? [edit system login] lab@t1# show class test permissions all; deny-commands "^config$"; | |
2. | Will this syslog configuration alter the default size of the messages file? [edit system syslog] lab@t1# show archive size 10m files 5; user * { any emergency; } file messages { any notice; authorization info; archive size 128m files 10; } file r1-cli { interactive-commands any; archive files 5; } | |
3. | You must ensure that your router’s cold start trap is sent to a non–directly attached SNMP server. What command is needed? | |
4. | Your router is not synchronizing with the NTP server after a reboot. What could be wrong with this NTP configuration? (You may assume that the secret is correctly configured.)
lab@t1# show system ntp boot-server 10.0.1.201; authentication-key 10 type md5 value "$9$2XoJDn6AIEy"; # SECRET-DATA server 10.0.1.201 key 10 version 3; # SECRET-DATA | |
5. | How can you configure an M-series router to source all SNMP trap messages from its lo0 interface without affecting the source addresses of other traffic? [edit] lab@r4# show snmp community public { clients { 0.0.0.0/0 restrict; 10.0.1.102/32; } } trap-options { source-address lo0; } | |
Answers
1. | No. The deny-commands regular expression incorrectly matches on the exact sequence config, which is not a valid command. A user in this class would still be able to use the configure command. The correct regular expression would be ^configure$. |
2. | Yes. The global syslog archive parameters have been set to retain five 10MB files, and the operator’s attempt at returning the messages file archive settings to the default setting of ten 128KB files has failed due to incorrect use of the Mega (m) suffix. |
3. | You will need to use the backup-router statement with the correct gateway address. The backup-router is used while the system is booting, and in the event that the routing daemon cannot be started. |
4. | The NTP configuration is missing the trusted-key definition. Without a list of trusted keys, the router will not use, or accept, key-id 10 in NTP messages. |
5. | You must use the source-address option at the [edit snmp trap-options] hierarchy when configuring SNMP. Use of default-address-selection at the [edit system] hierarchy affects all locally generated packets, not just SNMP. |
|
|