* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download http://www.gratisexam.com/
Survey
Document related concepts
Distributed firewall wikipedia , lookup
Deep packet inspection wikipedia , lookup
Parallel port wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Airborne Networking wikipedia , lookup
Computer network wikipedia , lookup
Network tap wikipedia , lookup
Internet protocol suite wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
ICND1 Number: 100-101 Passing Score: 800 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ This exam is a collection of questions from todd lammle book and various other question Created By A.Ghieth [email protected] if you have any questions please feel free to contact me :-D Sections 1. General 2. Internetworking 3. Ethernet Networking and Data 4. Introduction to TCP/IP 5. Easy Subnetting 6. VLSMs, Summarization, and 7. Cisco’s Internetworking Operating 8. Managing a Cisco Internetwork 9. IP Routing 10. Open Shortest Path First (OSPF) 11. Layer 2 Switching 12. VLANs and InterVLAN Routing 13. Security 14. Network Address Translation 15. Internet Protocol Version 6 (IPv6) 16. Operation of IP Data Networks 17. LAN Switching Technologies 18. IP addressing (IPv4 / IPv6) 19. IP Routing Technologies 20. IP Services 21. Network Device Security 22. Troubleshooting ICND1 QUESTION 1 IPv6 unicast routing is running on the Corp router. Which of the following addresses would show up with the show ipv6 int brief command? Corp#sh int f0/0 FastEthernet0/0 is up, line protocol is up Hardware is AmdFE, address is 000d.bd3b.0d80 (bia 000d.bd3b.0d80) [output cut] A. B. C. D. FF02::3c3d:0d:bdff:fe3b:0d80 FE80::3c3d:2d:bdff:fe3b:0d80 FE80::3c3d:0d:bdff:fe3b:0d80 FE80::3c3d:2d:ffbd:3bfe:0d80 Correct Answer: B Section: General Explanation Explanation/Reference: This can be a hard question if you don’t remember to invert the 7th bit of the first octet in the MAC address! Always look for the 7th bit when studying for the CCENT/CCNA and when using EUI64, invert it. The EUI-64 autoconfiguration then inserts an FF:FE in the middle of the 48-bit MAC address to create a unique IPv6 address. QUESTION 2 A host sends a type of NDP message providing the MAC address that was requested. Which type of NDP was sent? A. NA B. RS C. RA D. NS Correct Answer: A Section: General Explanation Explanation/Reference: The NDP neighbor advertisement (NA) contains the MAC address.A neighbor solicitation (NS) was initially sent asking for the MAC address QUESTION 3 Each field in an IPv6 address is how many bits long? http://www.gratisexam.com/ A. 4 B. 8 C. 16 D. 32 E. 128 Correct Answer: C Section: General Explanation Explanation/Reference: Each field in an IPv6 address is 16 bits long. An IPv6 address is a total of 128 bits QUESTION 4 To enable OSPFv3, which of the following would you use? A. Router(config-if)#ipv6 ospf 10 area 0.0.0.0 Router(config-if)#ipv6 router rip 1 C. Router(config)#ipv6 router eigrp 10 D. Router(config-rtr)#no shutdown E. Router(config-if)#ospf ipv6 10 area 0 B. Correct Answer: A Section: General Explanation Explanation/Reference: A. To enable OSPFv3, you enable the protocol at the interface level, as with RIPng. The command string is ipv6 ospf process-id area area-id. QUESTION 5 What does the command routerA(config)#linecons0 allow you to perform next? A. Set the Telnet password B. Shut down the router. C. Set your console password. D. Disable console connections. Correct Answer: C Section: General Explanation Explanation/Reference: C. The command line console 0 places you at a prompt where you can then set your console user-mode password. See Chapter 6 for more information. QUESTION 6 Which two statements describe the IP address 10.16.3.65/23? (Choose two.) A. The subnet address is 10.16.3.0 255.255.254.0. The lowest host address in the subnet is 10.16.2.1 255.255.254.0. C. The last valid host address in the subnet is 10.16.2.254 255.255.254.0. D. The broadcast address of the subnet is 10.16.3.255 255.255.254.0. E. The network is not subnetted B. Correct Answer: BD Section: General Explanation Explanation/Reference: B, D. The mask 255.255.254.0 (/23) used with a Class A address means that there are 15 subnet bits and 9 host bits. The block size in the third octet is 2 (256 – 254). So this makes the subnets in the interesting octet 0, 2, 4, 6, etc., all the way to 254. The host 10.16.3.65 is in the 2.0 subnet. The next subnet is 4.0, so the broadcast address for the 2.0 subnet is 3.255. The valid host addresses are 2.1 through 3.254. QUESTION 7 On which interface do you configure an IP address for a switch? A. int fa0/0 B. int vty 0 15 C. int vlan 1 D. int s/0/0 Correct Answer: C Section: General Explanation Explanation/Reference: C. The IP address is configured under a logical interface, called a management domain or VLAN 1. QUESTION 8 Which of the following is the valid host range for the subnet on which the IP address 192.168.168.188 255.255.255.192 resides? A. 192.168.168.129–190 192.168.168.129–191 C. 192.168.168.128–190 D. 192.168.168.128–192 B. Correct Answer: A Section: General Explanation Explanation/Reference: A. 256 – 192 = 64, so 64 is our block size. Just count in increments of 64 to find our subnet: 64 + 64 = 128. 128 + 64 = 192. The subnet is 128, the broadcast address is 191, and the valid host range is the numbers in between, or 129–190. QUESTION 9 Which of the following is considered to be the inside host’s address after translation? A. Inside local B. Outside local C. D. Inside global Outside global Correct Answer: C Section: General Explanation Explanation/Reference: C. An inside global address is considered to be the IP address of the host on the private network after translation. QUESTION 10 Your inside locals are not being translated to the inside global addresses. Which of the following commands will show you if your inside globals are allowed to use the NAT pool? ip nat pool Corp 198.18.41.129 198.18.41.134 netmask 255.255.255.248 ip nat inside source list 100 int pool Corp overload A. debug ip nat B. show access-list C. show ip nat translation D. show ip nat statistics Correct Answer: B Section: General Explanation Explanation/Reference: B. Once you create your pool, the command ip nat inside source must be used to say which inside locals are allowed to use the pool. In this question, we need to see if access list 100 is configured correctly, if at all, so show access-list is the best answer. QUESTION 11 How many collision domains are created when you segment a network with a 12-port switch? A. B. C. D. 1 5 12 2 Correct Answer: C Section: General Explanation Explanation/Reference: C. Layer 2 switching creates individual collision domains per port. QUESTION 12 Which of the following commands will allow you to set your Telnet password on a Cisco router? A. line telnet 0 4 line aux 0 4 C. line vty 0 4 D. line con 0 B. Correct Answer: C Section: General Explanation Explanation/Reference: C. The command line vty 0 4 places you in a prompt that will allow you to set or change your Telnet password QUESTION 13 Which router command allows you to view the entire contents of all access lists? A. show all access-lists B. show access-lists C. show ip interface D. show interface Correct Answer: B Section: General Explanation Explanation/Reference: B. To see the contents of all access lists, use the show access-lists command. QUESTION 14 What does a VLAN do? A. Acts as the fastest port to all servers B. Provides multiple collision domains on one switch port C. Breaks up broadcast domains in a layer 2 switch internetwork D. Provides multiple broadcast domains within a single collision domain Correct Answer: C Section: General Explanation Explanation/Reference: C. VLANs break up broadcast domains at layer 2 QUESTION 15 If you wanted to delete the configuration stored in NVRAM, what would you type? A. erase startup erase nvram C. delete nvram D. erase running B. Correct Answer: A Section: General Explanation Explanation/Reference: A. The command erase startup-config deletes the configuration stored in NVRAM QUESTION 16 Which protocol is used to send a destination network unknown message back to originating hosts? A. TCP B. ARP C. ICMP D. BootP Correct Answer: C Section: General Explanation Explanation/Reference: C. ICMP is the protocol at the Network layer that is used to send messages back to an originating router. QUESTION 17 Which class of IP address provides 15 bits available for subnetting? A. B. C. D. A B C D Correct Answer: A Section: General Explanation Explanation/Reference: A. Class A addressing provides 22 bits for host addressing, Class B provides 16 bits, but only 14 are available for subnetting, Class C provides only 6 bits for subnetting. QUESTION 18 There are three possible routes for a router to reach a destination network. The first route is from OSPF with a metric of 782. The second route is from RIPv2 with a metric of 4. The third is from EIGRP with a composite metric of 20514560. Which route will be installed by the router in its routing table? A. RIPv2 B. EIGRP C. OSPF D. All three E. None Correct Answer: B Section: General Explanation Explanation/Reference: B. Only the EIGRP route will be placed in the routing table because EIGRP has the lowest administrative distance (AD), and that is always used before metrics. QUESTION 19 Which one of the following is true regarding VLANs? A. Two VLANs are configured by default on all Cisco switches. B. VLANs only work if you have a complete Cisco switched internetwork. No off-brand switches are allowed. C. You should not have more than 10 switches in the same VTP domain. D. VTP is used to send VLAN information to switches in a configured VTP domain. Correct Answer: D Section: General Explanation Explanation/Reference: D. Switches do not propagate VLAN information by default; you must configure the VTP domain for this to occur. VLAN Trunking Protocol (VTP) is used to propagate VLAN information across a trunk link. QUESTION 20 Which two of the following commands will place network 10.2.3.0/24 into area 0? (Choose two.) A. B. C. D. E. F. G. router eigrp 10 router ospf 10 router rip network 10.0.0.0 network 10.2.3.0 255.255.255.0 area 0 network 10.2.3.0 0.0.0.255 area0 network 10.2.3.0 0.0.0.255 area 0 Correct Answer: BG Section: General Explanation Explanation/Reference: B, G. To enable OSPF, you must first start OSPF using a process ID. The number is irrelevant; just choose a number from 1 to 65,535 and you’re good to go. After you start the OSPF process, you must configure interfaces on which to activate OSPF using the network command with wildcards and specification of an area. Option F is wrong because there must be a space after the parameter area and before you list the area number QUESTION 21 How many broadcast domains are created when you segment a network with a 12-port switch? A. B. C. D. E. F. 1 2 4 8 12 32 Correct Answer: A Section: General Explanation Explanation/Reference: A. By default, switches break up collision domains on a per-port basis but are one large broadcast domain. QUESTION 22 If routers in a single area are configured with the same priority value, what value does a router use for the OSPF router ID in the absence of a loopback interface? A. The lowest IP address of any physical interface B. The highest IP address of any physical interface C. The lowest IP address of any logical interface D. The highest IP address of any logical interface Correct Answer: B Section: General Explanation Explanation/Reference: B. At the moment of OSPF process startup, the highest IP address on any active interface will be the router ID (RID) of the router. If you have a loopback interface configured (logical interface), then that will override the interface IP address and become the RID of the router automatically. QUESTION 23 What protocols are used to configure trunking on a switch? (Choose two.) http://www.gratisexam.com/ A. VLAN Trunking Protocol B. VLAN C. 802.1Q D. ISL Correct Answer: CD Section: General Explanation Explanation/Reference: C, D. VTP is not right because it has nothing to do with trunking except that it sends VLAN information across a trunk link. 802.1q and ISL encapsulations are used to configure trunking on a port QUESTION 24 What is a stub network? A. A network with more than one exit point A network with more than one exit and entry point C. A network with only one entry and no exit point D. A network that has only one entry and exit point B. Correct Answer: D Section: General Explanation Explanation/Reference: D. Stub networks have only one connection to an internetwork. Default routes should be set on a stub network or network loops may occur; however, there are exceptions to this rule QUESTION 25 Where is a hub specified in the OSI model? A. Session layer B. Physical layer C. Data Link layer D. Application layer Correct Answer: B Section: General Explanation Explanation/Reference: B. Hubs regenerate electrical signals, which are specified at the Physical layer. QUESTION 26 What are the two main types of access control lists (ACLs)? (Choose two.) A. Standard IEEE C. Extended D. Specialized B. Correct Answer: AC Section: General Explanation Explanation/Reference: A, C. Standard and extended access control lists (ACLs) are used to configure security on a router QUESTION 27 Which of the following is the best summarization of the following networks: 192.168.128.0 through 192.168.159.0? A. A. 192.168.0.0/24 B. B. 192.168.128.0/16 C. C. 192.168.128.0/19 D. D. 192.168.128.0/20 Correct Answer: C Section: General Explanation Explanation/Reference: C. If you start at 192.168.128.0 and go through 192.168.159.0, you can see this is a block of 32 in the third octet. Since the network address is always the first one in the range, the summary address is 192.168.128.0. What mask provides a block of 32 in the third octet? The answer is 255.255.224.0, or /19. QUESTION 28 What command is used to create a backup configuration? A. A. copy running backup B. B. copy running-config startup-config C. C. config mem D. D. wr net Correct Answer: B Section: General Explanation Explanation/Reference: B. The command to back up the configuration on a router is copy running-config startupconfig. QUESTION 29 1000Base-T is which IEEE standard? A. A. 802.3F B. B. 802.3z C. C. 802.3ab D. D. 802.3ae Correct Answer: C Section: General Explanation Explanation/Reference: C. IEEE 802.3ab is the standard for 1 Gbps on twisted-pair. QUESTION 30 Which protocol does DHCP use at the Transport layer? A. A. IP B. B. TCP C. C. UDP D. D. ARP Correct Answer: C Section: General Explanation Explanation/Reference: C. User Datagram Protocol is a connection network service at the Transport layer, and DHCP uses this connectionless service QUESTION 31 If your router is facilitating a CSU/DSU, which of the following commands do you need to use to provide the router with a 64000 bps serial link? A. B. C. D. E. A. RouterA(config)#bandwidth 64 B. RouterA(config-if)#bandwidth 64000 C. RouterA(config)#clockrate 64000 D. RouterA(config-if)#clock rate 64 E. RouterA(config-if)#clock rate 64000 Correct Answer: E Section: General Explanation Explanation/Reference: E. The clock rate command is two words, and the speed of the line is in bits per second (bps). QUESTION 32 Which command is used to determine if an access list is enabled on a particular interface? A. A. show access-lists B. B. show interface C. C. show ip interface D. D. show interface access-lists Correct Answer: C Section: General Explanation Explanation/Reference: C. The show ip interface command will show you if any interfaces have an outbound or inbound access list set. QUESTION 33 Which of the following statements is true with regard to ISL and 802.1q? A. 802.1q encapsulates the frame with control information; ISL inserts an ISL field along with tag control information. B. 802.1q is Cisco proprietary. C. ISL encapsulates the frame with control information; 802.1q inserts an 802.1q field along with tag control information. D. ISL is a standard. Correct Answer: C Section: General Explanation Explanation/Reference: C. Unlike ISL, which encapsulates the frame with control information, 802.1q inserts an 802.1q field along with tag control information. QUESTION 34 The protocol data unit (PDU) encapsulation is completed in which order? A. A. Bits, frames, packets, segments, data B. Data, bits, segments, frames, packets C. C. Data, segments, packets, frames, bits D. D. Packets, frames, bits, segments, data B. Correct Answer: C Section: General Explanation Explanation/Reference: C. The PDU encapsulation method defines how data is encoded as it goes through each layer of the TCP/IP model. Data is segmented at the Transport later, packets created at the Network layer, frames at the Data Link layer, and finally, the Physical layer encodes the 1s and 0s into a digital signal. QUESTION 35 Based on the configuration shown below, what statement is true? S1(config)#ip routing S1(config)#int vlan 10 S1(config-if)#ip address 192.168.10.1 255.255.255.0 S1(config-if)#int vlan 20 S1(config-if)#ip address 192.168.20.1 255.255.255.0 A. A. This is a multilayer switch. B. The two VLANs are in the same subnet. C. C. Encapsulation must be configured. D. D. VLAN 10 is the management VLAN. B. Correct Answer: A Section: General Explanation Explanation/Reference: A. With a multilayer switch, enable IP routing and create one logical interface for each VLAN using the interface vlan number command and you’re now doing inter-VLAN routing on the backplane of the switch! QUESTION 36 Which of the following statements is/are true with regard to the device HUB? (Choose all that apply.) A. B. C. D. E. It includes one collision domain and one broadcast domain It includes one collision domain and 10 broadcast domains It includes 10 collision domains and one broadcast domain It includes one collision domain and 10 broadcast domains It includes 10 collision domains and 10 broadcast domains Correct Answer: A Section: Internetworking Explanation Explanation/Reference: A. hub and hubs place all ports in the same broadcast domain and the same collision domain. QUESTION 37 With respect to the OSI model, which of the following are correct statements about PDUs? A. B. C. D. A segment contains IP addresses. A packet contains IP addresses. A segment contains MAC addresses. A packet contains MAC addresses. Correct Answer: B Section: Internetworking Explanation Explanation/Reference: B. The contents of a protocol data unit (PDU) depend on the PDU as they are created in a specific order and their contents are based on that order. A packet will contain IP addresses but not MAC addresses as MAC addresses are not present until the PDU becomes a frame. QUESTION 38 You are the Cisco administrator for your company. A new branch office is opening and you are selecting the necessary hardware to support the network. There will be two groups of computers, each organized by department. The Sales group computers will be assigned IP addresses ranging from 192.168.1.2 to 192.168.1.50. The Accounting group will be assigned IP addresses ranging from 10.0.0.2 to 10.0.0.50. What type of device should you select to connect the two groups of computers so that data communication can occur? A. B. C. D. Hub Switch Router Bridge Correct Answer: C Section: Internetworking Explanation Explanation/Reference: C. You should select a router to connect the two groups. When computers are in different subnets, as these two groups are, you will require a device that can make decisions based on IP addresses. Routers operate at layer 3 of the Open Systems Interconnect (OSI) model and make data-forwarding decisions based on layer 3 networking information, which are IP addresses. They create routing tables that guide them in forwarding traffic out of the proper interface to the proper subnet. QUESTION 39 The most effective way to mitigate congestion on a LAN would be to__________________? A. B. C. D. Upgrade the network cards Change the cabling to CAT 6 Replace the hubs with switches Upgrade the CPUs in the routers Correct Answer: C Section: Internetworking Explanation Explanation/Reference: C. Replacing the hub with a switch would reduce collisions and retransmissions which would have the most impact on reducing congestion. QUESTION 40 You need to provide network connectivity to 150 client computers that will reside in the same sub network, and each client computer must be allocated dedicated bandwidth. Which device should you use to accomplish the task? A. B. C. D. Hub Switch Router Bridge Correct Answer: B Section: Internetworking Explanation Explanation/Reference: B. You should use a switch to accomplish the task in this scenario. A switch is used to provide dedicated bandwidth to each node by eliminating the possibility of collisions on the switch port where the node resides. Switches work at layer 2 in the Open System Interconnection (OSI) model and perform the function of separating collision domains. QUESTION 41 Which of the following is an example of a routed protocol? A. B. C. D. EIGRP IP OSPF BGP Correct Answer: B Section: Internetworking Explanation Explanation/Reference: B. Protocols used to support data traffic are called routed protocols and some key examples of them include IP and IPv6. QUESTION 42 Which of the following is NOT a function carried out on the Application layer of the OSI model? A. B. C. D. email data translation and code formatting file transfers client/server processes Correct Answer: B Section: Internetworking Explanation Explanation/Reference: B. Data translation and code formatting occur on the Presentation layer of the OSI model. QUESTION 43 Which of the following layers of the OSI model was later subdivided into two layers? A. Presentation B. Transport C. Data Link D. Physical Correct Answer: C Section: Internetworking Explanation Explanation/Reference: C. The IEEE Ethernet Data Link layer has two sublayers, the Media Access Control (MAC) and the Logical Link Control (LLC). QUESTION 44 An example of a device that operates on the physical layer is a ____________. A. B. C. D. Hub Switch Router Bridge Correct Answer: A Section: Internetworking Explanation Explanation/Reference: A. Hubs operate on the Physical Layer as they have no intelligence and send all traffic in all directions QUESTION 45 Which of the following is NOT a benefit of using a reference model? A. B. C. D. divides the network communication process into smaller and simpler components encourages industry standardization enforces consistency across vendors allows various types of network hardware and software to communicate Correct Answer: C Section: Internetworking Explanation Explanation/Reference: C. While it is true that the OSI model’s primary purpose is to allow different vendors’ networks to interoperate, there is no requirement that any vendor follows the model. QUESTION 46 Which of the following statements is not true with regard to routers? A. B. C. D. They forward broadcasts by default They can filter the network based on Network layer information They perform path selection They perform packet switching Correct Answer: A Section: Internetworking Explanation Explanation/Reference: A. Routers by default do NOT forward broadcasts. QUESTION 47 Switches break up _______________ domains and routers break up _____________ domains. A. B. C. D. broadcast, broadcast collision, collision collision, broadcast broadcast, collision Correct Answer: C Section: Internetworking Explanation Explanation/Reference: C. Switches create separate collision domains within a single broadcast domain. Routers provide a separate broadcast domain for each interface. QUESTION 48 Which of the following layers of the OSI model is not involved in defining how the applications within the end stations will communicate with each other as well as with users? A. B. C. D. Transport Application Presentation Session Correct Answer: A Section: Internetworking Explanation Explanation/Reference: A. The top three layers define how the applications within the end stations will communicate with each other as well as with users. QUESTION 49 Which if the following is the ONLY device that operates at all layers of the OSI model? A. B. C. D. Network host Switch Router Bridge Correct Answer: A Section: Internetworking Explanation Explanation/Reference: A. The following network devices operate at all seven layers of the OSI model: network management stations (NMSs), gateways (not default gateways), servers and network hosts. QUESTION 50 _____________on an Ethernet network is the retransmission delay that’s enforced when a collision occurs. A. Backoff B. Carrier sense C. Forward delay D. Jamming Correct Answer: A Section: Ethernet Networking and Data Explanation Explanation/Reference: A. Back-off on an Ethernet network is the retransmission delay that’s enforced when a collision occurs. When that happens, a host will only resume transmission after the forced time delay has expired. Keep in mind that after the backoff has elapsed, all stations have equal priority to transmit data. QUESTION 51 In the Ethernet frame, what is the function of the section labeled “FCS”? A. B. C. D. Allows the receiving devices to lock the incoming bit stream. Error detection Identifies the upper-layer protocol Identifies the transmitting device Correct Answer: B Section: Ethernet Networking and Data Explanation Explanation/Reference: B. FCS is a field at the end of the frame that’s used to store the cyclic redundancy check (CRC) answer. The CRC is a mathematical algorithm that’s run when each frame is built based on the data in the frame. When a receiving host receives the frame and runs the CRC, the answer should be the same. If not, the frame is discarded, assuming errors have occurred. QUESTION 52 The contention method used by Ethernet is called ____________. A. B. C. D. Token passing CSMA/CD Polling CSMA/CA Correct Answer: B Section: Ethernet Networking and Data Explanation Explanation/Reference: B. Ethernet networking uses a protocol called Carrier Sense Multiple Access with Collision Detection (CSMA/CD), which helps devices share the bandwidth evenly, while preventing two devices from transmitting simultaneously on the same network medium QUESTION 53 In which if the following situations can you not use full-duplex? A. B. C. D. With a connection from With a connection from With a connection from With a connection from a switch to a switch a router to a router a host to a host a host to a hub Correct Answer: D Section: Ethernet Networking and Data Explanation Explanation/Reference: D. Hubs are not capable of providing a full-duplex connection. QUESTION 54 When the I/G bit in a MAC address is set to 1 the transmission is ____________. (Choose all that apply.) A. B. C. D. Unicast Broadcast Multicast Anycast Correct Answer: BC Section: Ethernet Networking and Data Explanation Explanation/Reference: B, C. The high-order bit is the Individual/Group (I/G) bit. When it has a value of 0, we can assume that the address is the MAC address of a device and that it may well appear in the source portion of the MAC header. When it’s a 1, we can assume that the address represents either a broadcast or multicast address in Ethernet. QUESTION 55 When configuring a terminal emulation program which of the following is an incorrect setting? A. B. C. D. Bit rate: 9600 Parity: None Flow control: None Data bits: 1 Correct Answer: D Section: Ethernet Networking and Data Explanation Explanation/Reference: D. When you set up the connection, use these settings: Bits per sec: 9600 Data bits: 8 Parity: none Stop bits: 1 Flow control: none QUESTION 56 Which part of a MAC address indicates whether the address is a locally or globally administered address? A. B. C. D. FCS I/G bit OUI U/L bit Correct Answer: D Section: Ethernet Networking and Data Explanation Explanation/Reference: D. When set to 0, this bit represents a globally administered address, as by the IEEE, but when it’s a 1, it represents a locally governed and administered address. QUESTION 57 Which of the following is not one of the actions taken in the operation of CSMA/CD when a collision occurs? A. A jam signal informs all devices that a collision occurred. B. The collision invokes a random backoff algorithm on the systems involved in the collision. C. Each device on the Ethernet segment stops transmitting for a short time until their backoff timers expire. D. All hosts have equal priority to transmit after the timers have expired. Correct Answer: B Section: Ethernet Networking and Data Explanation Explanation/Reference: B. The collision will invoke a back-off algorithm on all systems, not just the ones involve in the collision. QUESTION 58 Which of the following statements is false with regard to Ethernet? A. There are very few (No) collisions in full-duplex mode. B. A dedicated switch port is required for each full-duplex node. C. The host network card and the switch port must be capable of operating in full-duplex mode to use full-duplex. D. The default behavior of 10Base-T and 100Base-T hosts is 10 Mbps half-duplex if the autodetect mechanism fails. Correct Answer: A Section: Ethernet Networking and Data Explanation Explanation/Reference: A. There are no collisions in full-duplex mode. QUESTION 59 The cable used to connect to the console port on a router or switch is called a __________ cable. A. Crossover B. Rollover C. Straight-through D. Full-duplex Correct Answer: B Section: Ethernet Networking and Data Explanation Explanation/Reference: B. Although rolled cable isn’t used to connect any Ethernet connections together, you can use a rolled Ethernet cable to connect a host EIA-TIA 232 interface to a router console serial communication (COM) port. QUESTION 60 Which of the following items comprise a socket? A. B. C. D. IP address and MAC address IP address and port number Port number and MAC address MAC address and DLCI Correct Answer: B Section: Ethernet Networking and Data Explanation Explanation/Reference: B. If you’re using TCP, the virtual circuit is defined by the source and destination port number plus the source and destination IP address and called a socket. QUESTION 61 Which of the following hexadecimal numbers converts to 28 in decimal? A. B. C. D. 1c 12 15 ab Correct Answer: A Section: Ethernet Networking and Data Explanation Explanation/Reference: A. The hex value 1C is converted as 28 in decimal. QUESTION 62 What must happen if a DHCP IP conflict occurs? A. B. C. D. Proxy ARP will fix the issue. The client uses a gratuitous ARP to fix the issue. The administrator must fix the conflict by hand at the DHCP server. The DHCP server will reassign new IP addresses to both computers. Correct Answer: C Section: Introduction to TCP/IP Explanation Explanation/Reference: C. If a DHCP conflict is detected, either by the server sending a ping and getting a response or by a host using a gratuitous ARP (arp’ing for its own IP address and seeing if a host responds), then the server will hold that address and not use it again until it is fixed by an administrator. QUESTION 63 Which of the following Application layer protocols sets up a secure session that’s similar to Telnet? A. B. C. D. FTP SSH DNS DHCP Correct Answer: B Section: Introduction to TCP/IP Explanation Explanation/Reference: B. Secure Shell (SSH) protocol sets up a secure session that’s similar to Telnet over a standard TCP/IP connection and is employed for doing things like logging into systems, running programs on remote systems, and moving files from one system to another. QUESTION 64 Which of the following mechanisms is used by the client to avoid a duplicate IP address during the DHCP process? A. B. C. D. ping traceroute gratuitous arp pathping Correct Answer: C Section: Introduction to TCP/IP Explanation Explanation/Reference: C. A host uses something called a gratuitous ARP to help avoid a possible duplicate address. The DHCP client sends an ARP broadcast