100-101 Questions Answers

Question No :6

A network administrator is explaining VTP configuration to a new technician. What should the network administrator tell the new technician about VTP configuration? (Choose three.)

A. A switch in the VTP client mode cannot update its local VLAN database.
B. A trunk link must be configured between the switches to forward VTP updates.
C. A switch in the VTP server mode can update a switch in the VTP transparent mode.
D. A switch in the VTP transparent mode will forward updates that it receives to other switches.
E. A switch in the VTP server mode only updates switches in the VTP client mode that have a higher VTP revision number.
F. A switch in the VTP server mode will update switches in the VTP client mode regardless of the configured VTP domain membership.

Answer : ABD

Cisco Patches Serious Vulnerabilities in Small Business RV Series Routers

Cisco Systems released patches for your Small Business RV Series routers and firewalls,security breaches,conducted by the attacker to execute arbitrary commands on vulnerable devices and deal with overwriting files.

The affected products are RV120W Cisco Wireless-N VPN Firewall,Cisco RV180 VPN Router Cisco Wireless-N Router RV180W multifunction VPN Firewall Security Cisco Wireless Network RV220W. However,the firmware updates have been released only for the first three models,while it is expected that versions of Cisco RV220W later this month.

One of the patched vulnerabilities may allow an attacker to execute arbitrary commands on the Diagnostics page network interface based on the web of a device as root run the highest privileged account management. The results of validation error incorrect entry in a form field that is supposed to exploitation PING command.Its only requires an authenticated session with the router interface.

A second vulnerability allows attackers to conduct cross-site request forgery (CSRF) attacks on users who may already be authenticated in devices.Attackers their authenticated browser sessions,unauthorized actions run back,if this user cheat to click on links designed especially management.

This vulnerability also provides a way to remotely use the first flaw.Researchers the Dutch security company Security, which found the two issues, published a proof of concept URL,the CSRF uses vulnerability to a command by injecting first vulnerability a rogue administrator account created on the target device.

A third vulnerability was patched by Cisco allows an unauthenticated attacker files to arbitrary locations on an affected device with root privileges upload. Existing files are overwritten,the security experts.

Cisco releases firmware version 1.0.4.14 for the RV180 and RV180W models and firmware version 1.0.5.9 for RV120W. Users can limit their exposure to these devices fail by. No remote access via the Internet to their management interfaces If remote administration is required, the setup screen web-access devices can be used to be restricted to certain IP addresses only access, Cisco said in its advisory.