Home > NTP Questions

NTP Questions

July 13th, 2017 in ROUTE 300-101 Go to comments

Question 1

Explanation

The command “ntp master [stratum]” is used to configure the device as an authoritative NTP server. You can specify a different stratum level from which NTP clients get their time synchronized. The range is from 1 to 15.

The stratum levels define the distance from the reference clock. A reference clock is a stratum 0 device that is assumed to be accurate and has little or no delay associated with it. Stratum 0 servers cannot be used on the network but they are directly connected to computers which then operate as stratum-1 servers. A stratum 1 time server acts as a primary network time standard.

ntp-stratum.jpg

A stratum 2 server is connected to the stratum 1 server; then a stratum 3 server is connected to the stratum 2 server and so on. A stratum 2 server gets its time via NTP packet requests from a stratum 1 server. A stratum 3 server gets its time via NTP packet requests from a stratum-2 server… A stratum server may also peer with other stratum servers at the same level to provide more stable and robust time for all devices in the peer group (for example a stratum 2 server can peer with other stratum 2 servers).

Question 2

Explanation

The “ntp broadcast client” command is used under interface mode to allow the device to receive Network Time Protocol (NTP) broadcast packets on that interface

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/command/reference/ffun_r/frf012.html#wp1123148

Question 3

Question 4

Explanation

The stratum levels define the distance from the reference clock. A reference clock is a stratum 0 device that is assumed to be accurate and has little or no delay associated with it. Stratum 0 servers cannot be used on the network but they are directly connected to computers which then operate as stratum-1 servers. A stratum 1 time server acts as a primary network time standard.

A stratum 2 server is connected to the stratum 1 server; then a stratum 3 server is connected to the stratum 2 server and so on. A stratum 2 server gets its time via NTP packet requests from a stratum 1 server. A stratum 3 server gets its time via NTP packet requests from a stratum-2 server. Therefore the lower the stratum level is, the more accurate the NTP server is. When multiple NTP servers are configured, the client will prefer the NTP server with the lowest stratum level.

NTP uses User Datagram Protocol (UDP) port 123.

Question 5

Explanation

First we need to understand some basic knowledge about NTP. There are two types of NTP messages:
+ Control messages: for reading and writing internal NTP variables and obtain NTP status information. It is not used for time synchronization so we will not care about them in this question.
+ Request/Update messages: for time synchronization. Request messages ask for synchronization information while Update messages contains synchronization information and may change the local clock.

There are four types of NTP access-groups exist to control traffic to the NTP services:
+ Peer: controls which remote devices the local device may synchronize. In other words, it permits the local router to respond to NTP request and accept NTP updates.
+ Serve: controls which remote devices may synchronize with the local device. In other words, it permits the local router to reply to NTP requests, but drops NTP update. This access-group allows control messages.
+ Serve-only: controls which remote devices may synchronize with the local device. In other words, it permits the local router to respond to NTP requests only. This access-group denies control messages.
+ Query-only: only accepts control messages. No response to NTP requests are sent, and no local system time synchronization with remote system is permitted.

From my experience, you just need to remember:
+ Peer: serve and to be served
+ Serve: serve but not to be served

Therefore in this question:
+ The “ntp access-group peer 2” command says “I can only accept NTP updates and respond to NTP (time) requests from 192.168.1.4“. -> Answer F is correct while answer D is not correct.
+ The “ntp access-group serve 1” command says “I can only reply to time requests (but cannot accept time update) from 192.168.1.1 ” -> Answer A is correct*

The “ntp master 4” indicates it is running as a time source with stratum level of 4 -> Answer B is not correct while answer C is correct.

Answer E is not correct because it can accept time requests from both 192.168.1.1 and 192.168.1.4.

*Note: In fact answer A is incorrect too because the local router can accept time requests from both 192.168.1.1 and 192.168.1.4 (not only from 192.168.1.1). Maybe this is an mistake of this question.

Question 6

Explanation

To control access to Network Time Protocol (NTP) services on the system, use the ntp access-group command in global configuration mode.

NTP supports “Control messages” and “Request/Update messages”.

+ Control messages are for reading and writing internal NTP variables and obtaining NTP status information. Not to deal with time synchronization itself.
+ NTP request/Update messages are used for actual time synchronization. Request packet obviously asks for synchronization information, and update packet contains synchronization information, and may change local clock.

When synchronizing system clocks on Cisco IOS devices only Request/Update messages are used. Therefore in this question we only care about “NTP Update message”.