out on the local LAN or VLAN using its newly assigned address to solve conflicts before they occur. QUESTION 65 What protocol is used to find the hardware address of a local device? A. B. C. D. E. RARP ARP IP ICMP BootP Correct Answer: B Section: Introduction to TCP/IP Explanation Explanation/Reference: B. Address Resolution Protocol (ARP) is used to find the hardware address from a known IP address. QUESTION 66 Which of the following are layers in the TCP/IP model? (Choose three.) A. B. C. D. E. F. Application Session Transport Internet Data Link Physical Correct Answer: ACD Section: Introduction to TCP/IP Explanation Explanation/Reference: A, C, D. The listed answers are from the OSI model and the question asked about the TCP/IP protocol stack (DoD model). Yes, it is normal for the objectives to have this type of question. However, let’s just look for what is wrong. First, the Session layer is not in the TCP/IP model; neither are the Data Link and Physical layers. This leaves us with the Transport layer (Host-to-host in the DoD model), Internet layer (Network layer in the OSI), and Application layer (Application/Process in the DoD). Remember, the CCENT objectives can list the layers as OSI layers or DoD layer at any time, regardless of what the question is asking. QUESTION 67 Which class of IP address provides a maximum of only 254 host addresses per network ID? A. B. C. D. E. Class A Class B Class C Class D Class E Correct Answer: C Section: Introduction to TCP/IP Explanation Explanation/Reference: C. A Class C network address has only 8 bits for defining hosts: 28 – 2 = 256. QUESTION 68 Which of the following describe the DHCP Discover message? (Choose two.) A. It uses FF:FF:FF:FF:FF:FF as a layer 2 broadcast. B. It uses UDP as the Transport layer protocol. C. It uses TCP as the Transport layer protocol. D. It does not use a layer 2 destination address. Correct Answer: AB Section: Introduction to TCP/IP Explanation Explanation/Reference: A, B. A client that sends out a DHCP Discover message in order to receive an IP address sends out a broadcast at both layer 2 and layer 3. The layer 2 broadcast is all Fs in hex, or FF:FF:FF:FF:FF:FF. The layer 3 broadcast is 255.255.255.255, which means any networks and all hosts. DHCP is connectionless, which means it uses User Datagram Protocol (UDP) at the Transport layer, also called the Host-to-host layer. QUESTION 69 Which layer 4 protocol is used for a Telnet connection? A. B. C. D. E. IP TCP TCP/IP UDP ICMP Correct Answer: B Section: Introduction to TCP/IP Explanation Explanation/Reference: B. Although Telnet does use TCP and IP (TCP/IP), the question specifically asks about layer 4, and IP works at layer 3. Telnet uses TCP at layer 4. QUESTION 70 Private IP addressing was specified in RFC __________. A. RFC 1918 RFC 2223 C. RFC 2322 D. RFC 2323 B. Correct Answer: A Section: Introduction to TCP/IP Explanation Explanation/Reference: RFC 1918 These addresses can be used on a private network, but they’re not routable through the Internet. QUESTION 71 Which of the following services use TCP? (Choose three.) A. DHCP B. SMTP C. D. E. F. SNMP FTP HTTP TFTP Correct Answer: BDE Section: Introduction to TCP/IP Explanation Explanation/Reference: B, D, E. SMTP, FTP, and HTTP use TCP. QUESTION 72 Which of the following is an example of a multicast address? A. B. C. D. 10.6.9.1 192.168.10.6 224.0.0.10 172.16.9.5 Correct Answer: C Section: Introduction to TCP/IP Explanation Explanation/Reference: C. The range of multicast addresses starts with 224.0.0.0 and goes through 239.255.255.255 QUESTION 73 If you use either Telnet or FTP, what layer are you using to generate the data? A. B. C. D. Application Presentation Session Transport Correct Answer: A Section: Introduction to TCP/IP Explanation Explanation/Reference: A. Both FTP and Telnet use TCP at the Transport layer; however, they both are Application layer protocols, so the Application layer is the best answer for this question. QUESTION 74 The DoD model (also called the TCP/IP stack) has four layers. Which layer of the DoD model is equivalent to the Network layer of the OSI model? A. B. C. D. Application Host-to-Host Internet Network Access Correct Answer: C Section: Introduction to TCP/IP Explanation Explanation/Reference: C. The four layers of the DoD model are Application/Process, Host-to-Host, Internet, and Network Access. The Internet layer is equivalent to the Network layer of the OSI model. QUESTION 75 Which two of the following are private IP addresses? A. B. C. D. E. 12.0.0.1 168.172.19.39 172.20.14.36 172.33.194.30 192.168.24.43 Correct Answer: CE Section: Introduction to TCP/IP Explanation Explanation/Reference: C, E. The Class A private address range is 10.0.0.0 through 10.255.255.255. The Class B private address range is 172.16.0.0 through 172.31.255.255, and the Class C private address range is 192.168.0.0 through 192.168.255.255. 17. B. The four layers of the TCP/IP stack QUESTION 76 What layer in the TCP/IP stack is equivalent to the Transport layer of the OSI model? A. B. C. D. Application Host-to-Host Internet Network Access Correct Answer: B Section: Introduction to TCP/IP Explanation Explanation/Reference: B. The four layers of the TCP/IP stack (also called the DoD model) are Application/ Process, Host-to-host, Internet, and Network Access. The Host-to-host layer is equivalent to the Transport layer of the OSI model. QUESTION 77 Which statements are true regarding ICMP packets? (Choose two). A. B. C. D. ICMP guarantees datagram delivery. ICMP can provide hosts with information about network problems. ICMP is encapsulated within IP datagrams. ICMP is encapsulated within UDP datagrams. Correct Answer: BC Section: Introduction to TCP/IP Explanation Explanation/Reference: B, C. ICMP is used for diagnostics and destination unreachable messages. ICMP is encapsulated within IP datagrams, and because it is used for diagnostics, it will provide hosts with information about network problems. QUESTION 78 What is the address range of a Class B network address in binary? A. B. C. D. 01xxxxxx 0xxxxxxx 10xxxxxx 110xxxxx Correct Answer: C Section: Introduction to TCP/IP Explanation Explanation/Reference: C. The range of a Class B network address is 128–191. This makes our binary range 10xxxxxx QUESTION 79 What is the maximum number of IP addresses that can be assigned to hosts on a local subnet that uses the 255.255.255.224 subnet mask? A. B. C. D. E. F. 14 15 16 30 31 62 Correct Answer: D Section: Easy Subnetting Explanation Explanation/Reference: D. A /27 (255.255.255.224) is 3 bits on and 5 bits off. This provides 8 subnets, each with 30 hosts. Does it matter if this mask is used with a Class A, B, or C network address? Not at all. The number of host bits would never change. QUESTION 80 You have a network that needs 29 subnets while maximizing the number of host addresses available on each subnet. How many bits must you borrow from the host field to provide the correct subnet mask? A. B. C. D. E. F. 2 3 4 5 6 7 Correct Answer: D Section: Easy Subnetting Explanation Explanation/Reference: D. A 240 mask is 4 subnet bits and provides 16 subnets, each with 14 hosts. We need more subnets, so let’s add subnet bits. One more subnet bit would be a 248 mask. This provides 5 subnet bits (32 subnets) with 3 host bits (6 hosts per subnet). This is the best answer. QUESTION 81 What is the subnetwork address for a host with the IP address 200.10.5.68/28? A. B. C. D. 200.10.5.56 200.10.5.32 200.10.5.64 200.10.5.0 Correct Answer: C Section: Easy Subnetting Explanation Explanation/Reference: C. This is a pretty simple question. A /28 is 255.255.255.240, which means that our block size is 16 in the fourth octet. 0, 16, 32, 48, 64, 80, etc. The host is in the 64 subnet. QUESTION 82 The network address of 172.16.0.0/19 provides how many subnets and hosts? A. B. C. D. E. F. 7 subnets, 30 hosts each 7 subnets, 2,046 hosts each 7 subnets, 8,190 hosts each 8 subnets, 30 hosts each 8 subnets, 2,046 hosts each 8 subnets, 8,190 hosts each Correct Answer: F Section: Easy Subnetting Explanation Explanation/Reference: F. A CIDR address of /19 is 255.255.224.0. This is a Class B address, so that is only 3 subnet bits, but it provides 13 host bits, or 8 subnets, each with 8,190 hosts. QUESTION 83 Which two statements describe the IP address 10.16.3.65/23? (Choose two.) A. B. C. D. E. The subnet address is 10.16.3.0 255.255.254.0. The lowest host address in the subnet is 10.16.2.1 255.255.254.0. The last valid host address in the subnet is 10.16.2.254 255.255.254.0. The broadcast address of the subnet is 10.16.3.255 255.255.254.0. The network is not subnetted. Correct Answer: BD Section: Easy Subnetting Explanation Explanation/Reference: B,D The mask 255.255.254.0 (/23) used with a Class A address means that there are 15 subnet bits and 9 host bits. The block size in the third octet is 2 (256 – 254). So this makes the subnets in the interesting octet 0, 2, 4, 6, etc., all the way to 254. The host 10.16.3.65 is in the 2.0 subnet. The next subnet is 4.0, so the broadcast address for the 2.0 subnet is 3.255. The valid host addresses are 2.1 through 3.254. QUESTION 84 If a host on a network has the address 172.16.45.14/30, what is the subnetwork this host belongs to? A. B. C. D. E. 172.16.45.0 172.16.45.4 172.16.45.8 172.16.45.12 172.16.45.16 Correct Answer: D Section: Easy Subnetting Explanation Explanation/Reference: D. A /30, regardless of the class of address, has a 252 in the fourth octet. This means we have a block size of 4 and our subnets are 0, 4, 8, 12, 16, etc. Address 14 is obviously in the 12 subnet. QUESTION 85 Which mask should you use on point-to-point WAN links in order to reduce the waste of IP addresses? A. B. C. D. E. /27 /28 /29 /30 /31 Correct Answer: D Section: Easy Subnetting Explanation Explanation/Reference: D. A point-to-point link uses only two hosts. A /30, or 255.255.255.252, mask provides two hosts per subnet QUESTION 86 What is the subnetwork number of a host with an IP address of 172.16.66.0/21? A. 172.16.36.0 B. 172.16.48.0 C. 172.16.64.0 D. 172.16.0.0 Correct Answer: C Section: Easy Subnetting Explanation Explanation/Reference: C. A /21 is 255.255.248.0, which means we have a block size of 8 in the third octet, so we just count by 8 until we reach 66. The subnet in this question is 64.0. The next subnet is 72.0, so the broadcast address of the 64 subnet is 71.255. QUESTION 87 You have an interface on a router with the IP address of 192.168.192.10/29. Including the router interface, how many hosts can have IP addresses on the LAN attached to the router interface? A. B. C. D. E. 6 8 30 62 126 Correct Answer: A Section: Easy Subnetting Explanation Explanation/Reference: A. A /29 (255.255.255.248), regardless of the class of address, has only 3 host bits. Six hosts are the maximum number of hosts on this LAN, including the router interface. QUESTION 88 You need to configure a server that is on the subnet 192.168.19.24/29. The router has the first available host address. Which of the following should you assign to the server? A. B. C. D. E. 192.168.19.0 255.255.255.0 192.168.19.33 255.255.255.240 192.168.19.26 255.255.255.248 192.168.19.31 255.255.255.248 192.168.19.34 255.255.255.240 Correct Answer: C Section: Easy Subnetting Explanation Explanation/Reference: C. A /29 is 255.255.255.248, which is a block size of 8 in the fourth octet. The subnets are 0, 8, 16, 24, 32, 40, etc. 192.168.19.24 is the 24 subnet, and since 32 is the next subnet, the broadcast address for the 24 subnet is 31. 192.168.19.26 is the only correct answer QUESTION 89 You have an interface on a router with the IP address of 192.168.192.10/29. What is the broadcast address the hosts will use on this LAN? A. 192.168.192.15 B. C. D. E. 192.168.192.31 192.168.192.63 192.168.192.127 192.168.192.255 Correct Answer: A Section: Easy Subnetting Explanation Explanation/Reference: A. A /29 (255.255.255.248) has a block size of 8 in the fourth octet. This means the subnets are 0, 8, 16, 24, etc. 10 is in the 8 subnet. The next subnet is 16, so 15 is the broadcast address QUESTION 90 You need to subnet a network that has 5 subnets, each with at least 16 hosts. Which classful subnet mask would you use? A. B. C. D. 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 Correct Answer: B Section: Easy Subnetting Explanation Explanation/Reference: B. You need 5 subnets, each with at least 16 hosts. The mask 255.255.255.240 provides 16 subnets with 14 hosts—this will not work. The mask 255.255.255.224 provides 8 subnets, each with 30 hosts. This is the best answer. QUESTION 91 You configure a router interface with the IP address 192.168.10.62 255.255.255.192 and receive the following error: Bad mask /26 for address 192.168.10.62 Why did you receive this error? A. B. C. D. You typed this mask on a WAN link and that is not allowed. This is not a valid host and subnet mask combination. ip subnet-zero is not enabled on the router. The router does not support IP. Correct Answer: C Section: Easy Subnetting Explanation Explanation/Reference: C. First, you cannot answer this question if you can’t subnet. The 192.168.10.62 with a mask of 255.255.255.192 is a block size of 64 in the fourth octet. The host 192.168.10.62 is in the zero subnet, and the error occurred because ip subnet-zero is not enabled on the router. QUESTION 92 If an Ethernet port on a router were assigned an IP address of 172.16.112.1/25, what would be the valid subnet address of this interface? A. B. C. D. E. 172.16.112.0 172.16.0.0 172.16.96.0 172.16.255.0 172.16.128.0 Correct Answer: A Section: Easy Subnetting Explanation Explanation/Reference: A. A /25 mask is 255.255.255.128. Used with a Class B network, the third and fourth octets are used for subnetting with a total of 9 subnet bits, 8 bits in the third octet and 1 bit in the fourth octet. Since there is only 1 bit in the fourth octet, the bit is either off or on—which is a value of 0 or 128. The host in the question is in the 0 subnet, which has a broadcast address of 127 since 112.128 is the next subnet. QUESTION 93 Using the following illustration, what would be the IP address of E0 if you were using the eighth subnet? The network ID is 192.168.10.0/28 and you need to use the last available IP address in the range. The zero subnet should not be considered valid for this question. A. B. C. D. E. 192.168.10.142 192.168.10.66 192.168.100.254 192.168.10.143 192.168.10.126 Correct Answer: A Section: Easy Subnetting Explanation Explanation/Reference: A. A /28 is a 255.255.255.240 mask. Let’s count to the ninth subnet (we need to find the broadcast address of the eighth subnet, so we need to count to the ninth subnet). Starting at 16 (remember, the question stated that we will not use subnet zero, so we start at 16, not 0), 16, 32, 48, 64, 80, 96, 112, 128, 144 etc.. The eighth subnet is 128 and the next subnet is 144, so our broadcast address of the 128 subnet is 143. This makes the host range 129–142. 142 is the last valid host. QUESTION 94 Which configuration command must be in effect to allow the use of 8 subnets if the Class C subnet mask is 255.255.255.224? A. Router(config)#ip classless B. Router(config)#ip version 6 C. D. E. F. Router(config)#no ip classful Router(config)#ip unnumbered Router(config)#ip subnet-zero Router(config)#ip all-nets Correct Answer: E Section: Easy Subnetting Explanation Explanation/Reference: E. A Class C subnet mask of 255.255.255.224 is 3 bits on and 5 bits off (11100000) and provides 8 subnets, each with 30 hosts. However, if the command ip subnet-zero is not used, then only 6 subnets would be available for use. QUESTION 95 You have a network with a subnet of 172.16.17.0/22. Which is the valid host address? A. B. C. D. E. F. 172.16.17.1 255.255.255.252 172.16.0.1 255.255.240.0 172.16.20.1 255.255.254.0 172.16.16.1 255.255.255.240 172.16.18.255 255.255.252.0 172.16.0.1 255.255.255.0 Correct Answer: E Section: Easy Subnetting Explanation Explanation/Reference: E. A Class B network ID with a /22 mask is 255.255.252.0, with a block size of 4 in the third octet. The network address in the question is in subnet 172.16.16.0 with a broadcast address of 172.16.19.255. Only option E has the correct subnet mask listed, and 172.16.18.255 is a valid host QUESTION 96 Your router has the following IP address on Ethernet0: 172.16.2.1/23. Which of the following can be valid host IDs on the LAN interface attached to the router? (Choose two.) A. B. C. D. E. F. 172.16.0.5 172.16.1.100 172.16.1.198 172.16.2.255 172.16.3.0 172.16.3.255 Correct Answer: DE Section: Easy Subnetting Explanation Explanation/Reference: D,E The router’s IP address on the E0 interface is 172.16.2.1/23, which is 255.255.254.0. This makes the third octet a block size of 2. The router’s interface is in the 2.0 subnet, and the broadcast address is 3.255 because the next subnet is 4.0. The valid host range is 2.1 through 3.254. The router is using the first valid host address in the range. QUESTION 97 To test the IP stack on your local host, which IP address would you ping? A. B. C. D. E. 172.0.0.1 1.0.0.127 127.0.0.1 127.255.255.255 255.255.255.255 Correct Answer: C Section: Easy Subnetting Explanation Explanation/Reference: C. To test the local stack on your host, ping the loopback interface of 127.0.0.1. QUESTION 98 On a VLSM network, which mask should you use on point-to-point WAN links in order to reduce the waste of IP addresses? A. B. C. D. E. /27 /28 /29 /30 /31 Correct Answer: D Section: VLSMs, Summarization, and Explanation Explanation/Reference: D. A point-to-point link uses only two hosts. A /30, or 255.255.255.252, mask provides two hosts per subnet. QUESTION 99 To use VLSM, what capability must the routing protocols in use possess? A. B. C. D. Support for multicast Multiprotocol support Transmission of subnet mask information Support for unequal load balancing Correct Answer: C Section: VLSMs, Summarization, and Explanation Explanation/Reference: C. To use VLSM, the routing protocols in use possess the capability to transmit subnet mask information QUESTION 100 If Host A is configured with an incorrect default gateway and all other computers and the router are known to be configured correctly, which of the following statements is TRUE? A. B. C. D. Host A can communicate with the router. Host A can communicate with other hosts in the same subnet. Host A can communicate with hosts in other subnets. Host A can communicate with no other systems. Correct Answer: B Section: VLSMs, Summarization, and Explanation Explanation/Reference: B. With an incorrect gateway, Host A will not be able to communicate with the router or beyond the router but will be able to communicate within the subnet. QUESTION 101 Which of the following troubleshooting steps, if completed successfully, also confirms the other steps will succeed as well? A. B. C. D. ping a remote computer ping the loopback address ping the NIC ping the default gateway Correct Answer: A Section: VLSMs, Summarization, and Explanation Explanation/Reference: A. Pinging the remote computer would fail if any of the other tests fail. QUESTION 102 When a ping to the local host IP address fails, what can you assume? A. B. C. D. The IP address of the local host is incorrect. The IP address of the remote host is incorrect. The NIC is not functional. The IP stack has failed to initialize. Correct Answer: C Section: VLSMs, Summarization, and Explanation Explanation/Reference: C. When a ping to the local host IP address fails, you can assume the NIC is not functional. QUESTION 103 When a ping to the local host IP address succeeds but a ping to the default gateway IP address fails, what can you rule out? (Choose all that apply.) A. B. C. D. The IP address of the local host is incorrect. The IP address of the gateway is incorrect. The NIC is not functional. The IP stack has failed to initialize. Correct Answer: CD Section: VLSMs, Summarization, and Explanation Explanation/Reference: C, D. If a ping to the local host succeeds, you can rule out IP stack or NIC failure. QUESTION 104 What network service is the most likely problem if you can ping a computer by IP address but not by name? A. B. C. D. DNS DHCP ARP ICMP Correct Answer: A Section: VLSMs, Summarization, and Explanation Explanation/Reference: A. The most likely problem if you can ping a computer by IP address but not by name is a failure of DNS QUESTION 105 When you issue the ping command, what protocol are you using? A. B. C. D. DNS DHCP ARP ICMP Correct Answer: D Section: VLSMs, Summarization, and Explanation Explanation/Reference: D. When you issue the ping command, you are using the ICMP protocol. QUESTION 106 Which of the following commands displays the networks traversed on a path to a network destination? A. B. C. D. ping traceroute pingroute pathroute Correct Answer: B Section: VLSMs, Summarization, and Explanation Explanation/Reference: B. The traceroute command displays the networks traversed on a path to a network destination QUESTION 107 What command generated the output shown below? Reply from 172.16.10.2: bytes=32 time<1ms TTL=128 Reply from 172.16.10.2: bytes=32 time<1ms TTL=128 Reply from 172.16.10.2: bytes=32 time<1ms TTL=128 Reply from 172.16.10.2: bytes=32 time<1ms TTL=128 A. B. C. D. traceroute show ip route ping pathping Correct Answer: C Section: VLSMs, Summarization, and Explanation Explanation/Reference: C. The ping command tests connectivity to another station. The full command is shown below. C:\>ping 172.16.10.2 Pinging 172.16.10.2 with 32 bytes of data: Reply from 172.16.10.2: bytes=32 time<1ms TTL=128 Reply from 172.16.10.2: bytes=32 time<1ms TTL=128 Reply from 172.16.10.2: bytes=32 time<1ms TTL=128 Reply from 172.16.10.2: bytes=32 time<1ms TTL=128 Ping statistics for 172.16.10.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms QUESTION 108 What command displays the ARP table on a Cisco router? A. B. C. D. show ip arp traceroute arp -a tracert Correct Answer: A Section: VLSMs, Summarization, and Explanation Explanation/Reference: A. The command that displays the ARP table on a Cisco router is show ip arp. QUESTION 109 What switch must be added to the ipconfig command on a PC to verify DNS configuration? A. B. C. D. /dns -dns /all showall Correct Answer: C Section: VLSMs, Summarization, and Explanation Explanation/Reference: C. The /all switch must be added to the ipconfig command on a PC to verify DNS configuration. QUESTION 110 Which of the following is the best summarization of the following networks: 192.168.128.0 through 192.168.159.0 A. B. C. D. 192.168.0.0/24 192.168.128.0/16 192.168.128.0/19 192.168.128.0/21. Correct Answer: C Section: VLSMs, Summarization, and Explanation Explanation/Reference: C. If you start at 192.168.128.0 and go through 192.168.159.0, you can see this is a block of 32 in the third octet. Since the network address is always the first one in the range, the summary address is 192.168.128.0. What mask provides a block of 32 in the third octet? The answer is 255.255.224.0, or /19. QUESTION 111 You type show interfaces fa0/1 and get this output: 275496 packets input, 35226811 bytes, 0 no buffer Received 69748 broadcasts (58822 multicasts) 0 runts, 0 giants, 0 throttles 111395 input errors, 511987 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 58822 multicast, 0 pause input 0 input packets with dribble condition detected 2392529 packets output, 337933522 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out What could the problem possibly be with this interface? A. B. C. D. Speed mismatch on directly connected interfaces Collisions causing CRC errors Frames received are too large Interference on the Ethernet cable Correct Answer: D Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: D. Typically we’d see the input errors and CRC statistics increase with a duplex error, but it could be another Physical layer issue such as the cable might be receiving excessive interference or the network interface cards might have a failure. Typically you can tell if it is interference when the CRC and input errors output grow but the collision counters do not, which is the case with this question. QUESTION 112 The output of the show running-config command comes from ___________. A. B. C. D. NVRAM Flash RAM Firmware Correct Answer: C Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: C. Once the IOS is loaded and up and running, the startup-config will be copied from NVRAM into RAM and from then on, referred to as the running-config. QUESTION 113 Which two of the following commands are required when configuring SSH on your router? (Choose two.) A. B. C. D. E. enable secret password exec-timeout 0 0 ip domain-name name username name password password ip ssh version 2 Correct Answer: CD Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: C, D. To configure SSH on your router, you need to set the username command, the ip domainname, login local, and the transport input ssh under the VTY lines and the crypto key command. However, SSH version 2 is suggested but not required. QUESTION 114 Which command will show you whether a DTE or a DCE cable is plugged into serial 0/0 on your router’s WAN port? A. B. C. D. sh int s0/0 sh int serial 0/0 show controllers s 0/0 show serial 0/0 controllers Correct Answer: C Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: C. The show controllers serial 0/0 command will show you whether either a DTE or DCE cable is connected to the interface. If it is a DCE connection, you need to add clocking with the clock rate command. QUESTION 115 Using the given output, what type of interface is f0/0? [output cut] Hardware is MV96340 Ethernet, address is 001a.2f55.c9e8 (bia 001a.2f55.c9e8) Internet address is 192.168.1.33/27 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 A. B. C. D. 10 MB 100 MB 1000 MB 1000 MB Correct Answer: B Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: B. We can see that the bandwidth is 100000 Kbit, which is 100,000,000. Kbit means to add three zeros, which is 100 Mbits per second, or FastEthernet. QUESTION 116 Which of the following commands will configure all the default VTY ports on a switch? A. B. C. D. Switch#line vty 0 4 Switch(config)#line vty 0 4 Switch(config-if)#line console 0 Switch(config)#line vty all Correct Answer: B Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: B. From global configuration mode, use the line vty 0 4 command to set all five default VTY lines. However, you would typically always set all lines, not just the defaults. QUESTION 117 Which of the following commands sets the privileged mode password to Cisco and encrypts the password? A. B. C. D. enable secret password Cisco enable secret cisco enable secret Cisco enable password Cisco Correct Answer: C Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: C. The enable secret password is case sensitive, so the second option is wrong. To set the enable secret password, use the enable secret password command from global configuration mode. This password is automatically encrypted QUESTION 118 If you wanted administrators to see a message when logging into the switch, which command would you use? A. B. C. D. message banner motd banner message motd banner motd message motd Correct Answer: C Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: C. The typical banner is a message of the day (MOTD) and is set by using the global configuration mode command banner MOTD. QUESTION 119 Which of the following prompts indicates that the switch is currently in privileged mode? A. B. C. D. Switch(config)# Switch> Switch# Switch(config-if) Correct Answer: C Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: C. The prompts offered as options indicate the following modes: Switch(config)# is global configuration mode. Switch> is user mode. Switch# is privileged mode. Switch(config-if)# is interface configuration mode. QUESTION 120 What command do you type to save the configuration stored in RAM to NVRAM? A. B. C. D. Switch(config)#copy current to starting Switch#copy starting to running Switch(config)#copy running-config startup-config Switch#copy run start Correct Answer: D Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: D. To copy the running-config to NVRAM so that it will be used if the router is restarted, use the copy running-config startup-config command in privileged mode (copy run start for short). QUESTION 121 You try to telnet into SF from router Corp and receive this message: Corp#telnet SF Trying SF (10.0.0.1)…Open Password required, but none set [Connection to SF closed by foreign host] Corp# Which of the following sequences will address this problem correctly? A. Corp(config)#line console 0 Corp (config-line)#password password Corp (config-line)#login B. SF (config)#line console 0 SF(config-line)#enable secret password SF(config-line)#login C. Corp(config)#line vty 0 4 Corp (config-line)#password password Corp (config-line)#login D. SF (config)#line vty 0 4 SF(config-line)#password password SF(config-line)#login Correct Answer: D Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: D. To allow a VTY (Telnet) session into your router, you must set the VTY password. Option C is wrong because it is setting the password on the wrong router. Notice that you have to set the password before you set the login command. Remember, Cisco may have you set the password before the login command. QUESTION 122 Which command will delete the contents of NVRAM on a switch? A. B. C. D. E. delete NVRAM delete startup-config erase flash erase startup-config erase start Correct Answer: D Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: D. The erase startup-config command erases the contents of NVRAM and will put you in setup mode if the switch is restarted. Option E is wrong because you must type in the full command! QUESTION 123 What is the problem with an interface if you type show interface g0/1 and receive the following message? Gigabit 0/1 is administratively down, line protocol is down A. B. C. D. The keepalives are different times. The administrator has the interface shut down. The administrator is pinging from the interface. No cable is attached. Correct Answer: B Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: B. If an interface is shut down, the show interface command will show the interface as administratively down. (It is possible that no cable is attached, but you can’t tell that from this message.) QUESTION 124 Which of the following commands displays the configurable parameters and statistics of all interfaces on a switch? A. B. C. D. show running-config show startup-config show interfaces show versions Correct Answer: C Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: C. With the show interfaces command, you can view the configurable parameters, get statistics for the interfaces on the switch, check for input and CRC errors, and verify if the interfaces are shut down. QUESTION 125 If you delete the contents of NVRAM and reboot the switch, what mode will you be in? A. B. C. D. Privileged mode Global mode Setup mode NVRAM loaded mode Correct Answer: C Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: C. If you delete the startup-config and reload the switch, the device will automatically enter setup mode. You can also type setup from privileged mode at any time. QUESTION 126 You type the following command into the switch and receive the following output: Switch#show fastethernet 0/1 ^ % Invalid input detected at ‘^’ marker. Why was this error message displayed? A. B. C. D. You need to be in privileged mode. You cannot have a space between fastethernet and 0/1. The switch does not have a Fastethernet 0/1 interface. Part of the command is missing. Correct Answer: D Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: D. You can view the interface statistics from user mode, but the command is show interface fastethernet 0/0. QUESTION 127 You type Switch#sh r and receive a % ambiguous command error. Why did you receive this message? A. B. C. D. The command requires additional options or parameters. There is more than one show command that starts with the letter r. There is no show command that starts with r. The command is being executed from the wrong mode. Correct Answer: B Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: B. The % ambiguous command error means that there is more than one possible show command that starts with r. Use a question mark to find the correct command. QUESTION 128 Which of the following commands will display the current IP addressing and the layer 1 and 2 status of an interface? (Choose two.) A. B. C. D. E. show version show interfaces show controllers show ip interface show running-config Correct Answer: BD Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: B, D. The commands show interfaces and show ip interface will show you the layer 1 and 2 status and the IP addresses of your router’s interfaces. QUESTION 129 At which layer of the OSI model would you assume the problem is if you type show interface serial 1 and receive the following message? Serial1 is down, line protocol is down A. B. C. D. Physical layer Data Link layer Network layer None; it is a router Correct Answer: A Section: Cisco’s Internetworking Operating Explanation Explanation/Reference: A. If you see that a serial interface and the protocol are both down, then you have a Physical layer problem. If you see serial1 is up, line protocol is down, then you are not receiving (Data Link) keepalives from the remote end. QUESTION 130 Which of the following is a standards-based protocol that works much like CDP? A. B. C. D. DHCP LLDP DDNS SSTP Correct Answer: B Section: Managing a Cisco Internetwork Explanation Explanation/Reference: B. The IEEE created a new standardized discovery protocol called 802.1AB for Station and Media Access Control Connectivity Discovery. We’ll just call it Link Layer Discovery Protocol (LLDP). QUESTION 131 Which command can be used to determine a router’s capacity to generate debug output? A. B. C. D. show version show controllers show processes cpu show memory Correct Answer: C Section: Managing a Cisco Internetwork Explanation Explanation/Reference: C. The show processes (or show processes cpu) is a good tool for determining a given router’s CPU utilization. When it is high, it is not a good time to execute a debug command QUESTION 132 You are troubleshooting a connectivity problem in your corporate network and want to isolate the problem. You suspect that a router on the route to an unreachable network is at fault. What IOS user exec command should you issue? A. B. C. D. E. Router>ping Router>trace Router>show ip route Router>show interface Router>show cdp neighbors Correct Answer: B Section: Managing a Cisco Internetwork Explanation Explanation/Reference: B. The command traceroute (trace for short), which can be issued from user mode or privileged mode, is used to find the path a packet takes through an internetwork and will also show you where the packet stops because of an error on a router. QUESTION 133 You copy a configuration from a network host to a router’s RAM. The configuration looks correct, yet it is not working at all. What could the problem be? A. B. C. D. You copied the wrong configuration into RAM. You copied the configuration into flash memory instead. The copy did not override the shutdown command in running-config. The IOS became corrupted after the copy command was initiated. Correct Answer: C Section: Managing a Cisco Internetwork Explanation Explanation/Reference: C. Since the configuration looks correct, you probably didn’t screw up the copy job. However, when you perform a copy from a network host to a router, the interfaces are automatically shut down and need to be manually enabled with the no shutdown command. QUESTION 134 In the following command, what does the IP address 10.10.10.254 refer to? Router#config t Router(config)#interface fa0/0 Router(config-if)#ip helper-address 10.10.10.254 A. B. C. D. IP address of the ingress interface on the router IP address of the egress interface on the router IP address of the next hop on the path to the DHCP server IP address of the DHCP server Correct Answer: D Section: Managing a Cisco Internetwork Explanation Explanation/Reference: D. Specifying the address of the DHCP server allows the router to relay broadcast traffic destined for a DHCP server to that server. QUESTION 135 The corporate office sends you a new router to connect, but upon connecting the console cable, you see that there is already a configuration on the router. What should be done before a new configuration is entered in the router? A. B. C. D. RAM should be erased and the router restarted. Flash should be erased and the router restarted. NVRAM should be erased and the router restarted. The new configuration should be entered and saved. Correct Answer: C Section: Managing a Cisco Internetwork Explanation Explanation/Reference: C. Before you start to configure the router, you should erase the NVRAM with the erase startup-config command and then reload the router using the reload command. QUESTION 136 What command can you use to determine the IP address of a directly connected neighbor? A. B. C. D. show cdp show cdp neighbors show cdp neighbors detail show neighbor detail Correct Answer: C Section: Managing a Cisco Internetwork Explanation Explanation/Reference: C. This command can be run on both routers and switches and it displays detailed information about each device connected to the device you’re running the command on, including the IP address. QUESTION 137 According to the output, what interface does SW-2 use to connect to SW-3? SW-3#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID SW-1 Fas 0/1 170 S I WS-C3560- Fas 0/15 SW-1 Fas 0/2 170 S I WS-C3560- Fas 0/16 SW-2 Fas 0/5 162 S I WS-C3560- Fas 0/2 A. B. C. D. Fas 0/1 Fas 0/16 Fas 0/2 Fas 0/5 Correct Answer: C Section: Managing a Cisco Internetwork Explanation Explanation/Reference: C. The Port ID column describes the interfaces on the remote device end of the connection. QUESTION 138 What command can you use to determine the IP address of a directly connected neighbor? A. B. C. D. show cdp show cdp neighbors show cdp neighbors detail show neighbor detail Correct Answer: C Section: Managing a Cisco Internetwork Explanation Explanation/Reference: C. This command can be run on both routers and switches, and it displays detailed information about each device connected to the device you’re running the command on, including the IP address QUESTION 139 You save the configuration on a router with the copy running-config startup-config command and reboot the router. The router, however, comes up with a blank configuration. What can the problem be? A. B. C. D. E. You didn’t boot the router with the correct command. NVRAM is corrupted. The configuration register setting is incorrect. The newly upgraded IOS is not compatible with the hardware of the router. The configuration you saved is not compatible with the hardware. Correct Answer: C Section: Managing a Cisco Internetwork Explanation Explanation/Reference: C. If you save a configuration and reload the router and it comes up either in setup mode or as a blank configuration, chances are you have the configuration register setting incorrect. QUESTION 140 If you want to have more than one Telnet session open at the same time, what keystroke combination would you use? A. B. C. D. Tab+spacebar Ctrl+X, then 6 Ctrl+Shift+X, then 6 Ctrl+Shift+6, then X Correct Answer: D Section: Managing a Cisco Internetwork Explanation Explanation/Reference: D. To keep open one or more Telnet sessions, use the Ctrl+Shift+6 and then X keystroke combination. QUESTION 141 You are unsuccessful in telnetting into a remote device from your switch, but you could telnet to the router earlier. However, you can still ping the remote device. What could the problem be? (Choose two.) A. B. C. D. IP addresses are incorrect. Access control list is filtering Telnet. There is a defective serial cable. The VTY password is missing. Correct Answer: BD Section: Managing a Cisco Internetwork Explanation Explanation/Reference: B, D. The best answers, the ones you need to remember, are that either an access control list is filtering the Telnet session or the VTY password is not set on the remote device. QUESTION 142 What information is displayed by the show hosts command? (Choose two.) A. B. C. D. E. Temporary DNS entries The names of the routers created using the hostname command The IP addresses of workstations allowed to access the router Permanent name-to-address mappings created using the ip host command The length of time a host has been connected to the router via Telnet Correct Answer: AD Section: Managing a Cisco Internetwork Explanation Explanation/Reference: A, D. The show hosts command provides information on temporary DNS entries and permanent name-to-address mappings created using the ip host command. QUESTION 143 Which three commands can be used to check LAN connectivity problems on a switch? (Choose three.) A. B. C. D. E. show interfaces show ip route tracert ping dns lookups Correct Answer: ABD Section: Managing a Cisco Internetwork Explanation Explanation/Reference: A, B, D. The tracert command is a Windows command and will not work on a router or switch! IOS uses the traceroute command. QUESTION 144 You telnet to a router and make your necessary changes; now you want to end the Telnet session. What command do you type in? A. B. C. D. close disable disconnect exit Correct Answer: D Section: Managing a Cisco Internetwork Explanation Explanation/Reference: D. Since the question never mentioned anything about a suspended session, you can assume that the Telnet session is still open, and you would just type exit to close the session. QUESTION 145 You telnet into a remote device and type debug ip icmp, but no output from the debug command is seen. What could the problem be? A. B. C. D. You must type the show ip icmp command first. IP addressing on the network is incorrect. You must use the terminal monitor command. Debug output is sent only to the console. Correct Answer: C Section: Managing a Cisco Internetwork Explanation Explanation/Reference: C. To see console messages through your Telnet session, you must enter the terminal monitor command. QUESTION 146 You need to view console messages on a device to which you have connected through telnet. The command you need to execute to see these is ___________. A. terminal monitor B. show console messages C. console line messages D. NA Correct Answer: A Section: Managing a Cisco Internetwork Explanation Explanation/Reference: terminal monitor: When you telnet into a remote device, you will not see console messages by default. For example, you will not see debugging output. To allow console messages to be sent to your Telnet session, use the terminal monitor command. QUESTION 147 You need to gather the IP address of a remote switch that is located in Hawaii. What can you do to find the address? A. B. C. D. E. Fly to Hawaii, console into the switch, then relax and have a drink with an umbrella in it. Issue the show ip route command on the router connected to the switch. Issue the show cdp neighbor command on the router connected to the switch. Issue the show ip arp command on the router connected to the switch. Issue the show cdp neighbors detail command on the router connected to the switch. Correct Answer: E Section: Managing a Cisco Internetwork Explanation Explanation/Reference: E. Although option A is certainly the “best” answer, unfortunately option E will work just fine and your boss would probably prefer you to use the show cdp neighbors detail command. QUESTION 148 You need to configure all your routers and switches so they synchronize their clocks from one time source. What command will you type for each device? A. B. C. D. clock synchronizationip_address ntp master ip_address sync ntp ip_address ntp server ip_address version number Correct Answer: D Section: Managing a Cisco Internetwork Explanation Explanation/Reference: D. To enable a device to be an NTP client, use the ntp serverIP_addressversion version command at global configuration mode. That’s all there is to it! Assuming your NTP server is working of course. QUESTION 149 What two commands can you use to verify your NTP client? A. B. C. D. E. show ntp server show ntp status show vtp status show ntp associations show clock source Correct Answer: BD Section: Managing a Cisco Internetwork Explanation Explanation/Reference: B, D. You can verify your NTP client with the show ntp status and show ntp associations commands. QUESTION 150 What command was used to generate the following output? Codes: L - local, C - connected, S - static, [output cut] 10.0.0/8 is variably subnetted, 6 subnets, 4 masks C 10.0.0.0/8 is directly connected, FastEthernet0/3 L 10.0.0.1/32 is directly connected, FastEthernet0/3 C 10.10.0.0/16 is directly connected, FastEthernet0/2 L 10.10.0.1/32 is directly connected, FastEthernet0/2 C 10.10.10.0/24 is directly connected, FastEthernet0/1 L 10.10.10.1/32 is directly connected, FastEthernet0/1 S* 0.0.0.0/0 is directly connected, FastEthernet0/0 A. show ip route B. route C. ip nat D. show cdp Correct Answer: A Section: IP Routing Explanation Explanation/Reference: show ip routeThe ip route command is used to display the routing table of a router. QUESTION 151 You are viewing the routing table and you see an entry 10.1.1.1/32. What legend code would you expect to see next to this route? A. B. C. D. C L S D Correct Answer: B Section: IP Routing Explanation Explanation/Reference: B. In the new 15 IOS code, Cisco defines a different route called a local route. Each has a /32 prefix defining a route just for the one address. QUESTION 152 Which of the following statements are true regarding the command ip route 172.16.4.0 255.255.255.0 192.168.4.2? (Choose two.) A. B. C. D. E. The command is used to establish a static route. The default administrative distance is used. The command is used to configure the default route. The subnet mask for the source address is 255.255.255.0. The command is used to establish a stub network. Correct Answer: AB Section: IP Routing Explanation Explanation/Reference: A, B. Although option D almost seems right, it is not; the mask is the mask used on the remote network, not the source network. Since there is no number at the end of the static route, it is using the default administrative distance of 1. QUESTION 153 Using the output shown, what protocol was used to learn the MAC address for 172.16.10.1? Interface: 172.16.10.2 --- 0x3 Internet Address Physical Address Type 172.16.10.1 00-15-05-06-31-b0 dynamic A. A. ICMP B. B. ARP C. C. TCP D. D. UDP Correct Answer: B Section: IP Routing Explanation Explanation/Reference: B. This mapping was learned dynamically which means it was learned through ARP. QUESTION 154 Which of the following is called an advanced distance-vector routing protocol? A. B. C. D. OSPF EIGRP BGP RIP Correct Answer: B Section: IP Routing Explanation Explanation/Reference: B. Hybrid protocols use aspects of both distance vector and link state—for example, EIGRP. Although be advised that Cisco typically just calls EIGRP an advanced distance vector routing protocol. Do not be mislead by the way the question is worded. Yes, I know that MAC addresses are not in a packet. You must read the question for understanding of what they are really asking. QUESTION 155 When a packet is routed across a network, the ______________ in the packet changes at every hop while the ____ does not. A. B. C. D. MAC address, IP address IP address, MAC address Port number, IP address IP address, port number Correct Answer: A Section: IP Routing Explanation Explanation/Reference: A. Since the destination MAC address is different at each hop, it must keep changing. The IP address which is used for the routing process does not. QUESTION 156 Which statement is true regarding classless routing protocols? (Choose two.) A. B. C. D. E. The use of discontiguous networks is not allowed. The use of variable length subnet masks is permitted. RIPv1 is a classless routing protocol. IGRP supports classless routing within the same autonomous system. RIPv2 supports classless routing. Correct Answer: BE Section: IP Routing Explanation Explanation/Reference: B, E. Classful routing means that all hosts in the internetwork use the same mask and that only default masks are in use. Classless routing means that you can use variable length subnet masks (VLSMs). QUESTION 157 Which two of the following are true regarding the distance-vector and link-state routing protocols? (Choose two.) A. Link state sends its complete routing table out of all active interfaces at periodic time intervals. B. Distance vector sends its complete routing table out of all active interfaces at periodic time intervals. C. Link state sends updates containing the state of its own links to all routers in the internetwork. D. Distance vector sends updates containing the state of its own links to all routers in the internetwork. Correct Answer: BC Section: IP Routing Explanation Explanation/Reference: B, C. The distance-vector routing protocol sends its complete routing table out of all active interfaces at periodic time intervals. Link-state routing protocols send updates containing the state of their own links to all routers in the internetwork. QUESTION 158 When a router looks up the destination in the routing table for every single packet it is called _____________ . A. B. C. D. dynamic switching fast switching process switching Cisco Express Forwarding Correct Answer: C Section: IP Routing Explanation Explanation/Reference: C. This is how most people see routers, and certainly they could do this type of plain ol’ packet switching in 1990 when Cisco released their very first router and traffic was seriously slow, but not in today’s networks! This process involves looking up every destination in the routing table and finding the exit interface for every packet. QUESTION 159 What type(s) of route is the following? Choose all that apply. S* 0.0.0.0/0 [1/0] via 172.16.10.5 A. Default B. Subnetted C. Static D. Local Correct Answer: AC Section: IP Routing Explanation Explanation/Reference: A, C. The S* shows that this is a candidate for default route and that it was configured manually. QUESTION 160 A network administrator views the output from the show ip route command. A network that is advertised by both RIP and EIGRP appears in the routing table flagged as an EIGRP route. Why is the RIP route to this network not used in the routing table? A. B. C. D. E. EIGRP has a faster update timer. EIGRP has a lower administrative distance. RIP has a higher metric value for that route. The EIGRP route has fewer hops. The RIP path has a routing loop. Correct Answer: B Section: IP Routing Explanation Explanation/Reference: B. RIP has an administrative distance (AD) of 120, while EIGRP has an administrative distance of 90, so the router will discard any route with a higher AD than 90 to that same network. QUESTION 161 Which of the following is NOT an advantage of static routing? A. B. C. D. Less overhead on the router CPU No bandwidth usage between routers Adds security Recovers automatically from lost routes Correct Answer: D Section: IP Routing Explanation Explanation/Reference: D. Recovery from a lost route requires manual intervention by a human to replace the lost route. QUESTION 162 What metric does RIPv2 use to find the best path to a remote network? A. B. C. D. E. Hop count MTU Cumulative interface delay Load Path bandwidth value Correct Answer: A Section: IP Routing Explanation Explanation/Reference: A. RIPv1 and RIPv2 only use the lowest hop count to determine the best path to a remote network QUESTION 163 The Corporate router receives an IP packet with a source IP address of 192.168.214.20 and a destination address of 192.168.22.3. Looking at the output from the Corp router, what will the router do with this packet? Corp#sh ip route [output cut] R 192.168.215.0 [120/2] via 192.168.20.2, 00:00:23, Serial0/0 R 192.168.115.0 [120/1] via 192.168.20.2, 00:00:23, Serial0/0 R 192.168.30.0 [120/1] via 192.168.20.2, 00:00:23, Serial0/0 C 192.168.20.0 is directly connected, Serial0/0 C 192.168.214.0 is directly connected, FastEthernet0/0 A. B. C. D. The packet will be discarded. The packet will be routed out of the S0/0 interface. The router will broadcast looking for the destination. The packet will be routed out of the Fa0/0 interface. Correct Answer: A Section: IP Routing Explanation Explanation/Reference: A. Since the routing table shows no route to the 192.168.22.0 network, the router will discard the packet and send an ICMP destination unreachable message out of interface FastEthernet 0/0, which is the source LAN from which the packet originated. QUESTION 164 If your routing table has a static, an RIP, and an EIGRP route to the same network, which route will be used to route packets by default? A. B. C. D. E. Any available route RIP route Static route EIGRP route They will all load-balance. Correct Answer: C Section: IP Routing Explanation Explanation/Reference: C. Static routes have an administrative distance of 1 by default. Unless you change this, a static route will always be used over any other dynamically learned route. EIGRP has an administrative distance of 90, and RIP has an administrative distance of 120, by default. QUESTION 165 Which of the following is an EGP? A. B. C. D. RIPv2 EIGRP BGP RIP Correct Answer: C Section: IP Routing Explanation Explanation/Reference: C. BGP is the only EGP listed. QUESTION 166 Which of the following is an NOT True about of static routing? A. B. C. D. Less overhead on the router CPU No bandwidth usage between routers Adds security Recovers automatically from lost routes Correct Answer: D Section: IP Routing Explanation Explanation/Reference: D. Recovery from a lost route requires manual intervention by a human to replace the lost route. The advantages are less overhead on the router and network, as well as more security. QUESTION 167 What command produced the following output? Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.10.1 YES manual up up FastEthernet0/1 unassigned YES unset administratively down down Serial0/0/0 172.16.10.2 YES manual up up Serial0/0/1 unassigned YES unset administratively down down A. B. C. D. show ip route show interfaces show ip interface brief show ip arp Correct Answer: C Section: IP Routing Explanation Explanation/Reference: C. The show ip interface brief command displays a concise summary of the interfaces QUESTION 168 In the following command what does the 150 at the end of the command mean? Router(config)#ip route 172.16.3.0 255.255.255.0 192.168.2.4 150 A. B. C. D. Metric Administrative distance Hop count Cost Correct Answer: B Section: IP Routing Explanation Explanation/Reference: B. The 150 at the end changes the default administrative distance (AD) of 1 to 150. QUESTION 169 There are three possible routes for a router to reach a destination network. The first route is from OSPF with a metric of 782. The second route is from RIPv2 with a metric of 4. The third is from EIGRP with a composite metric of 20514560. Which route will be installed by the router in its routing table? A. B. C. D. RIPv2 EIGRP OSPF All three Correct Answer: B Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: B. Only the EIGRP routes will be placed in the routing table because it has the lowest administrative distance (AD), and that is always used before metrics. QUESTION 170 Which of the following describe the process identifier that is used to run OSPF on a router? (Choose two.) A. B. C. D. It is locally significant. It is globally significant. It is needed to identify a unique instance of an OSPF database. It is an optional parameter required only if multiple OSPF processes are running on the router. E. All routes in the same OSPF area must have the same process ID if they are to exchange routing information. Correct Answer: AC Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: A, C. The process ID for OSPF on a router is only locally significant and you can use the same number on each router, or each router can have a different number—it just doesn’t matter. The numbers you can use are from 1 to 65,535. Don’t get this confused with area numbers, which can be from 0 to 4.2 billion. QUESTION 171 All of the following must match for two OSPF routers to become neighbors except which? A. B. C. D. Area ID Router ID Stub area flag Authentication password if using one Correct Answer: B Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: B. The router ID (RID) is an IP address used to identify the router. It need not and should not match. QUESTION 172 You get a call from a network administrator who tells you that he typed the following into his router: Router(config)#router ospf 1 Router(config-router)#network 10.0.0.0 255.0.0.0 area 0 He tells you he still can’t see any routes in the routing table. What configuration error did the administrator make? A. B. C. D. The wildcard mask is incorrect. The OSPF area is wrong. The OSPF process ID is incorrect. The AS configuration is wrong. Correct Answer: A Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: A. The administrator typed in the wrong wildcard mask configuration. The wildcard should have been 0.0.0.255 or even 0.255.255.255. QUESTION 173 Which of the following statements is true with regard to the output shown? Corp#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 172.31.1.4 1 FULL/BDR 00:00:34 10.10.10.2 FastEthernet0/0 192.168.20.1 0 FULL/ - 00:00:31 172.16.10.6 Serial0/1 192.168.10.1 0 FULL/ - 00:00:32 172.16.10.2 Serial0/0 A. There is no DR on the link to 192.168.20.1. B. The Corp router is the BDR on the link to 172.31.1.4. C. The Corp router is the DR on the link to 192.168.20.1 D. The link to 192.168.10.1 is Active. Correct Answer: A Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: A. A dash (-) in the State column indicates no DR election, because they are not required on a point-to-point link such as a serial connection. QUESTION 174 What is the administrative distance of OSPF? A. B. C. D. 90 100 120 110 Correct Answer: D Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: D. By default the administrative distance of OSPF is 110. QUESTION 175 In OSPF, Hellos are sent to what IP address? A. B. C. D. 224.0.0.5 224.0.0.9 224.0.0.10 224.0.0.1 Correct Answer: A Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: A. Hello packets are addressed to multicast address 224.0.0.5. QUESTION 176 What command generated the following output? 172.31.1.4 1 FULL/BDR 00:00:34 10.10.10.2 FastEthernet0/0 192.168.20.1 0 FULL/ - 00:00:31 172.16.10.6 Serial0/1 192.168.10.1 0 FULL/ - 00:00:32 172.16.10.2 Serial0/0 A. B. C. D. show ip ospf neighbor show ip ospf database show ip route show ip ospf interface Correct Answer: A Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: A. The show ip ospf neighbor command displays all interface-related neighbor information. This output shows the DR and BDR (unless your router is the DR or BDR), the RID of all directly connected neighbors and the IP address and name of the directly connected interface. QUESTION 177 Updates addressed to 224.0.0.6 are destined for which type of OSPF router? A. B. C. D. DR ASBR ABR All OSPF routers Correct Answer: A Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: A. 224.0.0.6 is used on broadcast networks to reach the DR and BDR. QUESTION 178 For some reason, you cannot establish an adjacency relationship on a common Ethernet link between two routers. Looking at this output, what is the cause of the problem? RouterA# Ethernet0/0 is up, line protocol is up Internet Address 172.16.1.2/16, Area 0 Process ID 2, Router ID 172.126.1.2, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 172.16.1.2, interface address 172.16.1.1 No backup designated router on this network Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5 RouterB# Ethernet0/0 is up, line protocol is up Internet Address 172.16.1.1/16, Area 0 Process ID 2, Router ID 172.126.1.1, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 172.16.1.1, interface address 172.16.1.2 No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 A. B. C. D. E. F. The OSPF area is not configured properly. The priority on RouterA should be set higher. The cost on RouterA should be set higher. The Hello and Dead timers are not configured properly. A backup designated router needs to be added to the network. The OSPF process ID numbers must match. Correct Answer: D Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: D. The Hello and Dead timers must be set the same on two routers on the same link or they will not form an adjacency (relationship). The default timers for OSPF are 10 seconds for the Hello timer and 40 seconds for the Dead timer. QUESTION 179 Which two of the following commands will place network 10.2.3.0/24 into area 0? (Choose two.) A. A. router eigrp 10 B. router ospf 10 C. C. router rip D. D. network 10.0.0.0 E. E. network 10.2.3.0 255.255.255.0 area 0 B. F. G. F. network 10.2.3.0 0.0.0.255 area0 G. network 10.2.3.0 0.0.0.255 area 0 Correct Answer: BG Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: B, G. To enable OSPF, you must first start OSPF using a process ID. The number is irrelevant; just choose a number from 1 to 65,535 and you’re good to go. After you start the OSPF process, you must configure interfaces on which to activate OSPF using the network command with wildcards and specification of an area. Option F is wrong because there must be a space after the parameter area and before you list the area number. QUESTION 180 Given the following output, which statement or statements can be determined to be true? (Choose all that apply.) RouterA2# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.23.2 1 FULL/BDR 00:00:29 10.24.4.2 FastEthernet1/0 192.168.45.2 2 FULL/BDR 00:00:24 10.1.0.5 FastEthernet0/0 192.168.85.1 1 FULL/- 00:00:33 10.6.4.10 Serial0/1 192.168.90.3 1 FULL/DR 00:00:32 10.5.5.2 FastEthernet0/1 192.168.67.3 1 FULL/DR 00:00:20 10.4.9.20 FastEthernet0/2 192.168.90.1 1 FULL/BDR 00:00:23 10.5.5.4 FastEthernet0/1 <<output omitted>> A. The DR for the network connected to Fa0/0 has an interface priority higher than 2. B. This router (A2) is the BDR for subnet 10.1.0.0. C. The DR for the network connected to Fa0/1 has a router ID of 10.5.5.2. D. The DR for the serial subnet is 192.168.85.1. Correct Answer: A Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: A. The default OSPF interface priority is 1, and the highest interface priority determines the designated router (DR) for a subnet. The output indicates that the router with a router ID of 192.168.45.2 is currently the backup designated router (BDR) for the segment, which indicates that another router became the DR. It can be then be assumed that the DR router has an interface priority higher than 2. (The router serving the DR function is not present in the truncated sample output.) QUESTION 181 What are three reasons for creating OSPF in a hierarchical design? (Choose three.) A. B. C. D. To decrease routing overhead To speed up convergence To confine network instability to single areas of the network To make configuring OSPF easier Correct Answer: ABC Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: A, B, C. OSPF is created in a hierarchical design, not a flat design like RIP. This decreases routing overhead, speeds up convergence, and confines network instability to a single area of the network. QUESTION 182 A(n) ____________is an OSPF data packet containing link-state and routing information that are shared among OSPF routers. A. B. C. D. LSA TSA Hello SPF Correct Answer: A Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: A. LSA packets are used to update and maintain the topological database QUESTION 183 If routers in a single area are configured with the same priority value, what value does a router use for the OSPF router ID in the absence of a loopback interface? A. B. C. D. The lowest IP address of any physical interface The highest IP address of any physical interface The lowest IP address of any logical interface The highest IP address of any logical interface Correct Answer: B Section: Open Shortest Path First (OSPF) Explanation Explanation/Reference: B. At the moment of OSPF process startup, the highest IP address on any active interface will be the router ID (RID) of the router. If you have a loopback interface configured (logical interface), then that will override the interface IP address and become the RID of the router automatically. QUESTION 184 Which of the following statements is not true with regard to layer 2 switching? A. Layer 2 switches and bridges are faster than routers because they don’t take up time looking at the Data Link layer header information. B. Layer 2 switches and bridges look at the frame’s hardware addresses before deciding to either forward, flood, or drop the frame. C. Switches create private, dedicated collision domains and provide independent bandwidth on each port. D. Switches use application-specific integrated circuits (ASICs) to build and maintain their MAC filter tables. Correct Answer: A Section: Layer 2 Switching Explanation Explanation/Reference: A. Layer 2 switches and bridges are faster than routers because they don’t take up time looking at the Network Layer header information. They do make use of the Data Link layer information. QUESTION 185 What statement(s) is/are true about the output shown below? (Choose all that apply.) S3#sh port-security int f0/3 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 2 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : 0013:0ca69:00bb3:00ba8:1 Security Violation Count : 1 A. B. C. D. The port light for F0/3 will be amber in color. The F0/3 port is forwarding frames. This problem will resolve itself in a few minutes. This port requires the shutdown command to function. Correct Answer: AD Section: Layer 2 Switching Explanation Explanation/Reference: A, D. In the above output, you can see that the port is in Secure-shutdown mode and the light for the port would be amber. To enable the port again you’d need to do the following: S3(config-if)#shutdown S3(config-if)#no shutdown QUESTION 186 Which of the following commands in the configuration, is a prerequisite for the other commands to function? S3#config t S(config)#int fa0/3 S3(config-if#switchport port-security S3(config-if#switchport port-security maximum 3 S3(config-if#switchport port-security violation restrict S3(config-if#Switchport mode-security aging time 10 A. B. C. D. switchport mode-security aging time 10 switchport port-security switchport port-security maximum 3 switchport port-security violation restrict Correct Answer: B Section: Layer 2 Switching Explanation Explanation/Reference: B. The switchport port-security command enables port security, which is a prerequisite for the other commands to function QUESTION 187 Which if the following is not an issue addressed by STP? A. B. C. D. Broadcast storms Gateway redundancy A device receiving multiple copies of the same frame Constant updating of the MAC filter table Correct Answer: B Section: Layer 2 Switching Explanation Explanation/Reference: B. Gateway redundancy is not an issue addressed by STP. QUESTION 188 What issue that arises when redundancy exists between switches is shown in the figure? A. B. C. D. Broadcast storm Routing loop Port violation Loss of gateway Correct Answer: A Section: Layer 2 Switching Explanation Explanation/Reference: A. If no loop avoidance schemes are put in place, the switches will flood broadcasts endlessly throughout the internetwork. This is sometimes referred to as a broadcast storm. QUESTION 189 Which two of the following switch port violation modes will alert you via SNMP that a violation has occurred on a port? A. B. C. D. Restrict Protect Shutdown Err-disable Correct Answer: BC Section: Layer 2 Switching Explanation Explanation/Reference: B, C. Shutdown and protect mode will alert you via SNMP that a violation has occurred on a port. QUESTION 190 On which interface have you configured an IP address for a switch? A. B. C. D. int fa0/0 int vty 0 15 int vlan 1 int s/0/0 Correct Answer: C Section: Layer 2 Switching Explanation Explanation/Reference: C. The IP address is configured under a logical interface, called a management domain or VLAN 1. QUESTION 191 Which Cisco IOS command is used to verify the port security configuration of a switch port? A. B. C. D. show interfaces port-security show port-security interface show ip interface show interfaces switchport Correct Answer: B Section: Layer 2 Switching Explanation Explanation/Reference: B. The show port-security interface command displays the current port security and status of a switch port, as in this sample output: Switch# show port-security interface fastethernet0/1 Port Security: Enabled Port status: SecureUp Violation mode: Shutdown Maximum MAC Addresses: 2 Total MAC Addresses: 2 Configured MAC Addresses: 2 Aging Time: 30 mins Aging Type: Inactivity SecureStatic address aging: Enabled Security Violation count: 0 QUESTION 192 Which of the following methods will ensure that only one specific host can connect to port F0/3 on a switch? (Choose two. Each correct answer is a separate solution.) A. Configure port security on F0/3 to accept traffic other than that of the MAC address of the host. B. Configure the MAC address of the host as a static entry associated with port F0/3. C. Configure an inbound access control list on port F0/3 limiting traffic to the IP address of the host. D. Configure port security on F0/3 to accept traffic only from the MAC address of the host. Correct Answer: BD Section: Layer 2 Switching Explanation Explanation/Reference: B, D. To limit connections to a specific host, you should configure the MAC address of the host as a static entry associated with the port, although be aware that this host can still connect to any other port, but no other port can connect to f0/3, in this example. Another solution would be to configure port security to accept traffic only from the MAC address of the host. By default, an unlimited number of MAC addresses can be learned on a single switch port, whether it is configured as an access port or a trunk port. Switch ports can be secured by defining one or more specific MAC addresses that should be allowed to connect and by defining violation policies (such as disabling the port) to be enacted if additional hosts try to gain a connection. QUESTION 193 What will be the effect of executing the following command on port F0/1? switch(config-if)# switchport port-security mac-address 00C0.35F0.8301 A. The command configures an inbound access control list on port F0/1, limiting traffic to the IP address of the host. B. The command expressly prohibits the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. C. The command encrypts all traffic on the port from the MAC address of 00c0.35F0.8301. D. The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. Correct Answer: D Section: Layer 2 Switching Explanation Explanation/Reference: D. The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. By default, an unlimited number of MAC addresses can be learned on a single switch port, whether it is configured as an access port or a trunk port. Switch ports can be secured by defining one or more specific MAC addresses that should be allowed to connect and violation policies (such as disabling the port) if additional hosts try to gain a connection. QUESTION 194 The conference room has a switch port available for use by the presenter during classes, and each presenter uses the same PC attached to the port. You would like to prevent other PCs from using that port. You have completely removed the former configuration in order to start anew. Which of the following steps is not required to prevent any other PCs from using that port? A. B. C. D. Enable port security. Assign the MAC address of the PC to the port. Make the port an access port. Make the port a trunk port. Correct Answer: D Section: Layer 2 Switching Explanation Explanation/Reference: D. You would not make the port a trunk. In this example, this switchport is a member of one VLAN. However, you can configure port security on a trunk port, but again, not valid for this question. QUESTION 195 Which of the following statements is true with regard to VLANs? A. B. C. D. VLANs greatly reduce network security. VLANs increase the number of collision domains while decreasing their size. VLANs decrease the number of broadcast domains while decreasing their size. Network adds, moves, and changes are achieved with ease by just configuring a port into the appropriate VLAN. Correct Answer: D Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: .D. Here’s a list of ways VLANs simplify network management: Network adds, moves, and changes are achieved with ease by just configuring a port into the appropriate VLAN. A group of users that need an unusually high level of security can be put into its own VLAN so that users outside of the VLAN can’t communicate with them. As a logical grouping of users by function, VLANs can be considered independent from their physical or geographic locations. VLANs greatly enhance network security if implemented correctly. VLANs increase the number of broadcast domains while decreasing their size. QUESTION 196 What is the only type of second VLAN of which an access port can be a member? A. B. C. D. Secondary Voice Primary Trunk Correct Answer: B Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: B. While in all other cases access ports can be a member of only one VLAN, most switches will allow you to add a second VLAN to an access port on a switch port for your voice traffic; it’s called the voice VLAN. The voice VLAN used to be called the auxiliary VLAN, which allowed it to be overlaid on top of the data VLAN, enabling both types of traffic through the same port. QUESTION 197 In the following configuration, what command is missing in the creation of the VLAN interface? 2960#config t 2960(config)#int vlan 1 2960(config-if)#ip address 192.168.10.2 255.255.255.0 2960(config-if)#exit 2960(config)#ip default-gateway 192.168.10.1 A. B. C. D. no shutdown under int vlan 1 encapsulation dot1q 1 under int vlan 1 switchport access vlan 1 passive-interface Correct Answer: A Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: A. Yes, you have to do a no shutdown on the VLAN interface QUESTION 198 Which of the following statements is true with regard to ISL and 802.1q? A. 802.1q encapsulates the frame with control information; ISL inserts an ISL field along with tag control information. B. 802.1q is Cisco proprietary. C. ISL encapsulates the frame with control information; 802.1q inserts an 802.1q field along with tag control information. D. ISL is a standard. Correct Answer: C Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: C. Unlike ISL which encapsulates the frame with control information, 802.1q inserts an 802.1q field along with tag control information. QUESTION 199 Write the command that generated the following output: VLAN Name Status Ports ---- ------------------------- --------- -----------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Gi0/1 Gi0/2 2 Sales active 3 Marketing active 4 Accounting active [output cut] A. B. C. D. show vlan show interfaces show ip interface show run Correct Answer: A Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: show vlan After you create the VLANs that you want, you can use the show vlan command to check them out. QUESTION 200 Based on the configuration shown below, what statement is true? S1(config)#ip routing S1(config)#int vlan 10 S1(config-if)#ip address 192.168.10.1 255.255.255.0 S1(config-if)#int vlan 20 S1(config-if)#ip address 192.168.20.1 255.255.255.0 A. B. C. D. This is a multilayer switch. The two VLANs are in the same subnet. Encapsulation must be configured. VLAN 10 is the management VLAN. Correct Answer: A Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: A. With a multilayer switch, enable IP routing and create one logical interface for each VLAN using the interface vlan number command and you’re now doing inter-VLAN routing on the backplane of the switch! QUESTION 201 What is true of the output shown below? S1#sh vlan VLAN Name Status Ports ---- ---------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/19, Fa0/20, Fa0/22, Fa0/23, Gi0/1, Gi0/2 2 Sales active 3 Marketing Fa0/21 4 Accounting active [output cut] A. Interface F0/15 is a trunk port. B. Interface F0/17 is an access port. C. Interface F0/21 is a trunk port. D. VLAN 1 was populated manually. Correct Answer: A Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: A. Ports Fa0/15–18 are not present in any VLANs. They are trunk ports. QUESTION 202 802.1q untagged frames are members of the _________ VLAN. A. B. C. D. Auxiliary Voice Native Private Correct Answer: C Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: C. Untagged frames are members of the native VLAN, which by default is VLAN 1. QUESTION 203 Write the command that generated the following output. Write only the command and not the prompt: Name: Fa0/15 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: trunk Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: isl Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none [output cut] A. sh interfaces fastEthernet 0/15 switchport sh interfaces fastEthernet 0/15 C. sh fastEthernet 0/15 switchport D. sh interfaces 0/15 switchport B. Correct Answer: A Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: sh interfaces fastEthernet 0/15 switchport This show interfacesinterfaceswitchport command shows us the administrative mode of dynamic desirable and that the port is a trunk port, DTP was used to negotiate the frame tagging method of ISL, and the native VLAN is the default of 1. QUESTION 204 Which statement is true regarding virtual local area networks (VLANs)? A. B. C. D. VLANs are location dependent. VLANs are limited to a single switch. VLANs may be subnets of major networks. VLANs define collision domains. Correct Answer: C Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: C. VLANs are not location dependent and can span to multiple switches using trunk links. Moreover, they can be subnets of major networks. QUESTION 205 What is the purpose of frame tagging in virtual LAN (VLAN) configurations? http://www.gratisexam.com/ A. B. C. D. Inter-VLAN routing Encryption of network packets Frame identification over trunk links Frame identification over access links Correct Answer: C Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: C. Frame tagging is used when VLAN traffic travels over a trunk link. Trunk links carry frames for multiple VLANs. Therefore, frame tags are used for identification of frames from different VLANs. QUESTION 206 Write the command to create VLAN 2 on a layer 2 switch. Write only the command and not the prompt. A. vlan 2 B. int vlan 2 C. line vlan 2 D. con vlan 2 Correct Answer: A Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: vlan 2 To configure VLANs on a Cisco Catalyst switch, use the global config vlan command QUESTION 207 Which statement is true regarding 802.1q frame tagging? A. B. C. D. 802.1q adds a 26-byte trailer and 4-byte header. 802.1q uses a native VLAN. The original Ethernet frame is not modified. 802.1q only works with Cisco switches. Correct Answer: B Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: B. 802.1q uses the native VLAN QUESTION 208 Write the command that prevents an interface from generating DTP frames. Write only the command and not the prompt. A. switchport nonegotiate B. NA C. NA D. NA Correct Answer: A Section: VLANs and InterVLAN Routing Explanation Explanation/Reference: switchport nonegotiate You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link. QUESTION 209 Which of the following statements is false when a packet is being compared to an access list? A. It’s always compared with each line of the access list in sequential order. B. Once the packet matches the condition on a line of the access list, the packet is acted upon and no further comparisons take place. C. There is an implicit “deny” at the end of each access list. D. Until all lines have been analyzed, the comparison is not over. Correct Answer: D Section: Security Explanation Explanation/Reference: D. It’s compared with lines of the access list only until a match is made. Once the packet matches the condition on a line of the access list, the packet is acted upon and no further comparisons take place - NOTE: Question requested FALSE STATEMENT, THE OTHER THREE ARE CORRECT ! QUESTION 210 You need to create an access list that will prevent hosts in the network range of 192.168.160.0 to 192.168.191.0. Which of the following lists will you use? A. B. C. D. access-list 10 deny 192.168.160.0 255.255.224.0 access-list 10 deny 192.168.160.0 0.0.191.255 access-list 10 deny 192.168.160.0 0.0.31.255 access-list 10 deny 192.168.0.0 0.0.31.255 Correct Answer: C Section: Security Explanation Explanation/Reference: C. The range of 192.168.160.0 to 192.168.191.0 is a block size of 32. The network address is 192.168.160.0 and the mask would be 255.255.224.0, which for an access list must be a wildcard format of 0.0.31.255. The 31 is used for a block size of 32. The wildcard is always one less than the block size. QUESTION 211 You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface Fa0/0 of your router? A. B. C. D. (config)#ip access-group 110 in (config-if)#ip access-group 110 in (config-if)#ip access-group Blocksales in (config-if)#Blocksales ip access-list in Correct Answer: C Section: Security Explanation Explanation/Reference: C. Using a named access list just replaces the number used when applying the list to the router’s interface. ip access-group Blocksales in is correct. QUESTION 212 Which access list statement will permit all HTTP sessions to network 192.168.144.0/24 containing web servers? A. access-list 110 permit tcp 192.168.144.0 0.0.0.255 any eq 80 B. access-list 110 permit tcp any 192.168.144.0 0.0.0.255 eq 80 C. access-list 110 permit tcp 192.168.144.0 0.0.0.255 192.168.144.0 0.0.0.255 any eq 80 D. access-list 110 permit udp any 192.168.144.0 eq 80 Correct Answer: B Section: Security Explanation Explanation/Reference: B. The list must specify TCP as the Transport layer protocol and use a correct wildcard mask (in this case 0.0.0.255), and it must specify the destination port (80). It also should specify all as the set of computers allowed to have this access. QUESTION 213 Which of the following access lists will allow only HTTP traffic into network 196.15.7.0? A. B. C. D. E. access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www access-list 10 deny tcp any 196.15.7.0 eq www access-list 100 permit 196.15.7.0 0.0.0.255 eq www access-list 110 permit ip any 196.15.7.0 0.0.0.255 access-list 110 permit www 196.15.7.0 0.0.0.255 Correct Answer: A Section: Security Explanation Explanation/Reference: A. The first thing to check in a question like this is the access-list number. Right away, you can see that the second option is wrong because it is using a standard IP access-list number. The second thing to check is the protocol. If you are filtering by upper-layer protocol, then you must be using either UDP or TCP; this eliminates the fourth option. The third and last answers have the wrong syntax. QUESTION 214 What router command allows you to determine whether an IP access list is enabled on a particular interface? A. B. C. D. show ip port show access-lists show ip interface show access-lists interface Correct Answer: C Section: Security Explanation Explanation/Reference: C. Of the available choices, only the show ip interface command will tell you which interfaces have access lists applied. show access-lists will not show you which interfaces have an access list applied. QUESTION 215 If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use? A. B. C. D. access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23 access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23 Correct Answer: C Section: Security Explanation Explanation/Reference: C. The extended access list ranges are 100–199 and 2000–2699, so the access-list number of 100 is valid. Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. Only the third option has the correct sequence of parameters. Option B may work, but the question specifically states “only” to network 192.168.10.0, and the wildcard in option B is too broad. QUESTION 216 If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid? A. access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp access-list 111 permit ip any 0.0.0.0 255.255.255.255 B. access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any C. access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp D. access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp access-list 198 permit ip any 0.0.0.0 255.255.255.255 Correct Answer: D Section: Security Explanation Explanation/Reference: D. Extended IP access lists use numbers 100–199 and 2000–2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else. QUESTION 217 You want to create an extended access list that denies the subnet of the following host: 172.16.50.172/20. Which of the following would you start your list with? A. B. C. D. access-list 110 deny ip 172.16.48.0 255.255.240.0 any access-list 110 udp deny 172.16.0.0 0.0.255.255 ip any access-list 110 deny tcp 172.16.64.0 0.0.31.255 any eq 80 access-list 110 deny ip 172.16.48.0 0.0.15.255 any Correct Answer: D Section: Security Explanation Explanation/Reference: D. First, you must know that a /20 is 255.255.240.0, which is a block size of 16 in the third octet. Counting by 16s, this makes our subnet 48 in the third octet, and the wildcard for the third octet would be 15 since the wildcard is always one less than the block size. QUESTION 218 Which of the following is the wildcard (inverse) version of a /27 mask? A. B. C. D. 0.0.0.7 0.0.0.31 0.0.0.27 0.0.31.255 Correct Answer: B Section: Security Explanation Explanation/Reference: B. To find the wildcard (inverse) version of this mask, the zero and one bits are simply reversed as follows: 11111111.11111111.11111111.11100000 (27 one bits, or /27) 00000000.00000000.00000000.00011111 (wildcard/inverse mask) QUESTION 219 You want to create an extended access list that denies the subnet of the following host: 172.16.198.94/19. Which of the following would you start your list with? A. B. C. D. access-list 110 deny ip 172.16.192.0 0.0.31.255 any access-list 110 deny ip 172.16.0.0 0.0.255.255 any access-list 10 deny ip 172.16.172.0 0.0.31.255 any access-list 110 deny ip 172.16.188.0 0.0.15.255 any Correct Answer: A Section: Security Explanation Explanation/Reference: A. First, you must know that a /19 is 255.255.224.0, which is a block size of 32 in the third octet. Counting by 32s, this makes our subnet 192 in the third octet, and the wildcard for the third octet would be 31 since the wildcard is always one less than the block size. QUESTION 220 The following access list has been applied to an interface on a router: access-list 101 deny tcp 199.111.16.32 0.0.0.31 host 199.168.5.60 Which of the following IP addresses will be blocked because of this single rule in the list? (Choose all that apply.) A. B. C. D. 199.111.16.67 199.111.16.38 199.111.16.65 199.111.16.54.14 Correct Answer: B Section: Security Explanation Explanation/Reference: B. The scope of an access list is determined by the wildcard mask and the network address to which it is applied. For example, in this case the starting point of the list of addresses affected by the mask is the network ID 192.111.16.32. The wildcard mask is 0.0.0.31. Adding the value of the last octet in the mask to the network address (32 + 31 = 63) tells you where the effects of the access list ends, which is 192.111.16.63. Therefore, all addresses in the range 192.111.16.32– 192.111.16.63 will be denied by this list. QUESTION 221 Which of the following commands connects access list 110 inbound to interface Ethernet0? A. B. C. D. Router(config)#ip access-group 110 in Router(config)#ip access-list 110 in Router(config-if)#ip access-group 110 in Router(config-if)#ip access-list 110 in Correct Answer: C Section: Security Explanation Explanation/Reference: C. To place an access list on an interface, use the ip access-group command in interface configuration mode. QUESTION 222 What is the effect of this single-line access list? access-list 110 deny ip 172.16.10.0 0.0.0.255 host 1.1.1.1 A. B. C. D. Denies only the computer at 172.16.10 Denies all traffic Denies the subnet 172.16.10.0/26 Denies the subnet 172.16.10.0/25 Correct Answer: B Section: Security Explanation Explanation/Reference: B. With no permit statement, the ACL will deny all traffic. QUESTION 223 You configure the following access list. What will the result of this access list be? access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp access-list 110 deny tcp any any eq 23 int ethernet 0 ip access-group 110 out A. B. C. D. Email and Telnet will be allowed out E0. Email and Telnet will be allowed in E0. Everything but email and Telnet will be allowed out E0. No IP traffic will be allowed out E0. Correct Answer: D Section: Security Explanation Explanation/Reference: D. If you add an access list to an interface and you do not have at least one permit statement, then you will affectively shut down the interface because of the implicit deny any at the end of every list. QUESTION 224 Which of the following series of commands will restrict Telnet access to the router? A. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line con 0 Lab_A(config-line)#ip access-group 10 in B. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 10 out C. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 10 in D. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#ip access-group 10 in Correct Answer: C Section: Security Explanation Explanation/Reference: C. Telnet access to the router is restricted by using either a standard or extended IP access list inbound on the VTY lines of the router. The command access-class is used to apply the access list to the VTY lines. QUESTION 225 Which of the following is true regarding access lists applied to an interface? A. You can place as many access lists as you want on any interface until you run out of memory. B. You can apply only one access list on any interface. C. One access list may be configured, per direction, for each layer 3 protocol configured on an interface. D. You can apply two access lists to any interface. Correct Answer: C Section: Security Explanation Explanation/Reference: C. A Cisco router has rules regarding the placement of access lists on a router interface. You can place one access list per direction for each layer 3 protocol configured on an interface. QUESTION 226 What is the most common attack on a network today? A. Lock picking B. Naggle C. DoS D. auto secure Correct Answer: C Section: Security Explanation Explanation/Reference: C. The most common attack on a network today is a denial of service (DoS) because they are the easiest attack to achieve. QUESTION 227 You need to stop DoS attacks in real time and have a log of anyone who has tried to attack your network. What should you do your network? A. B. C. D. Add more routers. Use the auto secure command. Implement IDS/IPS. Configure Naggle. Correct Answer: C Section: Security Explanation Explanation/Reference: C. Implementing intrusion detection services and intrusion prevention services will help notify you and stop attacks in real time. QUESTION 228 Which of the following are disadvantages of using NAT? (Choose three.) A. B. C. D. E. F. Translation introduces switching path delays. NAT conserves legally registered addresses. NAT causes loss of end-to-end IP traceability. NAT increases flexibility when connecting to the Internet. Certain applications will not function with NAT enabled. NAT reduces address overlap occurrence. Correct Answer: ACE Section: Network Address Translation Explanation Explanation/Reference: A, C, E. NAT is not perfect and can cause some issues in some networks, but most networks work just fine. NAT can cause delays and troubleshooting problems, and some applications just won’t work. QUESTION 229 Which of the following are advantages of using NAT? (Choose three.) A. Translation introduces switching path delays. B. NAT conserves legally registered addresses. C. D. E. F. NAT causes loss of end-to-end IP traceability. NAT increases flexibility when connecting to the Internet. Certain applications will not function with NAT enabled. NAT remedies address overlap occurrence. Correct Answer: BDF Section: Network Address Translation Explanation Explanation/Reference: B, D, F. NAT is not perfect, but there are some advantages. It conserves global addresses, which allow us to add millions of hosts to the Internet without “real” IP addresses. This provides flexibility in our corporate networks. NAT can also allow you to use the same subnet more than once in the same network without overlapping networks. QUESTION 230 Which command will allow you to see real-time translations on your router? A. B. C. D. show ip nat translations show ip nat statistics debug ip nat clear ip nat translations * Correct Answer: C Section: Network Address Translation Explanation Explanation/Reference: C. The command debug ip nat will show you in real time the translations occurring on your router QUESTION 231 Which command will show you all the translations active on your router? A. B. C. D. show ip nat translations show ip nat statistics debug ip nat clear ip nat translations * Correct Answer: A Section: Network Address Translation Explanation Explanation/Reference: A. The command show ip nat translations will show you the translation table containing all the active NAT entries. QUESTION 232 Which command will clear all the translations active on your router? A. B. C. D. show ip nat translations show ip nat statistics debug ip nat clear ip nat translations * Correct Answer: D Section: Network Address Translation Explanation Explanation/Reference: D. The command clear ip nat translations * will clear all the active NAT entries in your translation table QUESTION 233 Which command will show you the summary of the NAT configuration? A. B. C. D. show ip nat translations show ip nat statistics debug ip nat clear ip nat translations * Correct Answer: B Section: Network Address Translation Explanation Explanation/Reference: B. The show ip nat statistics command displays a summary of the NAT configuration as well as counts of active translation types, hits to an existing mapping, misses (causing an attempt to create a mapping), and expired translations QUESTION 234 Which command will create a dynamic pool named Todd that will provide you with 30 global addresses? A. B. C. D. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.240 ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.224 ip nat pool todd 171.16.10.65 171.16.10.94 net 255.255.255.224 ip nat pool Todd 171.16.10.1 171.16.10.254 net 255.255.255.0 Correct Answer: B Section: Network Address Translation Explanation Explanation/Reference: B. The command ip nat poolname creates the pool that hosts can use to get onto the global Internet. What makes option B correct is that the range 171.16.10.65 through 171.16.10.94 includes 30 hosts, but the mask has to match 30 hosts as well, and that mask is 255.255.255.224. Option C is wrong because there is a lowercase t in the pool name. Pool names are case sensitive. QUESTION 235 Which of the following are methods of NAT? (Choose three.) A. B. C. D. E. Static IP NAT pool Dynamic NAT double-translation Overload Correct Answer: ACE Section: Network Address Translation Explanation Explanation/Reference: A, C, E. You can configure NAT three ways on a Cisco router: static, dynamic, and NAT Overload (PAT). QUESTION 236 When creating a pool of global addresses, which of the following can be used instead of the netmask command? A. B. C. D. / (slash notation) prefix-length no mask block-size Correct Answer: B Section: Network Address Translation Explanation Explanation/Reference: B. Instead of the netmask command, you can use the prefix-lengthlength statement QUESTION 237 Which of the following would be a good starting point for troubleshooting if your router is not translating? A. B. C. D. Reboot Call Cisco Check your interfaces for the correct configuration Run the debug all command Correct Answer: C Section: Network Address Translation Explanation Explanation/Reference: C. In order for NAT to provide translation services, you must have ip nat inside and ip nat outside configured on your router’s interfaces. QUESTION 238 Which of the following would be good reasons to run NAT? (Choose three.) A. B. C. D. You need to connect to the Internet and your hosts don’t have globally unique IP addresses. You change to a new ISP that requires you to renumber your network. You don’t want any hosts connecting to the Internet. You require two intranets with duplicate addresses to merge. Correct Answer: ABD Section: Network Address Translation Explanation Explanation/Reference: A, B, D. The most popular use of NAT is if you want to connect to the Internet and you don’t want hosts to have global (real) IP addresses, but options B and D are correct as well. QUESTION 239 Which of the following is considered to be the inside host’s address after translation? A. B. C. D. Inside local Outside local Inside global Outside global Correct Answer: C Section: Network Address Translation Explanation Explanation/Reference: C. An inside global address is considered to be the IP address of the host on the private network after translation QUESTION 240 Which of the following is considered to be the inside host’s address before translation? A. B. C. D. Inside local Outside local Inside global Outside global Correct Answer: A Section: Network Address Translation Explanation Explanation/Reference: A. An inside local address is considered to be the IP address of the host on the private network before translation QUESTION 241 By looking at the following output, which of the following commands would allow dynamic translations? Router#show ip nat trans Pro Inside global Inside local Outside local Outside global --- 1.1.128.1 10.1.1.1 --- ----- 1.1.130.178 10.1.1.2 --- ----- 1.1.129.174 10.1.1.10 --- ----- 1.1.130.101 10.1.1.89 --- ----- 1.1.134.169 10.1.1.100 --- ----- 1.1.135.174 10.1.1.200 --- --A. B. C. D. ip nat inside source pool todd 1.1.128.1 1.1.135.254 prefix-length 19 ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 19 ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 18 ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 21 Correct Answer: D Section: Network Address Translation Explanation Explanation/Reference: D. What we need to figure out for this question is only the inside global pool. Basically we start at 1.1.128.1 and end at 1.1.135.174; our block size is 8 in the third octet, or /21. Always look for your block size and the interesting octet and you can find your answer every time QUESTION 242 Your inside locals are not being translated to the inside global addresses. Which of the following commands will show you if your inside globals are allowed to use the NAT pool? ip nat pool Corp 198.18.41.129 198.18.41.134 netmask 255.255.255.248 ip nat inside source list 100 int pool Corp overload A. B. C. D. debug ip nat show access-list show ip nat translation show ip nat statistics Correct Answer: B Section: Network Address Translation Explanation Explanation/Reference: B. Once you create your pool, the command ip nat inside source must be used to say which inside locals are allowed to use the pool. In this question we need to see if accesslist 100 is configured correctly, if at all, so show access-list is the best answer. QUESTION 243 Which command would you place on the interface of a private network? A. B. C. D. ip nat inside ip nat outside ip outside global ip inside local Correct Answer: A Section: Network Address Translation Explanation Explanation/Reference: A. You must configure your interfaces before NAT will provide any translations. On the inside network interfaces, you would use the command ip nat inside. On the outside network interfaces, you will use the command ip nat outside. QUESTION 244 Which command would you place on an interface connected to the Internet? A. B. C. D. ip nat inside ip nat outside ip outside global ip inside local Correct Answer: B Section: Network Address Translation Explanation Explanation/Reference: B. You must configure your interfaces before NAT will provide any translations. On the inside networks you would use the command ip nat inside. On the outside network interfaces, you will use the command ip nat outside. QUESTION 245 Port Address Translation is also called what? A. B. C. D. NAT Fast NAT Static NAT Overload Overloading Static Correct Answer: C Section: Network Address Translation Explanation Explanation/Reference: C. Another term for Port Address Translation is NAT Overload because that is the keyword used to enable port address translation. QUESTION 246 What does the asterisk (*) represent in the following output? NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1] A. B. C. D. The packet was destined for a local interface on the router. The packet was translated and fast-switched to the destination. The packet attempted to be translated but failed. The packet was translated but there was no response from the remote host. Correct Answer: B Section: Network Address Translation Explanation Explanation/Reference: B. Fast-switching is used on Cisco routers to create a type of route cache in order to quickly forward packets through a router without having to parse the routing table for every packet. As packets are processed-switched (looked up in the routing table), this information is stored in the cache for later use if needed for faster routing processing. QUESTION 247 Which of the following needs to be added to the configuration to enable PAT? ip nat pool Corp 198.18.41.129 198.18.41.134 netmask 255.255.255.248 access-list 1 permit 192.168.76.64 0.0.0.31 A. B. C. D. ip nat pool inside overload ip nat inside source list 1 pool Corp overload ip nat pool outside overload ip nat pool Corp 198.41.129 net 255.255.255.0 overload Correct Answer: B Section: Network Address Translation Explanation Explanation/Reference: B. Once you create a pool for the inside locals to use to get out to the global Internet, you must configure the command to allow them access to the pool. The ip nat inside source listnumber pool-name overload command has the correct sequence for this question QUESTION 248 Which of the following is true when describing a global unicast address? A. Packets addressed to a unicast address are delivered to a single interface. B. These are your typical publicly routable addresses, just like a regular publicly routable address in IPv4. C. These are like private addresses in IPv4 in that they are not meant to be routed over the Internet. D. These addresses are meant for nonrouting purposes, but they are almost globally unique, so it is unlikely they will have an address overlap. Correct Answer: B Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: B. Unlike unicast addresses, global unicast addresses are meant to be routed. QUESTION 249 Which of the following is true when describing a unicast address? A. Packets addressed to a unicast address are delivered to a single interface. B. These are your typical publicly routable addresses, just like a regular publicly routable address in IPv4. C. These are like private addresses in IPv4 in that they are not meant to be routed. D. These addresses are meant for nonrouting purposes, but they are almost globally unique, so it is unlikely they will have an address overlap. Correct Answer: A Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: A. Packets addressed to a unicast address are delivered to a single interface. For load balancing, multiple interfaces can use the same address. QUESTION 250 Which of the following is true when describing a link-local address? A. Packets addressed to a broadcast address are delivered to a single interface. B. These are your typical publicly routable addresses, just like a regular publicly routable address in IPv4. C. These are like private addresses in IPv4 in that they are not meant to be routed over the Internet. D. These addresses are meant for nonrouting purposes, but they are almost globally unique, so it is unlikely they will have an address overlap. Correct Answer: C Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: C. Link-local addresses are meant for throwing together a temporary LAN for meetings or a small LAN that is not going to be routed but needs to share and access files and services locally QUESTION 251 Which of the following is true when describing a unique local address? A. Packets addressed to a unique local address are delivered to a single interface. B. These are your typical publicly routable addresses, just like a regular publicly routable address in IPv4. C. These are like private addresses in IPv4 in that they are not meant to be routed. D. These addresses are not meant for Internet routing purposes, but they are unique, so it is unlikely they will have an address overlap. Correct Answer: D Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: D. These addresses are meant for nonrouting purposes like link-local, but they are almost globally unique, so it is unlikely they will have an address overlap. Unique local addresses were designed as a replacement for site-local addresses. QUESTION 252 Which of the following is true when describing a multicast address? A. Packets addressed to a multicast address are delivered to a single interface. B. Packets are delivered to all interfaces identified with the address. This is also called a onetomany address. C. A multicast address identifies multiple interfaces and is delivered to only one address. This address can also be called one-to-one-of-many. D. These addresses are meant for nonrouting purposes, but they are almost globally unique, so it is unlikely they will have an address overlap. Correct Answer: B Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: B. Packets addressed to a multicast address are delivered to all interfaces identified with the multicast address, the same as in IPv4. It is also called a one-to-many address. You can always tell a multicast address in IPv6 because multicast addresses always start with FF QUESTION 253 Which of the following is true when describing an anycast address? A. Packets addressed to an anycast address are delivered to a single interface. B. Packets are delivered to all interfaces identified by the address. This is also called a one-tomany address. C. This address identifies multiple interfaces and the anycast packet is only delivered to one device. This address can also be called one-to-one-of-many. D. These addresses are meant for nonrouting purposes, but they are almost globally unique, so it is unlikely they will have an address overlap. Correct Answer: C Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: C. Anycast addresses identify multiple interfaces, which is somewhat similar to multicast addresses; however, the big difference is that the anycast packet is only delivered to one address, the first one it finds defined in the terms of routing distance. This address can also be called onetoone-of-many, or one-to-nearest QUESTION 254 You want to ping the loopback address of your IPv6 local host. What will you type? A. B. C. D. ping 127.0.0.1 ping 0.0.0.0 ping ::1 trace 0.0.::1 Correct Answer: C Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: C. The loopback address with IPv4 is 127.0.0.1. With IPv6, that address is ::1. QUESTION 255 What two multicast addresses does OSPFv3 use? (Choose two.) A. B. C. D. FF02::A FF02::9 FF02::5 FF02::6 Correct Answer: CD Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: C, D. Adjacencies and next-hop attributes now use link-local addresses, and OSPFv3 still uses multicast traffic to send its updates and acknowledgments with the addresses FF02::5 for OSPF routers and FF02::6 for OSPF designated routers. These are the replacements for 224.0.0.5 and 224.0.0.6, respectively. QUESTION 256 An IPv6 hostname Host A is trying to connect to a web page on a remote server. Which of the following is true? (Choose two.) A. A RA would be used by R1 to communicate its layer 2 MAC address to Host A. B. OSPFv2 is used for the routers to share IPv6 routes. C. IPv6 uses a two-part addressing scheme, similar to the way IPv4 uses a network and host portion of an IPv4 address. D. Host A would send the server’s link-local address to the router. Correct Answer: AC Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: A, C. Host A would send an RS to R1, which would respond with an RA, if the host hasn’t already learned this information previously. The host now has the default gateway information it needs to send packets to a remote network. IPv6, like IPv4, has both a network portion and host portion in the IPv6 packet QUESTION 257 A host sends a router solicitation (RS) on the data link. What destination address is sent with this request? A. B. C. D. E. FF02::A FF02::9 FF02::2 FF02::1 FF02::5 Correct Answer: C Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: C. A router solicitation is sent out using the all-routers multicast address of FF02::2. The router can send a router advertisement to all hosts using the FF02::1 multicast address. QUESTION 258 A host sends a type of NDP message providing the MAC address that was requested. Which type of NDP was sent? A. B. C. D. NA RS RA NS Correct Answer: A Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: A. The NDP neighbor advertisement (NA) contains the MAC address. A neighbor solicitation (NS) was initially sent asking for the MAC address. QUESTION 259 To enable OSPFv3, which of the following would you use? A. B. C. D. E. Router(config-if)#ipv6 ospf 10 area 0.0.0.0 Router(config-if)#ipv6 router rip 1 Router(config)#ipv6 router eigrp 10 Router(config-rtr)#no shutdown Router(config-if)#ospf ipv6 10 area 0 Correct Answer: A Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: A. To enable OSPFv3, you enable the protocol at the interface level as with RIPng. The command string is ipv6 ospfprocess-idareaarea-id. QUESTION 260 Which of the following statements about IPv6 addresses are true? (Choose two.) A. B. C. D. Leading zeros are required. Two colons (::) are used to represent successive hexadecimal fields of zeros. Two colons (::) are used to separate fields. A single interface will have multiple IPv6 addresses of different types. Correct Answer: BD Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: B, D. To shorten the written length of an IPv6 address, successive fields of zeros may be replaced by double colons. In trying to shorten the address further, leading zeros may also be removed. Just as with IPv4, a single device’s interface can have more than one address; with IPv6 there are more types of addresses and the same rule applies. There can be link-local, global unicast, multicast, and anycast addresses all assigned to the same interface. QUESTION 261 What two statements about IPv4 and IPv6 addresses are true? (Choose two.) A. B. C. D. An IPv6 address is 32 bits long, represented in hexadecimal. An IPv6 address is 128 bits long, represented in decimal. An IPv4 address is 32 bits long, represented in decimal. An IPv6 address is 128 bits long, represented in hexadecimal. Correct Answer: CD Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: C, D. IPv4 addresses are 32 bits long and are represented in decimal format. IPv6 addresses are 128 bits long and represented in hexadecimal format QUESTION 262 Which of the following descriptions about IPv6 is correct? A. B. C. D. Addresses are not hierarchical and are assigned at random. Broadcasts have been eliminated and replaced with multicasts. There are 2.7 billion addresses. An interface can only be configured with one IPv6 address. Correct Answer: B Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: B. There are no broadcasts with IPv6. Unicast, multicast, anycast, global, and link-local unicast are used. QUESTION 263 How many bits are in an IPv6 address field? A. B. C. D. E. F. 24 4 3 16 32 128 Correct Answer: D Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: D. There are 16 bits (four hex characters) in an IPv6 field. QUESTION 264 Which of the following correctly describe characteristics of IPv6 unicast addressing? (Choose two.) A. B. C. D. A. Global addresses start with 2000::/3. B. Link-local addresses start with FF00::/10. C. Link-local addresses start with FE00:/12. D. There is only one loopback address and it is ::1. Correct Answer: AD Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: A, D. Global addresses start with 2000::/3, link-locals start with FE80::/10, loopback is ::1, and unspecified is just two colons (::). Each interface will have a loopback address automatically configured QUESTION 265 Which of the following statements are true of IPv6 address representation? (Choose two.) A. B. C. D. The first 64 bits represent the dynamically created interface ID. A single interface may be assigned multiple IPv6 addresses of any type. Every IPv6 interface contains at least one loopback address. Leading zeroes in an IPv6 16-bit hexadecimal field are mandatory. Correct Answer: BC Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: B, C. If you verify your IP configuration on your host, you’ll see that you have multiple IPv6 addresses, including a loopback address. The last 64 bits represent the dynamically created interface ID, and leading zeros are not mandatory in a 16-bit IPv6 field. QUESTION 266 Which of the following is true regarding OSPFv3? (Choose three.) A. B. C. D. E. Uses a wildcard to define interfaces Uses a network command under global configuration mode Uses a 32-bit router ID Uses link-state advertisements Uses an interface command to enable OSPF on an Correct Answer: CDE Section: Internet Protocol Version 6 (IPv6) Explanation Explanation/Reference: C, D, E. OSPFv2 does not use the network command under global configuration mode, nor does it use wildcard masks as IPv4 does. However, they can both use the interface command to configure OSPF, use a 32-bit RID, and both use LSAs. QUESTION 267 Which two statements describe the operation of the CSMA/CD access method? (Choose two.) A. In a CSMA/CD collision domain, multiple stations can successfully transmit data simultaneously. B. In a CSMA/CD collision domain, stations must wait until the media is not in use before transmitting. C. The use of hubs to enlarge the size of collision domains is one way to improve the operation of the CSMA/CD access method. D. After a collision, the station that detected the collision has first priority to resend the lost data. E. After a collision, all stations run a random backoff algorithm. When the backoff delay period has expired, all stations have equal priority to transmit data. F. After a collision, all stations involved run an identical backoff algorithm and then synchronize with each other prior to transmitting data. Correct Answer: BE Section: LAN Switching Technologies Explanation Explanation/Reference: Explanation: Ethernet networking uses Carrier Sense Multiple Access with Collision Detect (CSMA/CD), a protocol that helps devices share the bandwidth evenly without having two devices transmit at the same time on the network medium. CSMA/CD was created to overcome the problem of those collisions that occur when packets are transmitted simultaneously from different nodes. And trust me, good collision management is crucial, because when a node transmits in a CSMA/CD network, all the other nodes on the network receive and examine that transmission. Only bridges and routers can effectively prevent a transmission from propagating throughout the entire network! So, how does the CSMA/CD protocol work? Like this: when a host wants to transmit over the network, it first checks for the presence of a digital signal on the wire. If all is clear (no other host is transmitting), the host will then proceed with its transmission. But it doesn't stop there. The transmitting host constantly monitors the wire to make sure no other hosts begin transmitting. If the host detects another signal on the wire, it sends out an extended jam signal that causes all nodes on the segment to stop sending data (think, busy signal). The nodes respond to that jam signal by waiting a while before attempting to transmit again. Backoff algorithms determine when the colliding stations can retransmit. If collisions keep occurring after 15 tries, the nodes attempting to transmit will then time out. QUESTION 268 Which address type does a switch use to make selective forwarding decisions? A. B. C. D. E. source IP address destination IP address source and destination IP address source MAC address destination MAC address Correct Answer: E Section: LAN Switching Technologies Explanation Explanation/Reference: Explanation: Switches analyze the destination MAC to make its forwarding decision since it is a layer 2 device. Routers use the destination IP address to make forwarding decisions. QUESTION 269 On a Cisco switch, which protocol determines if an attached VoIP phone is from Cisco or from another vendor? A. B. C. D. RTP TCP CDP UDP Correct Answer: C Section: Operation of IP Data Networks Explanation Explanation/Reference: Cisco Discovery Protocol (CDP) Reference: http://computernetworkingnotes.com/cisco-devices-administration-and-configuration/cisco-discoveryprotocol.html Explanation: The Cisco Unified IP Phone uses CDP to communicate information such as auxiliary VLAN ID, per port power management details, and Quality of Service (QoS) configuration information with the Cisco Catalyst switch. Cisco Discovery Protocol (CDP) is a proprietary protocol designed by Cisco to help administrators collect information about both locally attached and remote devices. By using CDP, you can gather hardware and protocol information about neighbor devices, which is useful info for troubleshooting the network. CDP messages are generated every 60 seconds as multicast messages on each of its active interfaces. The information shared in a CDP packet about a Cisco device includes the following: Name of the device configured with the hostname command IOS software version Hardware capabilities, such as routing, switching, and/or bridging Hardware platform, such as 2600, 2950, or 1900 The layer-3 address(es) of the device The interface the CDP update was generated on QUESTION 270 A switch receives a frame on one of its ports. There is no entry in the MAC address table for the destination MAC address. What will the switch do with the frame? A. B. C. D. drop the frame forward it out of all ports except the one that received it forward it out of all ports store it until it learns the correct port Correct Answer: B Section: LAN Switching Technologies Explanation Explanation/Reference: QUESTION 271 At which layer of the OSI model does the protocol that provides the information that is displayed by the show cdp neighbors command operate? A. B. C. D. E. application transport network physical data link Correct Answer: E Section: Operation of IP Data Networks Explanation Explanation/Reference: Cisco Discovery Protocol (CDP) Reference: http://computernetworkingnotes.com/cisco-devices-administration-and-configuration/cisco-discoveryprotocol.html Explanation: CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco- manufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols. CDP allows devices to share basic configuration information without even configuring any protocol specific information and is enabled by default on all interfaces. CDP is a Datalink Protocol occurring at Layer 2 of the OSI model. CDP is not routable and can only go over to directly connected devices. CDP is enabled, by default, on all Cisco devices. CDP updates are generated as multicasts every 60 seconds with a hold-down period of 180 seconds for a missing neighbor. The no cdp run command globally disables CDP, while the no cdp enable command disables CDP on an interface. Use show cdp neighbors to list out your directly connected Cisco neighboring devices. Adding the detail parameter will display the layer3 addressing configured on the neighbor. QUESTION 272 Which two characteristics apply to Layer 2 switches? (Choose two.) A. B. C. D. E. increases the number of collision domains decreases the number of collision domains implements VLAN decreases the number of broadcast domains uses the IP address to make decisions for forwarding data packets Correct Answer: AC Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: Layer 2 switches offer a number of benefits to hubs, such as the use of VLANs and each switch port is in its own separate collision domain, thus eliminating collisions on the segment. QUESTION 273 Which two commands will display the current IP address and basic Layer 1 and 2 status of an interface? (Choose two.) A. B. C. D. E. router#show version router#show ip interface router#show protocols router#show controllers router#show running-config Correct Answer: BC Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: Show protocols command displays the status of configured Layer 2 and 3 protocols while show controllers displays statistics for interface hardware layer 1. QUESTION 274 Which two characteristics describe the access layer of the hierarchical network design model? (Choose two.) A. B. C. D. E. layer 3 support port security redundant components VLANs PoE Correct Answer: AB Section: Operation of IP Data Networks Explanation Explanation/Reference: Original answer was "A" and "B" The Hierarchical Network Model Reference 1: http://www.ciscopath.com/content/61/ Reference 2: http://www.mcmcse.com/cisco/guides/hierarchical_model.shtml Explanation: Access layer The main purpose of the access layer is to provide direct connection to devices on the network and controlling which devices are allowed to communicate over it. The access layer interfaces with end devices, such as PCs, printers, and IP phones, to provide access to the rest of the network. The access layer can include routers, switches, bridges, hubs, and wireless access points (AP). Switch features in the Access layer: Port security VLANs Fast Ethernet/Gigabit Ethernet Power over Ethernet (PoE) Link aggregation Quality of Service (QoS) QUESTION 275 What is the purpose of assigning an IP address to a switch? A. B. C. D. provides local hosts with a default gateway address allows remote management of the switch allows the switch to respond to ARP requests between two hosts ensures that hosts on the same LAN can communicate with each other Correct Answer: B Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: Switch is a layer 2 device and doesn't use network layer for packet forwarding. The IP address may be used only for administrative purposes such as Telnet access or for network management purposes. QUESTION 276 Which three statements are true about the operation of a full-duplex Ethernet network? (Choose three.) A. B. C. D. There are no collisions in full-duplex mode. A dedicated switch port is required for each full-duplex node. Ethernet hub ports are preconfigured for full-duplex mode. In a full-duplex environment, the host network card must check for the availability of the network media before transmitting. E. The host network card and the switch port must be capable of operating in full-duplex mode. Correct Answer: ABE Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: Half-duplex Ethernet is defined in the original 802.3 Ethernet and Cisco says you only use one wire pair with a digital signal running in both directions on the wire. It also uses the CSMA/CD protocol to help prevent collisions and to permit retransmitting if a collision does occur. If a hub is attached to a switch, it must operate in half-duplex mode because the end stations must be able to detect collisions. Half-duplex Ethernet--typically 10BaseT--is only about 30 to 40 percent efficient as Cisco sees it, because a large 10BaseT network will usually only give you 3- to 4Mbps--at most. Full-duplex Ethernet uses two pairs of wires, instead of one wire pair like half duplex. Also, full duplex uses a point-to-point connection between the transmitter of the transmitting device and the receiver of the receiving device, which means that with full-duplex data transfer, you get a faster data transfer compared to half duplex. And because the transmitted data is sent on a different set of wires than the received data, no collisions occur. The reason you don't need to worry about collisions is because now Full-duplex Ethernet is like a freeway with multiple lanes instead of the single-lane road provided by half duplex. Full-duplex Ethernet is supposed to offer 100 percent efficiency in both directions; this means you can get 20Mbps with a 10Mbps Ethernet running full duplex, or 200Mbps for FastEthernet. QUESTION 277 What is the subnet address for the IP address 172.19.20.23/28? A. B. C. D. E. 172.19.20.0 172.19.20.15 172.19.20.16 172.19.20.20 172.19.20.32 Correct Answer: C Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: QUESTION 278 What is the subnet address of 172.16.159.159/22? A. B. C. D. E. F. 172.16.0.0 172.16.128.0 172.16.156.0 172.16.159.0 172.16.159.128 172.16.192.0 Correct Answer: C Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: Converting to binary format it comes to 11111111.11111111.11111100.00000000 or 255.255.252.0 Starting with 172.16.0.0 and having increment of 4 we get. 172.16.0-3 172.16.4-7 etc. QUESTION 279 An administrator is working with the 192.168.4.0 network, which has been subnetted with a /26 mask. Which two addresses can be assigned to hosts within the same subnet? (Choose two.) A. B. C. D. E. F. 192.168.4.61 192.168.4.63 192.168.4.67 192.168.4.125 192.168.4.128 192.168.4.132 Correct Answer: CD Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: Only the values of host with 67 and 125 fall within the range of /26 CIDR subnet mask, all others lie beyond it. QUESTION 280 Refer to the exhibit. The internetwork is using subnets of the address 192.168.1.0 with a subnet mask of 255.255.255.224. The routing protocol in use is RIP version 1. Which address could be assigned to the FastEthernet interface on RouterA? A. B. C. D. E. 192.168.1.31 192.168.1.64 192.168.1.127 192.168.1.190 192.168.1.192 Correct Answer: D Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: QUESTION 281 What is the network address for the host with IP address 192.168.23.61/28? A. B. C. D. E. 192.168.23.0 192.168.23.32 192.168.23.48 192.168.23.56 192.168.23.60 Correct Answer: C Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: Convert bit-length prefix to quad-dotted decimal representation, then from it find the number of bits used for subnetting you can find previously calculated number of subnets by separating subnets each having value of last bit used for subnet masking Find that your IP address is in which subnet, that subnet's first address is network address and last address is broadcast address. Based on above steps the answer is option C. QUESTION 282 What is the best practice when assigning IP addresses in a small office of six hosts? A. B. C. D. Use a DHCP server that is located at the headquarters. Use a DHCP server that is located at the branch