Syntax:

ntp access-group [ipv4 | ipv6] {peer | query-only | serve | serve-only} {access-list-number | access-list-number-expanded | access-list-name} [kod]

+ Peer: permits router to respond to NTP requests and accept NTP updates. NTP control queries are also accepted. This is the only class which allows a router to be synchronized by other devices -> not correct. In other words, the peer keyword enables the device to receive time requests and NTP control queries and to synchronize itself to the servers specified in the access list.
+ Serve-only: Permits router to respond to NTP requests only. Rejects attempt to synchronize local system time, and does not access control queries. In other words, the serve-only keyword enables the device to receive only time requests from servers specified in the access list.
+ Serve: permits router to reply to NTP requests, but rejects NTP updates (e.g. replies from a server or update packets from a peer). Control queries are also permitted. In other words, the serve keyword enables the device to receive time requests and NTP control queries from the servers specified in the access list but not to synchronize itself to the specified servers -> this option is surely correct.

In summary, the answer “serve” is surely correct but the answer “serve-only” seems to be correct too (although the definition is not clear).

An example of using the “ntp access-group” command is shown below:

R1(config)#ntp server 178.240.12.1
R1(config)#access-list 2 permit 165.16.4.1 0.0.0.0
R1(config)#access-list 2 deny any
R1(config)#ntp access-group peer 2 // peer only to 165.16.4.1
R1(config)#access-list 3 permit 160.1.0.0 0.0.255.255
R1(config)#access-list 3 deny any
R1(config)#ntp access-group serve-only 3 //provide time services only to internal network 160.1.0.0/16

Reference:

+ http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/command/bsm-cr-book/bsm-cr-n1.html
+ http://blog.ine.com/2008/07/28/ntp-access-control/

Question 7

Question 8

Explanation

The output indicates that the local device did not receive the NTP update successfully so something went wrong during the transmission.

Question 9

Question 10

Explanation

An example of the output of this command is shown below:

Router#show ntp associations
      address         ref clock     st  when  poll reach  delay  offset    disp
*~10.1.2.65        10.1.2.33        11    36    64  377    27.9   25.17    30.0
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

If there’s an asterisk (*) next to a configured peer, then you are synced to this peer and using them as the master clock. As long as one peer is the master then everything is fine. However, the key to knowing that NTP is working properly is looking at the value in the reach field.

The reach field is a circular bit buffer. It gives you the status of the last eight NTP messages (eight bits in octal is 377, so you want to see a reach field value of 377). If an NTP response packet is lost, the missing packet is tracked over the next eight NTP update intervals in the reach field. For more information about this field please read http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-110/15171-ntpassoc.html

Question 11

Question 12

Explanation

The command “ntp master [stratum]” is used to configure the device as an authoritative NTP server. You can specify a different stratum level from which NTP clients get their time synchronized. The range is from 1 to 15.

The stratum levels define the distance from the reference clock. A reference clock is a stratum 0 device that is assumed to be accurate and has little or no delay associated with it. Stratum 0 servers cannot be used on the network but they are directly connected to computers which then operate as stratum-1 servers. A stratum 1 time server acts as a primary network time standard.

ntp-stratum.jpg

A stratum 2 server is connected to the stratum 1 server; then a stratum 3 server is connected to the stratum 2 server and so on. A stratum 2 server gets its time via NTP packet requests from a stratum 1 server. A stratum 3 server gets its time via NTP packet requests from a stratum-2 server… A stratum server may also peer with other stratum servers at the same level to provide more stable and robust time for all devices in the peer group (for example a stratum 2 server can peer with other stratum 2 servers).

Comments
  1. Help please
    October 4th, 2016

    All, I failed today with a 640. The ‘300-101: Implementing Cisco IP Routing’ exam is completely different then what is on this site. Not even close. There are maybe 10 questions that are the same… What happened???

  2. Route101
    October 5th, 2016

    I had the same experience on the 4th.
    Seems like there is a new pool of questions.
    Lots of NTP and Netflow questions.

  3. Digital Eagle
    October 10th, 2016

    Were the simulation the same as here?

  4. Anonymous
    October 30th, 2016

    Although I have failed short of 5 marlks I have to say all the simulations are still based on these same topologies .There are more questions on infrastructure services and VPN technology that requires deeper understanding of the concepts to differentiate among the choices.

  5. IQ
    November 18th, 2016

    Hey guys, I just wrote now in USA. I Passed 300-101 with 92%. This dumps http://www.testmayor.com/300-101-test.html is valid but a few answers are wrong. Although I don’t expect to pass with a full score, right? If your aim is just to pass the exam, only by memorizing the dumps is enough. But if you want to master skills, you really need to practice more.