office. Assign the addresses by using the local CDP protocol. Assign the addresses statically on each node. Correct Answer: D Section: IP Services Explanation Explanation/Reference: Explanation: Its best to use static addressing scheme where the number of systems is manageable rather than use dynamic protocol as it is easy to operate and manage. QUESTION 283 Which two statements describe the IP address 10.16.3.65/23? (Choose two.) A. B. C. D. E. The subnet address is 10.16.3.0 255.255.254.0. The lowest host address in the subnet is 10.16.2.1 255.255.254.0. The last valid host address in the subnet is 10.16.2.254 255.255.254.0 The broadcast address of the subnet is 10.16.3.255 255.255.254.0. The network is not subnetted. Correct Answer: BD Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: The mask 255.255.254.0 (/23) used with a Class A address means that there are 15 subnet bits and 9 host bits. The block size in the third octet is 2 (256 - 254). So this makes the subnets in 0, 2, 4, 6, etc., all the way to 254. The host 10.16.3.65 is in the 2.0 subnet. The next subnet is 4.0, so the broadcast address for the 2.0 subnet is 3.255. The valid host addresses are 2.1 through 3.254 QUESTION 284 Given a Class C IP address subnetted with a /30 subnet mask, how many valid host IP addresses are available on each of the subnets? A. B. C. D. E. F. 1 2 4 8 252 254 Correct Answer: B Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: /30 CIDR corresponds to mask 55.255.255.252 whose binary is 11111100 which means 6 subnet bits and 2 host bits which means 62 subnets and 2 hosts per subnet. QUESTION 285 Which one of the following IP addresses is the last valid host in the subnet using mask 255.255.255.224? A. B. C. D. E. 192.168.2.63 192.168.2.62 192.168.2.61 192.168.2.60 192.168.2.32 Correct Answer: B Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: With the 224 there are 8 networks with increments of 32 One of these is 32 33 62 63 where 63 is broadcast so 62 is last valid host out of given choices. QUESTION 286 An administrator is in the process of changing the configuration of a router. What command will allow the administrator to check the changes that have been made prior to saving the new configuration? A. B. C. D. E. F. Router# show startup-config Router# show current-config Router# show running-config Router# show memory Router# show flash Router# show processes Correct Answer: C Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: This command followed by the appropriate parameter will show the running configuration hence the admin will be able to see what changes have been made, and then they can be saved. QUESTION 287 Which statements accurately describe CDP? (Choose three.) A. B. C. D. E. F. CDP is an IEEE standard protocol. CDP is a Cisco proprietary protocol. CDP is a datalink layer protocol. CDP is a network layer protocol. CDP can discover directly connected neighboring Cisco devices. CDP can discover Cisco devices that are not directly connected. Correct Answer: BCE Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: CDP (Cisco Discovery Protocol) is a proprietary protocol designed by Cisco to help administrators collect information about both locally attached and remote devices. By using CDP, you can gather hardware and protocol information about neighbor devices containing useful info for troubleshooting and documenting the network. QUESTION 288 On a live network, which commands will verify the operational status of router interfaces? (Choose two.) A. B. C. D. E. Router# show interfaces Router# show ip protocols Router# debug interface Router# show ip interface brief Router# show start Correct Answer: AD Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: Both these commands will show the current status of the interfaces, either in show or debug mode both will display the information. QUESTION 289 Which router command will configure an interface with the IP address 10.10.80.1/19? A. router(config-if)# ip address 10.10.80.1/19 B. C. D. E. F. router(config-if)# ip address 10.10.80.1 255.255.0.0 router(config-if)# ip address 10.10.80.1 255.255.255.0 router(config-if)# ip address 10.10.80.1 255.255.224.0 router(config-if)# ip address 10.10.80.1 255.255.240.0 router(config-if)# ip address 10.10.80.1 255.255.255.240 Correct Answer: D Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: 255.255.224 equal /19 in CIDR format hence the answer. QUESTION 290 Refer to the exhibit. The two routers have had their startup configurations cleared and have been restarted. At a minimum, what must the administrator do to enable CDP to exchange information between R1 and R2? A. B. C. D. Configure the router with the cdp enable command. Enter no shutdown commands on the R1 and R2 fa0/1 interfaces. Configure IP addressing and no shutdown commands on both the R1 and R2 fa0/1 interfaces. Configure IP addressing and no shutdown commands on either of the R1 or R2 fa0/1 interfaces. Correct Answer: B Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: If the shut down commands are not entered, then CDP can exchange information between the two routers, else it would fail. QUESTION 291 What two things does a router do when it forwards a packet? (Choose two.) A. B. C. D. E. switches the packet to the appropriate outgoing interfaces computes the destination host address determines the next hop on the path updates the destination IP address forwards ARP requests Correct Answer: AC Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: Without following these two processes namely switching the packet to appropriate interface and telling the packet where to go by providing it with a destination IP address, the purpose of the same would not be solved. QUESTION 292 Which two of these functions do routers perform on packets? (Choose two.) A. examine the Layer 2 headers of inbound packets and use that information to determine the next hops for the packets B. update the Layer 2 headers of outbound packets with the MAC addresses of the next hops C. examine the Layer 3 headers of inbound packets and use that information to determine the next hops for the packets D. examine the Layer 3 headers of inbound packets and use that information to determine the complete paths along which the packets will be routed to their ultimate destinations E. update the Layer 3 headers of outbound packets so that the packets are properly directed to valid next hops F. update the Layer 3 headers of outbound packets so that the packets are properly directed to their ultimate destinations Correct Answer: BC Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: This is the basic function of the router to receive incoming packets and then forward them to their required destination. This is done by reading layer 3 headers of inbound packets and update the info to layer 2 for further hopping. QUESTION 293 Which statements are true regarding ICMP packets? (Choose two.) A. B. C. D. E. They acknowledge receipt of TCP segments. They guarantee datagram delivery. TRACERT uses ICMP packets. They are encapsulated within IP datagrams. They are encapsulated within UDP datagrams. Correct Answer: CD Section: Operation of IP Data Networks Explanation Explanation/Reference: QUESTION 294 The command ip route 192.168.100.160 255.255.255.224 192.168.10.2 was issued on a router. No routing protocols or other static routes are configured on the router. Which statement is true about this command? A. The interface with IP address 192.168.10.2 is on this router. B. The command sets a gateway of last resort for the router. C. Packets that are destined for host 192.168.100.160 will be sent to 192.168.10.2. D. The command creates a static route for all IP traffic with the source address 192.168.100.160. Correct Answer: C Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: 160 it's actually network address of /27 so any address within the range of 160 network will be sent to 192.168.10.2 QUESTION 295 What does administrative distance refer to? A. B. C. D. the cost of a link between two neighboring routers the advertised cost to reach a network the cost to reach a network that is administratively set a measure of the trustworthiness of a routing information source Correct Answer: D Section: IP Routing Technologies Explanation Explanation/Reference: What Is Administrative Distance? Reference: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094195.shtml Explanation: Administrative distance is the feature that routers use in order to select the best path when there are two or more different routes to the same destination from two different routing protocols. Administrative distance defines the reliability of a routing protocol. Each routing protocol is prioritized in order of most to least reliable (believable) with the help of an administrative distance value. Explanation 2: Administrative distance is the first criterion that a router uses to determine which routing protocol to use if two protocols provide route information for the same destination. Administrative distance is a measure of the trustworthiness of the source of the routing information. The smaller the administrative distance value, the more reliable the protocol. QUESTION 296 Which IOS command is used to initiate a login into a VTY port on a remote router? A. B. C. D. E. F. router# login router# telnet router# trace router# ping router(config)# line vty 0 5 router(config-line)# login Correct Answer: B Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: VTY ports are telnet ports hence command B will initiate login or connection to the telnet port. QUESTION 297 In the configuration of NAT, what does the keyword overload signify? A. B. C. D. When bandwidth is insufficient, some hosts will not be allowed to access network translation. The pool of IP addresses has been exhausted. Multiple internal hosts will use one IP address to access external network resources. If the number of available IP addresses is exceeded, excess traffic will use the specified address pool. Correct Answer: C Section: IP Services Explanation Explanation/Reference: Configuring Basic NAT with overloading Reference: http://evilrouters.net/2009/07/09/configuring-basic-nat-with-overloading/ Explanation: Overloading (having multiple clients all NAT’d to the same IP address) is probably the most common implementation (especially for those of us who run NAT on a Cisco box at home!). QUESTION 298 What happens when computers on a private network attempt to connect to the Internet through a Cisco router running PAT? http://www.gratisexam.com/ A. B. C. D. The router uses the same IP address but, a different TCP source port number for each connection. An IP address is assigned based on the priority of the computer requesting the connection. The router selects an address from a pool of one-to-one address mappings held in the lookup table. The router assigns a unique IP address from a pool of legally registered addresses for the duration of the connection. Correct Answer: A Section: IP Services Explanation Explanation/Reference: Configuring Static PAT Reference: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_staticpat.html Explanation: Static PAT translations allow a specific UDP or TCP port on a global address to be translated to a specific port on a local address. That is, both the address and the port numbers are translated. Static PAT is the same as static NAT, except that it enables you to specify the protocol (TCP or UDP) and port for the real and mapped addresses. Static PAT enables you to identify the same mapped address across many different static statements, provided that the port is different for each statement. You cannot use the same mapped address for multiple static NAT statements. Explanation 2: Port Address Translation makes the PC connect to the Internet but using different TCP source port. QUESTION 299 When configuring NAT, the Internet interface is considered to be what? A. B. C. D. local inside global outside Correct Answer: D Section: IP Services Explanation Explanation/Reference: Explanation: Network address translation or NAT requires the Internet to be considered as an outside interface else it won't serve the purpose it intends to. QUESTION 300 The ip helper-address command does what? A. B. C. D. assigns an IP address to a host resolves an IP address from a DNS server relays a DHCP request across networks resolves an IP address overlapping issue Correct Answer: C Section: IP Services Explanation Explanation/Reference: Reference: http://cisconet.com/tcpip/dhcp/107-how-to-use-ip-helper-address-to-connect-remote-dhcp-server.html Explanation: When the DHCP client sends the DHCP request packet, it doesn't have an IP address. So it uses the allzeroes address, 0.0.0.0, as the IP source address. And it doesn't know how to reach the DHCP server, so it uses a general broadcast address, 255.255.255.255, for the destination. So the router must replace the source address with its own IP address, for the interface that received the request. And it replaces the destination address with the address specified in the ip helper- address command. The client device's MAC address is included in the payload of the original DHCP request packet, so the router doesn't need to do anything to ensure that the server receives this information. QUESTION 301 Refer to the exhibit. The network administrator made the entries that are shown and then saved the configuration. From a console connection, what password or password sequence is required for the administrator to access privileged mode on Router1? A. B. C. D. E. F. cisco sanfran sanjose either cisco or sanfran either cisco or sanjose sanjose and sanfran Correct Answer: B Section: Network Device Security Explanation Explanation/Reference: Explanation: The enable secret password takes precedence over the enable password, so sanfran will be used. QUESTION 302 The following commands are entered on the router: Burbank(config)# enable secret fortress Burbank(config)# line con 0 Burbank(config-line)# login Burbank(config-line)# password n0way1n Burbank(config-line)# exit Burbank(config)# service password-encryption What is the purpose of the last command entered? A. to require the user to enter an encrypted password during the login process B. to prevent the vty, console, and enable passwords from being displayed in plain text in the configuration files C. to encrypt the enable secret password D. to provide login encryption services between hosts attached to the router Correct Answer: B Section: Network Device Security Explanation Explanation/Reference: QUESTION 303 What is the effect of using the service password-encryption command? A. B. C. D. E. Only the enable password will be encrypted. Only the enable secret password will be encrypted. Only passwords configured after the command has been entered will be encrypted. It will encrypt the secret password and remove the enable secret password from the configuration. It will encrypt all current and future passwords. Correct Answer: E Section: Network Device Security Explanation Explanation/Reference: Explanation: Encryption further adds a level of security to the system as anyone having access to the database of passwords cannot reverse the process of encryption to know the actual passwords which isn't the case if the passwords are stored simply. QUESTION 304 An administrator has connected devices to a switch and for security reasons, wants the dynamically learned MAC addresses from the address table added to the running configuration. What must be done to accomplish this? A. B. C. D. Enable port security and use the keyword sticky. Set the switchport mode to trunk and save the running configuration. Use the switchport protected command to have the MAC addresses added to the configuration. Use the no switchport port-security command to allow MAC addresses to be added to the configuration. Correct Answer: A Section: Network Device Security Explanation Explanation/Reference: Port Security with Sticky MAC Addresses Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.pdf Explanation: Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition. If you enter a write memory or copy running-config startup-config command, then port security with sticky MAC addresses saves dynamically learned MAC addresses in the startup-config file and the port does not have to learn addresses from ingress traffic after bootup or a restart. Explanation2: One can configure MAC addresses to be sticky. These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, the interface does not need to dynamically relearn them when the switch restarts, hence enabling security as desired. QUESTION 305 A company has placed a networked PC in a lobby so guests can have access to the corporate directory. A security concern is that someone will disconnect the directory PC and re-connect their laptop computer and have access to the corporate network. For the port servicing the lobby, which three configuration steps should be performed on the switch to prevent this? (Choose three.) A. B. C. D. E. F. G. Enable port security. Create the port as a trunk port. Create the port as an access port. Create the port as a protected port. Set the port security aging time to 0. Statically assign the MAC address to the address table. Configure the switch to discover new MAC addresses after a set time of inactivity. Correct Answer: ACF Section: Network Device Security Explanation Explanation/Reference: Explanation: If port security is enabled and the port is only designated as access port, and finally static MAC address is assigned, it ensures that even if a physical connection is done by taking out the directory PC and inserting personal laptop or device, the connection cannot be made to the corporate network, hence ensuring safety. QUESTION 306 Why would a network administrator configure port security on a switch? A. B. C. D. to prevent unauthorized Telnet access to a switch port to prevent unauthorized hosts from accessing the LAN to limit the number of Layer 2 broadcasts on a particular switch port block unauthorized access to the switch management interfaces Correct Answer: B Section: Network Device Security Explanation Explanation/Reference: Explanation: You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the workstation attached to that port is assured the full bandwidth of the port. If a port is configured as a secure port and the maximum number of secure MAC addresses is reached, when the MAC address of a station attempting to access the port is different from any of the identified secure MAC addresses, a security violation occurs. Also, if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged. QUESTION 307 How can you ensure that only the MAC address of a server is allowed by switch port Fa0/1? A. B. C. D. Configure port Fa0/1 to accept connections only from the static IP address of the server. Configure the server MAC address as a static entry of port security. Use a proprietary connector type on Fa0/1 that is incomputable with other host connectors. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address. Correct Answer: B Section: Network Device Security Explanation Explanation/Reference: Explanation: When the MAC address is configured as static entry, no other address is allowed. QUESTION 308 Which IP addresses are valid for hosts belonging to the 10.1.160.0/20 subnet? (Choose three.) A. B. C. D. E. F. 10.1.168.0 10.1.176.1 10.1.174.255 10.1.160.255 10.1.160.0 10.1.175.255 Correct Answer: ACD Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: All IP address in IP ranges between : 10.1.160.1 and 10.1.175.254 are valid as shown below Address: 10.1.160.0 00001010.00000001.1010 0000.00000000 Netmask:255.255.240.0 = 2011111111.11111111.1111 0000.00000000 Wildcard:0.0.15.25500000000.00000000.0000 1111.11111111 Which implies that Network: 10.1.160.0/20 00001010.00000001.1010 0000.00000000 HostMin:10.1.160.100001010.00000001.1010 0000.00000001 HostMax:10.1.175.25400001010.00000001.1010 1111.11111110 Broadcast:10.1.175.25500001010.00000001.1010 1111.11111111 QUESTION 309 If a host experiences intermittent issues that relate to congestion within a network while remaining connected, what could cause congestion on this LAN? A. B. C. D. half-duplex operation broadcast storms network segmentation multicasting Correct Answer: B Section: Troubleshooting Explanation Explanation/Reference: Explanation: A broadcast storm can consume sufficient network resources so as to render the network unable to transport normal traffic. QUESTION 310 Given an IP address of 192.168.1.42 255.255.255.248, what is the subnet address? A. 192.168.1.8/29 B. 192.168.1.32/27 C. 192.168.1.40/29 D. 192.168.1.16/28 E. 192.168.1.48/29 Correct Answer: C Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: 248 mask uses 5 bits (1111 1000) 42 IP in binary is (0010 1010) The base subnet therefore is the lowest binary value that can be written without changing the output of an AND operation of the subnet mask and IP ... 1111 1000 AND 0010 1010 equals 0010 1000 - which is .40 /24 is standard class C mask. adding the 5 bits from the .248 mask gives /29 QUESTION 311 Which OSI layer header contains the address of a destination host that is on another network? A. B. C. D. E. F. application session transport network data link physical Correct Answer: D Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: Only network address contains this information. To transmit the packets the sender uses network address and datalink address. But the layer 2 address represents just the address of the next hop device on the way to the sender. It is changed on each hop. Network address remains the same. QUESTION 312 Which layer of the TCP/IP stack combines the OSI model physical and data link layers? A. B. C. D. Internet layer transport layer application layer network access layer Correct Answer: D Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: The Internet Protocol Suite, TCP/IP, is a suite of protocols used for communication over the internet. The TCP/IP model was created after the OSI 7 layer model for two major reasons. First, the foundation of the Internet was built using the TCP/IP suite and through the spread of the World Wide Web and Internet, TCP/ IP has been preferred. Second, a project researched by the Department of Defense (DOD) consisted of creating the TCP/IP protocols. The DOD's goal was to bring international standards which could not be met by the OSI model. Since the DOD was the largest software consumer and they preferred the TCP/IP suite, most vendors used this model rather then the OSI. Below is a side by side comparison of the TCP/IP and OSI models. QUESTION 313 Which protocol uses a connection-oriented service to deliver files between end systems? A. B. C. D. E. TFTP DNS FTP SNMP RIP Correct Answer: C Section: Operation of IP Data Networks Explanation Explanation/Reference: QUESTION 314 Which network device functions only at Layer 1 of the OSI model? A. B. C. D. E. Correct Answer: A Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: Most hubs are amplifying the electrical signal; therefore, they are really repeaters with several ports. Hubs and repeaters are Layer 1 (physical layer) devices. QUESTION 315 Which transport layer protocol provides best-effort delivery service with no acknowledgment receipt required? A. B. C. D. E. HTTP IP TCP Telnet UDP Correct Answer: E Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: UDP provides a connectionless datagram service that offers best-effort delivery, which means that UDP does not guarantee delivery or verify sequencing for any datagrams. A source host that needs reliable communication must use either TCP or a program that provides its own sequencing and acknowledgment services. QUESTION 316 Which layer of the OSI model controls the reliability of communications between network devices using flow control, sequencing and acknowledgments? A. Physical B. Data-link C. Transport D. Network Correct Answer: C Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: QUESTION 317 Drag and Drop Question Drag the appropriate command on the left to the configuration task it accomplishes. (Not all options are used) Select and Place: Correct Answer: Section: Network Device Security Explanation Explanation/Reference: QUESTION 318 Drag and Drop Question Various protocols are listed to the left. On the right are applications for the use of those protocols. Drag the protocol on the left to an associated function for that protocol on the right. (Not all options are used) Select and Place: Correct Answer: Section: IP Services Explanation Explanation/Reference: QUESTION 319 Drag and Drop Question Move a protocol or service on the left to a situation on the right where it would be used. (Not all options are used) Select and Place: Correct Answer: Section: IP Services Explanation Explanation/Reference: QUESTION 320 Drag and Drop Question Drag the definition the left to the correct term on the right. (Not all options are used) Select and Place: Correct Answer: Section: IP Services Explanation Explanation/Reference: QUESTION 321 Drag and Drop Question On the left are various network protocols. On the right are the layers of the TCP/IP model. Assuming a reliable connection is required, move the protocols on the left to the TCP/IP layers on the right to show the proper encapsulation for an email message sent by a host on the LAN. (Not all options are used) Select and Place: Correct Answer: Section: IP Services Explanation Explanation/Reference: QUESTION 322 An administrator must assign static IP addresses to the servers in a network. For network 192.168.20.24/29, the router is assigned the first usable host address while the sales server is given the last usable host address. Which of the following should be entered into the IP properties box for the sales server? A. IP address: 192.168.20.14 Subnet Mask: 255.255.255.248 Default Gateway: 192.168.20.9 B. IP address: 192.168.20.254 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.20.1 C. IP address: 192.168.20.30 Subnet Mask: 255.255.255.248 Default Gateway: 192.168.20.25 D. IP address: 192.168.20.30 Subnet Mask: 255.255.255.240 Default Gateway: 192.168.20.17 E. IP address: 192.168.20.30 Subnet Mask: 255.255.255.240 Default Gateway: 192.168.20.25 Correct Answer: C Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: QUESTION 323 What is the default administrative distance of the OSPF routing protocol? A. B. C. D. E. F. 90 100 110 120 130 170 Correct Answer: C Section: IP Routing Technologies Explanation Explanation/Reference: Default Distance Value Table This table lists the administrative distance default values of the protocols that Cisco supports: * If the administrative distance is 255, the router does not believe the source of that route and does not install the route in the routing table. QUESTION 324 After the network has converged, what type of messaging, if any, occurs between R3 and R4? A. B. C. D. No messages are exchanged Hellos are sent every 10 seconds. The full database from each router is sent every 30 seconds. The routing table from each router is sent every 60 seconds. Correct Answer: B Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: HELLO messages are used to maintain adjacent neighbors so even when the network is converged, hellos are still exchanged. On broadcast and point-to-point links, the default is 10 seconds, on NBMA the default is 30 seconds. Although OSPF is a link-state protocol the full database from each router is sent every 30 minutes (not seconds) therefore, C and D are not correct. QUESTION 325 R1 is configured with the default configuration of OSPF. From the following list of IP addresses configured on R1, which address will the OSPF process select as the router ID? A. B. C. D. 192.168.0.1 172.16.1.1 172.16.2.1 172.16.2.225 Correct Answer: A Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: The Router ID (RID) is an IP address used to identify the router and is chosen using the following sequence: + The highest IP address assigned to a loopback (logical) interface. + If a loopback interface is not defined, the highest IP address of all active router's physical interfaces will be chosen. + The router ID can be manually assigned In this case, because a loopback interface is not configured so the highest active IP address 192.168.0.1 is chosen as the router ID. QUESTION 326 R1 is unable to establish an OSPF neighbor relationship with R3. What are possible reasons for this problem? (Choose two) A. All of the routers need to be configured for backbone Area 1. B. R1 and R2 are the DR and BDR, so OSPF will not establish neighbor adjacency with R3. C. A static route has been configured from R1 to R3 and prevents the neighbor adjacency from being established. D. The hello and dead interval timers are not set to the same values on R1 and R3. E. EIGRP is also configured on these routers with a lower administrative distance. F. R1 and R3 are configured in different areas. Correct Answer: DF Section: Troubleshooting Explanation Explanation/Reference: Same as Q105 Explanation: To become OSPF neighbors, routers must meet these requirements: Hello interval, Dead interval and AREA number -> D and F are correct. QUESTION 327 What information does a router running a link-state protocol use to build and maintain its topological database? (Choose two) A. B. C. D. E. F. hello packets SAP messages sent by other routers LSAs from other routers beacons received on point-to-point links routing tables received from other link-state routers TTL packets from designated routers Correct Answer: AC Section: IP Routing Technologies Explanation Explanation/Reference: Link State Routing Protocols Reference 1: http://www.ciscopress.com/articles/article.asp?p=24090&seqNum=4 Explanation: Link state protocols, sometimes called shortest path first or distributed database protocols, are built around a well-known algorithm from graph theory, E. W. Dijkstra'a shortest path algorithm. Examples of link state routing protocols are: Open Shortest Path First (OSPF) for IP The ISO's Intermediate System to Intermediate System (IS-IS) for CLNS and IP DEC's DNA Phase V Novell's NetWare Link Services Protocol (NLSP) Although link state protocols are rightly considered more complex than distance vector protocols, the basic functionality is not complex at all: 1. Each router establishes a relationship—an adjacency—with each of its neighbors. 2. Each router sends link state advertisements (LSAs), some 3. Each router stores a copy of all the LSAs it has seen in a database. If all works well, the databases in all routers should be identical. 4. The completed topological database, also called the link state database, describes a graph of the internetwork. Using the Dijkstra algorithm, each router calculates the shortest path to each network and enters this information into the route table. OSPF Tutorial Reference 2: http://www.9tut.com/ospf-routing-protocol-tutorial QUESTION 328 ROUTER# show ip route 192.168.12.0/24 is variably subnetted, 9 subnets, 3 masks C 192.168.12.64 /28 is directly connected, Loopback1 C 192.168.12.32 /28 is directly connected, Ethernet0 C 192.168.12.48 /28 is directly connected, Loopback0 O 192.168.12.236 /30 [110/128] via 192.168.12.233, 00:35:36, Serial0 C 192.168.12.232 /30 is directly connected, Serial0 O 192.168.12.245 /30 [110/782] via 192.168.12.233, 00:35:36, Serial0 O 192.168.12.240 /30 [110/128] via 192.168.12.233, 00:35:36, Serial0 O 192.168.12.253 /30 [110/782] via 192.168.12.233, 00:35:37, Serial0 O 192.168.12.249 /30 [110/782] via 192.168.12.233, 00:35:37, Serial0 O 192.168.12.240/30 [110/128] via 192.168.12.233, 00:35:36, Serial 0 To what does the 128 refer to in the router output above? A. OSPF cost B. OSPF priority C. OSPF hop count D. OSPF ID number E. OSPF administrative distance Correct Answer: A Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: The first parameter is the Administrative Distance of OSPF (110) while the second parameter is the cost of OSPF. QUESTION 329 Which of the following describe the process identifier that is used to run OSPF on a router? (Choose two) A. B. C. D. E. It is locally significant. It is globally significant. It is needed to identify a unique instance of an OSPF database. It is an optional parameter required only if multiple OSPF processes are running on the router. All routers in the same OSPF area must have the same process ID if they are to exchange routing information. Correct Answer: AC Section: IP Routing Technologies Explanation Explanation/Reference: Reference: https://learningnetwork.cisco.com/thread/6248 They are locally significant only, and have no bearing on the structure of any OSPF packet or LSA update. So you can have a separate process-id on every single router in your network if you so desire! QUESTION 330 Open Shortest Path First (OSPF) is a routing protocol developed for Internet Protocol (IP) networks by the Interior Gateway Protocol (IGP) working group of the Internet Engineering Task Force (IETF). What is the default administrative distance of the OSPF routing protocol? A. B. C. D. E. F. 90 100 110 20 130 170 Correct Answer: C Section: IP Routing Technologies Explanation Explanation/Reference: Default Distance Value Table This table lists the administrative distance default values of the protocols that Cisco supports: * If the administrative distance is 255, the router does not believe the source of that route and does not install the route in the routing table. QUESTION 331 Which address are OSPF hello packets addressed to on point-to-point networks? A. B. C. D. E. 224.0.0.5 172.16.0.1 192.168.0.5 223.0.0.1 254.255.255.255 Correct Answer: A Section: IP Routing Technologies Explanation Explanation/Reference: Why Does the show ip ospf neighbor Command Reveal Neighbors in the Init State? Reference: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f11.shtml Explanation: OSPF hello packets have a destination address of 224.0.0.5 (the all ospf routers multicast address). QUESTION 332 Which statements describe the routing protocol OSPF? (Choose three) A. It supports VLSM. B. It is used to route between autonomous systems. C. It confines network instability to one area of the network. D. It increases routing overhead on the network. E. It allows extensive control of routing updates. F. It is simpler to configure than RIP v2. Correct Answer: ACE Section: IP Routing Technologies Explanation Explanation/Reference: OSPF Tutorial Reference: http://www.9tut.com/ospf-routing-protocol-tutorial Explanation: Routing overhead is the amount of information needed to describe the changes in a dynamic network topology. All routers in an OSPF area have identical copies of the topology database and the topology database of one area is hidden from the rest of the areas to reduce routing overhead because fewer routing updates are sent and smaller routing trees are computed and maintained (allow extensive control of routing updates and confine network instability to one area of the network). QUESTION 333 How does a switch differ from a hub? A. B. C. D. E. A switch does not induce any latency into the frame transfer time. A switch tracks MAC addresses of directly-connected devices. A switch operates at a lower, more efficient layer of the OSI model. A switch decreases the number of broadcast domains. A switch decreases the number of collision domains. Correct Answer: B Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: Some of the features and functions of a switch include: A switch is essentially a fast, multi-port bridge, which can contain dozens of ports. Rather than creating two collision domains, each port creates its own collision domain. In a network of twenty nodes, twenty collision domains exist if each node is plugged into its own switch port. If an uplink port is included, one switch creates twenty-one single-node collision domains. A switch dynamically builds and maintains a ContentAddressable Memory (CAM) table, holding all of the necessary MAC information for each port. For a detailed description of how switches operate, and their key differences to hubs. QUESTION 334 What must occur before a workstation can exchange HTTP packets with a web server? A. B. C. D. E. F. A UDP connection must be established between the workstation and its default gateway. A UDP connection must be established between the workstation and the web server. A TCP connection must be established between the workstation and its default gateway. A TCP connection must be established between the workstation and the web server. An ICMP connection must be established between the workstation and its default gateway. An ICMP connection must be established between the workstation and the web server. Correct Answer: D Section: Operation of IP Data Networks Explanation Explanation/Reference: Common TCP/IP Ports Reference: http://pentestlab.wordpress.com/2012/03/05/common-tcpip-ports/ Explanation: HTTP uses TCP port 80. QUESTION 335 How does TCP differ from UDP? (Choose two.) A. B. C. D. E. TCP provides best effort delivery. TCP provides synchronized communication. TCP segments are essentially datagrams. TCP provides sequence numbering of packets. TCP uses broadcast delivery. Correct Answer: BD Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: TCP differs from UDP in the following ways: UDP provides best effort delivery. TCP provides synchronized communication. UDP segments are essentially datagrams. TCP provides sequence numbering of packets. UDP uses broadcast delivery. +-------------+----------------------------------+ | Application | Telnet, FTP, etc | +-------------+----------------------------------+ | Transport | TCP, UDP | +-------------+----------------------------------+ | Network | IP, ICMP | +-------------+----------------------------------+ | Physical | drivers, interface card | +-------------+----------------------------------+ QUESTION 336 A workstation has just resolved a browser URL to the IP address of a server. What protocol will the workstation now use to determine the destination MAC address to be placed into frames directed toward the server? A. B. C. D. E. HTTP DNS DHCP RARP ARP Correct Answer: E Section: Operation of IP Data Networks Explanation Explanation/Reference: Explanation: The RARP protocol is used to translate hardware interface addresses to protocol addresses. The RARP message format is very similar to the ARP format. When the booting computer sends the broadcast ARP request, it places its own hardware address in both the sending and receiving fields in the encapsulated ARP data packet. The RARP server will fill in the correct sending and receiving IP addresses in its response to the message. This way the booting computer will know its IP address when it gets the message from the RARP server. QUESTION 337 The network manager has requested a 300-workstation expansion of the network. The workstations are to be installed in a single broadcast domain, but each workstation must have its own collision domain. The expansion is to be as cost-effective as possible while still meeting the requirements. Which three items will adequately fulfill the request? (Choose three). A. B. C. D. E. F. one IP subnet with a mask of 255.255.254.0 two IP subnets with a mask of 255.255.255.0 seven 48-port hubs seven 48-port switches one router interface seven router interfaces Correct Answer: ADE Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: of 255.255.254.0 can absorb 510 hosts being 23 bits mask and also 7*48 port switches can handle this much hosts and router interface is required to be minimum to avoid unnecessary wastage hence the answers. QUESTION 338 What are two common TCP applications? (Choose two.) A. B. C. D. E. TFTP SMTP SNMP FTP DNS Correct Answer: BD Section: Operation of IP Data Networks Explanation Explanation/Reference: Common TCP/IP Ports Reference: http://pentestlab.wordpress.com/2012/03/05/common-tcpip-ports/ Explanation: SMTP uses TCP port 25, while FTP uses TCP ports 20 and 21. QUESTION 339 Which two options will help to solve the problem of a network that is suffering a broadcast storm? (Choose two.) A. B. C. D. E. a bridge a router a hub a Layer 3 switch an access point Correct Answer: BD Section: LAN Switching Technologies Explanation Explanation/Reference: Explanation: Routers and layer 3 switches will not propagate broadcast traffic beyond the local segment, so the use of these devices is the best method for eliminating broadcast storms. QUESTION 340 What does a host on an Ethernet network do when it is creating a frame and it does not have the destination address? A. B. C. D. drops the frame sends out a Layer 3 broadcast message sends a message to the router requesting the address sends out an ARP request with the destination IP address Correct Answer: D Section: LAN Switching Technologies Explanation Explanation/Reference: Explanation: Understanding this concept is prime for understanding that when switch receives the data frame from the host not having the MAC address already in the MAC table, it will add the MAC address to the source port on the MAC address table and sends the data frame. If the switch already has the MAC address in it's table for the destination, it will forward the frame directly to the destination port. If it was not already in it's MAC table, then they frame would have been flooded out all ports except for the port that it came from. QUESTION 341 A switch has 48 ports and 4 VLANs. How many collision and broadcast domains exist on the switch (collision, broadcast)? A. B. C. D. E. 4, 48 48, 4 48, 1 1, 48 4, 1 Correct Answer: B Section: LAN Switching Technologies Explanation Explanation/Reference: Explanation: A switch uses a separate collision domain for each port, and each VLAN is a separate broadcast domain. QUESTION 342 Some routers have been configured with default routes. What are some of the advantages of using default routes? (Choose two) A. B. C. D. E. They establish routes that will never go down. They keep routing tables small. They require a great deal of CPU power. They allow connectivity to remote networks that are not in the routing table They direct traffic from the internet into corporate networks. Correct Answer: BD Section: IP Routing Technologies Explanation Explanation/Reference: Cisco administration 101: What you need to know about default routes Reference: http://www.techrepublic.com/article/cisco-administration-101-what-you-need-to-know-about-default-routes/ QUESTION 343 Refer to the exhibit. After the power-on-self test (POST), the system LED of a Cisco 2950 switch turns amber. What is the status of the switch? A. The POST was successful. B. The switch has a problem with the internal power supply and needs an external power supply to be attached. C. POST failed and there is a problem that prevents the operating system from being loaded. D. The switch has experienced an internal problem but data can still be forwarded at a slower rate. E. The switch passed POST, but all the switch ports are busy. Correct Answer: C Section: Troubleshooting Explanation Explanation/Reference: Troubleshoot and Understand POST Failure Messages Reference: http://www.cisco.com/en/US/products/hw/switches/ps607/products_tech_note09186a0080125913.shtml Explanation: Each time you power up the switch, eight Power-On Self Tests (POSTs) run automatically. POSTs check the most important system components before the switch begins to forward packets. When the switch begins the POST, the port status LEDs display amber for two seconds, and then display green. As each test runs, the port status LEDs go out. 1x is the first to go out. The port status LEDs for ports 2x through 8x go out sequentially as the system completes a test. When the POST completes successfully, the port status LEDs go out. This indicates that the switch is operational. If a test fails, the port status LED associated with the test displays amber. The system LED also displays amber. Note: From Cisco IOS Software Release 11.2(8.5)SA6 onwards, the port and system LEDs both remain amber after a POST failure. In the earlier Cisco IOS Software Releases, only the LEDs of failed linked ports remained amber. QUESTION 344 Refer to the exhibit. PC1 pings PC2. What three things will CORE router do with the data that is received from PC1? (Choose three.) A. The data frames will be forwarded out interface FastEthernet0/1 of CORE router. B. The data frames will be forwarded out interface FastEthernet1/0 of CORE router. C. CORE router will replace the destination IP address of the packets with the IP address of PC2. D. CORE router will replace the MAC address of PC2 in the destination MAC address of the frames. E. CORE router will put the IP address of the forwarding FastEthernet interface in the place of the source IP address in the packets. F. CORE router will put the MAC address of the forwarding FastEthernet interface in the place of the source MAC address. Correct Answer: BDF Section: IP Routing Technologies Explanation Explanation/Reference: QUESTION 345 Which three statements are correct about RIP version 2? (Choose three) A. B. C. D. E. F. It uses broadcast for its routing updates. It supports authentication. It is a classless routing protocol. It has a lower default administrative distance then RIP version 1. It has the same maximum hop count as RIP version 1. It does not send the subnet mask any updates. Correct Answer: BCE Section: IP Routing Technologies Explanation Explanation/Reference: QUESTION 346 To what type of port would a cable with a DB-60 connector attach? A. B. C. D. Serial port Console port Ethernet port Fibre optic port Correct Answer: A Section: Operation of IP Data Networks Explanation Explanation/Reference: QUESTION 347 Which IP address is a private address? A. B. C. D. E. 12.0.0.1 168.172.19.39 172.20.14.36 172.33.194.30 192.169.42.34 Correct Answer: C Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: QUESTION 348 How many simultaneous Telnet sessions does a Cisco router support by default? A. B. C. D. E. F. 1 2 3 4 5 6 Correct Answer: E Section: LAN Switching Technologies Explanation Explanation/Reference: line vty 0 4 QUESTION 349 Refer to the exhibit. What two things can the technician determine by successfully pinging from this computer to the IP address 172.16.236.1? (Choose two) A. The network card on the computer is functioning correctly. B. The default static route on the gateway router is correctly configured. C. The correct default gateway IP address is configured on the computer. D. The device with the IP address 172.16.236.1 is reachable over the network. E. The default gateway at 172.16.236.1 is able to forward packets to the internet. Correct Answer: AD Section: LAN Switching Technologies Explanation Explanation/Reference: Explanation: The source and destination addresses are on the same network therefore, a default gateway is not necessary for communication between these two addresses. QUESTION 350 Refer to the exhibit. Why did the device return this message? A. B. C. D. The command requires additional options or parameters There is no show command that starts with ru. The command is being executed from the wrong router mode. There is more than one show command that starts with the letters ru. Correct Answer: D Section: Troubleshooting Explanation Explanation/Reference: QUESTION 351 What is the purpose of flow control? A. B. C. D. To ensure data is retransmitted if an acknowledgement is not received. To reassemble segments in the correct order at the destination device. To provide a means for the receiver to govern the amount of data sent by the sender. To regulate the size of each segment. Correct Answer: C Section: LAN Switching Technologies Explanation Explanation/Reference: Flow Control Reference: http://whatis.techtarget.com/definition/flow-control Explanation: Flow control is the management of data flow between computers or devices or between nodes in a network so that the data can be handled at an efficient pace. Too much data arriving before a device can handle it causes data overflow, meaning the data is either lost or must be retransmitted. For serial data transmission locally or in a network, the Xon/Xoff protocol can be used. For modem connections, either Xon/Xoff or CTS/ RTS (Clear to Send/Ready to Send) commands can be used to control data flow. In a network, flow control can also be applied by refusing additional device connections until the flow of traffic has subsided. QUESTION 352 OSPF routing uses the concept of areas. What are the characteristics of OSPF areas? (Chose three) A. B. C. D. E. F. Each OSPF area requires a loopback interface to be configured Areas may be assigned any number from 0 to 65535 Area 0 is called the backbone area Hierarchical OSPF networks do not require multiple areas Multiple OSPF areas must connect to area 0 Single area OSPF networks must be configured in area 1 Correct Answer: BCE Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: I used to think the answers should be C D E and here is my explanation: OSPF can use an active interface for its router ID, so a loopback interface is not a must -> A is incorrect. OSPF Area is a 32-bit number so we can use up to 232 – 1 = 4294967296 – 1 (since Area 0 is the first area). Remember that only process ID is a 16-bit number and ranges from 1 to 65535 -> B is incorrect. F is incorrect too because single area OSPF netwoks must be configured in Area 0, which is called the backbone area. For answer D, it is a bit hard to guess what they want to say about “hierarchical” but we should understand “Hierarchical OSPF networks” as “OSPF networks”. D is correct bercause we can only have one area (area 0 – the backbone area) for our networks. But TT commented on 01-11-2010: Especially to note on choice B, D, and E: Choice B: we all know that The areas can be any number from 0 to 4.2 billion and 1 to 65,535 for the Process ID. As choice B specifies ‘area’ (be aware, it’s not saying ‘process id), there is no reason to say that we cannot assign numbers from 0 to 65535 for area # (it is using ‘may be’, not ‘have to be’ or ‘ought to be’). Hence, we do not worry about assigning ’0′. Choice E: as Area 0 is the backbone, we all understand that any areas in a OSPF network have to be connected to it. And actually this is implicitly saying that multiple areas form a hierarchical OSPF network, as Area 0 being a root and others being its leaves. Choice D: when it specifies ‘Hierarchical’, at least 2 areas should be required to form such topology (of course that includes Area 0) Although Choice B is not an absolutely accurate statement since it not only can be assigned up to 65535, it is still a correct answer. And again, it specifies ‘area’, not ‘process id’, so ’0′ can be included. Finally, it would be meaningless to call OSPF a hierarchical network if no more than one area is present. —————————————————————————————————I reviewed the question and think it is a more suitable solution with choice B than choice D, surely it is a tricky question! QUESTION 353 Part of the OSPF network is shown below: Configuration exhibit: R1 routing commands: ip route 0.0.0.0 0.0.0.0 serial0/0 router ospf 1 network 172.16.100.0 0.0.0.3 area 0 network 172.16.100.64 0.0.0.63 area 0 network 172.16.100.128 0.0.0.31 area 0 default-information originate You work as a network technician, study the exhibits carefully. Assume that all router interfaces are operational and correctly configured. In addition, assume that OSPF has been correctly configured on router R2. How will the default route configured on R1 affect the operation of R2? A. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately. B. Any packet destined for a network that is not directly connected to router R1 will be dropped. C. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately because of the lack of a gateway on R1. D. The network directly connected to a router R2 will not be able to communicate with the 172.16.100.0, 172.16.100.28 and 172.16.100.64 subnetworks. E. Any packet destined for a network that is not referenced in the routing table of router R2 will be directed to R1. R1 will then send that packet back to R2 and a routing loop will occur. Correct Answer: E Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: First, notice that the more-specific routes will always be favored over less-specific routes regardless of the administrative distance set for a protocol. In this case, because we use OSPF for three networks (172.16.100.0 0.0.0.3, 172.16.100.64 0.0.0.63, 172.16.100.128 0.0.0.31) so the packets destined for these networks will not be affected by the default route. The default route configured on R1 “ip route 0.0.0.0 0.0.0.0 serial0/0″ will send any packet whose destination network is not referenced in the routing table of router R1 to R2, it doesn’t drop anything so answers A, B and C are not correct. D is not correct too because these routes are declared in R1 and the question says that “OSPF has been correctly configured on router R2″, so network directly connected to router R2 can communicate with those three subnetworks. As said above, the default route configured on R1 will send any packet destined for a network that is not referenced in its routing table to R2; R2 in turn sends it to R1 because it is the only way and a routing loop will occur. QUESTION 354 Refer to the exhibit. Which two statements are true about the loopback address that is configured on RouterB? (Choose two) A. B. C. D. E. It ensures that data will be forwarded by RouterB. It provides stability for the OSPF process on RouterB. It specifies that the router ID for RouterB should be 10.0.0.1. It decreases the metric for routes that are advertised from RouterB. It indicates that RouterB should be elected the DR for the LAN. Correct Answer: C Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: A loopback interface never comes down even if the link is broken so it provides stability for the OSPF process (for example we use that loopback interface as the router-id) -> B is correct. The router-ID is chosen in the order below: + The highest IP address assigned to a loopback (logical) interface. + If a loopback interface is not defined, the highest IP address of all active router’s physical interfaces will be chosen. -> The loopback interface will be chosen as the router ID of RouterB -> C is correct. QUESTION 355 Which characteristics are representative of a link-state routing protocol? (Choose three) A. provides common view of entire topology B. exchanges routing tables with neighbors C. calculates shortest path D. utilizes event-triggered updates E. utilizes frequent periodic updates Correct Answer: ACD Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: Each of the routers running link-state routing protocol learns the paths to all the destinations in its “area” so we can say A is correct although it is a bit unclear. Link-state routing protocols generate routing updates only (not the whole routing table) when a change occurs in the network topology so B is not correct. Link-state routing protocol like OSPF uses Dijkstra algorithm to calculate the shortest path -> C is correct. Unlike Distance vector routing protocol (which utilizes frequent periodic updates), link-state routing protocol utilizes event-triggered updates (only sends update when a change occurs) -> D is correct but E is not correct. QUESTION 356 A network associate has configured OSPF with the command: City(config-router)# network 192.168.12.64 0.0.0.63 area 0 After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF. Which three of the interfaces shown in the exhibit will participate in OSPF according to this configuration statement? (Choose three) A. B. C. D. E. F. FastEthernet0/0 FastEthernet0/1 Serial0/0 Serial0/1.102 Serial0/1.103 Serial0/1.104 Correct Answer: BCD Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: The “network 192.168.12.64 0.0.0.63″ equals to network 192.168.12.64/26. This network has: + Increment: 64 (/26= 1111 1111.1111 1111.1111 1111.1100 0000) + Network address: 192.168.12.64 + Broadcast address: 192.168.12.127 Therefore all interface in the range of this network will join OSPF -> B C D are correct. QUESTION 357 When running OSPF, what would cause router A not to form an adjacency with router B? A. B. C. D. The loopback addresses are on different subnets. The values of the dead timers on the routers are different. Route summarization is enabled on both routers. The process identifier on router A is different than the process identifier on router. Correct Answer: B Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: To form an adjacency (become neighbor), router A & B must have the same Hello interval, Dead interval and AREA number. QUESTION 358 Refer to the exhibit. The network is converged. After link-state advertisements are received from Router_A, what information will Router_E contain in its routing table for the subnets 208.149.23.64 and 208.149.23.96? A. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, FastEthernet0/0 208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, FastEthernet0/0 B. 208.149.23.64[110/1] via 190.173.23.10, 00:00:00:07, Serial1/0 208.149.23.96[110/3] via 190.173.23.10, 00:00:00:16, FastEthernet0/0 C. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, Serial1/0 208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, Serial1/0 208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, FastEthernet0/0 D. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, Serial1/0 208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, Serial1/0 Correct Answer: A Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: Router_E learns two subnets, subnets 208.149.23.64 and 208.149.23.96 via Router_A through FastEthernet interface. The interface cost is calculated with the formula 108 / Bandwidth. For FastEthernet it is 108 / 100 Mbps = 108 / 100,000,000 = 1. Therefore the cost is 12 (learned from Router_A) + 1 = 13 for both subnets -> B is not correct. The cost through T1 link is much higher than through T3 link (T1 cost = 108 / 1.544 Mbps = 64; T3 cost = 108 / 45 Mbps = 2) so surely OSPF will choose the path through T3 link -> Router_E will choose the path from Router_A through FastEthernet0/0, not Serial1/0 -> C & D are not correct. In fact, we can quickly eliminate answers B, C and D because they contain at least one subnet learned from Serial1/0 -> they are surely incorrect. QUESTION 359 Which commands are required to properly configure a router to run OSPF and to add network 192.168.16.0/24 to OSPF area 0? (Choose two) A. B. C. D. E. F. Router(config)#router ospf 1 Router(config)#router ospf 0 Router(config)#router ospf area 0 Router(config-router)#network 192.168.16.0 0.0.0.255 area 0 Router(config-router)#network 192.168.16.0 0.0.0.255 0 Router(config-router)#network 192.168.16.0 255.255.255.0 area 0 Correct Answer: AD Section: IP Routing Technologies Explanation Explanation/Reference: Enabling OSPF Reference: http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/12-4t/iro-cfg.html#GUID588D1301-F63C-4DAC-BF1C-C3735EB13673 Explanation: In the router ospf process-id ranges from 1 to 65535 so, 0 is an invalid process-id number -> A is correct but, B is not correct. To configure OSPF, we need a wildcard in the “network” statement, not a subnet mask. We also need to assign an area to this process -> D is correct. QUESTION 360 Which parameter or parameters are used to calculate OSPF cost in Cisco routers? A. B. C. D. Bandwidth, Delay and MTU Bandwidth Bandwidth and MTU Bandwidth, MTU, Reliability, Delay and Load Correct Answer: B Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: The well-known formula to calculate OSPF cost is Cost = 108 / Bandwidth so B is the correct answer. QUESTION 361 Refer to the exhibit. Why are two OSPF designated routers identified on Core-Router? A. B. C. D. Core-Router is connected to more than one multi-access network. The router at 208.149.23.130 is a secondary DR in case the primary fails. Two router IDs have the same OSPF priority and are therefore tied for DR election The DR election is still underway and there are two contenders for the role. Correct Answer: A Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: OSPF elects one DR per multi-access network. In the exhibit there are two DR so there must have more than one multi-access network. QUESTION 362 What is the default maximum number of equal-cost paths that can be placed into the routing of a Cisco OSPF router? A. B. C. D. 16 2 Unlimited 4 Correct Answer: D Section: LAN Switching Technologies Explanation Explanation/Reference: Reference: http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.7/routing/configuration/guide/rc37ospf.html Explanation: The default number of equal-cost paths that can be placed into the routing of a Cisco OSPF router is 4. We can change this default value by using “maximum-paths” command: Router(config-router)#maximum-paths 2 Note: Cisco routers support up to 16 equal-cost paths. In detail, the default number of maximum paths is 32 for Cisco CRS-1 routers and 16 for Cisco XR 12000 Series Routers. The range is from 1 to 32 for Cisco CRS-1 routers and 1 to 16 for Cisco XR 12000 Series Routers. QUESTION 363 What is the OSPF default frequency, in seconds, at which a Cisco router sends hello packets on a multiaccess network? A. B. C. D. 10 40 30 20 Correct Answer: A Section: IP Routing Technologies Explanation Explanation/Reference: Explanation: On broadcast multiacess and point-to-point links, the default is 10 seconds. On NBMA, the default is 30 seconds. QUESTION 364 Refer to the exhibit. The two connected ports on the switch are not turning orange or green. What would be the most effective steps to troubleshoot this physical layer problem? (Choose three.) A. B. C. D. E. F. Ensure that the Ethernet encapsulations match on the interconnected router and switch ports. Ensure that cables A and B are straight-through cables. Ensure cable A is plugged into a trunk port. Ensure the switch has power. Reboot all of the devices. Reseat all cables. Correct Answer: BDF Section: Troubleshooting Explanation Explanation/Reference: QUESTION 365 Which command can you use to manually assign a static IPV6 address to a router interface? A. B. C. D. ipv6 address PREFIX_1::1/64 ipv6 autoconfig 2001:db8:2222:7272::72/64 ipv6 autoconfig ipv6 address 2001:db8:2222:7272::72/64 Correct Answer: D Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: QUESTION 366 The network administrator is using a Windows PC application that is called putty.exe for remote communication to a switch for network troubleshooting. Which two protocols could be used during this communication? (Choose two.) A. B. C. D. E. SNMP HTTP Telnet RMON SSH Correct Answer: CE Section: IP Services Explanation Explanation/Reference: QUESTION 367 What should be part of a comprehensive network security plan? A. Allow users to develop their own approach to network security. B. Physically secure network equipment from potential access by unauthorized individuals. C. Encourage users to use personal information in their passwords to minimize the likelihood of passwords being forgotten. D. Delay deployment of software patches and updates until their effect on end-user equipment is well known and widely reported. E. Minimize network overhead by deactivating automatic antivirus client updates. Correct Answer: B Section: Network Device Security Explanation Explanation/Reference: QUESTION 368 Which two of these statements are true of IPv6 address representation? (Choose two.) A. B. C. D. E. There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast. A single interface may be assigned multiple IPv6 addresses of any type. Every IPv6 interface contains at least one loopback address. The first 64 bits represent the dynamically created interface ID. Leading zeros in an IPv6 16 bit hexadecimal field are mandatory. Correct Answer: BC Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: IPv6 Addressing Reference: http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8026003d.pdf Explanation: A single interface may be assigned multiple addresses of any type (unicast, anycast, multicast). Every IPv6-enabled interface must contain at least one loopback and one link-local address. Optionally, every interface can have multiple unique local and global addresses. IPv6 host addresses can be assigned in multiple ways: Static configuration Stateless autoconfiguration DHCPv6 When IPv6 is used over Ethernet networks, the Ethernet MAC address can be used to generate the 64-bit interface ID for the host. This is called the EUI-64 address. Since MAC addresses use 48 bits, additional bits must be inserted to fill the 64 bits required. QUESTION 369 A network administrator cannot connect to a remote router by using SSH. Part of the show interfaces command is shown. router#show interfaces Serial0/1/0 is up, line protocol is down At which OSI layer should the administrator begin troubleshooting? A. B. C. D. physical data link network transport Correct Answer: B Section: IP Services Explanation Explanation/Reference: Serial 0 is up, line protocol is down Reference: https://learningnetwork.cisco.com/thread/12389 Explanation: I think the indication here is "Serial 0 is up, line protocol is down". What causes this indication? Correct me if I am wrong. When you have this indication, a cable unplugged is not a correct answer. If you check the output of your "show interface serial 0" comand again, you should notice it as "Serial 0 is down, line protocol is down. Under the "show ip int brief" you should see status = down and protocol = down as oppossed to up, down. Becuase you disconnected the cable, layer 1 will go down, which is indicated by the serial 0 down status. The line protocol status is for layer 2. So, a cable unplugged is not a correct answer to "Serial 0 is up, line protocol is down". Hope this helps. QUESTION 370 Which option is a valid IPv6 address? A. B. C. D. 2001:0000:130F::099a::12a 2002:7654:A1AD:61:81AF:CCC1 FEC0:ABCD:WXYZ:0067::2A4 2004:1:25A4:886F::1 Correct Answer: D Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: IPv6 Addressing Reference: http://www.ipv6.com/articles/general/IPv6-Addressing.htm Explanation: IPv6 Address Notation IPv6 addresses are denoted by eight groups of hexadecimal quartets separated by colons in between them. Following is an example of a valid IPv6 address: 2001:cdba:0000:0000:0000:0000:3257:9652 Any four-digit group of zeroes within an IPv6 address may be reduced to a single zero or altogether omitted. Therefore, the following IPv6 addresses are similar and equally valid: 2001:cdba:0000:0000:0000:0000:3257:9652 2001:cdba:0:0:0:0:3257:9652 2001:cdba::3257:9652 The URL for the above address will be of the form: http://[2001:cdba:0000:0000:0000:0000:3257:9652]/ QUESTION 371 What is the purpose of the switchport command? Switch(config-if)# switchport port-security maximum 1 Switch(config-if)# switchport port-security mac-address 0018.DE8B.4BF8 A. It ensures that only the device with the MAC address 0018.DE8B.4BF8 will be able to connect to the port that is being configured. B. It informs the switch that traffic destined for MAC address 0018.DE8B.4BF8 should only be sent to the port that is being configured. C. It will act like an access list and the port will filter packets that have a source or destination MAC of 0018.DE8B.4BF8. D. The switch will shut down the port of any traffic with source MAC address of 0018.DE8B.4BF8. Correct Answer: A Section: Network Device Security Explanation Explanation/Reference: QUESTION 372 How many bits are contained in each field of an IPv6 address? A. B. C. D. 24 4 8 16 Correct Answer: D Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: IPv6 Addressing Reference: http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8026003d.pdf Explanation: One of the key advantages IPv6 brings is the exponentially larger address space. The following will outline the basic address architecture of IPv6. 