  6. Kush
    December 17th, 2016

    Yesterday i passed 300-101 exam with 790 points but questions were totally different. Only Sim LABs were same ….it was PBR LAB, Redistribution LAB , OSPFv6 LAB

  7. ott75
    January 5th, 2017

    failed the exam with 770
    a lot of NTP and frame relay new questions.
    can someone send me the new questions?
    ottavio(dot)backup(AT)gmail(dot)com

  8. abdo996
    April 9th, 2017

    failed the exam within 710 a lot of NTP, AAA, frame-relay have appeared in the new exam pool

  9. abdo996
    April 11th, 2017

    how can buy cisco ccnp routing & switching V 2.0 ?

  10. AnyMaster
    July 13th, 2017

    Which three NTP operating modes must the trusted-Key command be configured on for
    authentication to operate properly? (Choose Three)
    A. interface
    B. client
    C. peer
    D. server
    E. broadcast

    Correct Ans: B, C, E.
    See: http://www.cisco.com/c/en/us/support/docs/availability/high-availability/19643-ntpm.html
    ‘B’ because : “In some contexts, this would be described as a poll operation, in that the client polls the time and authentication data from the server. A client is configured in client mode by using the server command and specifying the domain name server (DNS) name or address.”
    ‘C’ because : Since an intruder can impersonate a symmetric active peer and inject false time values, symmetric mode should always be authenticated”.
    ‘E’ because : Since an intruder can impersonate a broadcast server and inject false time values, this mode should always be authenticated”.

  11. acme
    July 18th, 2017

    @anymaster
    BDE

  12. Chief
    August 7th, 2017

    @AnyMaster, @acme

    B, C, E is the correct answer

    After doing some lab testing I found the following:
    Basically the device that is requesting the update have to trust the configured key.
    in Client\Server Mode: the trusted-key command had to be configured on the Client but not the server.

    Peer Mode: trusted-key command had to be configured on the less trustworthy peer to sync with the peer.

    Broadcast: trusted-key command had to be configured on the device that was in broadcast client mode but not on the device that was in broadcast mode.

  13. ali
    August 22nd, 2017

    @digitalut

    can u check once which is the correct answer?
    BDE or BCE

    Which three NTP operating modes must the trusted-key command be configured on for authentication to operate properly? (Choose three)
    A. interface
    B. client
    C. peer
    D. server
    E. broadcast

    Answer: B D E (?)

  14. Anonymous
    August 25th, 2017

    Failed today with 760 pts…all labs the same..loads of new questions ..and simlets…all dumps outdated..study hard chaps
    And also loads of routers commands questions for IPv6 EVN and NAT-PT

  15. Steffy
    August 28th, 2017

    Hello guys, for latest valid dump with continuous update, please contact me at steffyshirls @ gmail .com

  16. Anonymous
    August 29th, 2017

    I also failed with 760, lots of PPP, EVN, IPv6 questions

  17. Anonymous
    September 13th, 2017

    steffy I have just emailed you , can you please update me with the valid dumps.

  18. cl
    September 29th, 2017

    Which three NTP operating modes must the trusted-key command be configured on for authentication to operate properly? (Choose three)
    A. interface
    B. client
    C. peer
    D. server
    E. broadcast
    Correct: B,C,E.
    Interface is not a NTP operating mode and server mode does not need trusted-key command. It is the client that specifies in the NTP request which key the server should use to authenticate the response.

  19. Anonymous
    October 2nd, 2017

    Q9 Which three NTP operating modes must the trusted-key command be configured on for authentication to operate properly? (Choose three)
    A. interface
    B. client
    C. peer
    D. server
    E. broadcast
    CDE, imho. Question mean (trusted-key command be configured щn). On cisco router there are:

    ntp peer 1.1.1.1 ?
    burst Send a burst when peer is reachable
    iburst Send a burst when peer is unreachable
    key Configure peer authentication key

    ntp server 1.1.1.1 ?
    burst Send a burst when peer is reachable
    iburst Send a burst when peer is unreachable
    key Configure peer authentication key

    (config-subif)#ntp broadcast ?
    client Listen to NTP broadcasts
    destination Configure broadcast destination address
    key Configure broadcast authentication key

  20. Malcolm
    October 31st, 2017

    Scored 9xx, used dumps from IT-Libraries. You can find them on the net for free or in the comments here.

  21. Galen
    November 9th, 2017

    Thanks all, done with the router. 539q dumps from IT-Libraries are valid. Practice the labs since the ips change on the exam

  22. durshen
    November 11th, 2017

    Hello everyone, I have the valid dump with me and I’m wiling to share. Please contact me via durshen81 @ gmail .com

  23. Carmen
    November 14th, 2017

    Found this VCE with the CCNP questions, can anyone confirm if this are valid https://drive.google.com/open?id=0B5mAFqgydmCzQUh0SUxOdE03VGc

  24. Stuart
    November 14th, 2017

    Passed used the 21q dumps from IT-Libraries

  1. No trackbacks yet.