128-bit-long addresses Represented in hexadecimal format: Uses CIDR principles: prefix/prefix length x:x:x:x:x:x:x:x, where x is a 16-bit hex field The last 64 bits are used for the interface ID QUESTION 373 Which three approaches can be used while migrating from an IPv4 addressing scheme to an IPv6 scheme (Choose three) A. static mapping of IPv4 address to IPv6 addresses B. C. D. E. F. configuring IPv4 tunnels between IPv6 islands use DHCPv6 to map IPv4 addresses to IPv6 addresses use proxying and translation (NAT-PT) to translate IPv6 packets into IPv4 packets configure IPv6 directly enable dual-stack routing Correct Answer: BDF Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: The IPv6 Transition Reference 1: http://www.opus1.com/ipv6/howdoitransitiontoipv6.html Explanation: Connecting IPv6 islands with tunnels An IPv6 island is a network made of IPv6 links directly connected by IPv6 routers. In the early days of IPv6 deployment, there are many IPv6 islands. IPv6 in IPv4 tunnels are used to connect those islands together. In each island, one (or more) dual stack routers are designated to encapsulate and decapsulate IPv6 packets within IPv4 packets. Different mechanisms have been developed to manage tunnels: automatic tunnels3, configured tunnels3, tunnel brokers3, 6over43, 6to43,... Reference 2: http://www.petri.co.il/ipv6-transition.htm Network Address Translation - Protocol Translation (NAT-PT) The NAT-PT method enables the ability to either statically or dynamically configure a translation of a IPv4 network address into an IPv6 network address and vice versa. For those familiar with more typically NAT implementations, the operation is very similar but includes a protocol translation function. NAT-PT also ties in an Application Layer Gateway (ALG) functionality that converts Domain Name System (DNS) mappings between protocols. Dual Stack The simplest approach when transitioning to IPv6 is to run IPv6 on all of the devices that are currently running IPv4. If this is something that is possible within the organizational network, it is very easy to implement. However, for many organizations, IPv6 is not supported on all of the IPv4 devices; in these situations other methods must be considered. QUESTION 374 Which statement about IPv6 is true? A. B. C. D. Addresses are not hierarchical and are assigned at random. Only one IPv6 address can exist on a given interface. There are 2.7 billion addresses available. Broadcasts have been eliminated and replaced with multicasts. Correct Answer: D Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: IPv6 Address Types Reference: http://technet.microsoft.com/en-us/library/cc757359(v=ws.10).aspx Explanation: IPv6 has three types of addresses, which can be categorized by type and scope: Unicast addresses. A packet is delivered to one interface. Multicast addresses. A packet is delivered to multiple interfaces. Anycast addresses. A packet is delivered to the nearest of multiple interfaces (in terms of routing distance). IPv6 does not use broadcast messages. Unicast and anycast addresses in IPv6 have the following scopes (for multicast addresses, the scope is built into the address structure): Link-local. The scope is the local link (nodes on the same subnet). Site-local. The scope is the organization (private site addressing). Global. The scope is global (IPv6 Internet addresses). In addition, IPv6 has special addresses such as the loopback address. The scope of a special address depends on the type of special address. Much of the IPv6 address space is unassigned. QUESTION 375 What are two recommended ways of protecting network device configuration files from outside network security threats? (Choose two.) A. B. C. D. E. Allow unrestricted access to the console or VTY ports. Use a firewall to restrict access from the outside to the network devices. Always use Telnet to access the device command line because its data is automatically encrypted. Use SSH or another encrypted and authenticated transport to access device configurations. Prevent the loss of passwords by disabling password encryption. Correct Answer: BD Section: Network Device Security Explanation Explanation/Reference: QUESTION 376 A receiving host has failed to receive all of the segments that it should acknowledge. What can the host do to improve the reliability of this communication session? A. B. C. D. E. decrease the window size use a different source port for the session decrease the sequence number obtain a new IP address from the DHCP server start a new session using UDP Correct Answer: A Section: Troubleshooting Explanation Explanation/Reference: QUESTION 377 Which command enables IPv6 forwarding on a cisco router? A. B. C. D. ipv6 host ipv6 unicast-routing ipv6 local ipv6 neighbor Correct Answer: B Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Enabling IPv6 on Cisco IOS Software Technology Reference: http://www.ciscopress.com/articles/article.asp?p=31948&seqNum=4 Explanation: The first step of enabling IPv6 on a Cisco router is the activation of IPv6 traffic forwarding to forward unicast IPv6 packets between network interfaces. By default, IPv6 traffic forwarding is disabled on Cisco routers. The ipv6 unicast-routing command is used to enable the forwarding of IPv6 packets between interfaces on the router. The syntax for this command is as follows: Router(config)#ipv6 unicast-routing The ipv6 unicast-routing command is enabled on a global basis. QUESTION 378 Identify the four valid IPv6 addresses. (Choose four.) A. B. C. D. E. F. :: ::192:168:0:1 2000:: 2001:3452:4952:2837:: 2002:c0a8:101::42 2003:dead:beef:4dad:23:46:bb:101 Correct Answer: ABEF Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: IPv6 Address Validation Reference 1: http://www.intermapper.com/ipv6validator Reference 2: http://www.ripe.net/lir-services/new-lir/ipv6_reference_card.pdf Explanation: QUESTION 379 Which two statements describe characteristics of IPv6 unicast addressing? (Choose two.) A. B. C. D. E. Global addresses start with 2000::/3. Link-local addresses start with FE00:/12. Link-local addresses start with FF00::/10. There is only one loopback address and it is ::1. If a global address is assigned to an interface, then that is the only allowable address for the interface. Correct Answer: AD Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: IPv6 Address Validation Explanation: QUESTION 380 A network administrator is trying to add a new router into an established OSPF network. The networks attached to the new router do not appear in the routing tables of the other OSPF routers. Given the information in the partial configuration shown below, what configuration error is causing this problem? Router(config)# router ospf 1 Router(config-router)# network 10.0.0.0 255.0.0.0 area 0 A. B. C. D. E. F. The process id is configured improperly. The OSPF area is configured improperly. The network wildcard mask is configured improperly. The network number is configured improperly. The AS is configured improperly. The network subnet mask is configured improperly. Correct Answer: C Section: IP Routing Technologies Explanation Explanation/Reference: QUESTION 381 Which statement is true? A. An IPv6 address is 64 bits long and is represented as hexadecimal characters. B. An IPv6 address is 32 bits long and is represented as decimal digits. C. An IPv6 address is 128 bits long and is represented as decimal digits. D. An IPv6 address is 128 bits long and is represented as hexadecimal characters. Correct Answer: D Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: IPv6 Addressing Reference: http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8026003d.pdf Explanation: One of the key advantages IPv6 brings is the exponentially larger address space. The following will outline the basic address architecture of IPv6. 128-bit-long addresses Represented in hexadecimal format: Uses CIDR principles: prefix/prefix length x:x:x:x:x:x:x:x, where x is a 16-bit hex field The last 64 bits are used for the interface ID QUESTION 382 A network administrator is connecting PC hosts A and B directly through their Ethernet interfaces as shown in the graphic. Ping attempts between the hosts are unsuccessful. What can be done to provide connectivity between the hosts? (choose two.) A. B. C. D. E. F. A crossover cable should be used in place of the straight-through cable. A rollover cable should be used in place of the straight-through cable. The subnet masks should be set to 255.255.255.192 A default gateway needs to be set on each host. The hosts must be reconfigured to use private IP addresses for direct connections of this type. The subnet masks should be set to 255.255.255.0 Correct Answer: AF Section: Operation of IP Data Networks Explanation Explanation/Reference: QUESTION 383 Refer to the exhibit. A technician pastes the configurations in the exhibit into the two new routers shown. Otherwise, the routers are configured with their default configurations. A ping from Host1 to Host 2 fails, but the technician is able to ping the S0/0 interface of R2 from Host 1. The configurations of the hosts have been verified as correct. What could be the cause of the problem? A. B. C. D. E. The serial cable on R1 needs to be replaced. The interfaces on R2 are not configured properly R1 has no route to the 192.168.1.128 network. The IP addressing scheme has overlapping subnetworks. The ip subnet-zero command must be configured on both routers. Correct Answer: C Section: Troubleshooting Explanation Explanation/Reference: Explanation: Without a static route pointing to host 2 network the router is unaware of the path to take to reach that network and reply traffic cannot be sent. QUESTION 384 Refer to the exhibit. Serial 0/0 does not respond to a ping request from a host on the FastEthernet 0/0 LAN. How can this problem be corrected? A. Enable the Serial 0/0 interface. B. Correct the IP address for Serial 0/0. C. Correct the IP address for FastEthernet 0/0 D. Change the encapsulation type on Serial 0/0 E. Enable autoconfiguration on the Serial 0/0 interface Correct Answer: A Section: Troubleshooting Explanation Explanation/Reference: Explanation: Serial 0/0 interface is administratively down therefore, you will have to run the "no shutdown" command to enable the interface for data. QUESTION 385 Refer to the exhibit. What kind of cable should be used to make each connection that is identified by the numbers shown? A. 1 - Ethernet Crossover cable 2 - Ethernet straight-through cable 3 - Fiber Optic cable 4 - Rollover cable B. 1 - Ethernet straight-through cable 2 - Ethernet straight-through cable 3 - Serial cable 4 - Rollover cable C. 1 - Ethernet rollover cable 2 - Ethernet crossover cable 3 - Serial cable 4 - Null-modem cable D. 1 - Ethernet straight-through cable 2 - Ethernet Crossover cable 3 - Serial cable 4 - Rollover cable E. 1 - Ethernet straight-through cable 2 - Ethernet Crossover cable 3 - Serial cable 4 - Ethernet Straight-through cable Correct Answer: B Section: Operation of IP Data Networks Explanation Explanation/Reference: QUESTION 386 Which of the following are types of flow control? (choose three.) A. B. C. D. E. buffering cut-through windowing congestion avoidance load balancing Correct Answer: ACD Section: Operation of IP Data Networks Explanation Explanation/Reference: Flow Control Types (Transmission Control over networks) Reference: http://www.info-it.net/cisco/ccna/exam-tips/flow-control.php Explanation: Congestion During Transfer of data, a high speed computer is generating data traffic a lot faster than the network device can handle in transferring to destination, so single gateway or destination device can not handle much amount of traffic that is called "Congestion". Buffering The Technie is used to control the data transfer when we have congestion, when a network device receive a data it stores in memory section and then transfer to next destination this process called "Buffering". Windowing Whereas Windowing is used for flow control by the Transport layer. Say the sender device is sending segments and the receiver device can accommodate only a fixed number of segments before it can accept more, the two devices negotiate the window size during the connection setup. This is done so that the sending device doesn't overflow the receiving device's buffer. Also the receiving device can send a single acknowledgement for the segments it has received instead of sending an acknowledgement after every segment received. Also, this window size is dynamic meaning, the devices can negotiate and change the window size in the middle of a session. So if initially the window size is three and the receiving device thinks that it can accept more number of segments in its buffer it can negotiate with the sending device and it increase it to say 5 for example. Windowing is used only by TCP since UDP doesn't use or allow flow control. QUESTION 387 If an ethernet port on a router was assigned an IP address of 172.16.112.1/20, what is the maximum number of hosts allowed on this subnet? A. 1024 B. 2046 C. 4094 D. 4096 E. 8190 Correct Answer: C Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: Each octet represents eight bits. The bits, in turn, represent (from left to right): 128, 64, 32 , 16 , 8, 4, 2, 1 Add them up and you get 255. Add one for the all zeros option, and the total is 256. Now take away one of these for the network address (all zeros) and another for the broadcast address (all ones). Each octet represents 254 possible hosts. Or 254 possible networks. Unless you have subnet zero set on your network gear, in which case you could conceivably have 255. The CIDR addressing format (/20) tells us that 20 bits are used for the network portion, so the maximum number of networks are 2^20 minus one if you have subnet zero enabled, or minus 2 if not. You asked about the number of hosts. That will be 32 minus the number of network bits, minus two. So calculate it as (2^(32-20))-2, or (2^12)-2 = 4094 QUESTION 388 Refer to the exhibit. Why was this message received? A. B. C. D. E. F. No VTY password has been set. No enable password has been set. No console password has been set. No enable secret password has been set. The login command has not been set on CON 0 The login command has not been set on the VTY ports. Correct Answer: A Section: Troubleshooting Explanation Explanation/Reference: QUESTION 389 Refer to the exhibit. How many collision domains are shown? A. B. C. D. E. F. one two three four six twelve Correct Answer: B Section: LAN Switching Technologies Explanation Explanation/Reference: Explanation: Hubs create single collision and broadcast domains. QUESTION 390 Refer to the exhibit. After configuring two interfaces on the HQ router, the network administrator notices an error message. What must be done to fix this error? A. B. C. D. E. The serial interface must be configured first. The serial interface must use the address 192.168.1.2 The subnet mask of the serial interface should be changed to 255.255.255.0 The subnet mask of the FastEthernet interface should be changed to 255.255.255.240 The address of the FastEthernet interface should be changed to 192.168.1.66 Correct Answer: D Section: Troubleshooting Explanation Explanation/Reference: QUESTION 391 What does the "Inside Global" address represent in the configuration of NAT? A. B. C. D. the summarized address for all of the internal subnetted addresses the MAC address of the router used by inside hosts to connect to the Internet a globally unique, private IP address assigned to a host on the inside network a registered address that represents an inside host to an outside network Correct Answer: D Section: IP Routing Technologies Explanation Explanation/Reference: NAT: Local and Global Definitions Reference: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml Explanation: Cisco defines these terms as: Inside local address—The IP address assigned to a host on the inside network. This is the address configured as a parameter of the computer OS or received via dynamic address allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by the Network Information Center (NIC) or service provider. Inside global address—A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world. Outside local address—The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside. Outside global address—The IP address assigned to a host on the outside network by the host owner. The address is allocated from a globally routable address or network space. These definitions still leave a lot to be interpreted. For this example, this document redefines these terms by first defining local address and global address. Keep in mind that the terms inside and outside are NAT definitions. Interfaces on a NAT router are defined as inside or outside with the NAT configuration commands, ip nat inside destination and ip nat outside source . Networks to which these interfaces connect can then be thought of as inside networks or outside networks, respectively. Local address—A local address is any address that appears on the inside portion of the network. Global address—A global address is any address that appears on the outside portion of the network. QUESTION 392 Two routers named Atlanta and Brevard are connected by their serial interfaces as shown in the exhibit, but there is no data connectivity between them. The Atlanta router is known to have a correct configuration. Given the partial configurations shown in the exhibit, what is the problem on the Brevard router that is causing the lack of connectivity? A. B. C. D. E. F. A loopback is not set. The IP address is incorrect. The subnet mask is incorrect. The serial line encapsulations are incompatible. The maximum transmission unit (MTU) size is too large. The bandwidth setting is incompatible with the connected interface. Correct Answer: B Section: Troubleshooting Explanation Explanation/Reference: Explanation: The IP address of routers are in different networks. QUESTION 393 Which of the following statements are TRUE regarding Cisco access lists? (Choose two.) A. B. C. D. E. In an inbound access list, packets are filtered as they enter an interface. In an inbound access list, packets are filtered before they exit an interface. Extended access lists are used to filter protocol-specific packets. You must specify a deny statement at the end of each access list to filter unwanted traffic. When a line is added to an existing access list, it is inserted at the beginning of the access list. Correct Answer: AC Section: IP Services Explanation Explanation/Reference: Explanation: In an inbound access list, packets are filtered as they enter an interface. Extended access lists are used to filter protocol specific packets. Access lists can be used in a variety of situations when the router needs to be given guidelines for decision-making. These situations include: Filtering traffic as it passes through the router To control access to the VTY lines (Telnet) To identify "interesting" traffic to invoke Demand Dial Routing (DDR) calls To filter and control routing updates from one router to another There are two types of access lists, standard and extended. Standard access lists are applied as close to the destination as possible (outbound), and can only base their filtering criteria on the source IP address. The number used while creating an access list specifies the type of access list created. The range used for standard access lists is 1 to 99 and 1300 to 1999. Extended access lists are applied as close to the source as possible (inbound), and can base their filtering criteria on the source or destination IP address, or on the specific protocol being used. The range used for extended access lists is 100 to 199 and 2000 to 2699. Other features of access lists include: Inbound access lists are processed before the packet is routed. Outbound access lists are processed after the packet has been routed to an exit interface. An "implicit deny" is at the bottom of every access list, which means that if a packet has not matched any preceding access list condition, it will be filtered (dropped). Access lists require at least one permit statement, or all packets will be filtered (dropped). One access list may be configured per direction for each Layer 3 protocol configured on an interface The option stating that in an inbound access list, packets are filtered before they exit an interface is incorrect. Packets are filtered as they exit an interface when using an outbound access list. The option stating that a deny statement must be specified at the end of each access list in order to filter unwanted traffic is incorrect. There is an implicit deny at the bottom of every access list. When a line is added to an existing access list, it is not inserted at the beginning of the access list. It is inserted at the end. This should be taken into consideration. For example, given the following access list, executing the command access-list 110 deny tcp 192.168.5.0 0.0.0.255 any eq www would have NO effect on the packets being filtered because it would be inserted at the end of the list, AFTER the line that allows all traffic. access-list 110 permit ip host 192.168.5.1 any access-list 110 deny icmp 192.168.5.0 0.0.0.255 any echo access-list 110 permit any any QUESTION 394 Which statements are TRUE regarding Internet Protocol version 6 (IPv6) addresses? (Choose three.) A. B. C. D. E. An IPv6 address is divided into eight 16-bit groups. A double colon (::) can only be used once in a single IPv6 address. IPv6 addresses are 196 bits in length. Leading zeros cannot be omitted in an IPv6 address. Groups with a value of 0 can be represented with a single 0 in IPv6 address. Correct Answer: ABE Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: IPv6 addresses are divided into eight 16-bit groups, a double colon (::) can only be used once in an IPv6 address, and groups with a value of 0 can be represented with a single 0 in an IPv6 address. The following statements are also true regarding IPv6 address: IPv6 addresses are 128 bits in length. Eight 16-bit groups are divided by a colon (:). Multiple groups of 16-bit 0s can be represented with double colon (::). Double colons (::) represent only 0s. Leading zeros can be omitted in an IPv6 address. The option stating that IPv6 addresses are 196 bits in length is incorrect. IPv6 addresses are 128 bits in length. The option stating that leading zeros cannot be omitted in an IPv6 address is incorrect. Leading zeros can be omitted in an IPv6 address. QUESTION 395 Which of the following IP addresses are valid Class B host addresses if a default Class B mask is in use? (Choose two.) A. B. C. D. E. 10.6.8.35 133.6.5.4 192.168.5.9 127.0.0.1 190.6.5.4 Correct Answer: BE Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: The IP addresses 133.6.5.4 and 190.6.5.4 are both valid Class B addresses when a default mask is in use. The Class B default mask is 255.255.0.0 and the range of valid addresses is 128.0.0.0-191.255.255.255. The IP address 10.6.8.35 is a Class A address. The Class A default mask is 255.0.0.0 and the range of valid addresses is 1.0.0.0 - 127.255.255.255, with the exception of the range 127.0.0.1 - 127.255.255.255, which is reserved and cannot be assigned. The IP address 192.168.5.9 is a Class C address. The Class C default mask is 255.255.255.0 and the range of valid addresses is 192.0.0.0 - 223.255.255.255. The IP address 127.0.0.1 is a Class A address, but it comes from a reserved portion that cannot be assigned. The range 127.0.0.1 - 127.255.255.255 is used for diagnostics, and although any address in the range will work as a diagnostic address, 127.0.0.1 is known as the loopback address. If you can ping this address, or any address in the 127.0.0.1 - 127.255.255.255 range, then the NIC is working and TCP/IP is installed. The Class A default mask is 255.0.0.0 and the range of valid addresses is 1.0.0.0 127.255.255.255, with the exception of the range 127.0.0.1 - 127.255.255.255, which is reserved and cannot be assigned. QUESTION 396 From which of the following attacks can Message Authentication Code (MAC) shield your network? A. B. C. D. DoS DDoS spoofing SYN floods Correct Answer: C Section: Network Device Security Explanation Explanation/Reference: Explanation: Message Authentication Code (MAC) can shield your network from spoofing attacks. Spoofing, also known as masquerading, is a popular trick in which an attacker intercepts a network packet, replaces the source address of the packets header with the address of the authorized host, and reinserts fake information which is sent to the receiver. This type of attack involves modifying packet contents. MAC can prevent this type of attack and ensure data integrity by ensuring that no data has changed. MAC also protects against frequency analysis, sequence manipulation, and ciphertext-only attacks. MAC is a secure message digest that requires a secret key shared by the sender and receiver, making it impossible for sniffers to change both the data and the MAC as the receiver can detect the changes. A denial-of-service (DoS) attack floods the target system with unwanted requests, causing the loss of service to users. One form of this attack generates a flood of packets requesting a TCP connection with the target, tying up all resources and making the target unable to service other requests. MAC does not prevent DoS attacks. Stateful packet filtering is the most common defense against a DoS attack. A Distributed Denial of Service attack (DDoS) occurs when multiple systems are used to flood the network and tax the resources of the target system. Various intrusion detection systems, utilizing stateful packet filtering, can protect against DDoS attacks. In a SYN flood attack, the attacker floods the target with spoofed IP packets and causes it to either freeze or crash. A SYN flood attack is a type of denial of service attack that exploits the buffers of a device that accept incoming connections and therefore cannot be prevented by MAC. Common defenses against a SYN flood attack include filtering, reducing the SYN-RECEIVED timer, and implementing SYN cache or SYN cookies. QUESTION 397 Refer to the exhibit. A company wants to use NAT in the network shown. Which commands will apply the NAT configuration to the proper interfaces? (Choose two.) A. R1(config)# interface serial0/1 R1(config-if)# ip nat inside B. R1(config)# interface serial0/1 R1(config-if)# ip nat outside C. R1(config)# interface fastethernet0/0 R1(config-if)# ip nat inside D. R1(config)# interface fastethernet0/0 R1(config-if)# ip nat outside E. R1(config)# interface serial0/1 R1(config-if)# ip nat outside source pool 200.2.2.18 255.255.255.252 F. R1(config)# interface fastethernet0/0 R1(config-if)# ip nat inside source 10.10.0.0 255.255.255.0 Correct Answer: BC Section: IP Routing Technologies Explanation Explanation/Reference: QUESTION 398 How many addresses will be available for dynamic NAT translation when a router is configured with the following commands? Router(config)#ip nat pool TAME 209.165.201.23 209.165.201.30 netmask 255.255.255.224 Router(config)#ip nat inside source list 9 pool TAME http://www.gratisexam.com/ A. B. C. D. E. F. 7 8 9 10 24 32 Correct Answer: B Section: IP addressing (IPv4 / IPv6) Explanation Explanation/Reference: Explanation: 209.165.201.23 to 209.165.201.30 provides for 8 addresses. QUESTION 399 Read the scenario and sort the the appropriate commands in order to configure the router. On the real simulation during the exam you will be required to type the actual commands in order to configure the router. Build List and Reorder: Correct Answer: Section: IP Routing Technologies Explanation Explanation/Reference: