Section I: Network Fundamentals
I.1. In which two formats can the IPv6 address fd15:0db8:0000:0000:0700:0003:400F:572B be written? (Choose two.)
- A. fd15:0db8:0000:0000:700:3:400F:527B*
- B. fd15:0db8::7:3:4F:527B
- C. fd15::db8::700:3:400F:527B
- D. fd15:db8::700:3:400F:572B*
- E. fd15:db8:0::700:3:4F:527B
+ Leading zeros in a field are optional
+ Successive fields of 0 are represented as ::, but only once in an address
If you are not sure about IPV6, please read our IPv6 tutorial.
I.2. What are three characteristics of the TCP protocol? (Choose three.)
- It uses a single SYN-ACK message to establish a connection.
- The connection is established before data is transmitted.*
- It ensures that all data is transmitted and received by the remote device.*
- It supports significantly higher transmission speeds than UDP.
- It requires applications to determine when data packets must be retransmitted.
- It uses separate SYN and ACK messages to establish a connection.*
Note: Answer F is not correct because TCP does not require applications to determine the retranmission. TCP itself will determine if the data packets should be retransmitted or not.
I.3. DRAG DROP. Drag and drop the Ethernet terms from the left onto the correct descriptions on the right.
Select and Place:
Correct Answer:
I.4. Refer to the exhibit
All of the routers in the network are configured with the ip subnet-zero command. Which network addresses should be used for Link A and Network A? (Choose two.)
- Link A 172.16.3.0/30*
- Link A 172.16.3.112/30
- Network A 172.16.3.48/26
- Network A 172.16.3.128/25*
- Link A 172.16.3.40/30
- Network A 172.16.3.192/26
Because the ip subnet-zero command is used, network 172.16.3.0/30 can be used.
Answer E “Link A – 172.16.3.40/30″ is not correct because this subnet belongs to MARKETING subnet (172.16.3.32/27).
Answer F “Link A – 172.16.3.112/30″ is not correct because this subnet belongs to ADMIN subnet (172.16.3.96/27).
I.5. Which type of device can be replaced by the use of subinterfaces for VLAN routing?
- Layer 2 bridge
- Layer 2 switch
- Layer 3 switch*
- router
I.6. What are two benefits of private IPv4 IP addresses? (Choose two.)
- They are routed the same as public IP addresses.
- They are less costly than public IP addresses.*
- They can be assigned to devices without Internet connections.*
- They eliminate the necessity for NAT policies.
- They eliminate duplicate IP conflicts.
Also we can use private IPv4 addresses to devices that do not need to connect to the Internet because Internet requires public IPv4 addresses -> C is correct.
Answer D is not correct as we still need to use NAT policies to limit which private IPv4 addresses in our company can access our resources.
I.7. Which two server types are used to support DNS lookup? (Choose two.)
- web server
- ESX host
- authoritative name server*
- file transfer server
- name resolver*
I.8. Which three statements about IPv6 prefixes are true? (Choose three.)
- FEC0::/10 is used for IPv6 broadcast.
- FC00::/7 is used in private networks.*
- FE80::/8 is used for link-local unicast.
- FE80::/10 is used for link-local unicast.*
- 2001::1/127 is used for loopback addresses.
- FF00::/8 is used for IPv6 multicast.*
| Loopback address | ::1 |
| Link-local address | FE80::/10 |
| Site-local address | FEC0::/10 (but it is deprecated and replaced with FC00::/7 for used in private networks) |
| Global address | 2000::/3 |
| Multicast address | FF00::/8 |
I.9. Refer to the exhibit
The network administrator cannot connect to Switch 1 over a Telnet session, although the hosts attached to Switch1 can ping the interface Fa0/0 of the router. Given the information in the graphic and assuming that the router and Switch2 are configured properly, which of the following commands should be issued on Switch1 to correct this problem?
- Switch1(config)# ip default-gateway 192.168.24.1*
- Switch1(config)# interface fa0/1Switch1(config-if)# switchport mode trunk
- Switch1(config)# line con0Switch1(config-line)# password ciscoSwitch1(config-line)# login
- Switch1(config)# interface fa0/1Switch1(config-if)# ip address 192.168.24.3 255.255.255.0
- Switch1(config)# interface fa0/1Switch1(config-if)# duplex fullSwitch1(confiq-if)# speed 100
I.10. Which two statements about IPv6 and routing protocols are true? (Choose two.)
- Link-local addresses are used to form routing adjacencies.*
- OSPFv3 was developed to support IPv6 routing.*
- EIGRP, OSPF, and BGP are the only routing protocols that support IPv6.
- Loopback addresses are used to form routing adjacencies.
- EIGRPv3 was developed to support IPv6 routing.
I.11. What will happen if a private IP address is assigned to a public interface connected to an ISP?
- Addresses in a private range will be not be routed on the Internet backbone.*
- Only the ISP router will have the capability to access the public network.
- The NAT process will be used to translate this address to a valid IP address.
- A conflict of IP addresses happens, because other public routers can use the same range.
I.12. DRAG DROP. Refer to the exhibit.
Select and Place:
Correct Answer:
I.13. Which two statements about wireless LAN controllers are true? (Choose two.)
- They can simplify the management and deployment of wireless LANs.*
- They rely on external firewalls for WLAN security.
- They are best suited to smaller wireless networks.
- They must be configured through a GUI over HTTP or HTTPS.
- They can manage mobility policies at a systemwide level.*
I.14. Which step in the router boot process searches for an IOS image to load into the router?
- bootstrap*
- POST
- mini-IOS
- ROMMON mode
1. The router is powered on.
2. The router first runs Power-On Self Test (POST)
3. The bootstrap checks the Configuration Register value to specify where to load the IOS. By default (the default value of Configuration Register is 2102, in hexadecimal), the router first looks for “boot system” commands in startup-config file. If it finds these commands, it will run boot system commands in order they appear in startup-config to locate the IOS. If not, the IOS image is loaded from Flash . If the IOS is not found in Flash, the bootstrap can try to load the IOS from TFTP server or from ROM (mini-IOS).
4. After the IOS is found, it is loaded into RAM.
5. The IOS attempts to load the configuration file (startup-config) from NVRAM to RAM. If the startup-config is not found in NVRAM, the IOS attempts to load a configuration file from TFTP. If no TFTP server responds, the router enters Setup Mode (Initial Configuration Mode).
For more information about booting process please read our Cisco Router Boot Sequence tutorial.
I.15. Which protocol advertises a virtual IP address to facilitate transparent failover of a Cisco routing device?
- FHRP*
- DHCP
- RSMLT
- ESRP
I.16. Refer to exhibit. Which command can you enter to verify link speed and duplex setting on the interface?
R1(config)#interface gigabitEthernet0/1 R1(config-if)#ip address 192.168.1.1. 255.255.255.0 R1(config-if)#speed 100 R1(config-if)#duplex full
- router#show ip protocols
- router#show startup-config
- router#show line
- router#show interface gig 0/1*
I.17. Which utility can you use to determine whether a switch can send echo requests and replies?
- ping*
- traceroute
- ssh
- telnet
I.18. If computer A is sending traffic to computer B, which option is the source IP address when a packet leaves R1 on interface F0/1?
- IP address of the R2 interface F0/1
- Ip address of computer B
- Ip address of R1 interface F0/1
- Ip address of Computer A*
I.19. Which functionality does split horizon provide?
- It prevents switching loops in distance-vector protocols.
- It prevents switching loops in link-state protocols.
- It prevents routing loops in distance-vector protocols.*
- It prevents routing loops in link-state protocols.
I.20. Which MAC protocol sets a random timer to reattempt communication ?
- RARP
- CSMA/CA
- CSMA/CD*
- IEEE 802.1x
I.21. How many host addresses are available on the network 192.168.1.0 subnet 255.255.255 240?
- 6
- 8
- 14*
- 16
I.22. Which two statements about unique local IPv6 addresses are true?
- They are identical to IPv4 private addresses.*
- They are defined by RFC 1884
- They use the prefix FEC0::/10
- They use the prefix FC00::/7*
- They can be routed on the IPv6 global internet.
I.23. If three devices are plugged into one port on a switch and two devices are plugged into a different port, how many collision domains are on the switch?
- 2*
- 4
- 5
- 6
I.24. DRAG DROP. Drag the cable type on the left to the purpose for which is the best suited on the right. Not all options are used.
Select and Place:
Correct Answer:
I.25. DRAG DROP. Drag the IPv6 multicast address type on the left to their purpose on the right..
Select and Place:
Correct Answer:
I.26. How does a router handle an incoming packet whose destination network is missing from the routing table?
- it broadcast the packet to each interface on the router
- it discards the packet*
- it broadcasts the packet to each network on the router
- it routes the packet to the default route
I.27. Which two statements about Ethernet standards are true?(choose two)
- Ethernet is defined by IEEE standard 802.2
- Ethernet is defined by IEEE standard 802.3*
- Ethernet 10BASE-T dose not support full-duplex.
- When an Ethernet network uses CSMA/CD ,it terminates transmission as soon as collision occurs*
- When an Ethernet network uses CSMA/CA ,it terminates transmission as soon as collision occurs
I.28. Which command enables IPv6 forwarding on a Cisco router?
- ipv6 local
- ipv6 host
- ipv6 unicast-routing*
- ipv6 neighbor
Router(config)#ipv6 unicast-routing (Enables the forwarding of IPv6 unicast datagrams globally on the router)
Router(config)#interface fa0/0
Router(config-if)#ipv6 rip 9tut enable (9tut is the process name of this RIPng)
I.29. Refer to the exhibit. If R1 receives a packet destined to 172.16.1.1, to which IP address does it send the packet?
- 192.168.14.4*
- 192.168.12.2
- 192.168.13.3
- 192.168.15.5
I.30. What is known as “one-to-nearest” addressing in IPv6?
- global unicast
- anycast*
- multicast
- unspecified address
I.31. When a router is unable to find a known route in the routing table, how does it handle the packet?
- It discards the packet*
- It sends the packet over the route with the best metric
- It sends the packet to the next hop address
- It sends the packet to the gateway of last resort
A Gateway of Last Resort is a route used by the router when no other known route exists to send the IP packet. For CCNA level, when ip routing feature is enabled, a gateway of last resort is usually created by:
+ The “ip default-network” command (but dynamic routing protocols have different behaviors). But in general, the “ip default-network” cannot set the gateway of last resort without a known route in the routing table.
+ Creating a static route to network 0.0.0.0 0.0.0.0 is another way to set the gateway of last resort on a router. This is the reason why this question is not clear as it does not tell us if a default route exists or not.
Maybe in this question a default route does not exist. Otherwise the author would notice and indicate it in the question.
For more information about Gateway of Last Resort, please read: http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html
I.32. If router R1 knows a static route to a destination network and then learns about the same destination network through a dynamic routing protocol, how does R1 respond?
- It refuses to advertise the dynamic route to other neighbors
- It sends a withdrawal signal to the neighboring router
- It disables the routing protocol
- It prefers the static route*
I.33. Which option is the correct CIDR notation for 192.168.0.0 subnet 255.255.255.252?
- /29
- /30*
- /31
- /32
I.34. Which six-byte field in a basic Ethernet frame must be an individual address?
- SOF
- FCS
- DA
- SA*
The SA field is the source address field. The field should be set to the MAC address of the switch port that transmits the frame. It is a 48-bit value (6 bytes). The receiving device may ignore the SA field of the frame.
In fact there is another correct answer for this question: DA (Destination Address) which also consists of 6 bytes. Maybe there is a mistake or typo in this question.
I.35. If a router has four interfaces and each interface is connected to four switches, how many broadcast domains are present on the router?
- 1
- 2
- 4*
- 8
I.36. Refer to the exhibit. What is the most appropriate summarization for these routes?
- 10.0.0.0 /21
- 10.0.0.0 /22*
- 10.0.0.0 /23
- 10.0.0.0 /24
I.37. What 8-bit field exists in IP packet for QoS?
- Tos Field*
- DSCP
- IP Precedence
- Cos
- -ANOTHER OPTION-
Note:
+ CoS does not exists in an IP header. It appears in the header of a 802.1Q frame only. CoS is used for QoS on a trunk link.
+ DSCP uses the first 6 bits of the TOS field.
I.38. What feature uses a random time to re-send a frame?
- CSMA/CA
- -ANOTHER OPTION-
- -ANOTHER OPTION-
- CSMA/CD*
I.39. Two hosts are attached to a switch with the default configuration. Which statement about the configuration is true?
- IP routing must be enabled to allow the two hosts to communicate.
- The two hosts are in the same broadcast domain.*
- The switch must be configured with a VLAN to allow the two hosts to communicate.
- Port security prevents the hosts from connecting to the switch.
I.40. If a router has 3 hosts connected in one port and two other hosts connected in another port, how may broadcast domains are present on the router?
- 5
- 2*
- 3
- 4
I.41. What are three parts of an IPv6 global unicast address? (Choose three.)
- an interface ID that is used to identify the local host on the network.*
- an interface ID that is used to identify the local network for a particular host.
- a subnet ID that is used to identify networks inside of the local enterprise site*
- a global routing prefix that is used to identify the network portion of the address that has been provided by an ISP*
- a global routing prefix that is used to identify the portion of the network address provided by a local administrator
+ Global unicast address
+ Link-local address
The global unicast address is globally unique in the Internet. The example IPv6 address that is shown below is a global unicast address.
+ Site prefix (global routing prefix): defines the public topology of your network to a router. You obtain the site prefix for your enterprise from an ISP or Regional Internet Registry (RIR).
+ Site Topology and Subnet ID: the subnet ID defines an administrative subnet of the network and is up to 16 bits in length. You assign a subnet ID as part of IPv6 network configuration. The subnet prefix defines the site topology to a router by specifying the specific link to which the subnet has been assigned
+ Interface ID: identifies an interface of a particular node. An interface ID must be unique within the subnet.
Reference: https://docs.oracle.com/cd/E23823_01/html/816-4554/ipv6-overview-10.html
I.42. You have been asked to come up with a subnet mask that will allow all three web servers to be on the same network while providing the maximum number of subnets. Which network address and subnet mask meet this requirement?
- 192.168.252.0 255.255.255.252
- 192.168.252.8 255.255.255.248*
- 192.168.252.8 255.255.255.252
- 192.168.252.16 255.255.255.240
- 192.168.252.16 255.255.255.252
I.43. DRAG DROP. Drag and drop the IPv6 IP addresses from the left onto the correct IPv6 address types on the right.
Select and Place:
Correct Answer:
I.44. What is the correct routing match to reach 172.16.1.5/32?
- 172.16.1.0/26*
- 172.16.1.0/25
- 172.16.1.0/24
- the default route
I.45. Which layer in the OSI reference model is responsible for determining the availability of the receiving program and checking to see if enough resources exist for that communication?
- transport
- network
- presentation
- session
- application*
I.46. What are the address that will show at the show ip route if we configure the above statements? (Choose Three.)
- 10.0.0.0*
- 10.4.3.0
- 172.15.4.0
- 172.15.0.0*
- 192.168.4.0*
- 192.168.0.0
+ 172.15.4.0 belongs to class B so it will be summarized to 172.15.0.0
+ 10.4.3.0 belongs to class A so it will be summarized to 10.0.0.0
+ 192.168.4.0 belongs to class C so it will be summarized to 192.168.4.0 (same)
I.47. Which feature facilitates the tagging of frames on a specific VLAN?
- Routing
- Hairpinning
- Encapsulation*
- Switching
I.48. What does split horizon prevent?
- routing loops, link state
- routing loops, distance vector*
- switching loops, STP
- switching loops, VTP
I.49. Which IPV6 feature is supported in IPV4 but is not commonly used?
- unicast
- multicast
- anycast*
- broadcast
The basic idea of Anycast is very simple: multiple servers, which share the same IP address, host the same service. The routing infrastructure sends IP packets to the nearest server (according to the metric of the routing protocol used). The major benefits of employing Anycast in IPv4 are improved latency times, server load balancing, and improved security.
Reference: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.116.6367&rep=rep1&type=pdf
I.50. What is the binary pattern of unique ipv6 unique local address?
- 00000000
- 11111100*
- 11111111
- 11111101
Note: IPv6 Unique Local Address is the approximate IPv6 counterpart of the IPv4 private address. It is not routable on the global Internet.
I.51. Describe the best way to troubleshoot and isolate a network problem?
- Create an action plan
- Implement an action plan
- Gather facts*
- others
Step 2 Gather the facts that you need to help isolate possible causes.
Ask questions of affected users, network administrators, managers, and other key people. Collect information from sources such as network management systems, protocol analyzer traces, output from router diagnostic commands, or software release notes.
I.52. In which byte of an IP packet can traffic be marked?
- the QoS byte
- the CoS byte
- the ToS byte*
- the DSCP byte
I.53. What are two benefits of Private IPv4 Addresses? (Choose two.)
- they can be implemented without requiring admin to coordinate with IANA*
- they are managed by IANA
- increase the flexibility of network design
- provide network isloation from the internet*
- they are routable over internet
I.54. How many bits represent network id in a IPv6 address?
- 32
- 48
- 64*
- 128
Each site provides /64 for each LAN -> each site can provide 2(64-48) = 65,536 LAN addresses for use in their private networks.
So each LAN can provide 264 interface addresses for hosts.
-> Global routing information is identified within the first 64-bit prefix.
Now let’s see an example of IPv6 prefix: 2001:0A3C:5437:ABCD::/64:
In this example, the RIR has been assigned a 12-bit prefix. The ISP has been assigned a 32-bit prefix and the site is assigned a 48-bit site ID. The next 16-bit is the subnet field and it can allow 216, or 65536 subnets. This number is redundant for largest corporations on the world!
The 64-bit left (which is not shown the above example) is the Interface ID or host part and it is much more bigger: 64 bits or 264 hosts per subnet! For example, from the prefix 2001:0A3C:5437:ABCD::/64 an administrator can assign an IPv6 address 2001:0A3C:5437:ABCD:218:34EF:AD34:98D to a host.
I.55. What layer of the OSI Model is included in TCP/IP Model’s INTERNET layer?
- Application
- Session
- Data Link
- Presentation
- Network*
I.56. Which two features can dynamically assign IPv6 addresses? (Choose two.)
- IPv6 stateless autoconfiguration*
- DHCP
- NHRP
- IPv6 stateful autoconfiguration*
- ISATAP tunneling
Answer “NHRP” is not correct because it is a protocol used in DMVPN.
Answer “ISATAP tunneling” is not correct because it is an IPv6 transition mechanism to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network.
The two types of autoconfiguration are “stateless” and “stateful.”
Stateful autoconfiguration is the IPv6 equivalent of DHCP. A new protocol, called DHCPv6 (and based closely on DHCP), is used to pass out addressing and service information in the same way that DHCP is used in IPv4. This is called “stateful” because the DHCP server and the client must both maintain state information to keep addresses from conflicting, to handle leases, and to renew addresses over time -> Answer “IPv6 stateful autoconfiguration” is correct.
Stateless Autoconfiguration allows an interface to automatically “lease” an IPv6 address and does not require the establishment of an server to delve out address space. Stateless autoconfiguration allows a host to propose an address which will probably be unique (based on the network prefix and its Ethernet MAC address) and propose its use on the network. Because no server has to approve the use of the address, or pass it out, stateless autoconfiguration is simpler. This is the default mode of operation for most IPv6 systems, including servers. So answer “IPv6 stateless autoconfiguration” is correct too.
I.57. How many usable host are there per subnet if you have the address of 192.168.10.0 with a subnet mask of 255.255.255.240?
- 4
- 8
- 16
- 14*
I.58. Which type of cable must you use to connect two devices with MDI interfaces?
- rolled
- crossover**
- crossed
- straight through
Reference: <a href=”https://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5505guide/ASA5505HIG/pinouts.html” target=”_blank” rel=”noopener noreferrer”>https://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5505guide/ASA5505HIG/pinouts.html</a>
Note: MDI/MDIX is a type of Ethernet port connection using twisted pair cabling.
I.59. Which type of IPv6 address also exists in IPv4 but is barely used?
- unicast
- multicast
- anycast**
- broadcast
I.60. At which layer of the OSI model dose PPP perform?
- Layer 2*
- Layer 3
- Layer 4
- Layer 5
- Layer 1
I.61. Which IPv6 header field is equivalent to the TTL?
- Scan Timer.
- TTD.
- Flow Label.
- Hop Limit.*
- Hop Count.
I.62. Which IP configuration does the CIDR notation 192.168.1.1/25 refer?
- 192.168.1.1 255.255.255.64
- 192.168.1.1 255.255.255.1
- 192.168.1.1 255.255.255.32
- 192.168.1.1 255.255.255.256
- 192.168.1.1 255.255.255.128*
I.63. Which option is the correct CIDR notation for 192.168.0.0 subnet 255.255.255.252?
- 30*
- 31
- 32
- 33
I.64. Which two functions can be performed by a local DNS server? (Choose two.)
- assigning IP addresses to local clients
- copying updated IOS images to Cisco switches
- resolving names locally*
- forwarding name resolution requests to an external DNS server*
- transferring split horizon traffic between zones
I.65. Refer to the exhibit. Which three statements correctly describe Network Device A? (Choose three.)
- With a network wide mask of 255.255.255.128, each interface does not require an IP address.
- With a network wide mask of 255.255.255.128, each interface does require an IP address on a unique IP subnet.*
- With a network wide mask of 255.255.255.0, must be a Layer 2 device for the PCs to communicate with each other.
- With a network wide mask of 255.255.255.0, must be a Layer 3 device for the PCs to communicate with each other.*
- With a network wide mask of 255.255.254.0, each interface does not require an IP address.*
A quick way to find out the correct answers is notice that all 255.255.255.x subnet masks will separate these two IP addresses into two separate subnets so we need a Layer 3 device here and each interface must require an IP address on a unique IP subnet -> A, C are not correct while B, D are correct.
With 255.255.254.0 subnet mask, the increment here is 2 in the third octet -> the first subnet is from 10.1.0.0 to 10.1.1.255, in which two above IP addresses belong to -> each interface of Network device A does not require an IP address -> E is correct.
I.66. Which two tasks does a router perform when it receives a packet that is being forwarded from one network to another? (Choose two.)
- It removes the Layer 2 frame header and trailer*
- It encapsulates the Layer 2 packet
- It removes the Layer 3 frame header and trailer
- It examines the routing table for the best path to the destination IP address of the packet*
- It examines the MAC address table for the forwarding interface
I.67. DRAG DROP. Drag and drop the application protocols from the left onto the transport protocols that is uses on the right.
Select and Place:
Correct Answer:
I.68. Which three encapsulation layers in the OSI model are combined into the TCP/IP application layer? (Choose three)
- Session*
- transport
- presentation*
- application*
- data-link
- network
I.69. When is the most appropriate time to escalate an issue that you troubleshooting?
- A. When you lack the proper to resolve the issue*
- B. When a more urgent issue that requires your intervention is detected
- C. When you have gathered all information about an issue
- D. When you have been unable to resolve the issue after 30 min
Step 2. Resolve or escalate: Problem isolation should eventually uncover the root cause of the problem – that is, the cause which, if fixed, will resolve the problem. In short, resolving the problem means finding the root cause of the problem and fixing that problem. Of course, what do you do if you cannot find the root cause, or fix (resolve) that root cause once found? Escalate the problem. Most companies have a defined escalation process, with different levels of technical support and management support depending on whether the next step requires more technical expertise or management decision making.
Reference: ICND1 100-105 Official Cert Guide
Also from this link: http://www.ciscopress.com/articles/article.asp?p=1578504&seqNum=2
“After you have clearly defined the problem, you have one more step to take before starting the actual troubleshooting process. You must determine whether this problem is your responsibility or if it needs to be escalated to another department or person. For example, assume the reported problem is this: “When user Y tries to access the corporate directory on the company intranet, she gets a message that says permission is denied. She can access all other intranet pages.” You are a network engineer, and you do not have access to the servers. A separate department in your company manages the intranet servers. Therefore, you must know what to do when this type of problem is reported to you as a network problem. You must know whether to start troubleshooting or to escalate it to the server department. It is important that you know which type of problems is your responsibility to act on, what minimal actions you need to take before you escalate a problem, and how you escalate a problem.”
So we can say answer A is the most suitable choice.
I.70. Which address class includes network 191.168.0.1/27?
- Class C
- Class B*
- Class D
- Class A
I.71. Which RFC was created to alleviate the depletion of IPv4 public addresses?
- RFC 4193
- RFC 1519
- RFC 1518 *
- RFC 1918
The RFC 1918 is Address Allocation for Private Internets, which reserves IP addresses for private and internal use. These addresses can be used for networks that do not need to connect to the Internet.
Therefore the RFC 1918 is the best choice to “alleviate the depletion of IPv4 public addresses”.
I.72. Which network topology allows all traffic to flow through a central hub?
- bus
- star*
- mesh
- ring
I.73. Which statement about a router on a stick is true?
- Its date plane router traffic for a single VI AN over two or more switches.
- It uses multiple subinterfaces of a single interface to encapsulate traffic for different VLANs on the same subnet
- It requires the native VLAN to be disabled.
- It uses multiple subinterfaces of a single interface to encapsulate traffic for different VLANs.*
I.74. Which component of the routing table ranks routing protocols according to their preferences?
- administrative distance*
- next hop
- metric
- routing protocol code
I.75. Which two options are the best reasons to use an IPV4 private IP space?(choose two)
- to enable intra-enterprise communication*
- to implement NAT
- to connect applications
- to conserve global address space*
- to manage routing overhead
I.76. Assuming a subnet mask of 255.255.248.0, three of the following addresses are valid host addresses. Which are these addresses? (Choose three.)
- 172.16.9.0*
- 172.16.8.0
- 172.16.31.0*
- 172.16.20.0*
I.77. Which entity assigns IPv6 addresses to end users?
- ICANN
- APNIC
- RIR
- ISPs*
I.78. Which networking Technology is currently recognized as the standard for computer networking?
- System network architecture
- Transmission control protocol/Internet protocol*
- Open system Interconnect
- Open network architecture
I.79. Which two tasks does the Dynamic Host Configuration Protocol perform? (Choose two.)
- Set the IP gateway to be used by the network.
- Perform host discovery used DHCPDISCOVER message.
- Configure IP address parameters from DHCP server to a host.*
- Provide an easy management of layer 3 devices.
- Monitor IP performance using the DHCP server.
- Assign and renew IP address from the default pool.*
The Dynamic Host Configuration Protocol (DHCP) is a network protocol used to configure devices that are connected to a network (known as hosts) so they can communicate on that network using the Internet Protocol (IP). It involves clients and a server operating in a client-server model. DHCP servers assigns IP addresses from a pool of addresses and also assigns other parameters such as DNS and default gateways to hosts.
I.80. Which statement about IPv6 link-local addresses is true ?
- They must be configured on all IPv6 interface*
- They must be globally unique
- They must be manually configured
- They are advertised globally on the network
A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format. Link-local addresses are not necessarily bound to the MAC address (configured in a EUI-64 format). Link-local addresses can also be manually configured in the FE80::/10 format using the “ipv6 address link-local” command.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/113328-ipv6-lla.html
In summary, if you do not configure a link-local on an IPv6 enabled interface, it will automatically use the FE80::/10 and the interface identifier in the modified EUI-64 format to form a link-local address.
I.81. Which header field is new on IPv6?
- Version
- Hop Limit
- Flow Label*
- Traffic Class
The basic idea of Anycast is very simple: multiple servers, which share the same IP address, host the same service. The routing infrastructure sends IP packets to the nearest server (according to the metric of the routing protocol used). The major benefits of employing Anycast in IPv4 are improved latency times, server load balancing, and improved security.
Reference: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.116.6367&rep=rep1&type=pdf
I.82. Which two statements about access points are true? (Choose Two)
- They can provide access within enterprises and to the public.
- in Most cases, they are physically connected to other network devices to provide network connectivity*
- They can protect a network from internal and external threats.
- Most access points provide Wi-Fi and Bluetooth connectivity.*
- They must be hardwired to a modem.
I.83. Which two statements describe characteristics of IPv6 unicast addressing? (Choose two.)
- Global addresses start with 2000::/3.*
- Link-local addresses start with FE00:/12.
- Link-local addresses start with FF00::/10.
- There is only one loopback address and it is ::1.*
- If a global address is assigned to an interface, then that is the only allowable address for the interface.
| Loopback address | ::1 |
| Link-local address | FE80::/10 |
| Site-local address | FEC0::/10 |
| Global address | 2000::/3 |
| Multicast address | FF00::/8 |
From the above table, we learn that A and D are correct while B and C are incorrect. Notice that the IPv6 unicast loopback address is equivalent to the IPv4 loopback address, 127.0.0.1. The IPv6 loopback address is 0:0:0:0:0:0:0:1, or ::1.
E is not correct because of anycast addresses which are indistinguishable from normal unicast addresses. You can think of anycast addresses like this: “send it to nearest one which have this address”. An anycast address can be assigned to many interfaces and the first interface receives the packet destined for this anycast address will proceed the packet. A benefit of anycast addressing is the capability to share load to multiple hosts. An example of this benefit is if you are a Television provider with multiple servers and you want your users to use the nearest server to them then you can use anycast addressing for your servers. When the user initiates a connection to the anycast address, the packet will be routed to the nearest server (the user does not have to specify which server they want to use).
I.84. Which three statements about IPv6 address fd14:920b:f83d:4079::/64 are true? (Choose two)
- A. The subnet ID is 14920bf83d
- B. The subnet ID is 4079*
- C. The global ID is 14920bf83d
- D. The address is a link-local address
- E. The global ID is 4079
- F. The address is a unique local address*
In this example, the RIR has been assigned a 12-bit prefix. The ISP has been assigned a 32-bit prefix and the site is assigned a 48-bit site ID. The next 16-bit is the subnet field and it can allow 216, or 65536 subnets. This number is redundant for largest corporations on the world!
The 64-bit left (which is not shown the above example) is the Interface ID or host part and it is much more bigger: 64 bits or 264 hosts per subnet!
Therefore in this question 4079 is the subnet ID. The FD14 prefix belongs to FC00::/7 which is an IPv6 Unique Local Address (The address block fc00::/7 is divided into two /8 groups which are FC00::/8 & FD00::/8)
I.85. Which tunneling mechanism embeds an IPv4 address within an IPv6 address?
- Teredo
- 6to4*
- 4to6
- GRE
- ISATAP
I.86. Which of the following statements describe the network shown in the graphic? (Choose two.)
- There are two broadcast domains in the network.*
- There are four broadcast domains in the network.
- There are six broadcast domains in the network.
- There are four collision domains in the network.
- There are five collision domains in the network.
- There are seven collision domains in the network.*
Both router and switch can break up collision domains so there is only 1 collision domain on the left of the router (because hub doesn’t break up collision domain) and there are 6 collision domains on the right of the router (1 collision domain from e1 interface to the switch + 5 collision domains for 5 PCs in Production) -> F is correct.
I.87. Which protocol does ipv6 use to discover other ipv6 nodes on the same segment?
- CLNS
- TCPv6
- NHRP
- NDP
- ARP**
I.88. What is the most efficient subnet mask for a point to point ipv6 connection?
- /127*
- /128
- /64
- /48
- /32
Reference: https://tools.ietf.org/html/rfc6164
I.89. What are three features of the IPV6 protocol?(choose three)
- complicated header
- plug-and-play*
- no broadcasts*
- checksums
- optional IPsec
- autoconfiguration**
I.90. Where does routing occur within the DoD TCP/IP reference model?
- application
- internet*
- network
- transport
I.91. Which address block identifies all link-local addresses?
- FC00::/7
- FC00::/8
- FE80::/10*
- FF00::/8
I.92. For which two reasons was RFC 1918 address space define (Choose two)
- to preserve public IPv4 address space*
- to reduce the occurrence of overlapping IP addresses*
- to preserve public IPv6 address space
- reduce the size of ISP routing tables
- to support the NAT protocol
The problems were:
+ With the classful routing system, individual networks were either limited to 254 hosts (/24) or 65,534 hosts (/16). For many network enterprises, 254 hosts were not enough and 65,534 were too large to be used efficiently.
+ Routing information overload. The size and rate of growth of the routing tables in Internet routers is beyond the ability of current software (and people) to effectively manage.
+ Eventual exhaustion of IP network numbers.
To solve these problem, CIDR was selected as the solution in 1992.
In contrast to classful routing, which categorizes addresses into one of three blocks, CIDR allows for blocks of IP addresses to be allocated to Internet service providers. The blocks are then split up and assigned to the provider’s customers.
According to the CIDR standard, the first part of an IP address is a prefix, which identifies the network. The prefix is followed by the host identifier so that information packets can be sent to particular computers within the network. A CIDR address includes the standard 32-bit IP address and also the network prefix. For example, a CIDR address of 200.1.45.2/26, the “/26” indicates the first 26 bits are used to identify the unique network, leaving the remaining bits to identify the specific hosts.
Therefore, instead of assigning the whole block of a class B or C address, now smaller blocks of a class can be assigned. For example, instead of assigning a whole block of 200.1.45.0/24, a smaller block, like 200.1.45.0/27 or 200.1.45.32/27, can be assigned.
I.93. In which two circumstances are private IPv4 addresses appropriate? (Choose two)
- on internal hosts that stream data solely to external resources
- on hosts that communicates only with other internal hosts*
- on the public-facing interface of a firewall
- on hosts that require minimal access to external resources*
- to allow hosts inside an enterprise to communicate in both directions with hosts outside the enterprise
I.94. DRAG DROP. Drag and drop the IEEE standard cable names from the left onto the correct cable types on the right.
Select and Place:
Correct Answer:
I.95. Which major IPv6 address type is supported in IPv4 but rarely used?
- Broadcast
- Anycast*
- Unicast
- Multicast
I.96. Refer to the exhibit, you determine that Computer A cannot ping Computer. Which reason for the problem is most likely true?
- The Subnet mask for Computer A is incorrect.*
- The default gateway address for Computer A is incorrect.
- The subnet mask for computer B is incorrect.
- The default gateway address for computer B is incorrect.
I.97. Which option is a valid IPv6 address?
- 2001:0000:130F::099a::12a
- 2002:7654:A1AD:61:81AF:CCC1
- FEC0:2927:1860:W067::2A4
- 2004:1:25A4:886F::1*
I.98. Refer to the exhibit. A new subnet with 60 hosts has been added to the network. Which subnet address should this network use to provide enough usable addresses while wasting the fewest addresses?
- 192.168.1.56/27
- 192.168.1.64/26*
- 192.168.1.64/27
- 192.168.1.56/26
I.99. DRAG DROP. A user is unable to connect to the Internet. Based on the layered approach to troubleshooting and beginning with the lowest layer, drag each procedure on the left to its proper category on the right.
Select and Place:
Correct Answer:
I.100. Refer to the exhibit. Which subnet mask will place all hosts on Network B in the same subnet with the least amount of wasted addresses?
- 255.255.255.0
- 255.255.254.0*
- 255.255.252.0
- 255.255.248.0
I.101. Which two are features of IPv6?(choose two)
- multicast*
- broadcast
- allcast
- podcast
- anycast*
unicast addressing, anycast addressing, and multicast addressing.
I.102. Given an IP address 172.16.28.252 with a subnet mask of 255.255.240.0, what is the correct network address?
- 172.16.16.0*
- 172.16.0.0
- 172.16.24.0
- 172.16.28.0
the broadcast IP address is 172.16.31.255.
I.103. Which IPv6 address is the equivalent of the IPv4 interface loopback address 127.0.0.1?
- ::1*
- ::
- 2000::/3
- 0::/10
In IPv6 the loopback address is written as,
This is a 128bit number, with the first 127 bits being ‘0’ and the 128th bit being ‘1’. It’s just a single address, so
could also be written as ::1/128.
I.104. You are working in a data center environment and are assigned the address range 10.188.31.0/23. You are asked to develop an IP addressing plan to allow the maximum number of subnets with as many as 30 hosts each. Which IP address range meets these requirements?
- 10.188.31.0/26
- 10.188.31.0/25
- 10.188.31.0/25
- 10.188.31.0/27*
- 10.188.31.0/29
question requires the maximum number of subnets (which minimum the number of hosts- per-subnet) so /27
is the best choice -> .
I.105. A network administrator is verifying the configuration of a newly installed host by establishing an FTP connection to a remote server. What is the highest layer of the protocol stack that the network administrator is using for this operation?
- application*
- presentation
- session
- transport
- internet
- data link
I.106. A receiving host computes the checksum on a frame and determines that the frame is damaged. The frame is then discarded. At which OSI layer did this happen?
- session
- transport
- network
- data link*
- physical
I.107. Which two statements correctly describe steps in the OSI data encapsulation process? (Choose two.)
- The transport layer divides a data stream into segments and may add reliability and flow control information.*
- The data link layer adds physical source and destination addresses and an FCS to the segment.
- Packets are created when the network layer encapsulates a frame with source and destination host addresses and protocol-related control information.
- Packets are created when the network layer adds Layer 3 addresses and control information to a segment.*
- The presentation layer translates bits into voltages for transmission across the physical link.
This includes the control and management of multiple bidirectional messages so that the application can be notified if only some of a series of messages are completed. This allows the presentation layer to have a seamless view of an incoming stream of data. The presentation layer can be presented with data if all flows occur in some cases. Examples include. RPC, SQL, NFS, NetBios names, AppleTalk ASP, and DECnet SCP The Transport Layer (Layer 4) defines several functions, including the choice of protocols. The most important Layer 4 functions are error recovery and flow control. The transport layer may provide for retransmission, i.e., error recovery, and may use flow control to prevent unnecessary congestion by attempting to send data at a rate that the network can accommodate, or it might not, depending on the choice of protocols. Multiplexing of incoming data for different flows to applications on the same host is also performed. Reordering of the incoming data stream when packets arrive out of order is included. Examples include. TCP, UDP, and SPX.
The Network Layer (Layer 3) defines end-to-end delivery of packets and defines logical addressing to accomplish this. It also defines how routing works and how routes are learned; and how to fragment a packet into smaller packets to accommodate media with smaller maximum transmission unit sizes. Examples include. IP, IPX, AppleTalk DDP, and ICMP. Both IP and IPX define logical addressing, routing, the learning of routing information, and end-to-end delivery rules. The IP and IPX protocols most closely match the OSI network layer (Layer 3) and are called Layer 3 protocols because their functions most closely match OSI’s Layer 3. The Data Link Layer (Layer 2) is concerned with getting data across one particular link or medium. The data link protocols define delivery across an individual link. These protocols are necessarily concerned with the type of media in use. Examples includE. IEEE 802.3/802.2, HDLC, Frame Relay, PPP, FDDI, ATM,and IEEE 802.5/802.2.
I.108. Refer to the graphic. Host A is communicating with the server. What will be the source MAC address of the frames received by Host A from the server?
- the MAC address of router interface e0*
- the MAC address of router interface e1
- the MAC address of the server network interface
- the MAC address of host A
1. Check the incoming packet for corruption, and remove the MAC header. The router checks the packet for MAC-layer errors. The router then strips off the MAC header and examines the network- layer header to determine what to do with the packet.
2. Examine the age of the packet. The router must ensure that the packet has not come too far to be forwarded. For example, IPX headers contain a hop count. By default, 15 hops is the maximum number of hops (or routers) that a packet can cross. If a packet has a hop count of 15, the router discards the packet. IP headers contain a Time to Live (TTL) value. Unlike the IPX hop count, which increments as the packet is forwarded through each router, the IP TTL value decrements as the IP packet is forwarded through each router. If an IP packet has a TTL value of 1, the router discards the packet. A router cannot decrement the TTL value to 1 and then forward the packet.
3. Determine the route to the destination. Routers maintain a routing table that lists available networks, thedirection to the desired network (the outgoing interface number), and the distance to those networks. After determining which direction to forward the packet, the router must build a new header. (If you want to read the IP routing tables on a Windows 95/98 workstation, type ROUTE PRINT in the DOS box.)
4. Build the new MAC header and forward the packet. Finally, the router builds a new MAC header for the packet. The MAC header includes the router’s MAC address and the final destination’s MAC address or the MAC address of the next router in the path.
I.109. Refer to exhibit: Which destination addresses will be used by Host A to send data to Host C? (Choose two.)
- the IP address of Switch 1
- the MAC address of Switch 1
- the IP address of Host C*
- the MAC address of Host C
- the IP address of the router’s E0 interface
- the MAC address of the router’s E0 interface*
I.110. At which layer of the OSI model is RSTP used to prevent loops?
- physical
- data link*
- network
- transport
I.111. What does a Layer 2 switch use to decide where to forward a received frame?
- source MAC address
- source IP address
- source switch port
- destination IP address
- destination port address
- destination MAC address*
I.112. Based on the network shown in the graphic. Which option contains both the potential networking problem and the protocol or setting that should be used to prevent the problem?
- routing loops, hold down timers
- switching loops, split horizon
- routing loops, split horizon
- switching loops, VTP
- routing loops, STP
- switching loops, STP*
I.113. Refer to the exhibit. The network administrator normally establishes a Telnet session with the switch from host A. However, host A is unavailable. The administrator’s attempt to telnet to the switch from host fails, but pings to the other two hosts are successful. What is the issue?
- The switch interfaces need the appropriate IP addresses assigned.
- Host and the switch need to be in the same subnet.
- The switch needs an appropriate default gateway assigned.*
- The switch interface connected to the router is down.
- Host needs to be assigned an IP address in VLAN 1.
But host B (172.19.32.2) and the management IP address of the Switch (172.19.1.250) are not in the same subnet. Therefore packets from host B must reach the router Fa0/0.32 interface before forwarding to the switch. But when the switch replies, it does not know how to send packets so an appropriate default gateway must be assigned on the switch (to Fa0/0.32 – 172.19.32.254).
Answer A is not correct because even when host B & the switch are in the same subnet, they cannot communicate because of different VLANs.
Answer C is not correct as host B can ping other two hosts.
Answer D is not correct because host B always belongs to VLAN 32 so assigning an IP address in VLAN 1 does not solve the problem.
I.114. What is the alternative notation for the IPv6 address B514:82C3:0000:0000:0029:EC7A:0000:EC72?
- B514 : 82C3 : 0029 : EC7A : EC72
- B514 : 82C3 :: 0029 : EC7A : EC72
- B514 : 82C3 : 0029 :: EC7A : 0000 : EC72
- B514 : 82C3 :: 0029 : EC7A : 0 : EC72*
I.115. Refer to the diagram. All hosts have connectivity with one another. Which statements describe the addressing scheme that is in use in the network? (Choose three.)
- The subnet mask in use is 255.255.255.192
- The subnet mask in use is 255.255.255.128*
- The IP address 172.16.1.25 can be assigned to hosts in VLAN1*
- The IP address 172.16.1.205 can be assigned to hosts in VLAN1
- The LAN interface of the router is configured with one IP address.
- The LAN interface of the router is configured with multiple IP addresses.*
The IP address 172.16.1.25 can be assigned to hosts in VLAN1: The usable host range in this subnet is 172.16.1.1-172.16.1.126
The LAN interface of the router is configured with multiple IP addresses: The router will need 2 subinterfaces for the single physical interface, one with an IP address that belongs in each VLAN.
I.116. The network administrator has been asked to give reasons for moving from IPv4 to IPv6. What are two valid reasons for adopting IPv6 over IPv4? (Choose two.)
- no broadcast*
- change of source address in the IPv6 header
- change of destination address in the IPv6 header
- Telnet access does not require a password
- autoconfiguration*
- NAT
I.117. An administrator must assign static IP addresses to the servers in a network. For network 192.168.20.24/29, the router is assigned the first usable host address while the sales server is given the last usable host address. Which of the following should be entered into the IP properties box for the sales server?
Correct Answer: C
sales server).
I.118. Which subnet mask would be appropriate for a network address range to be subnetted for up to eight LANs, with each LAN containing 5 to 26 hosts?
- 0.0.0.240
- 255.255.255.252
- 255.255.255.0
- 255.255.255.224*
- 255.255.255.240
(30 usable).
I.119. How many bits are contained in each field of an IPv6 address?
- 24
- 4
- 8
- 16*
I.120. What are three approaches that are used when migrating from an IPv4 addressing scheme to an IPv6 scheme. (Choose three.)
- enable dual-stack routing*
- configure IPv6 directly
- configure IPv4 tunnels between IPv6 islands*
- use proxying and translation to translate IPv6 packets into IPv4 packets*
- statically map IPv4 addresses to IPv6 addresses
- use DHCPv6 to map IPv4 addresses to IPv6 addresses
I.121. Refer to the exhibit. In this VLSM addressing scheme, what summary address would be sent from router A?
- 172.16.0.0 /16*
- 172.16.0.0 /20
- 172.16.0.0 /24
- 172.32.0.0 /16
- 172.32.0.0 /17
- 172.64.0.0 /16
I.122. How is an EUI-64 format interface ID created from a 48-bit MAC address?
- by appending 0xFF to the MAC address
- by prefixing the MAC address with 0xFFEE
- by prefixing the MAC address with 0xFF and appending 0xFF to it
- by inserting 0xFFFE between the upper three bytes and the lower three bytes of the MAC address*
- by prefixing the MAC address with 0xF and inserting 0xF after each of its first three bytes
I.123. Refer to the exhibit. What is the most efficient summarization that R1 can use to advertise its networks to R2?
- 172.1.0.0/24
- 172.1.2.0/21
- 172.1.4.0/22*
I.124. Which three are characteristics of an IPv6 anycast address? (Choose three.)
- one-to-many communication model
- one-to-nearest communication model
- any-to-many communication model
- a unique IPv6 address for each device in the group
- the same address for multiple devices in the group*
- delivery of packets to the group interface that is closest to the sending device*
I.125. A national retail chain needs to design an IP addressing scheme to support a nationwide network. The company needs a minimum of 300 sub-networks and a maximum of 50 host addresses per subnet. Working with only one Class B address, which of the following subnet masks will support an appropriate addressing scheme? (Choose two.)
- 255.255.255.0
- 255.255.255.128*
- 255.255.252.0
- 255.255.255.224
- 255.255.255.192*
- 255.255.248.0
I.126. Refer to the exhibit. A network administrator is adding two new hosts to Switch A . Which three values could be used for the configuration of these hosts? (Choose three.)
- host A IP address: 192.168.1.79*
- host A IP address: 192.168.1.64
- host A default gateway: 192.168.1.78*
- host B IP address: 192.168.1.128
- host B default gateway: 192.168.1.129
- host B IP address: 192.168.1.190*
I.127. Which IPv6 address is the all-router multicast group?
- FF02::1
- FF02::2*
- FF02::3
- FF02::4
Address
Description
ff02::1
All nodes on the local network segment
ff02::2
All routers on the local network segment
I.128. Refer to the exhibit. Which address range efficiently summarizes the routing table of the addresses for router Main?
- 172.16.0.0./21
- 172.16.0.0./20*
- 172.16.0.0./16
- 172.16.0.0/18
I.129. Which IPv6 address is valid?
- 2001:0db8:0000:130F:0000:0000:08GC:140B
- 2001:0db8:0:130H::87C:140B
- 2031::130F::9C0:876A:130B
- 2031:0:130F::9C0:876A:130B*
I.130. Which command can you use to manually assign a static IPv6 address to a router interface?
- ipv6 autoconfig 2001:db8:2222:7272::72/64
- ipv6 address 2001:db8:2222:7272::72/64*
- ipv6 address PREFIX_1 ::1/64
- ipv6 autoconfig
wish to use.
I.131. Which of these represents an IPv6 link-local address?
- FE80::380e:611a:e14f:3d69*
- FE81::280f:512b:e14f:3d69
- FEFE:0345:5f1b::e14d:3d69
- FE08::280e:611:a:f14f:3d69
I.132. Refer to the exhibit. What is the meaning of the output MTU 1500 bytes?
- The maximum number of bytes that can traverse this interface per second is 1500.
- The minimum segment size that can traverse this interface is 1500 bytes.
- The maximum segment size that can traverse this interface is 1500 bytes.
- The minimum packet size that can traverse this interface is 1500 bytes.
- The maximum packet size that can traverse this interface is 1500 bytes.*
- The maximum frame size that can traverse this interface is 1500 bytes.
pass onwards.
I.133. On a corporate network, hosts on the same VLAN can communicate with each other, but they are unable to communicate with hosts on different VLANs. What is needed to allow communication between the VLANs?
- a router with subinterfaces configured on the physical interface that is connected to the switch*
- a router with an IP address on the physical interface connected to the switch
- a switch with an access link that is configured between the switches
- a switch with a trunk link that is configured between the switches
When using VLANs in networks that have multiple interconnected switches, you need to use VLAN trunking between the switches. With VLAN trunking, the switches tag each frame sent between switches so that the receiving switch knows to what VLAN the frame belongs. End user devices connect to switch ports that provide simple connectivity to a single VLAN each.
The attached devices are unaware of any VLAN structure. By default, only hosts that are members of the same VLAN can communicate. To change this and allow interVLAN communication, you need a router or a layer 3 switch. Here is the example of configuring the router for inter-vlan communication RouterA(config)#int f0/0.1 RouterA(config-subif)#encapsulation ? dot1Q IEEE 802.1Q Virtual LAN RouterA(config-subif)#encapsulation dot1Q or isl VLAN ID RouterA(config-subif)# ip address x.x.x.x y.y.y.y
I.134. Refer to the exhibit. Users on the 172.17.22.0 network cannot reach the server located on the 172.31.5.0 network. The network administrator connected to router Coffee via the console port, issued the show ip route command, and was able to ping the server. Based on the output of the show ip route command and the topology shown in the graphic, what is the cause of the failure?
- The network has not fully converged.
- IP routing is not enabled.
- A static route is configured incorrectly.*
- The FastEthernet interface on Coffee is disabled.
- The neighbor relationship table is not correctly updated.
- The routing table on Coffee has not updated.
I.135. Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true? (Choose two.)
- Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.*
- Router C will use ICMP to inform Router B that Host 2 cannot be reached.
- Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached.
- Router C will send a Destination Unreachable message type.*
- Router C will send a Router Selection message type.
- Router C will send a Source Quench message type.
packets to inform Host 1 that Host 2 cannot be reached.
I.136. Refer to the exhibit. A network technician is asked to design a small network with redundancy. The exhibit represents this design, with all hosts configured in the same VLAN. What conclusions can be made about this design?
- The design will function as intended
- Spanning-tree will need to be used
- The router will not accept the addressing scheme*
- The connection between switches should be a trunk.
- The router interfaces must be encapsulated with the 802.1Q protocol.
I.137. In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN?
- during high traffic periods
- after broken links are re-established
- when upper-layer protocols require high reliability
- in an improperly implemented redundant topology*
- when a dual ring topology is in use
I.138. The network shown in the diagram is experiencing connectivity problems. Which of the following will correct the problems? (Choose two.)
- Configure the gateway on Host A as 10.1.1.1
- Configure the gateway on Host B as 10.1.2.254*
- Configure the IP address of Host A as 10.1.2.2
- Configure the IP address of Host B as 10.1.2.2*
- Configure the masks on both hosts to be 255.255.255.224
- Configure the masks on both hosts to be 255.255.255.240
The switch 1 is configured with two VLANs: VLAN1 and VLAN2. The IP information of member Host A in VLAN1 is as follows:
Address : 10.1.1.126
Mask : 255.255.255.0
Gateway : 10.1.1.254
The IP information of member Host B in VLAN2 is as follows:
Address : 10.1.1.12
Mask : 255.255.255.0
Gateway : 10.1.1.254
The configuration of sub-interface on router 2 is as follows:
Fa0/0.1 — 10.1.1.254/24 VLAN1
Fa0/0.2 — 10.1.2.254/24 VLAN2
It is obvious that the configurations of the gateways of members in VLAN2 and the associated network segments are wrong. The layer3 addressing information of Host B should be modified as follows:
Address : 10.1.2.X
Mask : 255.255.255.0
I.139. Refer to the exhibit. A problem with network connectivity has been observed. It is suspected that the cable connected to switch port Fa0/9 on Switch1 is disconnected. What would be an effect of this cable being disconnected?
- Host B would not be able to access the server in VLAN9 until the cable is reconnected.
- Communication between VLAN3 and the other VLANs would be disabled.
- The transfer of files from Host B to the server in VLAN9 would be significantly slower.
- For less than a minute, Host B would not be able to access the server in VLAN9. Then normal network function would resume.*
I.140. Refer to the exhibit. HostA cannot ping HostB. Assuming routing is properly configured, what is the cause of this problem?
- HostA is not on the same subnet as its default gateway.
- The address of SwitchA is a subnet address.
- The Fa0/0 interface on RouterA is on a subnet that can’t be used.
- The serial interfaces of the routers are not on the same subnet.*
- The Fa0/0 interface on RouterB is using a broadcast address.
For the network 192.168.1.62/27:
Increment: 32
Network address: 192.168.1.32
Broadcast address: 192.168.1.63
For the network 192.168.1.65/27:
Increment: 32
Network address: 192.168.1.64
Broadcast address: 192.168.1.95
-> These two IP addresses don’t belong to the same network and they can’t see each other
I.141. Refer to the exhibit. The two connected ports on the switch are not turning orange or green. What would be the most effective steps to troubleshoot this physical layer problem? (Choose three.)
- Ensure that the Ethernet encapsulations match on the interconnected router and switch ports.
- Ensure that cables A and B are straight-through cables.*
- Ensure cable A is plugged into a trunk port.
- Ensure the switch has power.*
- Reboot all of the devices.
- Reseat all cables.*
I.142. Refer to the exhibit. A network administrator attempts to ping Host2 from Host1 and receives the results that are shown. What is the problem?
- The link between Host1 and Switch1 is down.
- TCP/IP is not functioning on Host1
- The link between Router1 and Router2 is down.*
- The default gateway on Host1 is incorrect.
- Interface Fa0/0 on Router1 is shutdown.
- The link between Switch1 and Router1 is down.
I.143. Refer to the exhibit. Hosts in network 192.168.2.0 are unable to reach hosts in network 192.168.3.0. Based on the output from RouterA, what are two possible reasons for the failure? (Choose two.)
- The cable that is connected to S0/0 on RouterA is faulty.
- Interface S0/0 on RouterB is administratively down.
- Interface S0/0 on RouterA is configured with an incorrect subnet mask.
- The IP address that is configured on S0/0 of RouterB is not in the correct subnet.
- Interface S0/0 on RouterA is not receiving a clock signal from the CSU/DSU.*
- The encapsulation that is configured on S0/0 of RouterB does not match the encapsulation that is configured on S0/0 of RouterA*
I.144. Refer to the exhibit. An administrator pings the default gateway at 10.10.10.1 and sees the output as shown. At which OSI layer is the problem?
- data link layer
- application layer
- access layer
- session layer
- network layer*
between host and router. The command ping is often used to verify the network connectivity, so it works at the
network layer.
I.145. Refer to the exhibit. What will Router1 do when it receives the data frame shown? (Choose three.)
- Router1 will strip off the source MAC address and replace it with the MAC address 0000.0c36.6965.*
- Router1 will strip off the source IP address and replace it with the IP address 192.168.40.1.
- Router1 will strip off the destination MAC address and replace it with the MAC address 0000.0c07.4320.*
- Router1 will strip off the destination IP address and replace it with the IP address of 192.168.40.1.
- Router1 will forward the data packet out interface FastEthernet0/1.
- Router1 will forward the data packet out interface FastEthernet0/2.*
I.146. Refer to the exhibit. Host A pings interface S0/0 on router 3. What is the TTL value for that ping?
- 252
- 253*
- 254
- 255
I.147. Which of the following describes the roles of devices in a WAN? (Choose three.)
- A CSU/DSU terminates a digital local loop.*
- A modem terminates a digital local loop.
- A CSU/DSU terminates an analog local loop.
- A modem terminates an analog local loop.*
- A router is commonly considered a DTE device.*
- A router is commonly considered a DCE device.
A modem modulates outgoing digital signals from a computer or other digital device to analog signals for a conventional copper twisted pair telephone line and demodulates the incoming analog signal and converts it to a digital signal for the digital device. A CSU/DSU is used between two digital lines -> A & D are correct but B & C are not correct.
For more explanation of answer D, in telephony the local loop (also referred to as a subscriber line) is the physical link or circuit that connects from the demarcation point of the customer premises to the edge of the carrier or telecommunications service provider’s network. Therefore a modem terminates an analog local loop is correct.
I.148. The network administrator is asked to configure 113 point-to-point links. Which IP addressing scheme defines the address range and subnet mask that meet the requirement and waste the fewest subnet and host addresses?
- 10.10.0.0/16 subnetted with mask 255.255.255.252
- 10.10.0.0/18 subnetted with mask 255.255.255.252
- 10.10.1.0/24 subnetted with mask 255.255.255.252
- 10.10.0.0/23 subnetted with mask 255.255.255.252*
- 10.10.1.0/25 subnetted with mask 255.255.255.252
2^7 = 128).
The network used for point-to-point connection should be /30.
So our initial network should be 30 ?7 = 23.
So 10.10.0.0/23 is the correct answer.
You can understand it more clearly when writing it in binary form:
/23 = 1111 1111.1111 1110.0000 0000
/30 = 1111 1111.1111 1111.1111 1100 (borrow 7 bits)
I.149. Which of the following IP addresses fall into the CIDR block of 115.64.4.0/22? (Choose three.)
- 115.64.8.32
- 115.64.7.64*
- 115.64.6.255*
- 115.64.3.255
- 115.64.5.128*
- 115.64.12.128
I.150. Which of the following are types of flow control? (Choose three.)
- buffering*
- cut-through
- windowing*
- congestion avoidance*
- load balancing
I.151. Which additional configuration step is necessary in order to connect to an access point that has SSID broadcasting disabled?
- Set the SSID value in the client software to public.
- Configure open authentication on the AP and the client.
- Set the SSID value on the client to the SSID configured on the AP.*
- Configured MAC address filtering to permit the client to connect to the AP.
I.152. What is one reason that WPA encryption is preferred over WEP?
- A WPA key is longer and requires more special characters than the WEP key.
- The access point and the client are manually configured with different WPA key values.
- WPA key values remain the same until the client configuration is changed.
- The values of WPA keys can change dynamically while the system is used.*
I.153. As a CCNA candidate, you must have a firm understanding of the IPv6 address structure. Refer to IPv6 address, could you tell me how many bits are included in each filed?
- 24
- 4
- 3
- 16*
I.154. While troubleshooting a connectivity issue from a PC you obtain the following information:
What is the underlying cause of this problem?
- A remote physical layer problem exists.
- The host NIC is not functioning.
- TCP/IP has not been correctly installed on the host.
- A local physical layer problem exists.*
I.155. Which name describes an IPV6 host-enable tunneling technique that uses IPV4 UDP,does not require dedicated gateway tunnels,and can pass through existing IPV4 NAT gateways?
- dual stack
- dynamic
- Teredo*
- Manual 6to4
I.156. What are two advantages of Layer 2 Ethernet switches over hubs? (Choose two.)
- decreasing the number of collision domains
- filtering frames based on MAC addresses*
- allowing simultaneous frame transmissions*
- increasing the size of broadcast domains
- increasing the maximum length of UTP cabling between devices
I.157. What are two security appliances that can be installed in a network? (Choose two.)
- ATM
- IDS*
- IOS
- IOX
- IPS*
- SDM
I.158. A network administrator is planning a network installation for a large organization. The design requires 100 separate subnetworks, so the company has acquired a Class B network address. What subnet mask will provide the 100 subnetworks required, if 500 usable host addresses are required per subnet?
- 255.255.240.0
- 255.255.248.0
- 255.255.252.0
- 255.255.254.0*
- 255.255.255.0
- 255.255.255.192
I.159. Which of the following services use UDP? (Choose three.)
- Telnet
- TFTP*
- SNMP*
- DNS*
- SMTP
- HTTP
I.160. Which technology allows a large number of private IP addresses to be represented by a smaller number of public IP addresses?
- NAT*
- NTP
- RFC 1631
- RFC 1918
I.161. What are three broadband wireless technologies? (Choose three)
- A. WiMax*
- B. satellite Internet*
- C. municipal Wi-Fi*
- D. site-to-site VPN
- E. DSLAM
- F. CMTS
Satellite Internet provides Internet access via satellite. It is a form of wireless broadband technology. But it is usually slower than DSL and cable modem.
Municipal wireless network is a city-wide wireless network. This is usually done by providing municipal broadband via Wi-Fi to large parts or all of a municipal area by deploying a wireless mesh network. The typical deployment design uses hundreds of wireless access points deployed outdoors, often on poles.
DSLAM (Digital Subscriber Line Access Multiplexer) is a network device, usually at a telephone company central office, that receives signals from multiple customer Digital Subscriber Line (DSL) connections and puts the signals on a high-speed backbone line using multiplexing techniques. It is a cable technology, not a wireless technology.
Cable Modem Termination Systems (CMTS) is a piece of equipment, typically located in a cable company’s headend or hubsite, which is used to provide high speed data services, such as cable Internet or Voice over Internet Protocol, to cable subscribers. It is a cable technology, not a wireless technology.
I.162. In which three ways is an IPv6 header simpler than an IPv4 header? (Choose three)
- A. Unlike IPv4 headers, IPv6 headers have a fixed length.*
- B. IPv6 uses an extension header instead of the IPv4 Fragmentation field.*
- C. IPv6 headers eliminate the IPv4 Checksum field.*
- D. IPv6 headers use the Fragment Offset field in place of the IPv4 Fragmentation field.
- E. IPv6 headers use a smaller Option field size than IPv4 headers.
- F. IPv6 headers use a 4-bit TTL field, and IPv4 headers use an 8-bit TTL field.
IPv6 Header fields
IPv6 eliminates the Header Checksum field, which handles error checking in IPv4. IPv6 depends on reliable transmission in the data link protocols and on error checking in upper-layer protocols instead -> Answer C is correct.
While IPv4 header’s total length comprises a minimum of 20 octets (8 bits per octet), IPv6 header has only 8 fields with a fixed length of 40 octets -> Answer A is correct.
| IPv4 header does not have a fixed length because of the Options fields. This field is used to convey additional information on the packet or on the way it should be processed. Routers, unless instructed otherwise, must process the Options in the IPv4 header. The processing of most header options pushes the packet into the slow path leading to a forwarding performance hit. |
IPv4 Options perform a very important role in the IP protocol operation therefore the capability had to be preserved in IPv6. However, the impact of IPv4 Options on performance was taken into consideration in the development of IPv6. The functionality of Options is removed from the main header and implemented through a set of additional headers called extension headers. The “Next Header” field in IPv6 can be used to point to the extension headers.
Reference: http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html
I.163. Which type of address is the public IP address of a NAT device?
- outside public
- inside local
- inside global*
- inside public
- outside global
- outside local
* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.
I.164. Which command can you enter to display the hits counter for NAT traffic?
- A. show ip nat statistics*
- B. debug ip nat
- C. show ip debug nat
- D. clear ip nat statistics
I.165. What is the first step in the NAT configuration process?
- Define inside and outside interfaces*
- Define public and private IP addresses
- Define IP address pools
- Define global and local interfaces
I.166. What is the best way to verify that a host has a path to other hosts in different networks?
- A. Ping the loopback address.
- B. Ping the default gateway.
- C. Ping the local interface address.
- D. Ping the remote network.*
Ping is a tool that helps to verify IP-level connectivity; PathPing is a tool that detects packet loss over multiple-hop trips. When troubleshooting, the ping command is used to send an ICMP Echo Request to a target host name or IP address. Use Ping whenever you want to verify that a host computer can send IP packets to a destination host. You can also use the Ping tool to isolate network hardware problems and incompatible configurations.
If you call ipconfig /all and receive a response, there is no need to ping the loopback address and your own IP address — Ipconfig has already done so in order to generate the report. It is best to verify that a route exists between the local computer and a network host by first using ping and the IP address of the network host to which you want to connect. The command syntax is: ping < IP address > Perform the following steps when using Ping: Ping the loopback address to verify that TCP/IP is installed and configured correctly on the local computer. ping 127.0.0.1 If the loopback step fails, the IP stack is not responding. This might be because the TCP drivers are corrupted, the network adapter might not be working, or another service is interfering with IP. Ping the IP address of the local computer to verify that it was added to the network correctly.
Note that if the routing table is correct, this simply forwards the packet to the loopback address of 127.0.0.1. ping < IP address of local host > Ping the IP address of the default gateway to verify that the default gateway is functioning and that you can communicate with a local host on the local network. ping < IP address of default gateway > Ping the IP address of a remote host to verify that you can communicate through a router. ping < IP address of remote host > Ping the host name of a remote host to verify that you can resolve a remote host name. ping < Host name of remote host > Run a PathPing analysis to a remote host to verify that the routers on the way to the destination are operating correctly. pathping < IP address of remote host >
I.167. If host Z needs to send data through router R1 to a storage server, which destination MAC address does host Z use to transmit packets?
- A. the host Z MAC address
- B. the MAC address of the interface on R1 that connects to the storage server
- C. the MAC address of the interface on R1 that connects to host Z*
- D. the MAC address of the storage server interface
For example in the topology below, host A will use the MAC address of E0 interface of the router as its destination MAC address to reach the Email Server.
I.168. While you were troubleshooting a connection issue, a ping from one VLAN to another VLAN on the same switch failed. Which command verifies that IP routing is enabled on interfaces and the local VLANs are up?
- A. show ip interface brief*
- B. show ip nat statistics
- C. show ip statistics
- D. show ip route
The “show ip statistics” command does not exist.
In the Troubleshoot part of “How to configure InterVLAN Routing on Layer 3 switches” (http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html) Cisco recommends to use the “show ip interface brief” command as follows:
Also verify the interface VLAN status by issuing the show ip interface brief command.
+ If the interface status is administratively down, enter the no shutdown command in the VLAN interface configuration mode.
+ If the interface status is down/down, verify the VTP configuration and that the VLANs have been added to the VLAN database. Check to see if a port is assigned to the VLAN and whether it is in the Spanning Tree forwarding state.
Initiate a ping from an end device in one VLAN to the interface VLAN on another VLAN in order to verify that the switch routes between VLANs. In this example, ping from VLAN 2 (10.1.2.1) to Interface VLAN 3 (10.1.3.1) or Interface VLAN 10 (10.1.10.1). If the ping fails, verify that IP routing is enabled and that the VLAN interfaces status is up with the show ip interface brief command.
Also in the above link Cisco only mentions about the “show ip route” in the “Verify” part, not “Troubleshooting” part so “show ip interface brief” is a better answer.
I.169. Under which circumstance should a network administrator implement one-way NAT?
- A. when the network must route UDP traffic
- B. when traffic that originates outside the network must be routed to internal hosts *
- C. when traffic that originates inside the network must be routed to internal hosts
- D. when the network has few public IP addresses and many private IP addresses require outside access
NAT operation is typically transparent to both the internal and external hosts. Typically, the internal host is aware of the true IP address and TCP or UDP port of the external host. Typically, the NAT device may function as the default gateway for the internal host. However, the external host is only aware of the public IP address for the NAT device and the particular port being used to communicate on behalf of a specific internal host.
NAT and TCP/UDP
“Pure NAT”, operating on IP alone, may or may not correctly parse protocols that are totally concerned with IP information, such as ICMP, depending on whether the payload is interpreted by a host on the “inside” or “outside” of translation. As soon as the protocol stack is traversed, even with such basic protocols as TCP and UDP, the protocols will break unless NAT takes action beyond the network layer. IP packets have a checksum in each packet header, which provides error detection only for the header. IP datagrams may become fragmented and it is necessary for a NAT to reassemble these fragments to allow correct recalculation of higher-level checksums and correct tracking of which packets belong to which connection. The major transport layer protocols, TCP and UDP, have a checksum that covers all the data they carry, as well as the TCP/UDP header, plus a “pseudo-header” that contains the source and destination IP addresses of the packet carrying the TCP/UDP header. For an originating NAT to pass TCP or UDP successfully, it must recompute the TCP/ UDP header checksum based on the translated IP addresses, not the original ones, and put that checksum into the TCP/UDP header of the first packet of the fragmented set of packets. The receiving NAT must recompute the IP checksum on every packet it passes to the destination host, and also recognize and recompute the TCP/UDP header using the retranslated addresses and pseudo-header. This is not a completely solved problem. One solution is for the receiving NAT to reassemble the entire segment and then recompute a checksum calculated across all packets. The originating host may perform Maximum transmission unit (MTU) path discovery to determine the packet size that can be transmitted without fragmentation, and then set the don’t fragment (DF) bit in the appropriate packet header field. Of course, this is only a one-way solution, because the responding host can send packets of any size, which may be fragmented before reaching the NAT.
I.170. When a router makes a routing decision for a packet that is received from one network and destined to another, which portion of the packet does if replace?
- A. Layer 2 frame header and trailer*
- B. Layer 3 IP address
- C. Layer 5 session
- D. Layer 4 protocol
I.171. On which type of device is every port in the same collision domain?
- A. a router
- B. a Layer 2 switch
- C. a hub*
Collision domain A collision domain is, as the name implies, a part of a network where packet collisions can
occur. A collision occurs when two devices send a packet at the same time on the shared network segment.
The packets collide and both devices must send the packets again, which reduces network efficiency.
Collisions are often in a hub environment, because each port on a hub is in the same collision domain. By
contrast, each port on a bridge, a switch or a router is in a separate collision domain.
I.172. What is one requirement for interfaces to run IPv6?
- A. An IPv6 address must be configured on the interface.*
- B. An IPv4 address must be configured.
- C. Stateless autoconfiguration must be enabled after enabling IPv6 on the interface.
- D. IPv6 must be enabled with the ipv6 enable command in global configuration mode.
IPv6 must be enabled first but with the “ipv6 unicast-routing”, not “ipv6 enable” command -> D is not correct.
I.173. Which destination IP address can a host use to send one message to multiple devices across different subnets?
- A. 172.20.1.0
- B. 127.0.0.1
- C. 192.168.0.119
- D. 239.255.0.1*
I.174. Which MTU size can cause a baby giant error?
- A. 1500
- B. 9216
- C. 1600
- D. 1518*
For example, standard Ethernet frame MTU is 1500 bytes. This does not include the Ethernet header and Cyclic Redundancy Check (CRC) trailer, which is 18 bytes in length, to make the total Ethernet frame size of 1518.
So according to strict definition, MTU size of 1600 cannot be classified as baby giant frames as the whole Ethernet frames will surely larger than 1600 -> Answer C is not correct.
Answer D is a better choice as the MTU is 1518, so the whole Ethernet frame would be 1536 (1518 + 18 Ethernet header and CRC trailer). This satisfies the requirement of baby giant frames “Baby giant frames refer to Ethernet frame size up to 1600 bytes”.
I.175. DRAG DROP. Drag the terms on the left onto the appropriate OSI layer on the right. (Not all options are used.)
Select and Place:
Correct Answer:
I.176. SIMULATION
A network associate is configuring a router for the Weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 – 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.
The following have already been configured on the router:
The basic router configuration
The appropriate interfaces have been configured for NAT inside and NAT outside
The appropriate static routes have also been configured (since the company will
be a stub network, no routing protocol will be required.)
All passwords have been temporarily set to “cisco”
The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide internet
access for the hosts in the weaver LAN. Functionality can be tested by clicking on the host provided for
testing.
Configuration information:
Correct Answer: See Explanation
Section: Network Fundamentals
Explanation
Explanation/Reference:
Explanation:
Step 1: Router Name
Step 2: NAT Configuration
Step 3: Save Configuration
Weaver#copy run start
Verification:
We can verify the answer by pinging the ISP IP Address (192.0.2.114) from Host for testing.
Click “Host for testing”
In command prompt, type “ping 192.0.2.114”. If ping succeeded, then the NAT is working properly.
Screen Shots:
I.177. Instructions
This item contains several questions that you must answer. You can view these questions by clicking on the corresponding button to the left. Changing questions can be accomplished by clicking the numbers to the left question. In order to complete the questions, you will need to refer to the topology.
To gain access to the topology, click on the topology button of the screen. When you have finished viewing the topology, you can return to your questions by clicking on the Questions button to the left.
Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it by the title bar.
Scenario
Refer to the topology. The diagram represents a small network with a single connection to the Internet.
If the router R1 has a packet with a destination address 192.168.1.255, what describes the operation of the network?
- R1 will forward the packet out all interfaces.
- R1 will drop this packet because this it is not a valid IP address.*
- As R1 forwards the frame containing this packet, Sw-A will add 192.168.1.255 to its MAC table.
- R1 will encapsulate the packet in a frame with a destination MAC address of FF-FF-FF-FF-FF-FF.
- As R1 forwards the frame containing this packet, Sw-A will forward it to the device assigned the IP address of 192.168.1.255.
I.178. Instructions
This item contains several questions that you must answer. You can view these questions by clicking on the corresponding button to the left. Changing questions can be accomplished by clicking the numbers to the left question. In order to complete the questions, you will need to refer to the topology.
To gain access to the topology, click on the topology button of the screen. When you have finished viewing the topology, you can return to your questions by clicking on the Questions button to the left.
Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it by the title bar.
Scenario
Refer to the topology. The diagram represents a small network with a single connection to the Internet.
Users on the 192.168.1.0/24 network must access files located on the Server 1. What route could be configured on router R1 for file requests to reach the server?
- ip route 0.0.0.0 0.0.0.0 s/0/0/0*
- ip route 0.0.0.0 0.0.0.0 209.265.200.226
- ip route 209.165.200.0 255.255.255.0 192.168.1.250
- ip route 192.168.1.0 255.255.255.0 209.165.100.250
ip route prefix mask {ip-address interface-type interface-number [ip-address]}
[distance] [name]
[permanent track number] [tag tag]
Based on the request of this subject, we need to configure the correct route as follows:
ip route 0.0.0.0 0.0.0.0 s0/0/0
I.179. Instructions
This item contains several questions that you must answer. You can view these questions by clicking on the corresponding button to the left. Changing questions can be accomplished by clicking the numbers to the left question. In order to complete the questions, you will need to refer to the topology.
To gain access to the topology, click on the topology button of the screen. When you have finished viewing the topology, you can return to your questions by clicking on the Questions button to the left.
Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging itby the title bar.
Scenario
Refer to the topology. The diagram represents a small network with a single connection to the Internet.
When a packet is sent from Host 1 to Server 1, in how many different frames will the packet be encapsulated as it is sent across the internetwork?
- 0
- 1
- 2*
- 3
- 4
routers R1 and R2. Source MAC is interface S0/0/0 on router R1 and destination is
the serialinterface on router R2.
I.180. Instructions
This item contains several questions that you must answer. You can view these questions by clicking on the corresponding button to the left. Changing questions can be accomplished by clicking the numbers to the left question. In order to complete the questions, you will need to refer to the topology.
To gain access to the topology, click on the topology button of the screen. When you have finished viewing the topology, you can return to your questions by clicking on the Questions button to the left.Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it by the title bar.
Scenario
Refer to the topology. The diagram represents a small network with a single connection to the Internet.
What must be configured on the network on order for users on the Internet to view web pages located on Web
Server 2?
-
- On Router R2, configure a default static route to the 192.168.1.0 network
- On router R2, configure DNS to resolve the URL assigned to Web Server 2 to the 192.168.1.10 address.
- On router R1, configure NAT to translate an address on the 209.165.100.0/24 network to 192.168.1.10.*
- On router R1, configure DHCP to assign a registered IP address on the 209.165.100.0/24 network to Web
Server 2.
router R1.
I.181. Instructions
This item contains several questions that you must answer. You can view these questions by clicking on the corresponding button to the left. Changing questions can be accomplished by clicking the numbers to the left question. In order to complete the questions, you will need to refer to the topology.
To gain access to the topology, click on the topology button of the screen. When you have finished viewing the topology, you can return to your questions by clicking on the Questions button to the left.Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it by the title bar.
Scenario
Refer to the topology. The diagram represents a small network with a single connection to the Internet.
The router address 192.168.1.250 is the default gateway for both the Web Server 2 and Host 1. What is the correct subnet mask for this network?
- 255.255.255.0*
- 255.255.255.192
- 255.255.255.250
- 255.255.255.252
1. Based on the information provided in the exhibit, we know that the IP address of the interface Fa0/0 is 192.168.1.250/24, that is to say the subnet mask is 255.255.255.0??
2. When configuring the correct IP address and not wasting IP address, the network of 192.168.1.0 needs to contain the following three IP addresses of interfaces:
The correct mask is 255.255.255.0.
I.182. Which type of broadcast barely used in IPv4 which also exist in IPv6 like?
- unicast
- multicast
- broadcast
- anycast*
I.183. Which type of cable must you use to connect to device with mdi interfaces?
- rolled
- crossover*
- crossed
- straight through
I.184. DRAG DROP. Refer to the exhibit.
You are configuring the router to provide Static NAT for the web server.
Drag and drop the configuration commands from left onto the letters that correspond to its position in the
configuration on the right.
Select and Place:
Correct Answer:
I.185. DRAG DROP. Drag and drop each cable type from the left onto the type of connection for which it is best suited on the right.
Select and Place:
Correct Answer:
I.186. DRAG DROP. Drag and drop the characteristics of a cloud environment from the left onto the correct examples on the right
Select and Place:
Correct Answer:
I.187. DRAG DROP. Drag and drop each broadcast IP address on the left to the Broadcast Address column on the right. Not alloptions are used.
Select and Place:
Correct Answer:
I.188. Which two of these statements are true of IPv6 address representation? (Choose two.)
- There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast.
- A single interface may be assigned multiple IPv6 addresses of any type.*
- Every IPv6 interface contains at least one loopback address.*
- The first 64 bits represent the dynamically created interface ID.
- Leading zeros in an IPv6 16 bit hexadecimal field are mandatory.
I.189. What is the first 24 bits in a MAC address called?
- NIC
- BIA
- OUI*
- VAI
or other organization globally or worldwide. They are used as the first 24 nits of the MAC address to uniquely
identify a particular piece of equipment.
I.190. What is the difference between a CSU/DSU and a modem?
- A CSU/DSU converts analog signals from a router to a leased line; a modem converts analog signals from a router to a leased line.
- A CSU/DSU converts analog signals from a router to a phone line; a modem converts digital signals from a router to a leased line.
- A CSU/DSU converts digital signals from a router to a phone line; a modem converts analog signals from a router to a phone line.
- A CSU/DSU converts digital signals from a router to a leased line; a modem converts digital signals from a router to a phone line.*
used to convert digital signals over a regular POTS line.
I.191. Which two statements about EUI-64 addressing are true? (Choose two.)
- The address includes the hex digits FFFE after the last 24 bits of the interface MAC address.*
- A 64-bit interface identifier is derived from the interface MAC address.
- A locally administrated address has the universal/local bit set to 0.*
- A 96-bit interface identifier is derived from the interface MAC address.
- The address includes the hex digits FFFE after the first 14 bits of the interface MAC address.
For example, suppose we have the MAC address of C601.420F.0007. It would be divided into two 24-bit parts, which are “C60142” (OUI) and “0F0007” (NIC). Then “FFFE” is inserted in the middle. Therefore we have the address: C601.42FF.FE0F.0007.
Then, according to the RFC 3513 we need to invert the Universal/Local bit (“U/L” bit) in the 7th position of the first octet. The “u” bit is set to 1 to indicate Universal, and it is set to zero (0) to indicate local scope.
Therefore with the subnet of 2001:DB8:0:1::/64, the full IPv6 address is 2001:DB8:0:1:C601:42FF:FE0F:7/64
I.192. DRAG DROP. Drag and Drop the descriptions of IP protocol transmissions from the left onto the correct IP traffic types on
the right.
Select and Place:
Correct Answer:
I.193. DRAG DROP. Drag each category on the left to its corresponding router output line on the right. Each router output line is in
the result of a show ip interface command. Not all categories are used.
Select and Place:
Correct Answer:
I.194. Which two statements about IPv4 multicast traffic are true? (Choose two.)
- It burdens the source host without affecting remote hosts.
- It uses a minimum amount of network bandwidth.*
- It is bandwidth-intensive.
- It simultaneously delivers multiple streams of data.
- It is the most efficient way to deliver data to multiple receivers.*
Cisco IOS IP Multicast in the Cisco Network
“IP Multicast as defined in RFC1112, the standard for IP Multicast across networks and the Internet, supports one-to-many content needs by delivering application-source traffic to multiple users without burdening the source or the network, using a minimum amount of network bandwidth. At the point where paths diverge, Cisco routers replace IP Multicast packets in the network, resulting in the most efficient delivery of data to multiple receivers.”
Even low-bandwidth applications can benefit fro IP Multicast when there are thousands of receivers. High-bandwidth applications, such as MPEG video, may need a large portion of the available network bandwidth for a
single stream. In these applications, IP Multicast is the only way to efficiently send the same content to more than one
receiver simultaneously, because it makes sure that only one copy of the data stream is sent across any one network
link. It relies on each router in the stream to intelligently copy the data stream whenever it needs to deliver it to
multiple receivers.
I.195. Which two statements about IPv6 router advertisement messages are true? (Choose two.)
- They use ICMPv6 type 134.*
- The advertised prefix length must be 64 bits.*
- The advertised prefix length must be 48 bits.
- They are sourced from the configured IPv6 interface address.
- Their destination is always the link-local address of the neighboring node.
The advertised IPv6 prefix length must be 64 bits for the stateless address autoconfiguration to be operational.
I.196. Which three technical services support cloud computing?
- A. network-monitored power sources
- B. layer 3 network routing*
- C. ip localization*
- D. redundant connections
- E. VPN connectivity
- F. extended SAN services*
+ The Layer 3 network offers the traditional routed interconnection between remote sites and provides end-user access to cloud services.
+ The extended LAN between two or more sites offers transparent transport and supports application and operating system mobility.
+ Extended SAN services support data access and accurate data replication.
+ IP Localization improves northbound and southbound traffic as well as server-to-server workflows.
I.197. Which component of the Cisco SDN solution serves as the centralized management system?
- Cisco OpenDaylight
- Cisco ACI
- Cisco APIC*
- Cisco IWAN
http://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/index.html
Cisco Application Policy Infrastructure Controller (APIC)
Provides single-click access to all Cisco ACI fabric information, enabling network automation, programmability, and centralized management.
http://www.cisco.com/c/en/us/products/cloud-systems-management/application-policy-infrastructure-controller-apic/index.html
The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the unifying point of automation and management for the Application Centric Infrastructure (ACI) fabric. The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources.
The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources.
Centralized application-level policy engine for physical, virtual, and cloud infrastructures
Designed for automation, programmability, and centralized management, the Cisco APIC itself exposes northbound APIs through XML and JSON. It provides both a command-line interface (CLI) and GUI which utilize the APIs to manage the fabric holistically.
Cisco APIC provides:
A single pane of glass for application-centric network policies
Fabric image management and inventory
Application, tenant, and topology monitoring
Troubleshooting
I.198. What are the three major components of cisco network virtualization? (Choose Three)
- network access control*
- path isolation*
- virtual network services*
- policy enforcement
+ Network access control and segmentation of classes of users: Users are authenticated and either allowed or denied into a logical partition. Users a re segmented into employees, contractors and consultants, and guests, with respective access to IT assets. This component identifies users who are authorized to access the network and then places them into the appropriate logical partition.
+ Path isolation: Network isolation is preserved across the entire enterprise: from the edge to the campus to the WAN and back again. This component maintains traffic partitioned over a routed infrastructure and transports traffic over and between isolated partitions. The function of mapping isolated paths to VLANs and to virtual services is also performed in component.
+ Network Services virtualization: This component provides access to shared or dedicated network services such as security, quality of service (QoS), and address management (Dynamic Host Configuration Protocol [DHCP] and Domain Name System [DNS]). It also applies policy per partition and isolates application environments, if required.
I.199. Which IPV6 function serves the same purpose as ARP entry verification on an IPv4 network?
- interface ip address verification
- MAC address table verification
- neighbor discovery verification*
- Routing table entry verification
+ Subsitute of ARP – Since ARP has been removed in IPv6, IPv6 follows a newer way to find the link-layer addresses of nodes on the local link. This new mechanism uses a mix of ICMPv6 messages and multicast addresses
Reference: https://supportforums.cisco.com/document/77521/ipv6-neighbor-discovery-protocol-ndp
I.200. When you troubleshoot an IPv4 connectivity issue on a router, which three router configuration checks you
must perform?
- Verify that the router interface IP address is correct.*
- Verify that the DNS is configured correctly.
- Verify that the router and the host use the same subnet mask.*
- Verify that the router firmware is up-to-date.
- Verify that a default route is configured.
- Verify that the route appears in the Routing table*
I.201. Which Type of ipv6 unicast ip address is reachable across the internet?
- Unique Local
- Compatible
- Link local
- Global*
I.202. Which two statements about IPv6 address 2002:ab10:beef::/48 are true?(choose two)
- The embedded IPv4 address can be globally routed.*
- It is used for an ISATAP tunnel
- The embedded IPv4 address is an RFC 1918 address
- The MAC address 20:02:b0:10:be:ef is embedded into the IPv6 address
- It is used for a 6to4 tunnel*
For example: In the IPv6 address 2002:ab10:beef::/48, “ab10:beef” is equivalent to 171.16.190.239 (convert “ab” in hexadecimal to “171” in decimal; “10” in hexadecimal to “16” in decimal…). Therefore the corresponding IPv4 address can be globally routed.
I.203. Which three functions are major components of a network virtualization architecture? (Choose three.)
- virtual network services*
- policy enforcement
- network access control*
- network resilienceE. authentication services
- path isolation*
I.204. Which two benefits are provided by using a hierarchical addressing network addressing scheme? (Choose two.)
- reduces routing table entries*
- auto-negotiation of media rates
- efficient utilization of MAC addresses
- dedicated communications between devices
- ease of management and troubleshooting*
Reference: http://www.ciscopress.com/articles/article.asp?p=174107
I.205. Refer to the exhibit. Both switches are using a default configuration. Which two destination addresses will host 4 use to send data to host 1? (Choose two.)
- the IP address of host 1*
- the IP address of host 4
- the MAC address of host 1
- the MAC address of host 4
- the MAC address of the Fa0/0 interface of the R1 router
- the MAC address of the Fa0/1 interface of the R1 router*
I.206. Which technology supports the stateless assignment of IPv6 addresses? (Choose two.)
- DNS
- DHCPv6**
- DHCP
- autoconfiguration*
IPv6 Internet Address Assignment Overview
IPv6 has been developed with Internet Address assignment dynamics in mind. Being aware that IPv6 Internet addresses are 128 bits in length and written in hexadecimals makes automation of address- assignment an important aspect within network design. These attributes make it inconvenient for a user to manually assign IPv6 addresses, as the format is not naturally intuitive to the human eye. To facilitate address assignment with little or no human intervention, several methods and technologies have been developed to automate the process of address and configuration parameter assignment to IPv6 hosts. The various IPv6 address assignment methods are as follows:
1. Manual Assignment
An IPv6 address can be statically configured by a human operator. However, manual assignment is quite
open to errors and operational overhead due to the 128 bit length and hexadecimal attributes of the addresses, although for router interfaces and static network elements and resources this can be an appropriate solution.
2. Stateless Address Autoconfiguration (RFC2462)
Stateless Address Autoconfiguration (SLAAC) is one of the most convenient methods to assign Internet
addresses to IPv6 nodes. This method does not require any human intervention at all from an IPv6 user. If one wants to use IPv6 SLAAC on an IPv6 node, it is important that this IPv6 node is connected to a network with at least one IPv6 router connected. This router is configured by the network administrator and sends out Router Advertisement announcements onto the link. These announcements can allow the on-link connected IPv6 nodes to configure themselves with IPv6 address and routing parameters, as specified in RFC2462, without further human intervention.
3. Stateful DHCPv6
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) has been standardized by the IETF through
RFC3315. DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to “IPv6 Stateless Address Autoconfiguration” (RFC 2462), and can be used separately, or in addition to the stateless autoconfiguration to obtain configuration parameters.
4. DHCPv6-PD
DHCPv6 Prefix Delegation (DHCPv6-PD) is an extension to DHCPv6, and is specified in RFC3633. Classical
DHCPv6 is typically focused upon parameter assignment from a DHCPv6 server to an IPv6 host running a DHCPv6 protocol stack. A practical example would be the stateful address assignment of “2001:db8::1” from a DHCPv6 server to a DHCPv6 client. DHCPv6-PD however is aimed at assigning complete subnets and other network and interface parameters from a DHCPv6-PD server to a DHCPv6-PD client. This means that instead of a single address assignment, DHCPv6-PD will assign a set of IPv6 “subnets”. An example could be the assignment of “2001:db8::/60” from a DHCPv6-PD server to a DHCPv6-PD client. This will allow the DHCPv6-PD client (often a CPE device) to segment the received address IPv6 address space, and assign it dynamically to its IPv6 enabled interfaces.
5. Stateless DHCPv6
Stateless DHCPv6 is a combination of “stateless Address Autoconfiguration” and “Dynamic Host Configuration Protocol for IPv6” and is specified by RFC3736. When using stateless-DHCPv6, a device will use Stateless Address Auto-Configuration (SLAAC) to assign one or more IPv6 addresses to an interface, while it utilizes DHCPv6 to receive “additional parameters” which may not be available through SLAAC. For example, additional parameters could include information such as DNS or NTP server addresses, and are provided in a stateless manner by DHCPv6. Using stateless DHCPv6 means that the DHCPv6 server does not need to keep track of any state of assigned IPv6 addresses, and there is no need for state refreshment as result. On network media supporting a large number of hosts associated to a single DHCPv6 server, this could mean a significant reduction in DHCPv6 messages due to the reduced need for address state refreshments. From Cisco IOS 12.4(15)T onwards the client can also receive timing information, in addition to the “additional parameters” through DHCPv6. This timing information provides an indication to a host when it should refresh its DHCPv6 configuration data. This behavior (RFC4242) is particularly useful in unstable environments where changes are likely to occur.
I.207. Which command can you enter to verify that a 128-bit address is live and responding?
- traceroute
- telnet
- ping*
- show ipv6
I.208. Which device allows users to connect to the network using a single or double radio?
- access point*
- switch
- wireless controller
- firewall
Note: The wireless controller automates wireless configuration and management functions. It does not connect directly to users.
I.209. A switch is configured with all ports assigned to VLAN 2 with full duplex FastEthernet to segment existing departmental traffic. What is the effect of adding switch ports to a new VLAN on the switch?
- More collision domains will be created.
- IP address utilization will be more efficient.
- More bandwidth will be required than was needed previously.
- An additional broadcast domain will be created.*
I.210. When troubleshooting Ethernet connectivity issues, how can you verify that an IP address is known to a router?
- Check whether the IP address is in the routing table
- Check whether an ACL is blocking the IP address
- Check whether the IP address is in the CAM table
- Check whether the IP address is in the ARP table*
I.211. Which two statements about the tunnel mode ipv6ip command are true? (Choose two.)
- It enables the transmission of IPv6 packets within the configured tunnel.
- It specifies IPv4 as the encapsulation protocol.
- It specifies IPv6 as the encapsulation protocol.
- It specifies IPv6 as the transport protocol.
- It specifies that the tunnel is a Teredo tunnel.
An example of configuring using this command is shown below:
R1(config)#int tunnel 1 R1(config-if)#ipv6 address 1cde:7ea:348:1::3/127 R1(config-if)#tunnel source 10.1.1.1 R1(config-if)#tunnel destination 10.1.1.2 R1(config-if)#tunnel mode ipv6ip
I.212. Which configuration can you apply to enable encapsulation on a subinterface?
- A. interface FastEthernet 0/0
encapsulation dot1Q 30
ip address 10.1.1.30 255.255.255.0 - B. interface FastEthernet 0/0.30
ip address 10.1.1.30 255.255.255.0 - C. interface FastEthernet 0/0.30
description subinterface vlan 30 - D. interface FastEthernet 0/0.30
encapsulation dot1Q 30
ip address 10.1.1.30 255.255.255.0*
Router(config)#interface f0/0 Router(config-if)#no shutdown (Note: The main interface f0/0 doesn’t need an IP address but it must be turned on) Router(config)#interface f0/0.0 Router(config-subif)#encapsulation dot1q 10 Router(config-subif)#ip address 192.168.1.1 255.255.255.0 Router(config-subif)#interface f0/0.1 Router(config-subif)#encapsulation dot1q 20 Router(config-subif)#ip address 192.168.2.1 255.255.255.0
Note: In the “encapsulation dot1q 10”, number 10 is the VLAN applied to that subinterface. Or you can understand that the subinterface belongs to that VLAN.
I.213. What happens when an 802.11a node broadcasts within the range of an 802.11g access point?
- The access point transmits, but the node is unable to receive.
- A connection occurs.
- Both the node and the access point are unable to transmit.
- The node transmits, but the access point is unable to receive.*
I.214. A network administrator receives an error message while trying to configure the Ethernet interface of a router with IP address 10.24.24.24/29. Which statement explains the reason for this issue?
- This address is a broadcast address.
- VLSM-capable routing protocols must be enabled first on the router.
- The Ethernet interface is faulty.
- This address is a network address.*
I.215. DRAG DROP. Drag and drop the networking features of functions from the left onto the planes on which they operate on the
right.
Select and Place:
Correct Answer:
I.216. Which two statements about 1000BASE-T UTP cable are true? (Choose two.)
- It uses four wire pairs*
- It is most appropriate for installations up to 1000 feet in length
- It is most appropriate for installations up to 1000 meters in length
- Both ends of the cable can transmit and receive simultaneously*
- It uses four wires
I.217. Which two statements about IPv6 multicast addresses are true? (Choose two.)
- They use the prefix FC80::/8
- If the lifetime parameter is set to 1, the route is permanent
- They identify a group of interfaces on different devices*
- They use the prefix FF00::/8*
- If the scope parameter is set to 5, the route is local to the node
I.218. Which command can you enter on a Cisco IOS device to enable a scheduled algorithm that directs lookup calls to multiple DNS hosts?
- ip name-server 192.168.10.14 192.168.10.15
- ip domain list
- ip domain lookup
- ip domain round-robin*
I.219. Which three elements are field in a basic Ethernet data frame? (Choose three.)
- Preamble*
- Frame Check Sequence*
- Header Checksum
- Length/Type*
- Time to Live
- Version
I.220. Which prompt does a Cisco switch display when it is running in privileged exec mode?
- switch#*
- switch(config)#
- switch(config-if)#
- switch>
I.221. DRAG DROP. You are connecting a variety of devices on your network. Drag and drop the combinations of devices from the
left onto the correct cable types on the right.
Select and Place:
Correct Answer:
I.222. Which benefit of implementing a dual-homed WAN connection instead of a single-homed connection is true?
- Only dual-homed connections support recursive routing
- Only dual-homed connections enable an individual router to tolerate the loss of a network link*
- Only dual-homed connections support split horizon with EIGRP
- Only dual-homed connections support OSPF in conjunction with BGP
Section II: LAN Switching Technologies
II.1. Which statement about Cisco Discovery Protocol is true?
- It is Cisco-proprietary Protocol*
- It can discover information from routers, firewalls and switches
- It runs on the network layer
- It runs on the physical layer and the data link layer.
II.2. A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)
- A. The network administrator can apply port security to dynamic access ports
- B. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
- C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.*
- D. The network administrator can apply port security to EtherChannels.
- E. When dynamic mac address learning is enabled on an interface, the switch can learn new addresses up to the maximum defined.*
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.
Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064
II.3. Which interface counter can you use to diagnose a duplex mismatch problem?
- no carrier
- late collisions*
- giants
- CRC errors
- deferred
- runts
We can check the interface counter with the “show interface <interface>” command on a Cisco device. For example:
On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex.
Note:
+ Runts are frames which do not meet the minimum frame size of 64 bytes. Runts are usually created by collisions.
+ Giants: frames that are larger than 1,518 bytes
II.4. Which switching method duplicates the first six bytes of a frame before making a switching decision?
- fragment-free switching
- store-and-forward switching
- cut-through switching*
- ASIC switching
In store-and-forward switching, the switch copies each complete Ethernet frame into the switch memory and computes a Cyclic Redundancy Check (CRC) for errors. If a CRC error is found, the Ethernet frame is dropped. If no CRC error is found then that frame is forwarded.
II.5. Which command can you enter to determine whether a switch is operating in trunking mode?
- show ip interface brief
- show vlan
- show interfaces
- show interface switchport*
II.6. What are three benefits of implementing VLANs? (Choose three.)
- A higher level of network security can be reached by separating sensitive data traffic from other network traffic.*
- A more efficient use of bandwidth can be achieved allowing many physical groups to use the same network infrastructure.
- A more efficient use of bandwidth can be achieved allowing many logical networks to use the same network infrastructure.*
- Broadcast storms can be mitigated by increasing the number of broadcast domains, thus reducing their size.*
- Broadcast storms can be mitigated by decreasing the number of broadcast domains, thus increasing their size.
- VLANs make it easier for IT staff to configure new logical groups, because the VLANs all belong to the same broadcast domain.
- Port-based VLANs increase switch-port use efficiency, thanks to 802.1Q trunks.
II.7. Which command can you enter to view the ports that are assigned to VLAN 20?
- Switch#show ip interface vlan 20
- Switch#show vlan id 20*
- Switch#show ip interface brief
- Switch#show interface vlan 20
II.8. When an interface is configured with PortFast BPDU guard, how does the interface respond when it receives a BPDU?
- It continues operating normally.
- It goes into a down/down state.
- It becomes the root bridge for the configured VLAN.
- It goes into an errdisable state.*
In a valid configuration, PortFast-configured interfaces do not receive BPDUs (because PortFast should only be configured on interfaces which are connected to hosts). If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service.
II.9. What are three advantages of VLANs? (Choose three.)
- VLANs establish broadcast domains in switched networks.*
- VLANs utilize packet filtering to enhance network security.
- VLANs provide a method of conserving IP addresses in large networks.
- VLANs provide a low-latency internetworking alternative to routed networks.
- VLANs allow access to network services based on department, not physical location.*
- VLANs can greatly simplify adding, moving, or changing hosts on the network.*
II.10. Refer to the exhibit.
Which of these statements correctly describes the state of the switch once the boot process has been completed?
- A. The switch will need a different IOS code in order to support VLANs and ST.
- B. Remote access management of this switch will not be possible without configuration change.*
- C. As FastEthernet0/12 will be the last to come up, it will be blocked by STP.
- D. More VLANs will need to be created for this switch.
Answer A is not correct as STP calculation does not depend on which port comes up first or last. STP recalculates when there is a change in the network.
A normal switch can operate without VLAN -> C is not correct.
This IOS does support VLAN because it has VLAN 1 on it -> D is not correct.
II.11. Which condition does the err-disabled status indicate on an Ethernet interface?
- There is a duplex mismatch.
- The device at the other end of the connection is powered off.
- The serial interface is disabled.
- The interface is configured with the shutdown command.
- Port security has disabled the interface.*
- The interface is fully functioning.
+ Duplex mismatch
+ Port channel misconfiguration
+ BPDU guard violation
+ UniDirectional Link Detection (UDLD) condition
+ Late-collision detection
+ Link-flap detection
+ Security violation
+ Port Aggregation Protocol (PAgP) flap
+ Layer 2 Tunneling Protocol (L2TP) guard
+ DHCP snooping rate-limit
+ Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
+ Address Resolution Protocol (ARP) inspection
+ Inline power
Therefore in fact there are two correct answers in this question, which are “There is a duplex mismatch” and “Port security has disabled the interface” but maybe you should choose the port security answer as it is the most popular reason.
II.12. Which statement about LLDP is true?
- It is configured in global configuration mode.
- It is configured in global configuration mode.*
- The LLDP update frequency is a fixed value.
- It runs over the transport layer.
Sw(config)# lldp run
II.13. If the primary root bridge experiences a power loss, which switch takes over?
- switch 0040.00.90C5
- switch 00E0.F90B.6BE3
- switch 0004.9A1A.C182*
- switch 00E0.F726.3DC6
Bridge ID = Bridge Priority + MAC Address
In this question the bridge priority was not mentioned so we suppose they are the same. Therefore the switch with lowest MAC address will become the new root bridge.
II.14. Refer to the exhibit.
Each of these four switches has been configured with a hostname, as well as being configured to run RSTP.No other configuration changes have been made. Which three of these show the correct RSTP port roles for the indicated switches and interfaces? (Choose three.)
- A. SwitchA, Fa0/2, designated *
- B. SwitchA, Fa0/1, root *
- C. SwitchB, Gi0/2, root
- D. SwitchB, Gi0/1, designated
- E. SwitchC, Fa0/2, root
- F. SwitchD, Gi0/2, root*
Because SwitchC is the root bridge so the 2 ports nearest SwitchC on SwitchA (Fa0/1) and SwitchD (Gi0/2) will be root ports -> B and F are correct.
Now we come to the most difficult part of this question: SwitchB must have a root port so which port will it choose? To answer this question we need to know about STP cost and port cost.
In general, “cost” is calculated based on bandwidth of the link. The higher the bandwidth on a link, the lower the value of its cost. Below are the cost values you should memorize:
| Link speed | Cost |
| 10Mbps | 100 |
| 100Mbps | 19 |
| 1 Gbps | 4 |
SwitchB will choose the interface with lower cost to the root bridge as the root port so we must calculate the cost on interface Gi0/1 & Gi0/2 of SwitchB to the root bridge. This can be calculated from the “cost to the root bridge” of each switch because a switch always advertises its cost to the root bridge in its BPDU. The receiving switch will add its local port cost value to the cost in the BPDU.
In the exhibit you also we FastEthernet port is connecting to GigabitEthernet port. In this case GigabitEthernet port will operate as a FastEthernet port so the link can be considered as FastEthernet to FastEthernet connection.
One more thing to notice is that a root bridge always advertises the cost to the root bridge (itself) with an initial value of 0.
Now let’s have a look at the topology again
SwitchC advertises its cost to the root bridge with a value of 0. Switch D adds 19 (the cost value of 100Mbps link although the port on Switch D is GigabitEthernet port) and advertises this value (19) to SwitchB. SwitchB adds 4 (the cost value of 1Gbps link) and learns that it can reach SwitchC via Gi0/1 port with a total cost of 23. The same process happens for SwitchA and SwitchB learns that it can reach SwitchC via Gi0/2 with a total cost of 38 -> Switch B chooses Gi0/1 as its root port -> D is not correct.
Now our last task is to identify the port roles of the ports between SwitchA & SwitchB. It is rather easy as the MAC address of SwitchA is lower than that of SwitchB so Fa0/2 of SwitchA will be designated port while Gi0/2 of SwitchB will be alternative port -> A is correct but C is not correct.
Below summaries all the port roles of these switches:
+ DP: Designated Port (forwarding state)
+ RP: Root Port (forwarding state)
+ AP: Alternative Port (blocking state)
II.15. Which feature builds a FIB and an adjacency table to expedite packet forwarding?
- cut through
- fast switching
- process switching
- Cisco Express Forwarding*
The Forwarding Information Base (FIB) contains destination reachability information as well as next hop information. This information is then used by the router to make forwarding decisions. The FIB allows for very efficient and easy lookups.
The adjacency table is tasked with maintaining the layer 2 next-hop information for the FIB.
II.16. What are two reasons that duplex mismatches can be difficult to diagnose? (Choose two.)
- The interface displays a connected (up/up) state even when the duplex settings are mismatched.**
- 1-Gbps interfaces are full-duplex by default.
- Full-duplex interfaces use CSMA/CD logic, so mismatches may be disguised by collisions.
- The symptoms of a duplex mismatch may be intermittent.*
- Autonegotiation is disabled.
II.17. Which command would you configure globally on a Cisco router that would allow you to view directly connected Cisco devices?
- enable cdp
- cdp enable
- cdp run*
- run cdp
Router(config)#cdp run
Note: CDP can be turned on or turned off on each interface. For example to turn off CDP on an interface we use this command:
Router(config-if)#no cdp enable
II.18. If all switches are configured with default values, which switch will take over when the primary root bridge experiences a power loss?
- switch O0E0.F726 3DC6
- switch 00E0.F90B 6BE3
- switch 0004.9A1A C182*
- switch 0040.0BC0 90C5
II.19. Which two protocols can detect native VLAN mismatch errors? (Choose two.)
- STP*
- PAgP
- Cisco Discovery Protocol*
- DTP
- VTP
II.20. Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in trunk mode, dynamic desirable mode, or desirable auto mode?
- trunk
- access
- dynamic desirable
- dynamic auto*
In dynamic auto mode, the interface is able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. The default switchport mode for newer Cisco switch Ethernet interfaces is dynamic auto. Note that if two Cisco switches are left to the common default setting of auto, a trunk will never form.
In dynamic desirable mode, the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default switchport mode on older switches, such as the Catalyst 2950 and 3550 Series switches -> This is the best answer in this question.
Reference: http://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=8
II.21. Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in trunk mode, dynamic desirable mode, or desirable or auto mode?
- Dynamic Auto
- Dynamic Desirable*
- Access
- Trunk
II.22. Which three statements about DWDM are true? (Choose three)
- It allows a single strand of fiber to support bidirectional communications*
- It is used for long-distance and submarine cable systems*
- It can multiplex up to 256 channels on a single fiber
- It supports both the SDH and SONET standards*
- Each channel can carry up to a 1-Gbps signal
- It supports simplex communications over multiple strands of fiber
DWDM circuits are used in all modern submarine communications cable systems and other long-haul circuits.
Specifically, DWDM:
+ Enables bidirectional communications over one strand of fiber -> Answer A is correct
+ Assigns incoming optical signals to specific wavelengths of light (i.e., frequencies)
+ Each channel is capable of carrying a 10-Gbps multiplexed signal -> Answer E is not correct
+ Can multiplex more than 80 different channels of data (i.e., wavelengths) onto a single fiber -> Answer C is not correct
+ Can amplify these wavelengths to boost the signal strength
+ Supports SONET and SDH standards
Reference: http://www.ciscopress.com/articles/article.asp?p=2202411&seqNum=6
II.23. Which three statements about DTP are true? (Choose three.)
- It is a proprietary protocol.*
- It is a universal protocol.
- It is a Layer 2-based protocol.*
- It is enabled by default.*
- It is disabled by default.
- It is a Layer 3-based protocol.
II.24. Which three commands must you enter to create a trunk that allows VLAN 20? (Choose three.)
- Switch(config-if)#switchport mode trunk*
- Switch(config-if)#switchport mode dynamic desirableC. Switch(config-if)#switchport trunk native vlan 20
- Switch(config-if)#switchport trunk encapsulation dot1q
- Switch(config-if)#switchport trunk allowed vlan 20*
- Switch(config-if)#switchport mode dynamic auto*
II.25. Which feature facilitates the tagging of frames on a specific VLAN?
- Routing
- Hairpinning
- Encapsulation*
- Switching
II.26. Which statement about spanning-tree root-bridge election is true?
- It is always performed automatically
- Each VLAN must have its own root bridge*
- Each VLAN must use the same root bridge
- Each root bridge must reside on the same root switch
For answer B, this paragraph from Cisco confirms it is the correct answer:
“When you implement a root bridge in a switching network, you usually refer to the root bridge as the root switch. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs can all reside in a single switch or in various switches.”
Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/5234-5.html
The meaning of answer C is not clear but maybe it means “every VLAN must use the same root bridge” which is not correct as Sw1 can be the root bridge for VLANs 1, 3, 5 but Sw2 can be the root bridge for VLAN 2, 4, 6…
From the quote above we can say answer D is not correct.
II.27. Which two statements about data VLANs on access ports are true? ( Choose two)
- They can be configured as trunk ports.
- Two or more VLANs can be configured on the interface.
- 802.1Q encapsulation must be configured on the interface.
- Exactly one VLAN can be configured on the interface.*
- They can be configured as host ports.*
II.28. Which three options are switchport configurations that can always avoid duplex mismatch errors between two switches? (Choose three.)
- set both side on auto-negotation.*
- set both sides on half-duplex*
- set one side auto and other side half-duplex
- set both side of connection to full-duplex*
- set one side auto and other side on full-duplex
- set one side full-duplex and other side half-duplex
II.29. Under normal operations, cisco recommends that you configure switch ports on which vlan?
- on the default vlan
- on the management vlan
- on the native vlan
- on any vlan except the default vlan*
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/24330-185.html
Note: There is a potential security consideration with dot1q that the implicit tagging of the native VLAN causes. The transmission of frames from one VLAN to another without a router can be possible. Refer to the Intrusion Detection FAQ leavingcisco.com for further details. The workaround is to use a VLAN ID for the native VLAN of the trunk that is not used for end-user access. In order to achieve this, the majority of Cisco customers simply leave VLAN 1 as the native VLAN on a trunk and assign access ports to VLANs other than VLAN 1.
II.30. Which statement about VLAN operation on Cisco Catalyst switches is true?
- When a packet is received from an 802.1Q trunk, the VLAN ID can be determined from the source MAC
address and the MAC address table. - Unknown unicast frames are retransmitted only to the ports that belong to the same VLAN.*
- Broadcast and multicast frames are retransmitted to ports that are configured on different VLAN.
- Ports between switches should be configured in access mode so that VLANs can span across the ports.
II.31. Which two options describe benefits of aggregated chassis technology ( choose 2)?
- it reduces management overhead.*
- switches can be located anywhere regardless of there physical location.
- it requires only 1 IP add per VLAN.*
- it requires only 3 IP add per VLAN.
- it supports HSRP VRRP GLBP.
- it support redundant configuration files.
The books do not mention about the benefits of chassis aggregation but they are the same as switch stacking.
+ The stack would have a single management IP address.
+ The engineer would connect with Telnet or SSH to one switch (with that one management IP address), not multiple switches.
+ One configuration file would include all interfaces in all physical switches.
+ STP, CDP, VTP would run on one switch, not multiple switches.
+ The switch ports would appear as if all are on the same switch.
+ There would be one MAC address table, and it would reference all ports on all physical switches.
Reference: CCNA Routing and Switching ICND2 200-105 Official Cert Guide
VSS is a chassis aggregation technology but it is dedicated for Cisco Catalyst 6500 Series Switches. VSS increases operational efficiency by simplifying the network, reducing switch management overhead by at least 50 percent -> A is correct
Single point of management, IP address, and routing instance for the Cisco Catalyst 6500 virtual switch
+ Single configuration file and node to manage. Removes the need to configure redundant switches twice with identical policies.
+ Only one gateway IP address is required per VLAN, instead of the three IP addresses per VLAN used today -> C is correct while D is not correct.
+ Removes the need for Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP)-> so maybe E is not correct.
II.32. Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network segment that services the printers?
- Switch1
- Switch2
- Switch3*
- Switch4
Next, by comparing the MAC address of Switch 3 and Switch 4 we found that the MAC of Switch 3 is smaller. Therefore the interface connected to the Printers of Switch 3 will become designated interface and the interface of Switch 4 will be blocked. The picture below shows the roles of all ports:
DP: Designated Port
RP: Root Port
BP: Blocked Port
(Please notice that Switch 1 will become the root bridge because of its lowest priority, not Switch 3)
II.33. Which type of MAC address is aged automatically by the switch?
- dynamic*
- manual
- automatic
- static
II.34. For what two purposes does the Ethernet protocol use physical addresses? (Choose two.)
- to uniquely identify devices at Layer 2*
- to allow communication with devices on a different network
- to differentiate a Layer 2 frame from a Layer 3 packet
- to establish a priority system to determine which device gets to transmit first
- to allow communication between different devices on the same network*
- to allow detection of a remote device when its physical address is unknown
MAC addresses are only used to communicate on the same network. To communicate on different network we have to use Layer 3 addresses (IP addresses) -> B is not correct; E is correct.
Layer 2 frame and Layer 3 packet can be recognized via headers. Layer 3 packet also contains physical address -> C is not correct.
On Ethernet, each frame has the same priority to transmit by default -> D is not correct.
All devices need a physical address to identify itself. If not, they can not communicate -> F is not correct.
II.35. When you enable PortFast on a switch port, the port immediately transitions to which state?
- Blocking
- Forwarding*
- Learning
- Listening
II.36. Which two EtherChannel PAgP modes can you configure? (Choose two.)
- on
- desirable*
- passive
- auto*
- active
II.37. Which command sequence can you enter to create VLAN 20 and assign it to an interface on a switch?
- Switch(config)#vlan 20
Switch(config)#Interface gig x/y
Switch(config-if)#switchport access vlan 20 * - Switch(config)#Interface gig x/y
Switch(config-if)#vlan 20
Switch(config-vlan)#switchport access vlan 20 - Switch(config)#vlan 20
Switch(config)#Interface vlan 20
Switch(config-if)#switchport trunk native vlan 20 - Switch(config)#vlan 20
Switch(config)#Interface vlan 20
Switch(config-if)#switchport access vlan 20 - Switch(config)#vlan 20
Switch(config)#Interface vlan 20
Switch(config-if)#switchport trunk allowed vlan 20
II.38. Which two statements about late collisions are true? (Choose two.)
- They may indicate a duplex mismatch.*
- By definition, they occur after the 512th bit of the frame has been transmitted.*
- They indicate received frames that did not pass the FCS match.
- They are frames that exceed 1518 bytes.
- They occur when CRC errors and interference occur on the cable.
Note: On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex.
II.39. Which command can you enter to re-enable Cisco Discovery Protocol on a local router after it has been disabled?
- Router(config-if)#cdp run
- Router(config-if)#cdp enable
- Router(config)#cdp run*
- Router(config)#cdp enable
II.40. Refer to the exhibit. The output that is shown is generated at a switch. Which three of these statements are true? (Choose three.)
- All ports will be in a state of discarding, learning, or forwarding.*
- Thirty VLANs have been configured on this switch.
- The bridge priority is lower than the default value for spanning tree.*
- All interfaces that are shown are on shared media.
- All designated ports are in a forwarding state.*
- This switch must be the root bridge for all VLANs on this switch.
The command “show spanning-tree vlan 30″ only shows us information about VLAN 30. We don’t know how many VLAN exists in this switch -> B is not correct.
The bridge priority of this switch is 24606 which is lower than the default value bridge priority 32768 -> C is correct.
All three interfaces on this switch have the connection type “p2p”, which means Point-to-point environment – not a shared media -> D is not correct.
The only thing we can specify is this switch is the root bridge for VLAN 30 but we can not guarantee it is also the root bridge for other VLANs -> F is not correct.
II.41. Which two commands can be used to verify a trunk link configuration status on a given Cisco switch interface? (Choose two.)
- show interface trunk*
- show interface interface
- show ip interface brief
- show interface vlan
- show interface switchport*
The “show ip interface brief” command only gives us information about the IP address, the status (up/down) of an interface:
The “show interfaces vlan” command only gives us information about that VLAN, not about which ports are the trunk links:
II.42. Which two states are the port states when RSTP has converged? (Choose two.)
- discarding*
- listening
- learning
- forwarding*
- disabled
II.43. Refer to the exhibit. A technician has installed SwithchB and needs to configure it for remote access from the management workstation connected SwitchA. Which set of commands is required to accomplish this task?
Correct Answer: B
- SwitchB(config)# interface FastEthernet 0/1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0 SwitchB(config-if)# no shutdown - SwitchB(config)# interface vlan 1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0 SwitchB(config-if)# ip default-gateway 192.168.8.254 255.255.255.0 SwitchB(config-if)# no shutdown - SwitchB(config)# ip default-gateway 192.168.8.254
SwitchB(config)# interface vlan 1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0 SwitchB(config-if)# no shutdown* - SwitchB(config)# ip default-network 192.168.8.254
SwitchB(config)# interface vlan 1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0 SwitchB(config-if)# no shutdown - SwitchB(config)# ip route 192.168.8.254 255.255.255.0
SwitchB(config)# interface FastEthernet 0/1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0 SwitchB(config-if)# no shutdown
II.43.
A technician has installed SwitchB and needs to configure it for remote access from the management workstation connected SwitchA. Which set of commands is required to accomplish this task?
- A.
SwitchB(config)#interface FastEthernet 0/1
SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)#no shutdown - B.
SwitchB(config)#ip default-gateway 192.168.8.254
SwitchB(config)#interface vlan 1
SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)#no shutdown* - C.
SwitchB(config)#interface vlan 1
SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)#ip default-gateway 192.168.8.254 255.255.255.0
SwitchB(config-if)#no shutdown - D.
SwitchB(config)#ip default-network 192.168.8.254
SwitchB(config)#interface vlan 1
SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)#no shutdown
In the exhibit, we can recognize that the Management Workstation is in a different subnet from the SwitchB. For intersubnetwork communication to occur, you must configure at least one default gateway. This default gateway is used to forward traffic originating from the switch only, not to forward traffic sent by devices connected to the switch.
II.44. Which of the following are benefits of VLANs? (Choose three.)
- They increase the size of collision domains.
- They allow logical grouping of users by function.*
- They can enhance network security.*
- They increase the size of broadcast domains while decreasing the number of collision domains.
- They increase the number of broadcast domains while decreasing the size of the broadcast domains.*
- They simplify switch administration.
VLANs allow to group users by function, not by location or geography -> B is correct.
VLANs help minimize the incorrect configuration of VLANs so it enhances the security of the network -> C is correct.
VLAN increases the size of broadcast domains but does not decrease the number of collision domains -> D is not correct.
VLANs increase the number of broadcast domains while decreasing the size of the broadcast domains which increase the utilization of the links. It is also a big advantage of VLAN -> E is correct.
VLANs are useful but they are more complex and need more administration -> F is not correct.
II.45. Which three statements accurately describe Layer 2 Ethernet switches? (Choose three.)
- Spanning Tree Protocol allows switches to automatically share VLAN information.
- Establishing VLANs increases the number of broadcast domains.**
- Switches that are configured with VLANs make forwarding decisions based on both Layer 2 and Layer 3 address information.
- Microsegmentation decreases the number of collisions on the network.*
- In a properly functioning network with redundant switched paths, each switched segment will contain one root bridge with all its ports in the forwarding state. All other switches in that broadcast domain will have only one root port.*
- If a switch receives a frame for an unknown destination, it uses ARP to resolve the address.
Note: Microsegmentation decreases the number of collisions but it increases the number of collision domains.
II.46. What is the status of port-channel if LACP is misconfigured?
- Forwarding
- Enabled
- Disabled*
- Errdisabled
| %PM-SP-4-ERR_DISABLE: channel-misconfig error detected on Po3, putting E1/3 in err-disable state |
Therefore from the output above we can see that when miconfigured, the physical (member) interface is put into err-disable state.
But this question asks above “the status of port-channel” (not the physical member interface) so answer “Disabled” is a better choice.
II.47. How to create a trunk port and allow VLAN 20? (Choose Three.)
- switchport trunk encapsulation dot1q*
- switchport mode trunk*
- switchport trunk allowed vlan 20*
- switchport trunk native vlan 20
- switchport mode dynamic desirable
II.48. Which mode is compatible with Trunk, Access, and desirable ports?
- Trunk Ports
- Access Ports
- Dynamic Auto*
- Dynamic Desirable
Maybe this question wanted to ask “if the other end is configured with trunk/access/desirable mode” then which mode is compatible so that the link can work. In that case both “dynamic auto” and “dynamic desirable” mode are correct. The difference between these two modes is “dynamic auto” is passively waiting for the other end to request to form a trunk while “dynamic desirable” will actively attempt to negotiate to convert the link into a trunk.
II.49. What parameter can be different on ports within an EtherChannel?
- speed
- DTP negotiation settings*
- trunk encapsulation
- duplex
+ Speed settings
+ Duplex settings
+ STP settings
+ VLAN membership (for access ports)
+ Native VLAN (for trunk ports)
+ Allowed VLANs (for trunk ports)
+ Trunking Encapsulation (ISL or 802.1Q, for trunk ports)
II.50. Which spanning-tree protocol rides on top of another spanning-tree protocol?
- MSTP*
- RSTP
- PVST+
- Mono Spanning Tree
II.51. Which three statements about RSTP are true? (Choose three.)
- RSTP significantly reduces topology reconverging time after a link failure.*
- RSTP expands the STP port roles by adding the alternate and backup roles.*
- RSTP port states are blocking, discarding, learning, or forwarding.
- RSTP provides a faster transition to the forwarding state on point-to-point links than STP does.*
- RSTP also uses the STP proposal-agreement sequence.
- RSTP uses the same timer-based process as STP on point-to-point links
II.52. Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two.)
- SW1#show port-secure interface FastEthernet 0/12
- SW1#show switchport port-secure interface FastEthernet 0/12
- SW1#show running-config*
- SW1#show port-security interface FastEthernet 0/12*
- SW1#show switchport port-security interface FastEthernet 0/12
II.53. Refer to the exhibit. Switch port FastEthernet 0/24 on ALSwitch1 will be used to create an IEEE 802.1Q-compliant trunk to another switch. Based on the output shown, what is the reason the trunk does not form, even though the proper cabling has been attached?
- VLANs have not been created yet.
- An IP address must be configured for the port.
- The port is currently configured for access mode.*
- The correct encapsulation type has not been configured.
- The no shutdown command has not been entered for the port.
II.54. Refer to the exhibit. Switch-1 needs to send data to a host with a MAC address of 00b0.d056.efa4. What will Switch-1 do with this data?
- Switch-1 will drop the data because it does not have an entry for that MAC address.
- Switch-1 will flood the data out all of its ports except the port from which the data originated.*
- Switch-1 will send an ARP request out all its ports except the port from which the data originated.
- Switch-1 will forward the data to its default gateway.
II.55. Standard industrialized protocol of etherchannel?
- LACP*
- PAGP
- PRP
- REP
II.56. How to enable vlans automatically across multiple switches?
- Configure VLAN
- Confiture NTP
- Configure each VLAN
- Configure VTP*
II.57. What are contained in layer 2 ethernet frame? (Choose Three.)
- Preamble*
- TTL
- Type/length*
- Frame check sequence*
- version
- others
Preamble is used to indicate the start of the frame by arranging the first 62 bits as alternating “1/0s” and the last two bits as “1”s. Like so, 010101010101010………………………10101011. Therefore when the receiving end sees the “11” it knows where the actual Ethernet header starts. The alternating 1s and 0s will also allow the two endpoints to sync their internal clocks. In summary, preamble is used for synchronization.
The “Type/Length” field is used to indicate the “Type”of the payload (Layer 3 protocol) which is indicated as a Hexadecimal value.
Note: Ethernet II uses “Type” while the old Ethernet version use “Length”
II.58. Which two of these are characteristics of the 802.1Q protocol? (Choose two.)
- It is used exclusively for tagging VLAN frames and does not address network reconvergence following switched network topology changes.
- It modifies the 802.3 frame header, and thus requires that the FCS be recomputed.*
- It is a Layer 2 messaging protocol which maintains VLAN configurations across networks.
- It includes an 8-bit field which specifies the priority of a frame.
- It is a trunking protocol capable of carrying untagged frames.*
If a switch receives untagged frames on a trunk port, it believes that frame is a part of the native VLAN. Also, frames from a native VLAN are not tagged when exiting the switch via a trunk port.
The 802.1q frame format is same as 802.3. The only change is the addition of 4 bytes fields. That additional header includes a field with which to identify the VLAN number. Because inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer.
Note: Frame Check Sequence (FCS) is a four-octet field used to verify that the frame was received without loss or error. FCS is based on the contents of the entire frame.
II.59. Which command is used to know the duplex speed of serial link?
- show line
- show interface*
- show protocol
- show run
In this output the speed of S0/0 interface is 1544 Kbits.
II.60. A BPDU guard is configured on an interface that has PortFast enabled. Which state does the interface enter when it receives a BPDU?
- Blocking
- Shutdown
- Listening
- Errdisable*
II.61. Which mode are in PAgP? (choose two)
- Auto.*
- Desirable.*
- Active.
- Passive.
- On.
| Auto | Responds to PAgP messages but does not aggressively negotiate a PAgP EtherChannel. A channel is formed only if the port on the other end is set to Desirable. This is the default mode. |
| Desirable | Port actively negotiates channeling status with the interface on the other end of the link. A channel is formed if the other side is Auto or Desirable. |
The table below lists if an EtherChannel will be formed or not for PAgP:
| PAgP | Desirable | Auto |
| Desirable | Yes | Yes |
| Auto | Yes | No |
II.62. In an Ethernet network, under what two scenarios can devices transmit? (Choose two.)
- when they receive a special token.
- when there is a carrier.
- when they detect no other devices are sending.*
- when the server grants access.
- when the medium is idle.*
II.63. At the end of an RSTP election process, which access layer switch port will assume the discarding role?
- Switch3, port fa0/1
- Switch3, port fa0/12
- Switch4, port fa0/11*
- Switch4, port fa0/2
- Switch3, port Gi0/1
- Switch3, port Gi0/2
ID than Switch 4 (because the MAC of Switch3 is smaller than that of Switch4) so both ports of Switch3
will be in forwarding state. The alternative port will surely belong to Switch4.
Switch4 will need to block one of its ports to avoid a bridging loop between the two switches. But how
does Switch4 select its blocked port? Well, the answer is based on the BPDUs it receives from Switch3. A
BPDU is superior to another if it has:
1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID
These four parameters are examined in order. In this specific case, all the BPDUs sent by Switch3 have
the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only
parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). In this
case the port priorities are equal because they use the default value, so Switch4 will compare port index
values, which are unique to each port on the switch, and because Fa0/12 is inferior to Fa0/1, Switch4 will
select the port connected with Fa0/1 (of Switch3) as its root port and block the other port -> Port fa0/11
of Switch4 will be blocked (discarding role).
II.64. Which switch would STP choose to become the root bridge in the selection process?
- 32768: 11-22-33-44-55-66*
- 32768: 22-33-44-55-66-77
- 32769: 11-22-33-44-55-65
- 32769: 22-33-44-55-66-78
II.65. Refer to the exhibit. What two results would occur if the hub were to be replaced with a switch that is configured with one Ethernet VLAN? (Choose two.)
- The number of collision domains would remain the same.
- The number of collision domains would decrease.
- The number of collision domains would increase.*
- The number of broadcast domains would remain the same.*
- The number of broadcast domains would decrease.
- The number of broadcast domains would increase.
II.66. For which two protocols can PortFast alleviate potential host startup is-sues? (Choose two.)
- DHCP*
- DNS*
- OSPF
- RIP
- CDP
II.67. Which method does a connected trunk port use to tag VLAN traffic?
- IEEE 802 1w
- IEEE 802 1D
- IEEE 802 1Q*
- IEEE 802 1p
II.68. Configuration of which option is required on a Cisco switch for the Cisco IP phone to work?
- PortFast on the interface
- the interface as an access port to allow the voice VLAN ID*
- a voice VLAN ID in interface and global configuration mode
- Cisco Discovery Protocol in global configuration mode
In order to avoid this, remove the trunk configuration and keep the voice and access VLAN configured along with Quality of Service (QoS). Technically, it is still a trunk, but it is called a Multi-VLAN Access Port (MVAP). Because voice and data traffic can travel through the same port, you should specify a different VLAN for each type of traffic. You can configure a switch port to forward voice and data traffic on different VLANs. Configure IP phone ports with a voice VLAN configuration. This configuration creates a pseudo trunk, but does not require you to manually prune the unnecessary VLANs.
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. You can configure a voice VLAN with the “switchport voice vlan …” command under interface mode. The full configuration is shown below:
Switch(config)#interface fastethernet0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10 Switch(config-if)#switchport voice vlan 20
II.69. Refer to the exhibit. Which statement describes the effect of this configuration?
- The VLAN 10 VTP configuration is displayed
- VLAN 10 spanning-tree output is displayed
- The VLAN 10 configuration is saved when the router exits VLAN configuration mode*
- VLAN 10 is added to the VLAN database
II.70. Which statement about native VLAN traffic is true?
- Cisco Discovery Protocol traffic travels on the native VLAN by default*
- Traffic on the native VLAN is tagged with 1 by default
- Control plane traffic is blocked on the native VLAN.
- The native VLAN is typically disabled for security reasons
II.71. Which statement about unicast frame forwarding on a switch is true?
- The TCAM table stores destination MAC addresses
- If the destination MAC address is unknown, the frame is flooded to every port that is configured in the same VLAN except on the port that it was received on.*
- The CAM table is used to determine whether traffic is permitted or denied on a switch
- The source address is used to determine the switch port to which a frame is forwarded
II.72. Which two statements about VTP are true? (Choose two.)
- All switches must be configured with the same VTP domain name*
- All switches must be configured to perform trunk negotiation.
- All switches must be configured with a unique VTP domain name
- The VTP server must have the highest revision number in the domain*
- All switches must use the same VTP version.
II.73. Which type does a port become when it receives the best BPDU on a bridge?
- The designated port
- The backup port
- The alternate port
- The root port*
II.74. Which value can you modify to configure a specific interface as the preferred forwarding interface?
- The interface number
- The port priority*
- The VLAN priority
- The hello time
Switch(config-if)#spanning-tree vlan 20 port-priority 64
II.75. Which statement about VLAN configuration is true?
- The switch must be in VTP server or transparent mode before you can configure a VLAN*
- The switch must be in config-vlan mode before you configure an extended VLAN
- Dynamic inter-VLAN routing is supported on VLAN2 through VLAN 4064`
- A switch in VTP transparent mode save the VLAN databases to the running configuration only
II.76. Which two protocols are used by bridges and/or switches to prevent loops in a layer 2 network? (Choose two.)
- 802.1d*
- VTP
- 802.1q
- SAP
- STP*
II.77. How can you disable DTP on a switch port?
- Configure the switch port as a trunk.* (no correct answer, in fact)
- Add an interface on the switch to a channel group.
- Change the operational mode to static access
- Change the administrative mode to access
Therefore this is a question with no correct answer but if we have to choose an answer, we will choose answer A. At least it is correct in theory.
II.78. Which command can you enter on a switch to display the IP addresses associated with connected devices?
- Show cdp neighbors detail*
- Show cdp neighbor
- Show cdp interface
- Show cdp traffic
II.79. Which protocol is a Cisco proprietary implementation of STP?
- CST
- RSTP
- MSTP
- PVST+*
II.80. VLAN 3 is not yet configured on your switch. What happens if you set the switchport access vlan 3 command in interface configuration mode?
- The command is rejected.
- The port turns amber.
- The command is accepted and the respective VLAN is added to vlan.dat.*
- The command is accepted and you must configure the VLAN manually.
II.81. Three switches are connected to one another via trunk ports. Assuming the default switch configuration, which switch is elected as the root bridge for the spanning-tree instance of VLAN 1?
- the switch with the highest MAC address
- the switch with the lowest MAC address*
- the switch with the highest IP address
- the switch with the lowest IP address
This BID is a combination of a default priority value and the switch’s MAC address, with the priority value listed first. The lowest BID will win the election process.
For example, if a Cisco switch has the default priority value of 32,768 and a MAC address of 11-22-33- 44-55-66, the BID would be 32768:11-22-33-44-55-66. Therefore, if the switch priority is left at the default, the MAC address is the deciding factor in the root bridge election.
II.82. Which command enables RSTP on a switch?
- spanning-tree uplinkfast
- spanning-tree mode rapid-pvst*
- spanning-tree backbonefast
- spanning-tree mode mst
To activate the Rapid-PVST+ protocol: switch(config)#spanning-tree mode rapid-pvst
II.83. Cisco Catalyst switches CAT1 and CAT2 have a connection between them using ports FA0/13. An 802.1Q trunk is configured between the two switches. On CAT1, VLAN 10 is chosen as native, but on CAT2 the native VLAN is not specified. What will happen in this scenario?
- 802.1Q giants frames could saturate the link.
- VLAN 10 on CAT1 and VLAN 1 on CAT2 will send untagged frames.
- A native VLAN mismatch error message will appear.*
- VLAN 10 on CAT1 and VLAN 1 on CAT2 will send tagged frames.
II.84. Refer to the exhibit
All switch ports are assigned to the correct VLANs, but none of the hosts connected to SwitchA can communicate with hosts in the same VLAN connected to SwitchB. Based on the output shown, what is the most likely problem?
- The access link needs to be configured in multiple VLANs.
- The link between the switches is configured in the wrong VLAN.
- The link between the switches needs to be configured as a trunk.*
- VTP is not configured to carry VLAN information between the switches.
- Switch IP addresses must be configured in order for traffic to be forwarded between the switches.
II.85. What is the function of the command switchport trunk native vlan 999 on a Cisco Catalyst switch?
- It creates a VLAN 999 interface.
- It designates VLAN 999 for untagged traffic.*
- It blocks VLAN 999 traffic from passing on the trunk.
- It designates VLAN 999 as the default for all unknown tagged traffic.
II.86. Refer to the exhibit. A frame on VLAN 1 on switch S1 is sent to switch S2 where the frame is received on VLAN 2. What causes this behavior?
- trunk mode mismatches
- vlans that do not correspond to a unique IP subnet
- native vlan mismatches*
- allowing only vlan 2 on the destination
II.87. Why will a switch never learn a broadcast address?
- Broadcast frames are never sent to swiches.
- Broadcast addresses use an incorrect format for the switching table.
- A broadcast address will never be the source address of a frame.*
- Broadcasts only use network layer addressing.
- A broadcast frame is never forwarded by a switch.
II.88. What can you change to select switch as root bridge?
- make lower priority*
- make higher priority
- make lower path cost
- make higher path cost
II.89. Which two types of information are held in the MAC address table? (Choose two)
- MAC address*
- soure IP address
- destination IP address
- Protocols
- Port numbers*
As we can see here, the “MAC address” field is the source MAC address and the “Ports” field are the ports of the switch from which the frames (with corresponding source MAC address) were received.
II.90. Which three are valid modes for a switch port used as a VLAN trunk? (choose three)
- Desirable*
- Auto*
- On*
- Blocking
- Transparent
- Forwarding
II.91. Which type of attack can be mitigated by configuring the default native VLAN to be unused?
- CAM table overflow
- switch spoofing
- VLAN hopping*
- MAC spoofing
II.92. Which process is associated with spanning-tree convergence?
- determining the path cost
- electing designated ports*
- learning the sender bridge ID
- assigning the port ID
1. Elects one root bridge
2. Select one root port per nonroot bridge
3. Select one designated port on each network segment -> Answer B is correct.
II.93. Which option is a benefit of switch stacking?
- It provides redundancy with no impact on resource usage
- It simplifies adding and removing hosts.
- It supports better performance of high-needs applications.
- It provides higher port density with better resource usage.*
Answer B is not correct as switch stacking is about connecting switches together so that they act as one switch, not about adding and removing hosts.
Answer C is not correct because switch stacking has nothing to do with performance of high-needs applications.
Surely switch stacking provides redundancy as stacking creates a ring of connection with two opposite paths. Whenever a frame is ready for transmission onto the path, a calculation is made to see which path has the most available bandwidth. The entire frame is then copied onto this half of the path.
With switch stacking, STP, CDP and VTP would run on one switch, not multiple switches. Also there would be one MAC address table, and it would reference all ports on all physical switches so we may say switch stacking has better resource usage. Also if we consider all stacking switches as one logical switch then surely the port density is increase very much. Therefore answer D is the most suitable one.
II.94. Which port state is introduced by Rapid-PVST?
- learning
- listening
- discarding*
- forwarding
II.95. What are the possible trunking modes for a switch port? (Choose three.)
- transparent
- auto*
- on*
- desirable*
- client
- forwarding
II.96. Refer to the exhibit. What set of commands was configured on interface Fa0/3 to produce the given the output?
- interface FastEthernet 0/3
Channel-group 1 mode desirable
Switchport trunk encapsulation dot1q
Switchport mode trunk - interface FastEthernet 0/3
Channel-group 2 mode passive
Switchport trunk encapsulation dot1q
Switchport mode trunk* - interface FastEthernet 0/3
Channel-group 2 mode on
Switchport trunk encapsulation dot1q
Switchport mode trunk - interface FastEthernet 0/3
Channel-group 2 mode active
Switchport trunk encapsulation dot1q
Switchport mode trunk
II.97. Which type of secure MAC address must be configured manually?
- dynamic
- bia
- static*
- sticky
II.98. Which two elements are fields in an Ethernet frame? (Choose two.)
- frame check sequence*
- header
- source IP address
- destination IP address
- type*
II.99. What is one benefit of PVST+?
- PVST+ supports Layer 3 load balancing without loops.
- PVST+ reduces the CPU cycles for all the switches in the network.
- PVST+ allows the root switch location to be optimized per VLAN.*
- PVST+ automatically selects the root bridge location, to provide optimized bandwidth usage.
II.100. Which three of these statements regarding 802.1Q trunking are correct? (Choose three.)
- 802.1Q native VLAN frames are untagged by default.*
- 802.1Q trunking ports can also be secure ports.
- 802.1Q trunks can use 10 Mb/s Ethernet interfaces.*
- 802.1Q trunks require full-duplex, point-to-point connectivity.
- 802.1Q trunks should have native VLANs that are the same at both ends.*
II.101. Which IEEE standard protocol is initiated as a result of successful DTP completion in a switch over FastEthernet?
- 802.3ad
- 802.1w
- 802.1Q*
- 802.1d
II.102. Which of the port is not part of STP protocol.
- Listening
- Learning
- Forwarding
- Discarding*
II.103. Assuming the default switch configuration which vlan range can be added modified and removed on a cisco switch?
- 2 through 1001*
- 1 through 1001
- 1 through 1002
- 2 through 1005
II.104. Based on the output below, which two statements are true of the interfaces on Switch1? (Choose two.)
- A hub is connected directly to FastEthernet0/5*
- FastEthernet0/1 is configured as a trunk link.*
- FastEthernet0/5 has statically assigned mac address
- Interface FastEthernet0/2 has been disable.
- Multiple devices are connected directly to FastEthernet0/1.
- FastEthernet0/1 is connected to a host with multiple network interface cards.
There are two MAC addresses learned from FastEthernet0/5 while FastEthernet0/5 is not configured as trunk (only Fa0/2 & Fa0/3 are configured as trunk links) -> a hub is used on this port.
II.105. Refer to the exhibit. How should the FastEthernet0/1 port on the 2950 model switches that are shown in the exhibit be configured to allow connectivity between all devices?
- The ports only need to be connected by a crossover cable.
- SwitchX(config)# interface FastEthernet 0/1
SwitchX(config-if)# switchport mode trunk - SwitchX(config)# interface FastEthernet 0/1 SwitchX(config-if)# switchport mode access SwitchX(config-if)# switchport access vlan 1
- SwitchX(config)# interface FastEthernet 0/1 SwitchX(config-if)# switchport mode trunk SwitchX(config-if)# switchport trunk vlan 1 SwitchX(config-if)# switchport trunk vlan 10 SwitchX(config-if)# switchport trunk vlan 20
II.106. Which RPVST+ port state is excluded from all STP operations?
- learning
- forwarding
- blocking
- disabled*
II.107. Which option is the industry-standard protocol for EtherChannel?
- PAgP
- LACP*
- Cisco Discovery Protocol
- DTP
II.108. Which two pieces of information can be shared with LLDP TLVs? (Choose two)
- device management address.*
- device type*
- spanning-tree topology
- routing configuration
- access-list configuration
II.109. Which two statements about stacking Cisco switches are true ?(choose two)
- It enables the administrator to manage multiple switches from a single management interface*
- The administrator can create only one stack of switches in a network which is under the same administrative domian
- When a new master switch is elected,it queries the previous master for its running configuration
- The administrator can add additional switches to the stack as demand increases*
- Each switch manages its own MAC address table
II.110. Refer to the exhibit.If the devices produced the given output, what is the cause of the EtherChannel problem?
- There is a speed mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interfaces.*
- There is an MTU mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interfaces
- There is an encapsulation mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interface
- SW1’s Fa0/1 interface is administratively shut down.
II.111. For which two reasons might be you choose chassis aggregation instead of stacking switches? (Choose two.)
- to increase the number of devices in use*
- Bto increase the maximum port count
- to avoid the use of a centralized configuration manager*
- to allow hot-swapping modules
- to avoid relying solely on Ethernet interfaces
II.112. Refer to the exhibit. The two exhibited devices are the only Cisco devices on the network. The serial network between the two devices has a mask of 255.255.255.252. Given the output that is shown, what three statements are true of these devices? (Choose three.)
- The Manchester serial address is 10.1.1.1.*
- The Manchester serial address is 10.1.1.2.
- The London router is a Cisco 2610.*
- The Manchester router is a Cisco 2610.
- The CDP information was received on port Serial0/0 of the Manchester router.
- The CDP information was sent by port Serial0/0 of the London router.*
II.113. Refer to the exhibit. Based on the information given, which switch will be elected root bridge and why?
- Switch A, because it has the lowest MAC address
- Switch A, because it is the most centrally located switch
- Switch B, because it has the highest MAC address
- Switch C, because it is the most centrally located switch
- Switch C, because it has the lowest priority*
- Switch D, because it has the highest priority
II.114. A network interface port has collision detection and carrier sensing enabled on a shared twisted pair network. From this statement, what is known about the network interface port?
- This is a 10 Mb/s switch port.
- This is a 100 Mb/s switch port.
- This is an Ethernet port operating at half duplex.*
- This is an Ethernet port operating at full duplex.
- This is a port on a network interface card in a PC.
II.115. Refer to the exhibit. Given the output shown from this Cisco Catalyst 2950, what is the reason that interface FastEthernet 0/10 is not the root port for VLAN 2?
- This switch has more than one interface connected to the root network segment in VLAN 2.
- This switch is running RSTP while the elected designated switch is running 802.1d Spanning Tree.
- This switch interface has a higher path cost to the root bridge than another in the topology.*
- This switch has a lower bridge ID for VLAN 2 than the elected designated switch.
II.116. Refer to the exhibit. Why has this switch not been elected the root bridge for VLAN1?
- It has more than one interface that is connected to the root network segment.
- It is running RSTP while the elected root bridge is running 802.1d spanning tree.
- It has a higher MAC address than the elected root bridge.
- It has a higher bridge ID than the elected root bridge.*
II.117. Which two link protocols are used to carry multiple VLANs over a single link? (Choose two.)
- VTP
- 802.1q*
- IGP
- ISL*
- 802.3u
proprietary ISL. Generally, most network engineers prefer to use 802.1q since it is standards based and will
interoperate with other vendors.
II.118. Assuming the default switch configuration, which VLAN range can be added, modified, and removed on a Cisco switch?
- 1 through 1001
- 2 through 1001*
- 1 through 1002
- 2 through 1005
VLANs 1002-1005 are default VLANs for FDDI & Token Ring and they can’t be deleted or used for Ethernet.
II.119. Refer to the topology shown in the exhibit. Which ports will be STP designated ports if all the links are operating at the same bandwidth? (Choose three.)
- Switch A – Fa0/0
- Switch A – Fa0/1*
- Switch B – Fa0/0*
- Switch B – Fa0/1*
- Switch C – Fa0/0
- Switch C – Fa0/1
1. First, select the root bridge, which can be accomplished by comparing the bridge ID, the smallest will be
selected. Bridge-id= bridge priority + MAC address. The three switches in the figure all have the default
priority, so we should compare the MAC address, it is easy to find that SwitchB is the root bridge.
2. Select the root port on the non-root bridge, which can be completed through comparing root path cost. The
smallest will be selected as the root port.
3. Next, select the Designated Port. First, compare the path cost, if the costs happen to be the same, then
compare the BID, still the smallest will be selected. Each link has a DP. Based on the exhibit above, we can
find DP on each link. The DP on the link between SwitchA and SwitchC is SwitchA’Fa0/1, because it has the
smallest MAC address.
II.120. Refer to the exhibit. Which statement is true?
- The Fa0/11 role confirms that SwitchA is the root bridge for VLAN 20.
- VLAN 20 is running the Per VLAN Spanning Tree Protocol
- The MAC address of the root bridge is 0017.596d.1580.
- SwitchA is not the root bridge, because not all of the interface roles are designated*
From the output we learn this switch is running Rapid STP, not PVST -> B is not correct.
0017.596d.1580 is the MAC address of this switch, not of the root bridge. The MAC address of the root bridge is 0017.596d.2a00 -> C is not correct.
All of the interface roles of the root bridge are designated. SwitchA has one Root port and 1 Alternative port so it is not the root bridge -> D is correct.
II.121. Which two benefits are provided by creating VLANs? (Choose two.)
- added security*
- dedicated bandwidth
- provides segmentation*
- allows switches to route traffic between subinterfaces
- contains collisions
Security:
VLANs also improve security by isolating groups. High-security users can be grouped into a VLAN, possible on the same physical segment, and no users outside that VLAN can communicate with them LAN Segmentation VLANs allow logical network topologies to overlay the physical switched infrastructure such that any arbitrary collection of LAN ports can be combined into an autonomous user group or community of interest. The technology logically segments the network into separate Layer 2 broadcast domains whereby packets are switched between ports designated to be within the same VLAN. By containing traffic originating on a particular LAN only to other LANs in the same VLAN, switched virtual networks avoid wasting bandwidth.
II.122. How many broadcast domains are shown in the graphic assuming only the default VLAN is confgured on the switches?
- one*
- two
- six
- twelve
For your information, there are 7 collision domains in this exhibit (6 collision domains between hubs & switches + 1 collision between the two switches).
II.123. Which term describes a spanning-tree network that has all switch ports in either the blocking or forwarding state?
- converged*
- redundant
- provisioned
- spanned
II.124. A network administrator creates a layer 3 EtherChannel, bundling four interfaces into channel group 1. On what interface is the IP address configured?
- the port-channel 1 interface*
- the highest number member interface
- all member interfaces
- the lowest number member interface
II.125. Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?
- BackboneFast
- UplinkFast
- Root Guard
- BPDU Guard*
- BPDU Filter
II.126. Refer to the exhibit. A technician is troubleshooting host connectivity issues on the switches. The hosts inVLANs 10 and 15 on Sw11 are unable to communicate with hosts in the same VLANs on Sw12. Hosts in the Admin VLAN are able to communicate. The port-to-VLAN assignments are identical on the two switches. What could be the problem?
- The Fa0/1 port is not operational on one of the switches.
- The link connecting the switches has not been configured as a trunk.*
- At least one port needs to be configured in VLAN 1 for VLANs 10 and 15 to be able to communicate.
- Port FastEthernet 0/1 needs to be configured as an access link on both switches.
- A router is required for hosts on SW11 in VLANs 10 and 15 to communicate with hosts in the same VLAN on Sw12.
II.127. Refer to the exhibit. Given this output for SwitchC, what should the network administrator’s next action be?
- Check the trunk encapsulation mode for Switch C’s fa0/1 port.
- Check the duplex mode for Switch C’s fa0/1 port.
- Check the duplex mode for Switch A’s fa0/2 port.*
- Check the trunk encapsulation mode for Switch A’s fa0/2 port
II.128. In a switched environment, what does the IEEE 802.1Q standard describe?
- the operation of VTP
- a method of VLAN trunking*
- an approach to wireless LAN communication
- the process for root bridge selection
- VLAN pruning
II.129. An administrator is unsuccessful in adding VLAN 50 to a switch. While troubleshooting the problem, the administrator views the output of the show vtp status command, which is displayed in the graphic. What commands must be issued on this switch to add VLAN 50 to the database? (Choose two.)
- Switch(config-if)# switchport access vlan 50
- Switch(vlan)# vtp server*
- Switch(config)# config-revision 20
- Switch(config)# vlan 50 name Tech
- Switch(vlan)# vlan 50*
- Switch(vlan)# switchport trunk vlan 50
II.130. Refer to the exhibit. How many broadcast domains exist in the exhibited topology?
- one
- two
- three*
- four
- five
- six
II.131. Refer to the exhibit. The network administrator has created a new VLAN on Switch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/14 to be members of the new VLAN. However, after the network administrator completed the configuration, host A could communicate with host B, but host A could not communicate with host C or host D. Which commands are required to resolve this problem?
Correct Answer: A
II.132. On a network of one department, there are four PCs connected to a switch, as shown in the following figure: After the Switch1 restarts. Host A (the host on the left) sends the first frame to Host C (the host on the right). What the first thing should the switch do?
- Switch1 will add 192.168.23.12 to the switching table.
- Switch1 will add 192.168.23.4 to the switching table.
- Switch1 will add 000A.8A47.E612 to the switching table.*
- None of the above
II.133. A network administrator is explaining VTP configuration to a new technician. What should the network administrator tell the new technician about VTP configuration? (Choose three.)
- A switch in the VTP client mode cannot update its local VLAN database.*
- A trunk link must be configured between the switches to forward VTP updates.*
- A switch in the VTP server mode can update a switch in the VTP transparent mode.
- A switch in the VTP transparent mode will forward updates that it receives to other switches.*
- A switch in the VTP server mode only updates switches in the VTP client mode that have a higher VTP revision number.
- A switch in the VTP server mode will update switches in the VTP client mode regardless of the configured VTP domain membership.
II.134. A company is installing IP phones. The phones and office computers connect to the same device. To ensure maximum throughput for the phone data, the company needs to make sure that the phone traffic is on a different network from that of the office computer data traffic. What is the best network device to which to directly connect the phones and computers, and what technology should be implemented on this device? (Choose two.)
- hub
- router
- switch*
- STP
- subinterfaces
- VLAN*
II.135. What are two benefits of using VTP in a switching environment? (Choose two.)
- It allows switches to read frame tags.
- It allows ports to be assigned to VLANs automatically.
- It maintains VLAN consistency across a switched network.*
- It allows frames from multiple VLANs to use a single interface.
- It allows VLAN information to be automatically propagated throughout the switching environment.*
II.136. Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.)
- amount of RAM
- bridge priority*
- IOS version
- IP address
- MAC address*
- speed of the links
II.137. Which three statements are typical characteristics of VLAN arrangements? (Choose three.)
- A new switch has no VLANs configured.
- Connectivity between VLANs requires a Layer 3 device.*
- VLANs typically decrease the number of collision domains.
- Each VLAN uses a separate address space.*
- A switch maintains a separate bridging table for each VLAN.*
- VLANs cannot span multiple switches.
II.138. Switch ports operating in which two roles will forward traffic according to the IEEE 802.1w standard? (Choose two.)
- alternate
- backup
- designated*
- disabled
- root*
II.139. Refer to the exhibit. This command is executed on 2960Switch: Which two of these statements correctly identify results of executing the command? (Choose two.)
- Port security is implemented on the fa0/1 interface.
- MAC address 0000.00aa.aaaa does not need to be learned by this switch.*
- Only MAC address 0000.00aa.aaaa can source frames on the fa0/1 segment.
- Frames with a Layer 2 source address of 0000.00aa.aaaa will be forwarded out fa0/1.
- MAC address 0000.00aa.aaaa will be listed in the MAC address table for interface fa0/1 only.*
II.140. Refer to the exhibit. The switches on a campus network have been interconnected as shown. All of the switches are running Spanning Tree Protocol with its default settings. Unusual traffic patterns are observed and it is discovered that Switch9 is the root bridge. Which change will ensure that Switch1 will be selected as the root bridge instead of Switch9?
- Raise the bridge priority on Switch1.
- Lower the bridge priority on Switch9.
- Raise the bridge priority on Switch9.
- Physically replace Switch9 with Switch1 in the topology.
- Disable spanning tree on Switch9.
- Lower the bridge priority on Switch1.*
II.141. Which statement about DTP is true?
- It uses the native VLAN.
- It negotiates a trunk link after VTP has been configured.
- It uses desirable mode by default.
- It sends data on VLAN 1.*
Disabling Dynamic Trunking Protocol (DTP)
Cisco’s Dynamic Trunking Protocol can facilitate the automatic creation of trunks between two switches. When two connected ports are configured in dynamic mode, and at least one of the ports is configured as desirable, the two switches will negotiate the formation of a trunk across the link. DTP isn’t to be confused with VLAN Trunking Protocol (VTP), although the VTP domain does come into play.
DTP on the wire is pretty simple, essentially only advertising the VTP domain, the status of the interface, and its DTP type. These packets are transmitted in the native (or access) VLAN every 60 seconds both natively and with ISL encapsulation (tagged as VLAN 1) when DTP is enabled.
II.142. Which feature can you use to monitor traffic on a switch by replicating it to another port or ports on the same switch?
- copy run start
- traceroute
- the ICMP Echo IP SLA
- SPAN*
II.143. Refer to the exhibit. While troubleshooting a switch, you executed the show interface port-channel 1 etherchannel command and it returned this output.
Which information is provided by the Load value?
- the percentage of use of the link
- the preference of the link
- the session count of the link
- the number source-destination pairs on the link*
Now we need to convert Load value from Hexadecimal to Binary numbers. Therefore:
+ Gi1/1: 36 (Hex) = 00110110 (Bin) -> Bits 3, 4, 6, 7 are chosen
+ Gi1/2: 84 (Hex) = 10000100 (Bin) -> Bits 1, 6 are chosen
+ Gi1/3: 16 (Hex) = 00010110 (Bin) -> Bits 4, 6, 7 are chosen
Therefore if the RBH is 3, it will choose Gi1/1. If RBH is 4, it will choose Gi1/1 and Gi1/3 interfaces. If RBH is 6 it will choose all three above interfaces. And the bit sharing ratio is 3:3:2 (from “No of bits” column) hence two links has higher probability of getting utilized as compared to the third link.
II.144. Which statement about slow inter VLAN forwarding is true?
- The VLAN is experiencing slowness in the point-to-point collisionless connection.
- The VLANs are experiencing slowness because multiple devices are connected to the same hub.
- The local VLAN is working normally, but traffic to the alternate VLAN is forwarded slower than expected.
- The entire VLAN is experiencing slowness.
- The VLANs are experiencing slowness due to a duplex mismatch.*
In the following scenario (illustrated in the network diagram below), there is a Layer 3 (L3) switch performing interVLAN routing between the server and client VLANs. In this failure scenario, one server is connected to a switch, and the port duplex mode is configured half- duplex on the server side and full-duplex on the switch side. This misconfiguration results in a packet loss and slowness, with increased packet loss when higher traffic rates occur on the link where the server is connected. For the clients who communicate with this server, the problem looks like slow interVLAN forwarding because they do not have a problem communicating to other devices or clients on the same VLAN. The problem occurs only when communicating to the server on a different VLAN. Thus, the problem occurred on a single collision domain, but is seen as slow interVLAN forwarding.
Three Categories of Causes
The causes of slowness can be divided into three categories, as follows:
Slow Collision Domain Connectivity
Collision domain is defined as connected devices configured in a half-duplex port configuration, connected to each other or a hub. If a device is connected to a switch port and full-duplex mode is configured, such a pointto-point connection is collisionless. Slowness on such a segment still can occur for different reasons.
Slow Broadcast Domain Connectivity (Slow VLAN)
Slow broadcast domain connectivity occurs when the whole VLAN (that is, all devices on the same VLAN)
experiences slowness.
Slow InterVLAN Connectivity (Slow Forwarding Between VLANs) Slow interVLAN connectivity (slow forwarding between VLANs) occurs when there is no slowness on the local VLAN, but traffic needs to be forwarded to an alternate VLAN, and it is not forwarded at the expected rate.
Causes for Network Slowness
Packet Loss
In most cases, a network is considered slow when higher-layer protocols (applications) require extended time to complete an operation that typically runs faster. That slowness is caused by the loss of some packets on the network, which causes higher-level protocols like TCP or applications to time out and initiate retransmission.
Hardware Forwarding Issues
With another type of slowness, caused by network equipment, forwarding (whether Layer 2 [L2] or L3) is performed slowly. This is due to a deviation from normal (designed) operation and switching to slow path forwarding. An example of this is when Multilayer Switching (MLS) on the switch forwards L3 packets between
VLANs in the hardware, but due to misconfiguration, MLS is not functioning properly and forwarding is done by the router in the software (which drops the interVLAN forwarding rate significantly).
II.145. Which option describes how a switch in rapid PVST+ mode responds to a topology change?
- It immediately deletes dynamic MAC addresses that were learned by all ports on the switch.
- It sets a timer to delete all MAC addresses that were learned dynamically by ports in the same STP instance.
- It sets a timer to delete dynamic MAC addresses that were learned by all ports on the switch.
- It immediately deletes all MAC addresses that were learned dynamically by ports in the same STP instance.*
on the IEEE 802.1w standard. To provide rapid convergence, the rapid PVST+ immediately deletes
dynamically learned MAC address entries on a per-port basis upon receiving a topology change. By contrast,
PVST+ uses a short aging time for dynamically learned MAC address entries.
The rapid PVST+ uses the same configuration as PVST+ (except where noted), and the switch needs only
minimal extra configuration. The benefit of rapid PVST+ is that you can migrate a large PVST+ install base to
rapid PVST+ without having to learn the complexities of the MSTP configuration and without having to
reprovision your network. In rapid-PVST+ mode, each VLAN runs its own spanning-tree instance up to the
maximum supported.
II.146. Which statement about switch access ports is true?
- They drop packets with 802.1Q tags.*
- A VLAN must be assigned to an access port before it is created.
- They can receive traffic from more than one VLAN with no voice support
- By default, they carry traffic for VLAN 10.
An access port can only receive traffic from one VLAN -> C is not correct.
If not assigned to a specific VLAN, an access port carries traffic for VLAN 1 by default -> D is not correct.
An access port will drop packets with 802.1Q tags -> A is correct. Notice that 802.1Q tags are used to packets moving on trunk links.
II.147. Which two switch states are valid for 802.1w? (Choose two.)
- listening
- backup
- disabled
- learning*
- discarding*
* Discarding – the port does not forward frames, process received frames, or learn MAC addresses – but it does listen for BPDUs (like the STP blocking state)
* Learning – receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP).
* Forwarding – receives and sends data, normal operation, learns MAC address, receives and transmits BPDUs (same as STP).
II.148. Which feature allows a device to use a switch port that is configured for half-duplex to access the network?
- CSMA/CD*
- IGMP
- port security
- split horizon
II.149. Which two statements about switch stacking are true? (Choose two)
- The stack is powered by a single power cable*
- The switches are connected in a daisy-chain fashion*
- The first and last switch in the stack must be connected to one another
- The switches are connected by crossover cables
- The switches must be fully meshed
II.150. Which symptom most commonly indicates that two connecting interfaces are configured with a duplex mismatch?
- the spanning-tree process shutting down
- collisions on the interface*
- an interface with a down/down status
- an interface with an up/down status
Note: On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex.
Duplex mismatch would not cause the link to be down/down, but would only result in poor performance like increase late collisions on the interface.
II.151. Which option is the main function of congestion management?
- discarding excess traffic
- queuing traffic based on priority*
- classifying traffic
- providing long-term storage of buffered data
II.152. Which feature must you enable to distribute vlans automatically across multiple switch?
- Configure NTP
- Configure the native VLAN
- Define Each vlan
- Configure VTP*
II.153. Which three statements about VTP features are true? (Choose three.)
- VTP works at Layer 3 of the OSI model and requires that a management VLAN IP address be configured.
- When properly configured, VTP minimizes VLAN misconfigurations and configuration inconsistencies.*
- When properly configured, VTP maintains VLAN configuration consistency and accelerates trunk link negotiation.
- Each broadcast domain on a switch can have its own unique VTP domain.
- VTP pruning is used to increase available bandwidth in trunk links.*
- To configure a switch to be part of two VTP domains, each domain must have its own passwords.
- Client, server, and transparent are valid VTP modes.*
II.154. Which two statements about LLDP are true ?(choose two)
- It uses mandatory TLVs to discover the neighboring devices*
- It functions at Layer 2 and Layer 3
- It is a Cisco-proprietary technology
- It is implemented in accordance with the 802.11a specification
- It enables systems to learn about one another over the data-link layer*
II.155. Which two benefits can you get by stacking Cisco switches?(choose two)
- Each switch in the stack handles the MAC table independently from the others
- You can add or remove switches without taking the stack down.*
- Each switch in the stack can use a different IOS image
- The stack enables any active member to take over as the master switch if the existing master fails.*
- You can license the entire stack with a single master license
Switches can be added and deleted to a working stack without affecting stack performance. When a new switch is added, the master switch automatically configures the unit with the currently running Cisco IOS Software image and configuration of the stack. The stack will gather information such as switching table information and update the MAC tables as new addresses are learned. The network manager does not have to do anything to bring up the switch before it is ready to operate. Similarly, switches can be removed from a working stack without any operational effect on the remaining switches. When the stack discovers that a series of ports is no longer present, it will update this information without affecting forwarding or routing. A working stack can accept new members or delete old ones without service interruption -> Answer B is correct.
II.156. Which VTP mode cannot make a change to vlan?
- server
- off
- client*
- transparent
· VTP clients function the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
· A VTP client only stores the VLAN information for the entire domain while the switch is on.
· A switch reset deletes the VLAN information.
· You must configure VTP client mode on a switch.
II.157. Which two circumstances can cause collision domain issues on VLAN domain? (Choose two)
- duplex mismatches on Ethernet segments in the same VLAN*
- multiple errors on switchport interfaces
- congestion on the switch inband path*
- a failing NIC in an end device
- an overloaded shared segment
An “inband path” is the path which provides path for management traffic (like CDP, VTP, PAgP…) but we are not sure why congestion on the switch inband path can cause collision domain issues. Maybe congestion on inband path prevents the JAM signal (sent when a collision occurs on the link) to be sent correctly on the link.
II.158. Which protocol supports sharing the VLAN configuration between two or more switches?
- multicast
- STP
- VTP*
- split-horizon
II.159. Which spanning-tree feature places a port immediately into a forwarding stated?
- BPDU guard
- PortFast*
- loop guard
- UDLD
- Uplink Fast
II.160. In which STP state does MAC address learning take place on a PortFast-enabled port?
- listening
- forwarding*
- discarding
- learning
II.161. Refer to the exhibit.
A network associate needs to configure the switches and router in the graphic so that the hosts in VLAN3 and VLAN4 can communicate with the enterprise server in VLAN2. Which two Ethernet segments would need to be configured as trunk links? (Choose two.)
- A
- B
- C*
- D
- E
- F*
II.162. Which IEEE standard does PVST+ use to tunnel information?
- 802.1x
- 802.1q*
- 802.1w
- 802.1s
II.163. What is the default VLAN on an access port?
- 0
- 1*
- 10
- 1024
Switch(config)#interface fa0/1 Switch(config-if)#switchport mode access
Then this interface, by default, will belong to VLAN 1. Of course we can assign another VLAN to this port via the “switchport access vlan {vlan-number}” command.
II.164. Which VTP mode prevents you from making changes to VLANs?
- server
- off
- client*
- transparent
II.165. On which type of port can switches interconnect for multi-VLAN communication?
- interface port
- access port
- switch port
- trunk port*
II.166. Which two of these statements regarding RSTP are correct? (Choose two)
- RSTP cannot operate with PVST+.
- RSTP defines new port roles.*
- RSTP defines no new port states.
- RSTP is a proprietary implementation of IEEE 802.1D STP.
- RSTP is compatible with the original IEEE 802.1D STP.*
II.167. If primary and secondary root switches with priority 16384 both experience catastrophic losses, which tertiary switch can take over?
- a switch with priority 20480*
- a switch with priority 8192
- a switch with priority 4096
- a switch with priority 12288
II.168. What is true about Ethernet? (Choose Two.)
- 802.2 Protocol
- 802.3 Protocol*
- 10BaseT half duplex
- CSMA/CD Stops transmitting when congestion occurs*
- CSMA/CA Stops transmitting when congestion occurs
Note: CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) is a protocol for carrier transmission used in wireless networks. Unlike CSMA/CD (Carrier Sense Multiple Access/Collision Detect) which deals with transmissions after a collision has occurred, CSMA/CA acts to prevent collisions before they happen.
II.169. What field is consisted of 6 bytes in the field identification frame in IEEE 802.1Q?
- SA*
- DA
- FCS
- SOF
II.170. Which three options are switchport configurations that can always avoid duplex mismatch errors between theswitches? (Choose three.)
- Set both side auto-negotiation*
- Set both sides on half duplex*
- Set one side auto and the other side half duplex.
- Set both sides of connection to full duplex.*
- Set one side auto and the other side on full duplex.
- Set one side full duplex and the other side half duplex.
II.171. Which technology can enable multiple VLANs to communicate with one another?
- Intra-vlan routing using a layer 3 switch
- Inter-vlan routing using a layer 3 switch*
- Inter-vlan routing using a layer 2 switch
- Intra-vlan routing using router on a stick
II.172. Refer to the exhibit. Which two statements are true about interVLAN routing in the topology that is shown in the exhibit? (Choose two.)
- Host E and host F use the same IP gateway address.
- Router1 and Switch2 should be connected via a crossover cable.
- Router1 will not play a role in communications between host A and host D.
- The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.*
- Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.
- The FastEthernet 0/0 interface on Router1 and the FastEthernet 0/1 interface on Switch2 trunk ports must be configured using the same encapsulation type.*
II.173. What value is primarily used to determine which port becomes the root port on each non-root switch in a spanning-tree topology?
- path cost*
- lowest port MAC address
- VTP revision number
- highest port priority number
- port priority number and MAC address
II.174. How is provided master redundancy on a stacked switches?
- 1:N*
- N:1
- 1:1
- 1+N
1:N master redundancy allows each stack member to serve as a master, providing the highest reliability for forwarding. Each switch in the stack can serve as a master, creating a 1:N availability scheme for network control. In the unlikely event of a single unit failure, all other units continue to forward traffic and maintain operation.
Note:
N+1 simply means that there is a power backup in place should any single system component fail. The ‘N’ in this equation stands for the number of components necessary to run your system. The ‘+1’ means there is one independent backup should a component of that system fail. An example of “N+1” is your family has 5 members, so you need 5 cups to drink. But you have one extra cup for redundancy (6 cups in total) so that if any cup breaks, you still have enough cups for the family.
II.175. DRAG DROP. Drag and drop the STP features from the left onto the correct descriptions on the right.
Select and Place:
Correct Answer:
II.176. Which three elements must be used when you configure a router interface for VLAN trunking? (Choose three.)
- one physical interface for each subinterface
- one IP network or subnetwork for each subinterface*
- a management domain for each subinterface
- subinterface encapsulation identifiers that match VLAN tags*
- one subinterface per VLAN*
- subinterface numbering that matches VLAN tags
found here: http://www.thebryantadvantage.com/RouterOnAStickCCNACertificationExamTutorial.htm
II.177. Refer to the exhibit. A network administrator is configuring an EtherChannel between SW1 and SW2. The SW1 configuration is shown. What is the correct configuration for SW2?
Correct Answer: C
II.178. Refer to the exhibit. After HostA pings HostB, which entry will be in the ARP cache of HostA to support this transmission?
Correct Answer: A
address of the local router (default gateway) for the physical MAC address. The destination IP address will not change, and will be that of the remote host (HostB).
II.179. Based on the output below from SwitchB, which statement is true?
- The MAC address of the root bridge is 0017.596d.1580.
- The Fa0/11 role confirms that SwitchB is the root bridge for VLAN 40.
- SwitchB is not the root bridge, because not all of the interface roles are designated.*
- VLAN 40 is running the Per VLAN Spanning Tree Protocol.
II.180. A router has two Fast Ethernet interfaces and needs to connect to four VLANs in the local network. How can you accomplish this task, using the fewest physical interfaces and without decreasing network performance?
- A. Use a hub to connect the four VLANS with a Fast Ethernet interface on the router.
- B. Add a second router to handle the VLAN traffic.
- C. Add two more Fast Ethernet interfaces.
- D. Implement a router-on-a-stick configuration.*
II.181. Refer to the exhibit, The VLAN configuration of S1 is not being in this VTP enabled environment. The VTP and uplink port configurations for each switch are displayed. Which two command sets, if issued, resolve this failure and allow VTP to operate as expected? (Choose two.)
Correct Answer: BE
II.182. How are VTP advertisements delivered to switches across the network?
- anycast frames
- multicast frames*
- broadcast frames
- unicast frames
II.183. What are two reasons a network administrator would use CDP? (Choose two.)
- to verify the type of cable interconnecting two devices
- to determine the status of network services on a remote device
- to obtain VLAN information from directly connected switches
- to verify Layer 2 connectivity between two devices when Layer 3 fails*
- to obtain the IP address of a connected device in order to telnet to the device*
- to determine the status of the routing protocols between directly connected routers
II.184. How can you manually configure a switch so that it is selected as the root Switch?
- increase the priority number
- lower the port priority number
- lower the priority number*
- increase the port priority number
II.185. DRAG DROP. Drag and drop the MAC address types from the left onto the correct descriptions on the right?
Select and Place:
Correct Answer:
II.186. Which three options are switch port config that can always avoid duplex mismatch error between the switches? (Choose three.)
- set both side on auto-negotiation*
- set both sides on half-duplex*
- set one side auto and other side half-duplex
- set both side of connection to full-duplexE. set one side auto and other side on full-duplex*
- set one side full-duplex and other side half-duplex
II.187. Which option is the master redundancy scheme for stacked switches?
- 1:N*
- 1:1
- N:1
- 1+N
II.188. Under which two circumstances is a switch port that is configured with PortFast BPDU guard error-disabled? (Choose two.)
- when the switch receives a BPDU from a connected switch*
- when the switch receives a request for an IP address from an individual PC
- when a connected server has more than one VLAN configured on its NIC*
- when a wireless access point running in bridge mode is connected to a switch
- when a single IP address is configured on the switch
Section III: Routing Technologies
III.1. Which three statements about link-state routing are true? (Choose three.)
- OSPF is a link-state protocol.*
- Updates are sent to a broadcast address.
- It uses split horizon.
- Routes are updated when a change in topology occurs.*
- RIP is a link-state protocol.
- Updates are sent to a multicast address by default.*
III.2. A router has learned three possible routes that could be used to reach a destination network. One route is from EIGRP and has a composite metric of 20514560. Another route is from OSPF with a metric of 782. The last is from RIPv2 and has a metric of 4. Which route or routes will the router install in the routing table?
- the OSPF route
- the EIGRP route*
- the RIPv2 route
- all three routes
- the OSPF and RIPv2 routes
III.3. A network administrator is troubleshooting an EIGRP problem on a router and needs to confirm the IP addresses of the devices with which the router has established adjacency. The retransmit interval and the queue counts for the adjacent routers also need to be checked. What command will display the required information?
- Router# show ip eigrp neighbors*
- Router# show ip eigrp interfaces
- Router# show ip eigrp adjacency
- Router# show ip eigrp topology
Let’s analyze these columns:
+ H: lists the neighbors in the order this router was learned
+ Address: the IP address of the neighbors
+ Interface: the interface of the local router on which this Hello packet was received
+ Hold (sec): the amount of time left before neighbor is considered in “down” status
+ Uptime: amount of time since the adjacency was established
+ SRTT (Smooth Round Trip Timer): the average time in milliseconds between the transmission of a packet to a neighbor and the receipt of an acknowledgement.
+ RTO (Retransmission Timeout): if a multicast has failed, then a unicast is sent to that particular router, the RTO is the time in milliseconds that the router waits for an acknowledgement of that unicast.
+ Queue count (Q Cnt): shows the number of queued EIGRP packets. It is usually 0.
+ Sequence Number (Seq Num): the sequence number of the last update EIGRP packet received. Each update message is given a sequence number, and the received ACK should have the same sequence number. The next update message to that neighbor will use Seq Num + 1.
In this question we have to check the RTO and Q cnt fields.
III.4. Which command can you enter to verify that a BGP connection to a remote device is established?
- show ip bgp summary*
- show ip community-list
- show ip bgp paths
- show ip route
Please pay attention to the “State/PfxRcd” column of the output. It indicates the number of prefixes that have been received from a neighbor. If this value is a number (including “0”, which means BGP neighbor does not advertise any route) then the BGP neighbor relationship is good. If this value is a word (including “Idle”, “Connect”, “Active”, “OpenSent”, “OpenConfirm”) then the BGP neighbor relationship is not good.
In the outputs above we see the BGP neighbor relationship between R1 & 10.1.1.1 is good with 2 Prefix Received (PfxRcd) while the BGP neighbor relationships between R1 & 10.2.2.2; R1 & 10.3.3.3 are not good (they are in “Active” and “Idle” state).
III.5. Which command can you enter to set the default route for all traffic to an interface?
- router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1*
- router(config)#ip route 0.0.0.0 255.255.255.255 GigabitEthernet0/1
- router(config-router)#default-information originate
- router(config-router)#default-information originate always
III.6. Instructions:
– Enter IOS commands on the device to verify network operation and answer the multiple questions.
– THIS TASK DOES NOT REQUIRE DEVICE CONFIGURATION.
– Click the device icon to gain access to the console device. No console or enable passwords are required.
– To access the multiple choice questions, click the numbered boxes on the left of the top panel.
– there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.
Server1 and Server2 are unable to communicate with the rest of the network. Your initial check with system administrators shows that IP address settings are correctly configured on the server side. What could be an issue?
- The VLAN encapsulation is misconfigured on the router subinterfaces.*
- The IP address is misconfigured on the primary router interface.
- The Router is missing subinterface configuration.
- The Trunk is not configured on the L2SW1 switch.
We see that subinterface E0/1.100 has been configured with VLAN 200 (via “encapsulation dot1Q 200”
command) while Server1 belongs to VLAN 100. Therefore this configuration is not correct. It should be
“encapsulation dot1Q 100” instead. The same thing for interface E0/1.200, it should be “encapsulation dot1Q
200” instead.
III.7.
Instructions:
– Enter IOS commands on the device to verify network operation and answer the multiple questions.
– THIS TASK DOES NOT REQUIRE DEVICE CONFIGURATION.
– Click the device icon to gain access to the console device. No console or enable passwords are required.
– To access the multiple choice questions, click the numbered boxes on the left of the top panel.
– there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.Users in the main office complain that they are unable to reach Internet sites. You observe that Internet traffic that is destined towards ISP router is not forwarded correctly on R1. What could be an issue?
Ping to Internet server shows the following results from R1:
R1#ping 209.165.200.225
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.225, time out is 2 seconds.
Success rate is 0 percent (0/5)
- The next-hop router address for the default route is incorrectly configured.
- The default route that is to the ISP router is configured with an AD of 255.
- The default route that is to the ISP router is not configured on R1.*
- R1 is configured as the DHCP client and is not receiving the default route via DHCP from the ISP router.
We cannot find a default route on R1 (something like this: S* 0.0.0.0/0 [1/0] via 209.165.201.2) so maybe R1 was not configured with a default route. We can check with the “show running-config” on R1:
We need a configure a default route (“ip route 0.0.0.0 0.0.0.0 209.165.201.2”) but we cannot find here so we can conclude R1 was not be configured with a default route pointing to the ISP router.
III.8.
Instructions:
– Enter IOS commands on the device to verify network operation and answer the multiple questions.
– THIS TASK DOES NOT REQUIRE REVICE CINFIGURATION.
– Click the device icon to gain access to the console device. No console or enable passwords are required.
– To access the multiple choice questions, click the numbered boxes on the left of the top panel.
– there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.
Examine the R2 configuration. The traffic that is destined to the R3 LAN network that is sourced from R2 is forwarded to R1 instead of R3. What could be an issue?
R2#traceroute 10.10.12.1 source 10.10.10.1
Type escape sequence to abort
Tracing the route to 10.10.12.1
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.14.1 0 msec 1 msec 0 msec
2 172.16.14.1 !H !H *
R2#
- RIPv2 routing updates are suppressed between R2 and R3 using passive interface feature.
- RIPv2 is enabled on R3 but the R3 LAN network is not advertised into the RIPv2 domain.
- There is no issue. This behavior is normal because the default route is propagated into the RIPv2 domain by R1.
- RIPv2 is not enabled on R3.*
First we should check the routing table of R2 with the “show ip route” command.
In this table we cannot find the subnet “10.10.12.0/24” (R3 LAN network) so R2 will use the default route
advertised from R1 (with the command “default-information originate” on R1) to reach unknown destination, in
this case subnet 10.10.12.0/24 -> R2 will send traffic to 10.10.12.0/24 to R1.
Next we need to find out why R3 did not advertise this subnet to R2. A quick check with the “show runningconfig” on R3 we will see that R3 was not configured with RIP ( no “router rip” section). Therefore, we can
conclude RIPv2 was not enabled on R3.
III.9.
Instructions:
– Enter IOS commands on the device to verify network operation and answer the multiple questions.
– THIS TASK DOES NOT REQUIRE REVICE CINFIGURATION.
– Click the device icon to gain access to the console device. No console or enable passwords are required.
– To access the multiple choice questions, click the numbered boxes on the left of the top panel.
– there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.Which statement is correct, based on the R1 routing table?
- Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses static route instead of RIPv2, because the static route AD that is configured is less than the AD of RIPv2.
- Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses RIPv2 instead of static route, because the static route AD that is configured is higher than the AD of RIPv2.*
- Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses static route instead of RIPv2, but the traffic is forwarded to the ISP instead of the internal network.
- Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses RIPv2 instead of static route, because the static route AD that is configured is 255.
As we see here, 10.10.10/24 is learned from RIP. Notice that although there is a static route on R1 to this destination (you can check with the “show running-config” on R1 to see the line “ip route 10.10.10.0 255.255.255.0 172.16.14.2 200”), this static route is not installed to the routing table because it is not the best path because the Administrative Distance (AD) of this static route is 200 while the AD of RIP is 120 so R1 chose the path with lowest AD so it chose path advertised via RIP.
III.10. Refer to the exhibit. If R1 sends traffic to 192.168.10.45, the traffic is sent through which interface?
- FastEthernet0/1*
- FastEthernet0/0
- FastEthernet1/0
- FastEthernet1/1
III.11. To enable router on a stick on a router subinterface, which two steps must you perform? (Choose two.)
- Configure an IP route to the VLAN destination network.
- Configure encapsulation dot1q.*
- Configure a default to route traffic between subinterfaces.
- Configure full duplex and speed.
- Configure the subinterface with an IP address.*
III.12. Which two statements about floating static routes are true? (Choose two)
- They are routes to the exact /32 destination address
- They are used when a route to the destination network is missing
- They have a higher administrative distance than the default static route administrative distance*
- They are used as back-up routes when the primary route goes down*
- They are dynamic routes that are learned from a server
III.13. Refer to the exhibit. If RTR01 is configured as shown, which three addresses will be received by other routers that are running EIGRP on the network?(choose three)
- 192.168.2.0*
- 10.4.3.0
- 10.0.0.0*
- 172.16.0.0*
- 172.16.4.0
- 192.168.0.0
III.14.
interface Loopback0 ip address 172.16.1.33 255.255.255.224 router bgp 999 neighbor 10.1.5.2 remote-as 65001
Refer to the exhibit . Which Command do you enter so that R1 advertises the loopback0 interface to the BGP Peers?
- Network 172.16.1.32 mask 255.255.255.224*
- Network 172.16.1.0 0.0.0.255
- Network 172.16.1.32 255.255.255.224
- Network 172.16.1.33 mask 255.255.255.224
- Network 172.16.1.32 mask 0.0.0.31
- Network 172.16.1.32 0.0.0.31
For more information about BGP configuration, please read our Basic BGP Configuration tutorial.
III.15. Based on the exhibited routing table, how will packets from a host within the 192.168.10.192/26 LAN be forwarded to 192.168.10.1?
- The router will forward packets from R3 to R2 to R1.
- The router will forward packets from R3 to R1 to R2.
- The router will forward packets from R3 to R2 to R1 AND from R3 to R1.*
- The router will forward packets from R3 to R1.
III.16. Which definition of default route is true?
- A route that is manually configured.
- A route used when a destination route is missing.
- A route to the exact /32 destination address*
- Dynamic route learned from the server.
Reference: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/116264-technote-ios-00.html
III.17. Which value must you configure on a device before EIGRP for IPv6 can start running?
- public IP address
- loopback interface
- router ID*
- process ID
III.18. Which option describes a difference between EIGRP for IPv4 and IPv6?
- Only EIGRP for IPv6 advertises all connected networks.
- Only EIGRP for IPv6 requires a router ID to be configured under the routing process*
- As numbers are configure in EIGRP but not in EIGRPv3.
- Only EIGRP for IPv6 is enabled in the global configuration mode.
ipv6 router eigrp 1 eigrp router-id 2.2.2.2 no shutdown
EIGRPv3 also uses the AS number (for example: ipv6 eigrp 1 under interface mode).Notice that EIGRP for IPv6 router-id must be an IPv4 address. EIGRP for IPv4 can automatically pick-up an IPv4 to use as its EIGRP router-id with this rule:
+ The highest IP address assigned to a loopback interface is selected as the router ID.
+ If there are not any loopback addresses configured, the highest IP address assigned to any other active interface is chosen as the router ID
III.19. Refer to the exhibit. When running OSPF, What would cause router A not to form an adjacency with router B?
- The loopback addresses are on different subnets.
- The value of the dead timers on the router are different.*
- Route summarization is enabled on both routers.
- The process indentifier on router A is different than the process identifier on router B.
III.20. Which two steps must you perform on each device that is configured for IPv4 routing before you implement OSPFv3?(Choose two)
- configure an autonomous system number
- configure a loopback interface
- configure a router ID
- Enable IPv6 on an interface*
- Enable IPv6 unicast routing*
+ Enable IPv6 unicast routing.
+ Enable IPv6 on the interface.Reference: https://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/112100-ospfv3-config-guide.html
Note: If we have already had an active interface, we don’t need to configure the router ID for OSPFv3 anymore because the device will automatically choose that IPv4 address for its router ID).
III.21. Which command must you enter to enable OSPFV2 in an IPV4 network?
- ip ospf hello-interval seconds
- router ospfv2 process-id
- router ospf value
- router ospf process-id*
III.22. Refer to the exhibit. Given the output from the show ip eigrp topology command, which router is the feasible successor?
10.1.0.1 (Serial0), from 10.1.0.1, Send flag is 0x0
Composite metric is (46152000/41640000), Route is Internal
Vector metric:
Minimum bandwidth is 64 Kbit
Total delay is 45000 Microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2- 10.0.0.2 (Serial0.1), from 10.0.0.2, Send flag is 0x0
Composite metric is (53973248/128256), Route is Internal
Vector Metric:
Minimum bandwidth is 48 Kbit
Total delay is 25000 Microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1 - 10.1.0.3 (Serial0), from 10.1.0.3, Send flag is 0x0
Composite metric is (46866176/46354176), Route is Internal
Vector metric:
Minimum bandwidth is 56 Kbit
Total delay is 45000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2 - 10.1.1.1 (Serial0.1), from 10.1.1.1, Send flag is 0x0
Composite metric is (46763776/46251776), Route is External
Vector metric:
Minimum bandwidth is 56 Kbit
Total delay is 41000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
III.23. Which IPv6 routing protocol uses multicast group FF02::9 to send updates?
- static
- RIPng*
- OSPFv3
- IS-IS for IPv6
FF01::2 All IPv6 routers within the node-local scope
FF02::1 All IPv6 nodes within the link-local scope
FF02::2 All IPv6 routers within the link-local scope
FF02::5 All OSPFv3 routers within the link-local scope
FF02::6 All OSPFv3 designated routers within the link-local scope
FF02::9 All RIPng routers within the link-local scope
FF02::A All EIGRP routers within the link-local scope
FF02::D All PIM routers within the link-local scope
FF02::1:2 All DHCPv6 agents (servers and relays) within the link-local scope
FF05::2 All IPv6 routers within the site-local scope
FF02::1:FF00:0/104 IPv6 solicited-node multicast address within the link-local scope
III.24. Which functionality does an SVI provide?
- OSI Layer 2 connectivity to switches
- remote switch administration
- traffic routing for VLANs*
- OSI Layer 3 connectivity to switches
III.25. If two OSPF neighbors have formed complete adjacency and are exchanging link-state advertisements, which state have they reached?
- Exstart
- 2-Way
- FULL*
- Exchange
III.26. Which three statements describe the reasons large OSPF networks use a hierarchical design? (Choose three.)
- to confine network instability to single areas of the network.*
- to reduce the complexity of router configuration
- to speed up convergence*
- to lower costs by replacing routers with distribution layer switches
- to decrease latency by increasing bandwidth
- to reduce routing overhead*
III.27. after you apply the give configurations to R1 and R2 you notice that OSPFv3 fails to start Which reason for the problem is most likely true ?
- The area numbers on R1 and R2 are mismatched*
- The IPv6 network addresses on R1 and R2 are mismatched
- The autonomous system numbers on R1 and R2 are mismatched
- The router ids on R1 and R2 are mismatched
III.28. Which two statements about RIPv2 are true? (Choose two)
- It must be manually enabled after RIP is configured as the routing protocol*
- It uses multicast address 224.0.0.2 to share routing information between peers
- its default administrative distances 120*
- It is a link-state routing protocol
- It is an EGP routing protocol
III.29. Which two statements about eBGP neighbor relationships are true? (Choose two)
- The two devices must reside in different autonomous systems*
- Neighbors must be specifically declared in the configuration of each device*
- They can be created dynamically after the network statement is con-figured.
- The two devices must reside in the same autonomous system
- The two devices must have matching timer settings
III.30. DRAG DROP. Drag and drop the BGP components from the left onto the correct descriptions on the right.Select and Place:
Correct Answer:
III.31. Which two statements about EIGRP on IPv6 networks are true? (Choose two.)
- It is configured on the interface*
- It is globally configured
- It is vendor agnostic
- It supports a shutdown feature*
- It is configured using a network statement
III.32. Which command is used to display the collection of OSPF link states?
- show ip ospf link-state
- show ip ospf lsa database
- show ip ospf neighbors
- show ip ospf database*
Here is the lsa database on R2.
R2#show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count2.2.2.2 2.2.2.2 793 0x80000003 0x004F85 210.4.4.4
10.4.4.4 776 0x80000004 0x005643 1111.111.111.111 111.111.111.111 755 0x80000005 0x0059CA
2133.133.133.133 133.133.133.133 775 0x80000005 0x00B5B1 2 Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum10.1.1.1 111.111.111.111 794 0x80000001 0x001E8B10.2.2.3
133.133.133.133 812 0x80000001 0x004BA910.4.4.1 111.111.111.111 755 0x80000001 0x007F1610.4.4.3
133.133.133.133 775 0x80000001 0x00C31F
III.33. If IP routing is enabled, which two commands set the gateway of last resort to the default gateway? (Choose two.)
- ip default-gateway 0.0.0.0
- ip route 172.16.2.1 0.0.0.0 0.0.0.0
- ip default-network 0.0.0.0*
- ip default-route 0.0.0.0 0.0.0.0 172.16.2.1
- ip route 0.0.0.0 0.0.0.0 172.16.2.1*
III.34. Which parameter would you tune to affect the selection of a static route as a backup, when a dynamic protocol is also being used?
- Hop count
- administrative distance*
- link bandwith
- link delay
- link cost
III.35. Refer to the exhibit.
A network associate has configured OSPF with the command:
City(config-router)# network 192.168.12.64 0.0.0.63 area 0
After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF. Which three of the interfaces shown in the exhibit will participate in OSPF according to this configuration statement? (Choose three.)
- FastEthernet0 /0
- FastEthernet0 /1*
- Serial0/0*
- Serial0/1.102*
- Serial0/1.103
- Serial0/1.104
+ Increment: 64 (/26= 1111 1111.1111 1111.1111 1111.1100 0000) + Network address:
192.168.12.64
+ Broadcast address: 192.168.12.127
Therefore, all interface in the range of this network will join OSPF.
III.36. Refer to the exhibit. The Lakeside Company has the internetwork in the exhibit. The administrator would like to reduce the size of the routing table on the Central router. Which partial routing table entry in the Central router represents a route summary that represents the LANs in Phoenix but no additional subnets?
Correct Answer: D
III.37. Refer to the graphic. A static route to the 10.5.6.0/24 network is to be configured on the HFD router. Which commands will accomplish this? (Choose two.)
- HFD(config)# ip route 10.5.6.0 0.0.0.255 fa0/0
- HFD(config)# ip route 10.5.6.0 0.0.0.255 10.5.4.6
- HFD(config)# ip route 10.5.6.0 255.255.255.0 fa0/0*
- HFD(config)# ip route 10.5.6.0 255.255.255.0 10.5.4.6*
- HFD(config)# ip route 10.5.4.6 0.0.0.255 10.5.6.0
- HFD(config)# ip route 10.5.4.6 255.255.255.0 10.5.6.0
ip route destination-network-address subnet-mask {next-hop-IP-address | exit-interface} + destination-networkaddress: destination network address of the remote network + subnet mask:
subnet mask of the destination network + next-hop-IP-address: the IP address of the receiving interface on the
next-hop router + exit-interface: the local interface of this router where the packets will go out in the statement
“ip route 10.5.6.0 255.255.255.0 fa0/0:
+ 10.5.6.0 255.255.255.0: the destination network
+fa0/0: the exit-interface
III.38. What information does a router running a link-state protocol use to build and maintain its topological database? (Choose two.)
- hello packets*
- SAP messages sent by other routers
- LSAs from other routers*
- beacons received on point-to-point links
- routing tables received from other link-state routers
- TTL packets from designated routers
After the adjacencies are established, the routers may begin sending out LSAs. As the term flooding implies, the advertisements are sent to every neighbor. In turn, each received LSA is copied and forwarded to every neighbor except the one that sent the LSA.
III.39. Which statements describe the routing protocol OSPF? (Choose three.)
- It supports VLSM.*
- It is used to route between autonomous systems.
- It confines network instability to one area of the network.*
- It increases routing overhead on the network.
- It allows extensive control of routing updates.*
- It is simpler to configure than RIP v2.
OSPF uses flooding to exchange link-state updates between routers. Any change in routing information is flooded to all routers in the network. Areas are introduced to put a boundary on the explosion of link-state updates. Flooding and calculation of the Dijkstra algorithm on a router is limited to changes within an area.
III.40. What is the default administrative distance of OSPF?
- 90
- 100
- 110*
- 120
Default Distance Value Table
This table lists the administrative distance default values of the protocols that Cisco supports:
Route Source
Default Distance Values
Connected interface
Static route
Enhanced Interior Gateway Routing Protocol (EIGRP) summary route External Border Gateway Protocol(BGP)
Internal EIGRP
IGRP
OSPF
Intermediate System-to-Intermediate System (IS-IS)
Routing Information Protocol (RIP)
Exterior Gateway Protocol (EGP)
On Demand Routing (ODR)
External EIGRP
Internal BGP
Unknown*
III.41. Refer to the exhibit. C-router is to be used as a “router-on-a-stick” to route between the VLANs. All the interfaces have been properly configured and IP routing is operational. The hosts in the VLANs have been configured with the appropriate default gateway. What is true about this configuration?
Correct Answer: D
III.42. Refer to the exhibit. According to the routing table, where will the router send a packet destined for 10.1.5.65?
- 10.1.1.2
- 10.1.2.2
- 10.1.3.3*
- 10.1.4.4
III.43. Refer to the exhibit. Which address and mask combination represents a summary of the routes learned by EIGRP?
- 192.168.25.0 255.255.255.240
- 192.168.25.0 255.255.255.252
- 192.168.25.16 255.255.255.240*
- 192.168.25.16 255.255.255.252
- 192.168.25.28 255.255.255.240
- 192.168.25.28 255.255.255.252
The binary version of 16 is 10000.
The binary version of 24 is 11000.
The binary version of 28 is 11100.
The subnet mask is /28. The mask is 255.255.255.240.
Note:
From the output above, EIGRP learned 4 routes and we need to find out the summary of them:
+ 192.168.25.16
+ 192.168.25.20
+ 192.168.25.24
+ 192.168.25.28
-> The increment should bE. 28 ?16 = 12 but 12 is not an exponentiation of 2 so we must choose 16 (24).
Therefore, the subnet mask is /28 (=1111 1111.1111 1111.1111 1111.11110000) = 255.255.255.240
So the best answer should be 192.168.25.16 255.255.255.240
III.44. Refer to the exhibit. Given the output for this command, if the router ID has not been manually set, whatrouter ID will OSPF use for this router?
- 10.1.1.2
- 10.154.154.1
- 172.16.5.1*
- 192.168.5.3
III.45. Which two statements describe the process identifier that is used in the command to configure OSPF on arouter? (Choose two.)
Router(config)# router ospf 1
- All OSPF routers in an area must have the same process ID
- Only one process number can be used on the same router.
- Different process identifiers can be used to run multiple OSPF processes*
- The process number can be any number from 1 to 65,535.*
- Hello packets are sent to each neighbor to determine the processor identifier.
The valid process ID’s are shown below:
Edge-B(config)#router ospf ?
<1-65535> Process ID
III.46. Refer to the exhibit. What commands must be configured on the 2950 switch and the router to allow communication between host 1 and host 2? (Choose two.)
Correct Answer: BE
III.47. Which commands are required to properly configure a router to run OSPF and to add network 192.168.16.0/24 to OSPF area 0? (Choose two.)
- Router(config)# router ospf 0
- Router(config)# router ospf 1*
- Router(config)# router ospf area 0
- Router(config-router)# network 192.168.16.0 0.0.0.255 0
- Router(config-router)# network 192.168.16.0 0.0.0.255 area 0*
- Router(config-router)# network 192.168.16.0 255.255.255.0 area 0
III.48. Which type of EIGRP route entry describes a feasible successor?
- a backup route, stored in the routing table
- a primary route, stored in the routing table
- a backup route, stored in the topology table*
- a primary route, stored in the topology table
The Feasible Successor is a backup route to a destination which is kept in the Topology Table.
III.49. Refer to the exhibit. The company uses EIGRP as the routing protocol. What path will packets take from a host on the 192.168.10.192/26 network to a host on the LAN attached to router R1?
- The path of the packets will be R3 to R2 to R1.
- The path of the packets will be R3 to R1 to R2.
- The path of the packets will be both R3 to R2 to R1 AND R3 to R1.
- The path of the packets will be R3 to R1.*
table of R3 we learn this network can be reach via 192.168.10.9, which is an IP address in 192.168.10.8/30
network (the network between R1 & R3) -> packets destined for 192.168.10.64 will be routed from R3 -> R1 ->
LAN on R1.
III.50. Refer to the exhibit. The speed of all serial links is E1 and the speed of all Ethernet links is 100 Mb/s. A static route will be established on the Manchester router to direct traffic toward the Internet over the most direct path available. What configuration on the Manchester router will establish a route toward the Internet for traffic that originates from workstations on the Manchester LAN?
- ip route 0.0.0.0 255.255.255.0 172.16.100.2
- ip route 0.0.0.0 0.0.0.0 128.107.1.1
- ip route 0.0.0.0 255.255.255.252 128.107.1.1
- ip route 0.0.0.0 0.0.0.0 172.16.100.1
- ip route 0.0.0.0 0.0.0.0 172.16.100.2*
- ip route 0.0.0.0 255.255.255.255 172.16.100.2
According to exhibit, all traffic towards Internet that originates from workstations should forward to Router R1.
Syntax for default route is:
ip route .
III.51. Refer to the exhibit. The network administrator must establish a route by which London workstations can forward traffic to the Manchester workstations. What is the simplest way to accomplish this?
- Configure a dynamic routing protocol on London to advertise all routes to Manchester.
- Configure a dynamic routing protocol on London to advertise summarized routes to Manchester.
- Configure a dynamic routing protocol on Manchester to advertise a default route to the London router.
- Configure a static default route on London with a next hop of 10.1.1.1.
- Configure a static route on London to direct all traffic destined for 172.16.0.0/22 to 10.1.1.2.*
- Configure Manchester to advertise a static default route to London.
III.52. Refer to the exhibit. The network administrator requires easy configuration options and minimal routing protocol traffic. What two options provide adequate routing table information for traffic that passes between the two routers and satisfy the requests of the network administrator? (Choose two.)
- a dynamic routing protocol on InternetRouter to advertise all routes to CentralRouter.
- a dynamic routing protocol on InternetRouter to advertise summarized routes to CentralRouter.
- a static route on InternetRouter to direct traffic that is destined for 172.16.0.0/16 to CentralRouter.*
- a dynamic routing protocol on CentralRouter to advertise all routes to InternetRouter.
- a dynamic routing protocol on CentralRouter to advertise summarized routes to InternetRouter.
- a static, default route on CentralRouter that directs traffic to InternetRouter.*
III.53. Which parameter or parameters are used to calculate OSPF cost in Cisco routers?
- Bandwidth*
- Bandwidth and Delay
- Bandwidth, Delay, and MTU
- Bandwidth, MTU, Reliability, Delay, and Load
The cost (also called metric) of an interface in OSPF is an indication of the overhead required to send packets across a certain interface. The cost of an interface is inversely proportional to the bandwidth of that interface. A higher bandwidth indicates a lower cost. There is more overhead (higher cost) and time delays involved in crossing a 56k serial line than crossing a 10M ethernet line. The formula used to calculate the cost is:
cost= 10000 0000/bandwith in bps
For example, it will cost 10 EXP8/10 EXP7 = 10 to cross a 10M Ethernet line and will cost 10 EXP8/1544000 = 64 to cross a T1 line.
By default, the cost of an interface is calculated based on the bandwidth; you can force the cost of an interface with the ip ospf cost <value> interface subconfiguration mode command.
III.54. Which two statements about the OSPF Router ID are true? (Choose two.)
- It identifies the source of a Type 1 LSA.*
- It should be the same on all routers in an OSPF routing instance.
- By default, the lowest IP address on the router becomes the OSPF Router ID.
- The router automatically chooses the IP address of a loopback as the OSPF Router ID.*
- It is created using the MAC Address of the loopback interface.
III.55. What are two benefits of using a single OSPF area network design? (Choose two.)
- It is less CPU intensive for routers in the single area.
- It reduces the types of LSAs that are generated.*
- It removes the need for virtual links.*
- It increases LSA response times.
- It reduces the number of required OSPF neighbor adjacencies.
III.56. What OSPF command, when configured, will include all interfaces into area 0?
- network 0.0.0.0 255.255.255.255 area 0*
- network 0.0.0.0 0.0.0.0 area 0
- network 255.255.255.255 0.0.0.0 area 0
- network all-interfaces area 0
III.57. What two things will a router do when running a distance vector routing protocol? (Choose two.)
- Send periodic updates regardless of topology changes.*
- Send entire routing table to all routers in the routing domain.
- Use the shortest-path algorithm to the determine best path.
- Update the routing table based on updates from their neighbors.*
- Maintain the topology of the entire network in its database.
III.58. When a router undergoes the exchange protocol within OSPF, in what order does it pass through each state?
- exstart state > loading state > exchange state > full state
- exstart state > exchange state > loading state > full state*
- exstart state > full state > loading state > exchange state
- loading state > exchange state > full state > exstart state
III.59. Refer to the exhibit. If the router Cisco returns the given output and has not had its router ID set manually, what value will OSPF use as its router ID?
- A. 192.168.1.1
- B. 172.16.1.1
- C. 1.1.1.1
- D. 2.2.2.2*
III.60. What command sequence will configure a router to run OSPF and add network 10.1.1.0 /24 to area 0?
Correct Answer: C
III.61. Refer to the exhibit. When running EIGRP, what is required for RouterA to exchange routing updates with RouterC?
- AS numbers must be changed to match on all the routers*
- Loopback interfaces must be configured so a DR is elected
- The no auto-summary command is needed on Router A and Router C
- Router B needs to have two network statements, one for each connected network
information must be matched so as to create neighborhood. EIGRP routers to establish, must match the following information:
1. AS Number;
2. K value.
III.62. A network administrator is trying to add a new router into an established OSPF network. The networks attached to the new router do not appear in the routing tables of the other OSPF routers. Given the information in the partial configuration shown below, what configuration error is causing this problem?
- The process id is configured improperly.
- The OSPF area is configured improperly.
- The network wildcard mask is configured improperly.*
- The network number is configured improperly.
- The AS is configured improperly.
- The network subnet mask is configured improperly.
In this specific example, the correct syntax would have been “network 10.0.0.0 0.0.0.255 area 0.
III.63. Refer to the graphic. R1 is unable to establish an OSPF neighbor relationship with R3. What are possible reasons for this problem? (Choose two.)
- All of the routers need to be configured for backbone Area 1.
- R1 and R2 are the DR and BDR, so OSPF will not establish neighbor adjacency with R3
- A static route has been configured from R1 to R3 and prevents the neighbor adjacency from being established.
- The hello and dead interval timers are not set to the same values on R1 and R3.*
- EIGRP is also configured on these routers with a lower administrative distance.
- R1 and R3 are configured in different areas.*
B is not correct because R1 or R3 must be the DR or BDR -> it has to establish neighbor adjacency with the other.
C is not correct because OSPF neighbor relationship is not established based on static routing. It uses multicast address 224.0.0.5 to establish OSPF neighbor relationship.
E is not correct because configure EIGRP on these routers (with a lower administrative distance) will force these routers to run EIGRP, not OSPF.D and F are correct because these entries must match on neighboring routers:– Hello and dead intervals
– Area ID (Area 0 in this case)
– Authentication password
– Stub area flag
III.64. Which statement describes the process ID that is used to run OSPF on a router?
- It is globally significant and is used to represent the AS number.
- It is locally significant and is used to identify an instance of the OSPF database.*
- It is globally significant and is used to identify OSPF stub areas.
- It is locally significant and must be the same throughout an area.
III.65. A router receives information about network 192.168.10.0/24 from multiple sources. What will the router consider the most reliable information about the path to that network?
- a directly connected interface with an address of 192.168.10.254/24
- a static route to network 192.168.10.0/24
- a RIP update for network 192.168.10.0/24
- an OSPF update for network 192.168.0.0/16
- a default route with a next hop address of 192.168.10.1
- a static route to network 192.168.10.0/24 with a local serial interface configured as the next hop*
III.66. What is the default maximum number of equal-cost paths that can be placed into the routing table of a Cisco OSPF router?
- 2
- 4*
- 16
- Dunlimited
To control the maximum number of parallel routes that Open Shortest Path First (OSPF) can support, use the maximum-paths command.
Syntax Description maximum
Maximum number of parallel routes that OSPF can install in a routing table. The range is from 1 to 16 routes.
Command Default 8 paths
III.67. Refer to the exhibit. After a RIP route is marked invalid on Router_1, how much time will elapse before that route is removed from the routing table?
- 30 seconds
- 60 seconds*
- 90 seconds
- 180 seconds
- 240 seconds
III.68. Refer to the exhibit. A network associate has configured the internetwork that is shown in the exhibit, but has failed to configure routing properly.
Which configuration will allow the hosts on the Branch LAN to access resources on the HQ LAN with the least impact on router processing and WAN bandwidth?
Correct Answer: A
III.69. Refer to the exhibit. The network is converged. After link-state advertisements are received from Router_A, what information will Router_E contain in its routing table for the subnets 208.149.23.64 and 208.149.23.96?
Correct Answer: A
III.70. Which statement is true, as relates to classful or classless routing?
- Automatic summarization at classful boundries can cause problems on discontinuous subnets*
- EIGRP and OSPF are classful routing protocols and summarize routes by default
- RIPv1 and OSPF are classless routing protocols
- Classful routing protocols send the subnet mask in routing updates
III.71. Which pairing reflects a correct protocol-and-metric relationship?
- OSPF and number of hops and reliability
- EIGRP and link cost
- IS-IS and delay and reliability
- RIPv2 and number of hops*
III.72. Refer to the exhibit. Which two statements are true about the loopback address that is configured on RouterB? (Choose two.)
- It ensures that data will be forwarded by RouterB.
- It provides stability for the OSPF process on RouterB.*
- It specifies that the router ID for RouterB should be 10.0.0.1.*
- It decreases the metric for routes that are advertised from RouterB.
- It indicates that RouterB should be elected the DR for the LAN.
III.73. Refer to the exhibit. The router has been configured with these commands:
What are the two results of this configuration? (Choose two.)
- The default route should have a next hop address of 64.100.0.3.
- Hosts on the LAN that is connected to FastEthernet 0/1 are using public IP addressing.
- The address of the subnet segment with the WWW server will support seven more servers.
- The addressing scheme allows users on the Internet to access the WWW server.*
- Hosts on the LAN that is connected to FastEthernet 0/1 will not be able to access the Internet without address translation.*
III.74. Which two statements are true about the command ip route 172.16.3.0 255.255.255.0 192.168.2.4? (Choose two.)
- It establishes a static route to the 172.16.3.0 network.*
- It establishes a static route to the 192.168.2.0 network.
- It configures the router to send any traffic for an unknown destination to the 172.16.3.0 network.
- It configures the router to send any traffic for an unknown destination out the interface with the address 192.168.2.4.
- It uses the default administrative distance.*
- It is a route that would be used last if other routes to the same destination exist.
III.75. Refer to the exhibit. The networks connected to router R2 have been summarized as a 192.168.176.0/21 route and sent to R1. Which two packet destination addresses will R1 forward to R2? (Choose two.)
- 192.168.194.160
- 192.168.183.41*
- 192.168.159.2
- 192.168.183.255
- 192.168.179.4*
III.76. Refer to the exhibit. Which three statements are true about how router JAX will choose a path to the 10.1.3.0/24 network when different routing protocols are configured? (Choose three.)
- By default, if RIPv2 is the routing protocol, only the path JAX-ORL will be installed into the routing table.*
- The equal cost paths JAX-CHI-ORL and JAX- NY-ORL will be installed in the routing table if RIPv2 is the routing protocol.
- When EIGRP is the routing protocol, only the path JAX-ORL will be installed in the routing table by default.
- When EIGRP is the routing protocol, the equal cost paths JAX-CHI-ORL, and JAX-NY-ORL will be installed in the routing table by default.*
- With EIGRP and OSPF both running on the network with their default configurations, the EIGRP paths will be installed in the routing table.*
- The OSPF paths will be installed in the routing table, if EIGRP and OSPF are both running on the network with their default configurations.
III.77. In which situation would the use of a static route be appropriate?
- To configure a route to the first Layer 3 device on the network segment.
- To configure a route from an ISP router into a corporate network.
- To configure a route when the administrative distance of the current routing protocol is too low.
- To reach a network is more than 15 hops away.
- To provide access to the Internet for enterprise hosts*
III.78. Which three statements are correct about RIP version 2? (Choose three)
- It uses broadcast for its routing updates
- It supports authentication*
- It is a classless routing protocol*
- It has a lower default administrative distance than RIP version 1
- It has the same maximum hop count as version 1*
- It does not send the subnet mask un updates
III.79. Which address is the IPv6 all-RIP-routers multicast group address that is used by RIPng as the destination address for RIP updates?
- FF02::9*
- FF02::6
- FF05::101
- FF02::A
III.80. If all OSPF routers in a single area are configured with the same priority value, what value does a router use for the OSPF router ID in the absence of a loopback interface?<
- the IP address of the first Fast Ethernet interface
- the IP address of the console management interface
- the highest IP address among its active interfaces*
- the lowest IP address among its active interfaces
- the priority value until a loopback interface is configured
III.81. The OSPF Hello protocol performs which of the following tasks? (Choose two.)
- It provides dynamic neighbor discovery.*
- It detects unreachable neighbors in 90 second intervals.
- It maintains neighbor relationships.*
- It negotiates correctness parameters between neighboring interfaces.
- It uses timers to elect the router with the fastest links as the designated router.
- It broadcasts hello packets throughout the internetwork to discover all routers that are running OSPF.
III.82. The network administrator of the Oregon router adds the following command to the router configuration: ip route 192.168.12.0 255.255.255.0 172.16.12.1. What are the results of adding this command? (Choose two.)
- The command establishes a static route.*
- The command invokes a dynamic routing protocol for 192.168.12.0.
- Traffic for network 192.168.12.0 is forwarded to 172.16.12.1.*
- Traffic for all networks is forwarded to 172.16.12.1.
- This route is automatically propagated throughout the entire network.
- Traffic for network 172.16.12.0 is forwarded to the 192.168.12.0 network.
III.83. The Company WAN is migrating from RIPv1 to RIPv2. Which three statements are correct about RIP version 2? (Choose three.)
- It has the same maximum hop count as version 1.*
- It uses broadcasts for its routing updates.
- It is a classless routing protocol.*
- It has a lower default administrative distance than RIP version 1.
- It supports authentication.*
- It does not send the subnet mask in updates.
III.84. Which EIGRP for IPv6 command can you enter to view the link-local addresses of the neighbors of a device?
- show ipv6 eigrp 20 interfaces
- show ipv6 route eigrp
- show ipv6 eigrp neighbors*
- show ip eigrp traffic
III.85. Refer to the exhibit. Router edge-1 is unable to establish OSPF neighbor adjacency with router ISP-1. Which two configuration changes can you make on edge-1 to allow the two routers to establish adjacency? (Choose two)
- Set the subnet mask on edge-1 to 255 255.255.252.
- Reduce the MTU on edge-1 to 1514.
- Set the OSPF cost on edge-1 to 1522.
- Reduce the MTU on edge-1 to 1500.*
- Configure the ip ospf mtu-ignore command on the edge-1 Gi0/0 interface.*
+ Authentication
+ Hello and Dead Intervals
+ Stub Flag
+ MTU SizeTherefore we need to adjust the MTU size on one of the router so that they are the same. Or we can tell OSPF to ignore the MTU size check with the command “ip ospf mtu-ignore”.
III.86. You enter the show ipv6 route command on an OSPF device and the device displays a route. Which conclusion can you draw about the environment?
- OSPF is distributing IPv6 routes to BGP.
- The router is designated as an ABR.
- The router is designated as totally stubby.
- OSPFv3 is in use.*
III.87. Which routing protocol has the smallest default administrative distance?
- IBGP
- OSPF
- IS-IS
- EIGRP*
- RIP
Note: The AD of iBGP is 200
The smaller the AD is, the better it is. The router will choose the routing protocol with smallest AD.
In this case EIGRP with AD of 90 is the smallest one.
III.88. Which statement about static routes is true?
- The source interface can be configured to make routing decisions.
- A subnet mask is entered for the next-hop address.
- The subnet mask is 255.255 255.0 by default
- The exit interface can be specified to indicate where the packets will be routed.*
necessary. This is called a default route.
III.89. Which statement about routing protocols is true?
- Link-state routing protocols choose a path by the number of hops to the destination.
- OSPF is a link-state routing protocol.*
- Distance-vector routing protocols use the Shortest Path First algorithm.
- IS-IS is a distance-vector routing protocol.
Link State Routing Protocols
Link state protocols are also called shortest-path-first protocols. Link state routing protocols have a complete picture of the network topology. Hence they know more about the whole network than any distance vector protocol.
Three separate tables are created on each link state routing enabled router. One table is used to hold details about directly connected neighbors, one is used to hold the topology of the entire internetwork and the last one is used to hold the actual routing table. Link state protocols send information about directly connected links to all the routers in the network.
Examples of Link state routing protocols include OSPF – Open Shortest Path First and IS-IS – Intermediate System to Intermediate System. There are also routing protocols that are considered to be hybrid in the sense that they use aspects of both distance vector and link state protocols. EIGRP – Enhanced Interior Gateway Routing Protocol is one of those hybrid routing protocols.
III.90. Which dynamic routing protocol uses only the hop count to determine the best path to a destination?
- IGRP
- RIP*
- EIGRP
- OSPF
III.91. DRAG DROP. Drag each definition on the left to the matching term on the right.Select and Place:
Correct Answer:
III.92. DRAG DROP. Drag the Cisco default administrative distance to the appropriate routing protocol or route. (Not all options are
used.)Select and Place:
Correct Answer:
III.93. DRAG DROP. Routing has been configured on the local router with these commands:
Drag each destination IP address on the left to its correct next hop address on the right.Select and Place:
Correct Answer:
III.94. When a device learns multiple routes to a specific network, it installs the route with :
- Longest bit Match (highest subnet Mask)
- lowest AD*
- lowest metric
- equal load balancing
Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/8651-21.html
III.95. OSPF enable on interface with multiple ipv6 prefix which ip will OSPF use?
- highest prefix
- lowest prefix
- all prefix*
III.96. Which type of routing protocol operates by using first information from each device peers?
- link-state protocols*
- distance-vector protocols
- path-vector protocols
- exterior gateway protocols
The reason is that unlike the routing-by-rumor approach of distance vector, link state routers have firsthand information from all their peer routers. Each router originates information about itself, its directly connected links, and the state of those links (hence the name). This information is passed around from router to router, each router making a copy of it, but never changing it. The ultimate objective is that every router has identical information about the internetwork, and each router will independently calculate its own best paths.
III.97. Which statements is true about Router on Stick?
- When a router have multiple subnets on a single physical link.*
- When a router have single subnet on multiple physical links.
- When a router have multiple interface on single physical links.
- When a router have single interface on multiple physical links
III.98. DRAG DROP. Drag and drop each advantage of static or dynamic routing from the left onto the correct routing type on the right.Select and Place:
Correct Answer:
III.99. What are two enhancements that OSPFv3 supports over OSPFv2? (Choose two.)
- It requires the use of ARP.
- It can support multiple IPv6 subnets on a single link.*
- It supports up to 2 instances of OSPFv3 over a common link.
- It routes over links rather than over networks.*
III.100. What are two drawbacks of implementing a link-state routing protocol? (Choose two)
- the sequencing and acknowledgment of link-state packets
- the high volume of link-state advertisements in a converged network
- the requirement for a hierarchical IP addressing scheme for optimal functionality*
- the high demand on router resources to run the link-state routing algorithm*
- the large size of the topology table listing all advertised routes in the converged network
III.101. DRAG DROP. Drag and drop the BGP terms from the left onto the correct descriptions on the right.Select and Place:
Correct Answer:
III.102. Which command is needed to send RIPv2 updates as broadcast when configured for RIPv2?
- ip rip v2-broadcast*
- ip rip receive version 1
- ip rip receive version 2
- version 2
III.103. Router R1 has a static route that is configured to destination network.A directly connected interface is configured with an IP address in the same destination network.Which statement about R1 is true?
- R1 refuses to advertise the dynamic route to other neighbors
- R1 prefers the static route
- R1 prefers the directly connected interface*
- R1 sends a withdrawal notification to the neighboring router
III.104. Which feature is configured by setting a variance that is at least two times the metric?
- equal cost load balancing
- path count
- path selection
- unequal cost load balancing*
III.105. Which command can you enter to display the operational status of the network ports on a router?
- show interface switchport
- show ip interface brief*
- show running-config interface fastethernet 0/1
- show interface status
III.106.
interface fa0/0
ip address x.x.x.33 255.255.255.224
router bgp XXX
neighbor x.x.x.x remote as x.x.x.x
You need to advertise the network of Int fa0/0.
- x.x.x.32 mask 255.255.255.224*
- x.x.x.32 255.255.255.224
- x.x.x.32 mask 0.0.0.31
- x.x.x.33 mask 255.255.255.224
III.107. When enabled, which feature prevents routing protocols from sending hello messages on an interface?
- virtual links
- passive-interface*
- directed neighbors
- OSPF areas
The command enables the suppression of routing updates over some interfaces while it allows updates to
be exchanged normally over other interfaces. With most routing protocols, the passive-interface command restricts outgoing advertisements only.
But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different.
This document demonstrates that use of the passive-interface command in EIGRP suppresses the
exchange of hello packets between two routers, which results in the loss of their neighbor relationship. This stops not only routing updates from being advertised, but it also suppresses incoming routing updates. This document also discusses the configuration required in order to allow the suppression of outgoing routing updates, while it also allows incoming routing updates to be learned normally from the neighbor
III.108. Which value is indicated by the next hop in a routing table?
- preference of the route source
- IP address of the remote router for forwarding the packets*
- how the route was learned
- exit interface IP address for forwarding the packets
III.109. Which two are advantages of static routing when compared to dynamic routing? (Choose two.)
- Configuration complexity decreases as network size increases.
- Security increases because only the network administrator may change the routing table.*
- Route summarization is computed automatically by the router.
- Routing tables adapt automatically to topology changes.
- An efficient algorithm is used to build routing tables, using automatic updates.
- Routing updates are automatically sent to neighbors.
- Routing traffic load is reduced when used in stub network links.*
Since static routing is a manual process, it can be argued that it is more secure (and more prone to human errors) since the network administrator will need to make changes to the routing table directly.
Also, in stub networks where there is only a single uplink connection, the load is reduced as stub routers just need a single static default route, instead of many routes that all have the same next hop IP address.
III.110. Refer to exhibit. What Administrative distance has route to 192.168.10.1 ?
III.111. Refer to the exhibit.After you apply the given configuration to R1, you determine that it is failing to advertise the 172.16.10.32/27 network .Which action most likely to correct the problem.
- Enable passive interface
- Enable RIPv2*
- Enable manual summarization
- Enable autosummarization.
III.112. Under which circumstance is a router on a stick most appropriate?
- When a router have multiple subnets on a single physical link.**
- When a router have single subnet on multiple physical links.
- When a router have multiple interface on single physical links.
- When a router have single interface on multiple physical links.
III.113. Which type of routing protocol operates by exchanging the entire routing information ?
- distance vector protocols*
- link state protocols
- path vector protocols
- exterior gateway protocols
III.114. When is a routing table entry identified as directly connected?
- when the local router is in use as the network default gateway
- when the network resides on a remote router that is physically connected to the local router
- when an interface on the router is configure with an ip address and enabled*
- when the route is statically assigned to reach a specific network
III.115. DRAG DROP. Drag and drop the values in a routing table from the left onto the correct meanings on the right.Select and Place:
Correct Answer:
III.116. Refer to the exhibit. What is the effect of the given configuration?
Switch#configuration terminal Switch#interface VLAN 1 Switch(config-if)#ip address 192.168.2.2 255.255.255.0 Switch(config-if)#end
- It configures an inactive switch virtual interface.*
- It configures an active management interface.
- It configures the native VLAN.
- It configures the default VLAN.
III.117. Which function enables an administrator to route multiple VLANs on a router?
- IEEE 802.1X
- HSRP
- port channel
- router on a stick*
III.118. Which path does a router choose when it receives a packet with multiple possible paths to the destination over different routing protocols?
- the path with both the lowest administrative distance and the highest metric
- the path with the lowest administrative distance*
- the path with the lowest metric
- the path with both the lowest administrative distance and lowest metric
III.119. Which three characteristics are representative of a link-state routing protocol? (Choose three.)
- provides common view of entire topology*
- exchanges routing tables with neighbors
- calculates shortest path*
- utilizes event-triggered updates*
- utilizes frequent periodic updates
III.120. Which command can you enter to set the default route for all traffic to an IP enabled router interface?
- router(config)#ip route 0.0.0.0. 255.255.255.255 GigabitEthernet0/1
- router(config)#ip default-gateway GigabitEthernet0/1
- router(config-router)#default-information originate
- router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1*
III.121. What are two advantages of static routing? (Choose two.)
- It can be implemented easily even in large environments
- It allows the administrator to control the path of traffic*
- It produces minimal CPU load*
- It allows the network to respond immediately to changes
- It cannot be used to load-balance traffic over multiple links
III.122. Which two advantages do dynamic routing protocols provide over static routing? (Choose two.)
- Dynamic routing requires fewer resources than static routing
- Only dynamic routing is supported on all topologies that require multiple routers
- Dynamic routing protocols are easier to manage on very large networks*
- Dynamic routing protocols automatically adapt to reroute traffic if possible*
- Dynamic routing is more secure than static routing
III.123. You have configured a router with an OSPF router ID, but its IP address still reflects the physical interface. Which action can you take to correct the problem in the least disruptive way?
- Reload the OSPF process
- Reboot the router
- Specify a loopback address*
- Save the router configuration
III.124. Which two neighbor types are supported in a BGP environment? (Choose two.)
- directly attached
- internal*
- external*
- autonomous
- remote
III.125. Which two differences between distance-vector and link-state routing protocols are true? (Choose two.)
- Only link-state routing use the Bellman-Ford algorithm
- Only distance-vector routing protocols send full routing table updates*
- Distance-vector routing protocols are less susceptible to loops than link-state protocols
- Link-state routing protocols offer faster convergence than distance-vector protocols during network changes*
- Only distance-vector routing protocols maintain identical topology tables on all connected neighbors
III.126. For which routes does the distance bgp 10 50 70 command set the administrative distance?
- for BGP internal routes only
- for all BGP routes*
- between BGP routes and IGP routes
- for BGP external routes only
III.127. Which 2 optns are requirements for configuring ripv2 for ipv4 (choose 2 )?
- enabling RIP authentication.
- connecting RIP to a WAN Interface.
- enabling auto route sumamrization.
- allowing unicast updates for RIP.*
- enabling RIP on the router.*
RIPv2 sends its updates via multicast but in Nonbroadcast Multiple Access (NBMA) environment, multicast is not allowed so we have to use unicast to send RIPv2 updates -> D is correct.
III.128. Which two steps must you perform to enbale router- on- stick on a switch?
- connect the router to a trunk port*
- config the subint number exactly the same as the matching VLAN
- config full duplex
- cofigure an ip route to the vlan destn net
- assign the access port to the vlan*
III.129. Which add prefix does OSPFv3 use when multiple IPv6 address are configured on a single interface?
- all prefix on the interface*
- the prefix that the administrator configure for OSPFv3 use
- the lowest prefix on the interface
- the highest prefix on the interface
“In IPv6, you can configure many address prefixes on an interface. In OSPFv3, all address prefixes on an
interface are included by default. You cannot select some address prefixes to be imported into OSPFv3;
either all address prefixes on an interface are imported, or no address prefixes on an interface are
imported.”
III.130. Which command can you enter to configure an IPV6 floating static route?
- Router(config)# ipv6 route static resolve default
- Router(config)# ipv6 route::/0 serail0/1
- Router(config)# ipv6 route FE80:0202::/32 serail 0/1 201*
- Router(config)# ipv6 route FE80:0202::/32 serail 0/1 1
III.131. Refer to the exhibit.
After you apply the given configuration to R1, you notice that it failed to enable OSPF Which action can you take to correct the problem?
- Configure a loopback interface on R1
- Enable IPv6 unicast routing on R1.*
- Configure an IPv4 address on interface FO/0.
- Configure an autonomous system number on OSPF.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3.html
Prerequisites for IPv6 Routing: OSPFv3
Complete the OSPFv3 network strategy and planning for your IPv6 network. For example, you must decide whether multiple areas are required.
Enable IPv6 unicast routing.
Enable IPv6 on the interface.
III.132. Which effect of the passive-interface command on R1 is true?
- It prevents interface Fa0/0 from sending updates.*
- Interface Fa 0/0 operates in RIPv1 mode.
- It removes the 172.16.0.0 network from all updates on all interfaces on R1.
- It removes the 172.17.0.0 network from all updates on all interfaces on R1.
But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different.
III.133. Which component of a routing table entry represents the subnet mask?
- Routing protocol code
- Prefix
- metric
- Network mask*
An entry in the IP routing table contains the following information in the order presented:
Network ID. The network ID or destination corresponding to the route. The network ID can be class- based, subnet, or supernet network ID, or an IP address for a host route.
Network Mask. The mask that is used to match a destination IP address to the network ID.
Next Hop. The IP address of the next hop.
Interface. An indication of which network interface is used to forward the IP packet.
Metric. A number used to indicate the cost of the route so the best route among possible multiple routes to the same destination can be selected. A common use of the metric is to indicate the number of hops (routers crossed) to the network ID.
Routing table entries can be used to store the following types of routes:
Directly Attached Network IDs. Routes for network IDs that are directly attached. For directly attached networks, the Next Hop field can be blank or contain the IP address of the interface on that network. Remote Network IDs. Routes for network IDs that are not directly attached but are available across other routers. For remote networks, the Next Hop field is the IP address of a local router in between the forwarding node and the remote network.
Host Routes. A route to a specific IP address. Host routes allow routing to occur on a per-IP address ba- sis. For host routes, the network ID is the IP address of the specified host and the network mask is 255.255.255.255.
Default Route. The default route is designed to be used when a more specific network ID or host route is not found. The default route network ID is 0.0.0.0 with the network mask of 0.0.0.0.
Section IV: WAN Technologies
IV.1. Which three statements about DWDM are true? (Choose three)
- It allows a single strand of fiber to support bidirectional communications
- It is used for long-distance and submarine cable systems
- It can multiplex up to 256 channels on a single fiber*
- It supports both the SDH and SONET standards*
- Each channel can carry up to a 1-Gbps signal*
- It supports simplex communications over multiple strands of fiber
IV.2. Which WAN topology is most appropriate for a centrally located server farm with several satellite branches?
- star
- hub and spoke*
- point-to-point
- full mesh
In a Hub-and-spoke network topology, one physical site act as Hub (Example, Main Office or Head Quarter), while other physical sites act as spokes. Spoke sites are connected to each other via Hub site. In Hub-and-spoke topology, the network communication between two spokes always travel through the hub (except when using DMVPN Phase II or Phase III where spokes can communicate with each other directly). The networking device at Hub site is often much more powerful than the ones at spoke sites.
Hub and spoke is an ideal topology when most of the resources lie at the Hub site and the branch sites only need to access to the Hub.
Note: Although some books may say Hub-and-spoke and Star topologies are the same but in fact they have difference. When talking about Hub-and-spoke we often think about the communication between Hub site and Spoke sites. When talking about Star we think about the communication between end devices.
IV.3. Which value must a device send as its username when using CHAP to authenticate with a remote peer site id:17604704 over a PPP link?
- the username defined by the administrator
- the local hostname*
- the automatically-generated username
- the hostname of the remote device
IV.4. Which technology supports multiple dynamic secure connections over an unsecure transport network?
- Point-to-point
- DMVPN*
- VPN
- site-to-site VPN
IV.5. DRAG DROP. Drag the frame relay acronym on the left to match its definition on the right. (Not all acronyms are used.)Select and Place:
Correct Answer:
IV.6. Which feature can you implement to reserve bandwidth for VoIP calls across the call path?
- PQ
- CBWFQ
- round robin
- RSVP*
IV.7. Which Layer 2 protocol encapsulation type supports synchronous and asynchronous circuis and has built-in security mechanisms?
- HDLC
- PPP*
- X.25
- Frame Relay
Note: Serial links can be synchronous or asynchronous. Asynchronous connections used to be only available on low-speed (<2MB) serial interfaces, but now, there are the new HWICs (High-Speed WAN Interface Cards) which also support asynchronous mode. To learn more about them please visit http://www.cisco.com/en/US/prod/collateral/modules/ps5949/ps6182/prod_qas0900aecd80274424.html.
IV.8. During which phase of PPPoE is PPP authentication performed?
- the PPP Session phase*
- Phase 2
- the Active Discovery phase
- the Authentication phase
- Phase 1
PPPoE is composed of two main phases:
+ Active Discovery Phase: In this phase, the PPPoE client locates a PPPoE server, called an access concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established.
+ PPP Session Phase: In this phase, PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.
Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-pppoe.html
IV.9. Which three circumstances can cause a GRE tunnel to be in an up/down state? (Choose three.)
- The tunnel interface IP address is misconfigured.
- The tunnel interface is down.*
- A valid route to the destination address is missing from the routing table.*
- The tunnel address is routed through the tunnel itself.*
- The ISP is blocking the traffic.
- An ACL is blocking the outbound traffic.
IV.10. Which two statements about using leased lines for your WAN infrastructure are true? (Choose two.)
- Leased lines provide inexpensive WAN access.
- Leased lines with sufficient bandwidth can avoid latency between endpoints.*
- Leased lines require little installation and maintenance expertise.*
- Leased lines provide highly flexible bandwidth scaling.
- Multiple leased lines can share a router interface.
- Leased lines support up to T1 link speeds.
+ Simplicity: Point-to-point communication links require minimal expertise to install and maintain.
+ Quality: Point-to-point communication links usually offer high service quality, if they have adequate bandwidth. The dedicated capacity removes latency or jitter between the endpoints.
+ Availability: Constant availability is essential for some applications, such as e-commerce. Point-to-point communication links provide permanent, dedicated capacity, which is required for VoIP or Video over IP.
The disadvantages of leased lines include:
+ Cost: Point-to-point links are generally the most expensive type of WAN access. The cost of leased line solutions can become significant when they are used to connect many sites over increasing distances. In addition, each endpoint requires an interface on the router, which increases equipment costs.
+ Limited flexibility: WAN traffic is often variable, and leased lines have a fixed capacity, so that the bandwidth of the line seldom matches the need exactly (therefore answer D is not correct). Any change to the leased line generally requires a site visit by ISP personnel to adjust capacity.
(Reference: Connecting Networks Companion Guide Book published by Cisco Networking Academy – Page 54)
IV.11. Which option describes a benefit of a point-to-point leased line ?
- Low cost
- Full-mesh capability
- Flexibillity of design
- Simply of configuration*
With the cost of point-to-point leased line, the full-mesh capability is only achieved when your company has very very strong budget to pay all the bills. To create a full-mesh topology for n sites, we need n*(n-1)/2 leased line connections. For example if we have 6 sites then we need 6*5/2 = 15 leased line connections -> It is nearly impossible for a normal company to achieve full-mesh topology -> B is not correct.
Flexibility is not an advantage of leased line connection -> C is not correct.
Point-to-point leased line simplifies the configuration as the circuit is available on a permanent basis and does not require a connection to be set up before traffic is passed. It does not require to define a permanent virtual circuit (PVC) in the configuration either -> D is correct.
IV.12. What are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links?(Choose three.)
- reduced cost.*
- better throughput.
- broadband incompatibility.
- increased security.*
- scalability.*
- reduced latency.
IV.13. Which command is used to enable CHAP authentication whit PAP as the fallback method on a serial
interface?
- (config-if)#authentication ppp chap fallback ppp
- (config-if)#authentication ppp chap pap
- (config-if)#ppp authentication chap pap*
- (config-if)#ppp authentication chap fallback ppp
IV.14. Which two authentication methods are compatible with MLPPP on a serial interface? (Choose two.)
- LEAP
- CHAP*
- PAP*
- PEAP
- TACACS+
Multilink PPP combines multiple physical links into a logical bundle called a Multilink PPP bundle. A Multilink PPP bundle is a single, virtual interface that connects to the peer system. Having a single interface (Multilink PPP bundle interface) provides a single point to apply hierarchical queueing, shaping, and policing to traffic flows. Individual links in a bundle do not perform any hierarchical queueing. None of the links have any knowledge about the traffic on parallel links.
MLPPP supports two authentication protocols: Password Authentication protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP)
IV.15. Which WAN topology provides a direct connection from each site to all other sites on the network?
- single-homed
- full mesh*
- point-to-point
- hub-and-spoke
IV.16. Two routers named Atlanta and Brevard are connected by their serial interfaces as illustrated, but there is no connectivity between them. The Atlanta router is known to have a correct configuration.
Given the partial configurations, identify the problem on the Brevard router that is causing the lack of connectivity.
- transmission unit size too large
- no loopback set
- an incorrect subnet mask
- incompatible encapsulation at each end
- an incorrect IP address*
- incompatible bandwidth between routers
IV.17. A network administrator needs to configure a serial link between the main office and a remote location. The router at the remote office is a non-Cisco router. How should the network administrator configure the serial interface of the main office router to make the connection?
- Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# no shut - Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# encapsulation ppp
Main(config-if)# no shut * - Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# encapsulation frame-relay
Main(config-if)# authentication chap
Main(config-if)# no shut - Main(config)# interface serial 0/0
Main(config-if)#ip address 172.16.1.1 255.255.255.252
Main(config-if)#encapsulation ietf
Main(config-if)# no shut
IV.18. Refer to the exhibit. The Bigtime router is unable to authenticate to the Littletime router. What is the cause of the problem?
- The usernames are incorrectly configured on the two routers.
- The passwords do not match on the two routers.*
- CHAP authentication cannot be used on a serial interface.
- The routers cannot be connected from interface S0/0 to interface S0/0.
- With CHAP authentication, one router must authenticate to another router. The routers cannot be configured to authenticate to each other.
IV.19. Which of the following describes the roles of devices in a WAN? (Choose three.)
- A CSU/DSU terminates a digital local loop.*
- A modem terminates a digital local loop.
- A CSU/DSU terminates an analog local loop.
- A modem terminates an analog local loop.*
- A router is commonly considered a DTE device.*
- A router is commonly considered a DCE device.
A modem modulates outgoing digital signals from a computer or other digital device to analog signals for a conventional copper twisted pair telephone line and demodulates the incoming analog signal and converts it to a digital signal for the digital device. A CSU/DSU is used between two digital lines -> A & D are correct but B & C are not correct.
For more explanation of answer D, in telephony the local loop (also referred to as a subscriber line) is the physical link or circuit that connects from the demarcation point of the customer premises to the edge of the carrier or telecommunications service provider’s network. Therefore a modem terminates an analog local loop is correct.
IV.20. Which part of the PPPoE server configuration contains the information used to assign an IP address to a PPPoE client?
- virtual-template interface*
- DHCP
- dialer interface
- AAA authentication
There is no Dialer interface on the PPPoE Server so answer “Dialer interface” is not correct. The most suitable answer is “Virtual Template” interface as it contains the pool which is used to assign IP address to the PPPoE Client. But this question is weird because according to the CCNAv3 syllabus, candidates only need to grasp the PPPoE on client-side, not sure why this question asked about PPPoE on Server side. For more information about PPPoE, please read our PPPoE tutorial.
IV.21. Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)
- CHAP uses a two-way handshake.
- CHAP uses a three-way handshake.*
- CHAP authentication periodically occurs after link establishment.*
- CHAP authentication passwords are sent in plaintext.
- CHAP authentication is performed only upon link establishment.
- CHAP has no protection from playback attacks.
IV.22. Which technology you will choose to connect multiple sites with secure connections?
- Point-to-point
- DMVPN*
- MPLS
- Remote access
IV.23. Which two statements about MPLS are true? (Choose two)
- It provides automatic authentication
- It can carry multiple protocols, including IPv4 and IPv6*
- It encapsulates all traffic in an IPv4 header
- It uses labels to separate and foward customer traffic*
- It tags customer traffic using 802.1q
MPLS uses label switching to forward packets over Ethernet. Labels are assigned to packets based on groupings or forwarding equivalence classes (FECs). The label is added between the Layer 2 and the Layer 3 header.
IV.24. Which function does traffic shaping perform?
- It buffers and queues excess packets*
- It buffers traffic without queuing it
- It queues traffic without buffering it
- It drops packets to control the output rate
IV.25. When you deploy multilink PPP on your network, where must you configure the group IP Address on each device?
- In the global config
- Under serial interface
- Under the routing protocol
- Under the multilink interface*
R1(config-if)# interface Serial 0/0 R1(config-if)# encapsulation ppp R1(config-if)# ppp multilink R1(config-if)# ppp multilink group 1 R1(config-if)# no shutdown R1(config-if)# interface Serial 0/1 R1(config-if)# encapsulation ppp R1(config-if)# ppp multilink R1(config-if)# ppp multilink group 1 R1(config-if)# no shutdown R1(config)# interface multilink 1 R1(config-if)# ip address 192.168.42.1 255.255.255.252 R1(config-if)# ppp multilink R1(config-if)# ppp multilink group 1
Therefore we must configure IP address under multilink interface, not physical member interfaces.
IV.26. Refer to the exhibit.Assuming that the entire network topology is shown, what is the operational status of the interfaces of R2 as indicated by the command output shown?
- One interface has a problem.
- Two interfaces have problems.
- The interfaces are functioning correctly.*
- The operational status of the interfaces cannot be determined from the output shown.
IV.27. Which option describes the purpose of traffic policing?
- It prioritizes routing protocol traffic.
- It remarks traffic that is below the CIR
- It drops traffic that exceeds the CIR.*
- It queues and then transmits traffic that exceeds the CIR.
Note: Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the routing device.
IV.28. Which PPP subprotocol negotiates authentication options?
- NCP
- LCP*
- ISDN
- DLCI
- SLIP
IV.29. Refer to the topology below and answer the following question.
Why is the Branch2 network 10.1 0.20.0/24 unable to communicate with the Server farm1 network 10.10.10.0/24 over the GRE tunnel?
- The GRE tunnel destination is not configured on the R2 router
- The GRE tunnel destination is not configured on the Branch2 router
- The static route points to the tunnel0 interface that is misconfigured on the Branch2 router*
- The static route points to the tunnel0 interface that is misconfigured on the R2 router.
The Branch2 network is communicating to the Server farm, which is connected to R2, via GRE Tunnel so we should check the GRE tunnel first to see if it is in “up/up” state with the “show ip interface brief” command on the two routers.
On Branch2:
We see interfaces Tunnel0 at two ends are “up/up” which are good so we should check for the routing part on two routers with the “show running-config” command and pay attention to the static routing of each router. On Branch2 we see:
The destination IP address for this static route is not correct. It should be 192.168.24.1 (Tunnel0’s IP address of R2), not 192.168.24.10 -> Answer C is correct.
Note: You can use the “show ip route” command to check the routing configuration on each router but if the destination is not reachable (for example: we configure “ip route 10.10.10.0 255.255.255.0 192.168.24.10” on Branch2, but if 192.168.24.10 is unknown then Branch2 router will not display this routing entry in its routing table.
Note: The IP address or configuration may be different in the exam.
IV.30. Refer to the topology below and answer the following question.
Why has the Branch3 router lost connectivity with R1? Use only show commands to troubleshoot because usage of the debug command is restricted on the Branch3 and R1 routers?
- A PPP chap hostname mismatch is noticed between Branch3 and R1*
- A PPP chap password mismatch is noticed between Branch3 and R1
- PPP encapsulation is not configured on Branch3
- The PPP chap hostname and PPP chap password commands are missing on the Branch3 router
First we should check Branch3 (and R1) with the “show ip interface brief” command to find any Layer1/Layer2 issue.
We see interfaces connecting between them are in “up/down” states which indicates a Layer 2 issue so we should check the configuration of these interfaces carefully witch the “show running-config” command and pay attention to these interfaces.
and on Branch3:
We learn from above config is R1 is using CHAP to authenticate Branch3 router (via the “ppp authentication chap” command on R1). Branch3 router is sending CHAP hostname “Branch_3” and CHAP password “Branch3_Secret!” to R1 to be authenticated. Therefore, we should check if R1 has already been configured with such username and password or not with the “show running-config” command on R1:
On R1 we see the configured username is “Branch3”, not “Branch_3” so the usernames here are mismatchedand this is the problem -> Answer A is correct.
IV.31. Which statement about the router configurations is correct?
- The PPP PAP is authentication configured between Branch2 and R1
- Tunnel keepalives are not configured for the tunnel0 interface on Branch2 and R2
- The Branch 2 LAN network 192.168.11 0/24 is not advertised into the EIGRP network
- The Branch3 LAN network 192.168.11 0/24 is not advertised into the EIGRP network*
- PPP CHAP authentication is configured between Branch1 and R1
In this question we have to check each option to see if it is correct. When we check Branch3 router we notice that “network 192.168.10.0” command is missing under “router eigrp 100” – > Answer D is correct.
IV.32. Refer to the topology below and answer the following question.
Why did Branch1 router lose WAN connectivity with R1 router?
- A. The IP address is misconfigured on PPP multilink interface on the Branch1 router*
- B. The PPP multilink group is misconfigured on the Branch1 serial interfaces
- C. The PPP multilink group is misconfigured on the R1 serial interfaces
- D. The Branch1 serial interfaces are placed in a shutdown condition
This question clearly stated there is a WAN connectivity issue between R1 and Branch1 so we should check both of them with the “show ip interface brief” command. On R1:
On Branch1:
We can see that although the Multilink1 interfaces are in “up/up” state but they are not in the same subnet. According to the IP address scheme shown on the topology we can deduce the Multilink interface on Branch1 has been misconfigured, it should be 192.168.14.2 instead.
IV.33. DRAG DROP. Drag and drop the QoS features from the left onto the correct descriptions on the right.Select and Place:
Correct Answer:
IV.34. While troubleshooting a GRE tunnel interface issue, show interface command output displays tunnel status up, but line protocol is down. Which reason for this problem is the most likely?
- The next hop server is misconfigured.
- The route to the tunnel destination address is through the tunnel itself.*
- The tunnel was just reset.
- The interface has been administratively shut down.
IV.35. Which command can you enter to determine whether serial interface 0/2/0 has been configured using HDLC encapsulation?
- router#show platform
- router#show interfaces Serial 0/2/0*
- router#show ip interface s0/2/0
- router#show ip interface brief
GigabitEthernet0/0 is up, line protocol is up Hardware is CN Gigabit Ethernet, address is c471.fe99.9999 (bia c471.fe99.9999)
Description: Lan
Internet address is 10.1.1.1/25
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/61/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 39000 bits/sec, 30 packets/sec
5 minute output rate 73000 bits/sec, 37 packets/sec
41068530 packets input, 3905407112 bytes, 0 no buffer
Received 8678853 broadcasts (0 IP multicasts)
0 runts, 0 giants, 45 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 79853 multicast, 0 pause input
39267208 packets output, 2262399504 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
79926 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Router2901#
Router2901 ip int g0/0
GigabitEthernet0/0 is up, line protocol is up
Internet address is 10.1.1.1/25
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Secondary address 192.168.1.7/24
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, CAR, MCI Check
Output features: NAT Inside, Common Flow Table, Stateful Inspection, NAT ALG proxy, CAR
Post encapsulation features: CAR
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
Router2901#
IV.36. Refer to the exhibit. In the Frame Relay network, which IP addresses would be assigned to the interfaces with point-to- point PVCs?
Correct Answer: C
With point to point PVC, each connection needs to be in a separate subnet. The R2-R1 connection (DLCI 16to 99) would have each router within the same subnet. Similarly, the R3-R1 connection would also be in the same subnet, but it must be in a different one than the R2-R1 connection.
IV.37. Refer to the exhibit. What is the reason that the interface status is “administratively down, line protocol down”?
- A. There is no encapsulation type configured.
- B. There is a mismatch in encapsulation types.
- C. The interface is not receiving any keepalives.
- D. The interface has been configured with the shutdown command.*
- E. The interface needs to be configured as a DTE device.
- F. The wrong type of cable is connected to the interface.
IV.38. The output of the show frame-relay pvc command shows “PVC STATUS = INACTIVE”. What does this mean?
- The PVC is configured correctly and is operating normally, but no data packets have been detected for more than five minutes.
- The PVC is configured correctly, is operating normally, and is no longer actively seeking the address of the remote router.
- The PVC is configured correctly, is operating normally, and is waiting for interesting traffic to trigger a call to the remote router.
- The PVC is configured correctly on the local switch, but there is a problem on the remote end of the PVC.*
- The PVC is not configured on the local switch.
+ ACTIVE: the PVC is operational and can transmit data + INACTIVE: the connection from the local router to the switch is working, but the connection to the remote router is not available + DELETED: the PVC is not present and no LMI information is being received from the Frame Relay switch
+ STATIC: the Local Management Interface (LMI) mechanism on the interface is disabled (by using the “no keepalive” command). This status is rarely seen so it is ignored in some books.
IV.39. Which command is used to enable CHAP authentication, with PAP as the fallback method, on a serial interface?
- Router(config-if)# ppp authentication chap fallback ppp
- Router(config-if)# ppp authentication chap pap*
- Router(config-if)# authentication ppp chap fallback ppp
- Router(config-if)# authentication ppp chap pap
IV.40. Which protocol is an open standard protocol framework that is commonly used in VPNs, to provide secure end-to-end communications?
- RSA
- L2TP
- IPsec*
- PPTP
IV.41. The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command?
- This command should be executed from the global configuration mode.
- The IP address 10.121.16.8 is the local router port used to forward data.
- 102 is the remote DLCI that will receive the information.
- This command is required for all Frame Relay configurations.
- The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC.*
IV.42. Which two options are valid WAN connectivity methods? (Choose two.)
- PPP*
- WAP
- DSL*
- L2TPv3
- Ethernet
IV.43. Which encapsulation type is a Frame Relay encapsulation type that is supported by Cisco routers?
- IETF*
- ANSI Annex D
- Q9333-A Annex A
- HDLC
Note: Three LMI options are supported by Cisco routers are ansi, Cisco, and Q933a. They represent the ANSI Annex D, Cisco, and ITU Q933-A (Annex A) LMI types, respectively. HDLC is a WAN protocol same as Frame-Relay and PPP so it is not a Frame Relay encapsulation type.
IV.44. RouterA is unable to reach RouterB. Both routers are running IOS version 12.0. After reviewing the command output and graphic, what is the most likely cause of the problem?
- incorrect bandwidth configuration
- incorrect LMI configuration
- incorrect map statement*
- incorrect IP address
IV.45. Refer to the exhibit. What is the meaning of the term dynamic as displayed in the output of the show framerelay map command shown?
- The Serial0/0 interface is passing traffic.
- The DLCI 100 was dynamically allocated by the router.
- The Serial0/0 interface acquired the IP address of 172.16.3.1 from a DHCP server.
- The DLCI 100 will be dynamically changed as required to adapt to changes in the Frame Relay cloud.
- The mapping between DLCI 100 and the end station IP address 172.16.3.1 was learned through Inverse.*
IV.46. Which two statistics appear in show frame-relay map output? (Choose two.)
- the number of BECN packets that are received by the router
- the value of the local DLCI*
- the number of FECN packets that are received by the router
- the status of the PVC that is configured on the router*
- the IP address of the local router
IV.47. Users have been complaining that their Frame Relay connection to the corporate site is very slow. The network administrator suspects that the link is overloaded. Based on the partial output of the Router# show frame relay pvc command shown in the graphic, which output value indicates to the local router that traffic sent to the corporate site is experiencing congestion?
- DLCI = 100
- last time PVC status changed 00:25:40
- in BECN packets 192*
- in FECN packets 147
- in DE packets 0
IV.48. Which command allows you to verify the encapsulation type (CISCO or IETF) for a Frame Relay link?
- show frame-relay lmi
- show frame-relay map*
- show frame-relay pvc
- show interfaces serial
Check the encapsulation type on the Cisco device with the show frame-relay map exec command.
IV.49. It has become necessary to configure an existing serial interface to accept a second Frame Relay virtual circuit. Which of the following procedures are required to accomplish this task? (Choose three.)
- Remove the IP address from the physical interface.*
- Encapsulate the physical interface with multipoint PPP.
- Create the virtual interfaces with the interface command.*
- Configure each subinterface with its own IP address.*
- Disable split horizon to prevent routing loops between the subinterface networks.
- Configure static Frame Relay map entries for each subinterface network.
IV.50. What occurs on a Frame Relay network when the CIR is exceeded?
- All TCP traffic is marked discard eligible.
- All UDP traffic is marked discard eligible and a BECN is sent.
- All TCP traffic is marked discard eligible and a BECN is sent.
- All traffic exceeding the CIR is marked discard eligible.*
IV.51. Refer to the exhibit. Which statement describes DLCI 17?
- DLCI 17 describes the ISDN circuit between R2 and R3.
- DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1.
- DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3.*
- DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider.
IV.52. What is the result of issuing the frame-relay map ip 192.168.1.2 202 broadcast command?
- defines the destination IP address that is used in all broadcast packets on DCLI 202
- defines the source IP address that is used in all broadcast packets on DCLI 202
- defines the DLCI on which packets from the 192.168.1.2 IP address are received
- defines the DLCI that is used for all packets that are sent to the 192.168.1.2 IP address*
IV.53. What are two characteristics of Frame Relay point-to-point subinterfaces? (Choose two.)
- They create split-horizon issues.
- They require a unique subnet within a routing domain.*
- They emulate leased lines.*
- They are ideal for full-mesh topologies.
- They require the use of NBMA options when using OSPF.
IV.54. What command is used to verify the DLCI destination address in a Frame Relay static configuration?
- show frame-relay pvc
- show frame-relay lmi
- show frame-relay map*
- show frame relay end-to-end
IV.55. What is the purpose of Inverse ARP?
- to map a known IP address to a MAC address
- to map a known DLCI to a MAC address
- to map a known MAC address to an IP address
- to map a known DLCI to an IP address*
- to map a known IP address to a SPID
- to map a known SPID to a MAC address
IV.56. All WAN links inside the ABC University network use PPP with CHAP for authentication security. Which command will display the CHAP authentication process as it occur between two routers in the network?
- show chap authentication
- show interface serial0
- debug ppp authentication*
- debug chap authentication
- show ppp authentication chap
IV.57. A default Frame Relay WAN is classified as what type of physical network?
- point-to-point
- broadcast multi-access
- nonbroadcast multi-access*
- nonbroadcast multipoint
- broadcast point-to-multipoint
IV.58. Which of the following are key characteristics of PPP? (Choose three.)
- can be used over analog circuits*
- maps Layer 2 to Layer 3 address
- encapsulates several routed protocols*
- supports IP only
- provides error correction*
IV.59. How should a router that is being used in a Frame Relay network be configured to avoid split horizon issues from preventing routing updates?
- Configure a separate sub-interface for each PVC with a unique DLCI and subnet assigned to the subinterface*
- Configure each Frame Relay circuit as a point-to-point line to support multicast and broadcast traffic
- Configure many sub-interfaces on the same subnet
- Configure a single sub-interface to establish multiple PVC connections to multiple remote router interfaces
IV.60. The Frame Relay network in the diagram is not functioning properly. What is the cause of the problem?
- The Gallant router has the wrong LMI type configured
- Inverse ARP is providing the wrong PVC information to the Gallant router
- The S3 interface of the Steele router has been configured with the frame-relay encapsulation ietf command
- The frame-relay map statement in the Attalla router for the PVC to Steele is not correct*
- The IP address on the serial interface of the Attalla router is configured incorrectly
IV.61. Refer to the exhibit. The network administrator is in a campus building distant from Building B. WANRouter is hosting a newly installed WAN link on interface S0/0. The new link is not functioning and the administrator needs to determine if the correct cable has been attached to the S0/0 interface. How can the administrator accurately verify the correct cable type on S0/0 in the most efficient manner?
- Telnet to WANRouter and execute the command show interfaces S0/0
- Telnet to WANRouter and execute the command show processes S0/0
- Telnet to WANRouter and execute the command show running-configuration
- Telnet to WANRouter and execute the command show controller S0/0*
- Physically examine the cable between WANRouter S0/0 and the DCE.
- Establish a console session on WANRouter and execute the command show interfaces S0/0
IV.62. Refer to the exhibit. A network technician is unable to ping from R1 to R2. What will help correct the problem?
- Ensure that the serial cable is correctly plugged in to the interfaces.*
- Apply the clock rate 56000 configuration command to the serial0/1 interface of R1.
- Configure the serial0/1 interfaces on R1 and R2 with the no shutdown command.
- Change the address of the serial0/1 interface of R1 to 192.1.1.4.
- Change the subnet masks of both interfaces to 255.255.255.240.
IV.63. Refer to the exhibit. Which two statements are true of the interface configuration? (Choose two.)
- The encapsulation in use on this interface is PPP.*
- The default serial line encapsulation is in use on this interface.
- The address mask of this interface is 255.255.255.0.*
- This interface is connected to a LAN.
- The interface is not ready to forward packets.
IV.64. An administrator issues the show ip interface s0/0 command and the output displays that interface Serial0/0 is up, line protocol is up. What does “line protocol is up” specifically indicate about the interface?
- The cable is attached properly.
- CDP has discovered the connected device.
- Keepalives are being received on the interface.*
- A carrier detect signal has been received from the connected device.
- IP is correctly configured on the interface.
IV.65. Refer to the exhibit. Which two statements are true based the output of the show frame-relay lmi command issued on the Branch router? (Choose two.)
- LMI messages are being sent on DLCI 1023.
- The LMI exchange between the router and Frame Relay switch is functioning properly.
- LMI messages are being sent on DLCI 0.*
- The Frame Relay switch is not responding to LMI requests from the router.*
- The router is providing a clock signal on Serial0/0 on the circuit to the Frame Relay switch.
- Interface Serial0/0 is not configured to encapsulate Frame Relay.
IV.66. What are three characteristics of satellite Internet connections? (Choose three)
- A. Their upload speed is about 10 percent of their download speed.*
- B. They are frequently used by rural users without access to other high-speed connections.*
- C. They are usually at least 10 times faster than analog modem connections.*
- D. They are usually faster than cable and DSL connections.
- E. They require a WiMax tower within 30 miles of the user location.
- F. They use radio waves to communicate with cellular phone towers.
Satellites use radio waves to communicate with the customer’s gateway, also known as a ground station (like a customer’s satellite dish), but not with cellular phone towers -> F is not correct.
For your information, satellite Internet uses high frequency signals, which range from 18.3 gigahertz to 31 gigahertz (Ka band).
Answer A C are two options left and they are acceptable answers. Although in practical they may vary a lot.
IV.67. Which two pieces of information are provided by the show controllers serial 0 command? (Choose two.)
- the type of cable that is connected to the interface.*
- The uptime of the interface
- the status of the physical layer of the interface*
- the full configuration of the interface
- the interface‟s duplex settings
The “show controllers serial …” command tells us about the type of the cable (in the case V.35 DTE cable) and the status of the physical layer of the interface. In above output we learn that there is an cable attached on S0/0 interface. If no cable is found we will see the line “No DTE cable” instead.IV.68. Which type of topology is required by DMVPN?
- ring
- full mesh
- hub-and-spoke*
- partial mesh
IV.69. Which statement about MPLS is true?
- It operates in Layer 1.
- It operates between Layer 2 and Layer 3.*
- It operates in Layer 3.
- It operates in Layer 2.
IV.70. What destination Layer 2 address will be used in the frame header containing a packet for host 172.30.4.4?
- 704
- 196
- 702*
- 344
IV.71. A static map to the S-AMER location is required. Which command should be used to create this map?
- frame-relay map ip 172.30.0.3 704 broadcast
- frame-relay map ip 172.30.0.3 196 broadcast*
- frame-relay map ip 172.30.0.3 702 broadcast
- frame-relay map ip 172.30.0.3 344 broadcast
IV.72. Which connection uses the default encapsulation for serial interfaces on Cisco routers?
- The serial connection to the MidEast branch office.*
- The serial connection to the DeepSouth branch office.
- The serial connection to the NorthCentral branch office.
- The serial connection to the Multinational Core.
Serial 1/0 : encapsulation frame-relay
Serial 1/2 and Serial 1/3 : both interfaces are encapsulated PPP
Serial 1/1: There is no related encapsulation information displayed, so its default encapsulation type is HDLC .
Based on the network topology provided in the exhibit, the interface Serial 1/1 is connected to the router
MidEast of the branch office, so the encapsulation type of the router MidEast is by default.
The default encapsulation on a serial interface is HDLC. The original HDLC encapsulation was defined by the International Organization for Standards (ISO), those same folks who developed the OSI model. The ISO version of HDLC had one shortcoming, however; it had no options to support multiple
Layer 3 routed protocols. As a result, most vendors have created their own form of HDLC. Cisco is no exception because it has its own proprietary form of HDLC to support various Layer 3 protocols such as IPX, IP, and AppleTalk.
The Serial connection to the Dub branch office using the default encapsulation type. You can change using:
* encapsulation command on interface
IV.73. If required, what password should be on the router in the MidEast branch office to allow a connection to be established with the Dubai router?
- No password is required*
- En8ble
- SCr8
- T1net
- C0nsole
Interface Serial1/2
IP address 192.168.0.5 255.255.255.252
Encapsulalation PPP ; Encapsulation for this interface is PPP
Check out the following Cisco Link:
http://www.cisco.com/en/US/tech/tk713/tk507/
technologies_configuration_example09186a0080094333.shtml#configuringausernamedifferentfromtherouters name
Here is a snipit of an example:
If Router 1 initiates a call to Router 2, Router 2 would challenge Router 1, but Router 1 would not challenge Router 2. This occurs because the ppp authentication chap callin command is configured on Router 1. This is an example of a unidirectional authentication. In this setup, the ppp chap hostname alias-r1 command is configured on Router 1. Router 1 uses “alias-r1” as its hostname for CHAP authentication instead of “r1.” The Router 2 dialer map name should match Router 1’s ppp chap hostname; otherwise, two B channels are established, one for each direction.
IV.74. Which two authentic methods are compatible with MLPPP on a serial Interface? (Choose two.)
- PEAP
- CHAP*
- TACACS+
- PAP*
- LEAP
IV.75. Which value must the device send as its username when using CHAP to authenticate with the remote peer site id:17604704 over a PPP link?
- The automatically generated user name
- The local host name*
- The user name defined by the administrator
- The host name of the remote device.
IV.76. Which two benefits of implementing a full-mesh WAN topology are true?(Choose two)
- increased latency
- redundancy*
- improved scalability
- reliability*
- reduced itter
IV.77. DRAG DROP. Drag and drop the PPPoE message types from the left into the sequence in which PPPoE messages are sent on the right.Select and Place:
Correct Answer:
IV.78. Which type of interface can negotiate an IP address for a PPPoE client?
- Ethernet
- dialer*
- serial
- Frame Relay
IV.79. What does traffic shaping do to reduce congestion in a network?
- buffers and queues packets.*
- buffers without queuing packets.
- queqes without buffering packets.
- drops packets.
Note: Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the routing device.IV.80. Refer to the exhibit. Which WAN protocol is being used?
- ATM
- HDLC
- Frame Relay*
- PPP
This question is to examine the show int command.
According to the information provided in the exhibit, we can know that the data link protocol used in this network is the Frame Relay protocol.
“LMI enq sent…”
IV.81. Which option is the primary purpose of traffic shaping?
- providing best-effort service
- enabling policy-based routing
- enabling dynamic flow identification
- limiting bandwidth usage*
Section V: Infrastructure Services
V.1. Which command can you enter to display duplicate IP addresses that the DHCP server assigns?
- show ip dhcp conflict 10.0.2.12*
- show ip dhcp database 10.0.2.12
- show ip dhcp server statistics
- show ip dhcp binding 10.0.2.12
V.2. Which cloud service is typically used to provide DNS and DHCP services to an enterprise?
- IaaS
- DaaS
- SaaS*
- PaaS
V.3. Which command can you enter in global configuration mode to create a DHCP address pool?
- ip dhcp pool DHCP_pool*
- ip dhcp conflict logging
- service dhcp
- ip dhcp excluded-address 10.0.2.1 10.0.2.49
V.4. Which value indicates the distance from the NTP authoritative time source?
- stratum*
- layer
- location
- priority
V.5. Afer you apply the given configuration to a router, the DHCP clients behind the device cannot communicate with hosts outside of their subnet. Which action is most likely to correct the problem?
ip dhcp pool test network 192.168.10.0/27 domain name cisco.com dns-server 172.16.1.1 172.16.2.1 netbios-name-server 172.16.1.10 172.16.2.10
- Configure the dns server on the same subnet as the clients
- Activate the dhcp pool
- Correct the subnet mask
- configure the default gateway*
V.6. Which statement about DHCP snooping is true?
- it blocks traffic from DHCP servers on untrusted interfaces.*
- it can be configured on switches and routers.
- it allows packets from untrusted ports if their source MAC address is found in the binding table.
- it uses DHCPDiscover packets to identify DHCP servers.
V.7. Which two options are benefits of DHCP snooping? (Choose two.)
- A. It simplifies the process of adding DHCP servers to the network.
- B. It prevents the deployment of rogue DHCP servers.*
- C. It prevents DHCP reservations.
- D. It tracks the location of hosts in the network.*
- E. It prevents static reservations.
V.8. Which command can you enter to configure the switch as an authoritative NTP server with a site id: 13999902?
- Switch(config)#ntp master 3 *
- Switch(config)#ntp peer 193.168.2.2
- Switch(config)#ntp server 193.168.2.2
- Switch(config)#ntp source 193.168.2.2
V.9. Where does a switch maintain DHCP snooping information ?
- in the MAC address table
- in the CAM table
- in the DHCP binding database*
- in the VLAN database
V.10. How does NAT overloading provide one-to-many address translation?
- It uses a pool of addresses
- It converts IPV4 addresses to unused IPv6 Addresses
- assigns a unique TCP/UDP port to each session*
- It uses virtual MAC Address and Virtual IP Addresses
V.11. Which HSRP feature was new in HSRPv2?
- VLAN group numbers that are greater than 255*
- Virtual MAC addresses
- tracking
- preemption
In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095 -> A is correct.
V.12. Which keyword enables an HSRP router to take the active role immediately what it comes online?
- preempt*
- priority
- version
- IP address
V.13. When troubleshooting client DNS issues, which two tasks must you perform? (Choose two.)
- Ping a public website IP address.
- Ping the DNS server.*
- Determine whether the hardware address is correct.
- Determine whether a DHCP address has been assigned.
- Determine whether the name servers have been configured.*
V.14. What are the two minimum required components of a DHCP binding? (Choose two.)
- an IP address*
- an ip-helper statement
- an exclusion list
- a DHCP pool
- a hardware address*
V.15. Which command can you enter to troubleshoot the failure of address assignment?
- sh ip dhcp database
- sh ip dhcp pool*
- sh ip dhcp import
- sh ip dhcp server statistics
R1#show ip dhcp pool Pool SERVER : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 1 Leased addresses : 1 Pending event : none 0 subnet is currently in the pool : Current index IP address range Leased addresses 172.16.200.100 172.16.200.100 - 172.16.200.100 1
V.16. What are two requirements for an HSRP group? (Choose two.)
- exactly one active router*
- one or more standby routers*
- one or more backup virtual routers
- exactly one standby active router
- exactly one backup virtual router
“A set of routers that run HSRP works in concert to present the illusion of a single default gateway router to the hosts on the LAN. This set of routers is known as an HSRP group or standby group. A single router that is elected from the group is responsible for the forwarding of the packets that hosts send to the virtual router. This router is known as the active router. Another router is elected as the standby router. If the active router fails, the standby assumes the packet forwarding duties. Although an arbitrary number of routers may run HSRP, only the active router forwards the packets that are sent to the virtual router IP address.
In order to minimize network traffic, only the active and the standby routers send periodic HSRP messages after the protocol has completed the election process. Additional routers in the HSRP group remain in the Listen state. If the active router fails, the standby router takes over as the active router. If the standby router fails or becomes the active router, another router is elected as the standby router.”
Reference: https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#anc6
-> There is exactly one active router and one standby router in an HSRP group. Answer A is surely a correct but other answers are not correct. Answers C, D and E are wrong terminologies so they are surely not correct. Therefore answer B is a best choice left (although it is not totally correct).
V.17. Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Protocol?
- VRRP*
- GLBP
- TFTP
- DHCP
V.18. Which protocol is the Cisco proprietary implementation of FHRP?
- HSRP*
- VRRP
- GLBP
- CARP
V.19. What are two benefits of using NAT? (Choose two.)
- A. NAT protects network security because private networks are not advertised.*
- B. NAT accelerates the routing process because no modifications are made on the packets.
- C. Dynamic NAT facilitates connections from the outside of the network.
- D. NAT facilitates end-to-end communication when IPsec is enable.
- E. NAT eliminates the need to re-address all host that require external access.*
- F. NAT conserves addresses through host MAC-level multiplexing.
NAT has to modify the source IP addresses in the packets -> B is not correct.
Connection from the outside to a network through “NAT” is more difficult than a normal network because IP addresses of inside hosts are hidden -> C is not correct.
In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> D is not correct.
By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-address the inside hosts -> E is correct.
NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowing many private IP addresses to use the same public IP address to go to the Internet -> F is not correct.
V.20. Which statement is correct regarding the operation of DHCP?
- A DHCP client uses a ping to detect address conflicts.
- A DHCP server uses a gratuitous ARP to detect DHCP clients.
- A DHCP client uses a gratuitous ARP to detect a DHCP server.
- If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.*
- If an address conflict is detected, the address is removed from the pool for an amount of time configurable by the administrator.
- If an address conflict is detected, the address is removed from the pool and will not be reused until the server is rebooted.
(Reference: http://www.cisco.com/en/US/docs/ios/12_1/iproute/configuration/guide/1cddhcp.html)
V.21. Which value to use in HSRP protocol election process?
- interface
- virtual IP address
- priority*
- router ID
R1(config-if)# standby 1 priority 200
V.22. Which of the following is needed to be enable back the role of active in HSRP?
- preempt*
- priority
- other options
New_Router(config-if)#standby 1 preempt
V.23. What is new in HSRPv2?
- prempt
- a greater number in hsrp group field*
- other
V.24. Which command is used to build DHCP pool?
- ip dhcp pool DHCP*
- ip dhcp conflict
- ip dhcp-server pool DHCP
- ip dhcp-client pool DHCP
| Configuration | Description |
| Router(config)#ip dhcp pool CLIENTS | Create a DHCP Pool named CLIENTS |
| Router(dhcp-config)#network 10.1.1.0 /24 | Specifies the subnet and mask of the DHCP address pool |
| Router(dhcp-config)#default-router 10.1.1.1 | Set the default gateway of the DHCP Clients |
| Router(dhcp-config)#dns-server 10.1.1.1 | Configure a Domain Name Server (DNS) |
| Router(dhcp-config)#domain-name 9tut.com | Configure a domain-name |
| Router(dhcp-config)#lease 0 12 | Duration of the lease (the time during which a client computer can use an assigned IP address). The syntax is “lease{days[hours] [minutes] | infinite}”. In this case the lease is 12 hours. The default is a one-day lease. Before the lease expires, the client typically needs to renew its address lease assignment with the server |
| Router(dhcp-config)#exit | |
| Router(config)# ip dhcp excluded-address 10.1.1.1 10.1.1.10 | The IP range that a DHCP Server should not assign to DHCP Clients. Notice this command is configured under global configuration mode |
Note: We checked with both Cisco IOS v12.4 and v15.4 but found no “ip dhcp-server pool” command:
Therefore the answer “ip dhcp-server pool …” is not correct.
V.25. What is the two benefits of DHCP snooping? (Choose two)
- static reservation
- DHCP reservation
- prevent DHCP rouge server*
- prevent untrusted host and servers to connect*
DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.
The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.
DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.
Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down -> Answer D is correct.
The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients. Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes -> C is correct.
V.26. Which command is used to configure a switch as an authoritative NTP server?
- Switch(config)#ntp master 3*
- Switch(config)#ntp peer IP
- Switch(config)#ntp server IP
- Switch(config)#ntp source IP
V.27. Which configuration command can you apply to a HSRP router so that its local interface becomes active if all other routers in the group fail?
- no additional configuration is required*
- standby 1 track Ethernet
- standby 1 preempt
- standby 1 priority 250
V.28. How to see dhcp conflict?
- show ip dhcp pool
- show dhcp database
- show ip dhcp conflict*
- Other Option.
V.29. Where does the configuration reside when a helper address is configured to support DHCP?
- on the switch trunk interface.
- on the router closest to the client.*
- on the router closest to the server.
- on every router along the path.
V.30. What is the danger of the permit any entry in a NAT access list?
- It can lead to overloaded resources on the router.*
- It can cause too many addresses to be assigned to the same interface.
- It can disable the overload command.
- It prevents the correct translation of IP addresses on the inside network.
V.31. How does a DHCP server dynamically assign IP addresses to hosts?
- Addresses are permanently assigned so that the host uses the same address at all times.
- Addresses are assigned for a fixed period of time.
- Addresses are leased to hosts. A host will usually keep the same address by periodically contacting the DHCP server to renew the lease.*
- Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.
V.32. Which command can you enter to determine the addresses that have been assigned on a DHCP Server?
- Show ip DHCP database.
- Show ip DHCP pool.
- Show ip DHCP binding.*
- Show ip DHCP server statistic.
DHCPBindings.aspx
“Router#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
10.16.173.0 24d9.2141.0ddd Jan 12 2013 03:42 AM Automatic”
V.33. Which two command can you enter to display the current time sources statistics on devices? (Choose TWO)
- Show ntp associations.*
- Show clock details.
- Show clock.
- Show time.
- Show ntp status.*
R1#show ntp associations
address ref clock st when poll reach delay offset disp
*~10.1.2.1 209.65.200.226 9 509 64 200 32.2 15.44 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
Below is the output of the “show ntp status” command. From this output we learn that R1 has a stratum of 10 and it is getting clock from 10.1.2.1.
R1#show ntp status Clock is synchronized, stratum 10, reference is 10.1.2.1 nominal freq is 250.0000 Hz, actual freq is 249.9987 Hz, precision is 2**18 reference time is D5E492E9.98ACB4CF (13:00:25.596 CST Wed Sep 18 2013) clock offset is 15.4356 msec, root delay is 52.17 msec root dispersion is 67.61 msec, peer dispersion is 28.12 msec
For more information about these two commands, please read at: http://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/116161-trouble-ntp-00.html
In fact this question is unclear, but other answers are surely not correct.
V.34. What is the default lease time for a DHCP binding?
- 24 hours*
- 12 hours
- 48 hours
- 36 hours
V.35. Which NAT type is used to translate a single inside address to a single outside address?
- dynamic NAT
- NAT overload
- PAT
- static NAT*
Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network
Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address.
In this question we only want to translate a single inside address to a single outside address so static NAT should be used.
V.36. What is the effect of the overload keyword in a static NAT translation configuration?
- It enables port address translation.*
- It enables the use of a secondary pool of IP addresses when the first pool is depleted
- It enables the inside interface to receive traffic.
- It enables the outside interface to forward traffic.
V.37. Which statement about the inside interface configuration in a NAT deployment is true?
- It is defined globally
- It identifies the location of source addresses for outgoing packets to be translated using access or route maps.*
- It must be configured if static NAT is used
- It identifies the public IP address that traffic will use to reach the internet.
For example the command:
Router(config)# ip nat inside source list 1 pool PoolforNAT
after the keyword “source” we need to specify one of the three keywords:
+ list: specify access list describing local addresses (but this command does not require an “inside” interface to be configured)
+ route-map: specify route-map
+ static: specify static local -> global mapping
V.38. Which NTP type designates a router without an external reference clock as an authoritative time source?
- server
- peer
- master*
- client
V.39. Which NTP command configures the local devices as an NTP reference clock source?
- NTP Peer
- NTP Broadcast
- NTP Master*
- NTP Server
For example, the command
Router(config)#ntp server 192.168.1.1
configures the local device to use a remote NTP clock source from 192.168.1.1 while the command:
Router(config)#ntp master 1
configures the local device as a NTP reference clock source with stratum of 1.
Reference: http://www.pearsonitcertification.com/articles/article.aspx?p=2141272
V.40. If you want multiple hosts on a network, where do you configure the setting?
- in the IP protocol*
- in the multicast interface
- in the serial interface
- in the global configuration
V.41. Refer to the exhibit.
Which rule does the DHCP server use when there is an IP address conflict?
- The address is removed from the pool until the conflict is resolved.*
- The address remains in the pool until the conflict is resolved.
- Only the IP detected by Gratuitous ARP is removed from the pool.
- Only the IP detected by Ping is removed from the pool.
- The IP will be shown, even after the conflict is resolved.
An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict.
V.42. Which configuration can be used with PAT to allow multiple inside address to be translated to a single outside address ?
- Dynamic Routing
- DNS
- Preempt
- overload*
V.43. Which command can you enter to create a NAT pool of 6 addresses?
- Router(config)#ip nat pool test 175.17.12.69 175.17.12.74 prefix-length 24*
- Router(config)#ip nat pool test 175.17.12.69 175.17.13.74 prefix-length 16
- Router(config)#ip nat pool test 175.17.12.66 175.17.12.72 prefix-length 8
- Router(config)#ip nat pool test 175.17.12.69 175.17.12.76 prefix-length 8
Router(config)#ip nat pool pool_name start_ip end_ip { netmask netmask | prefix-length prefix-length }
Therefore answer A is surely correct. Answer B is not correct as it creates many addresses (from 12.69 to 12.255 then to 13.74).
Answer C and D are not correct as we cannot use prefix-length of 8 (/8) for a class B subnet.
V.44. While troubleshooting a DCHP client that is behaving erratically, you discover that the client has been assigned the same IP address as a printer that is a static IP address. Which option is the best way to resolve the problem?
- Configurea static route to the client.
- Assign the client the same IP address as the router.
- Move the client to another IP subnet
- Move the printer to another IP subnet.
- Reserve the printer IP address.*
V.45. Which three commands are required to enable NTP authentication on a Cisco router? (Choose three)
- ntp peer
- ntp max-associations
- ntp authenticate*
- ntp trusted-key*
- ntp authentication-key*
- ntp refclock
+ The “ntp trusted-key” command specifies one or more keys that a time source must provide in its NTP packets in order for the device to synchronize to it. This command provides protection against accidentally synchronizing the device to a time source that is not trusted.
+ The “ntp authentication-key” defines the authentication keys. The device does not synchronize to a time source unless the source has one of these authentication keys and the key number is specified by the “ntp trusted-key number” command.
V.46. DRAG DROP. Drag and drop the DHCP client states from the left into the standard order in which the client passes through
them on the right.Select and Place:
Correct Answer:
V.47. After you configure the ip dns spoofing command globally on a device, under which two conditions is DNS spoofing enabled on the device? (Choose two.)
- The DNS server queue limit id disabled
- The ip host command is disabled
- All configured IP name server addresses are removed*
- The ip dns spoofing command is disabled on the local interface
- The no ip domain lookup command is configured*
V.48. DRAG DROP. Drag and drop the DNS lookup commands from the left onto the correct effects on the right.
Select and Place:
Correct Answer:
V.49. DRAG DROP. Drag and drop the protocols from the left onto the correct IP traffic types on the right.
Select and Place:
Correct Answer:
V.50. Which task must you perform to enable an IOS device to use DNS services?
- configure a relay agent information reforwarding policy
- configure manual bindings*
- configure the relay agent information option
- configure a name server
V.51. Which technology allows a large number of private IP address to be represented by a smaller number of public IP addresses?
- NTP
- RFC 1918
- PBR
- NAT*
V.52. Which two types of NAT addresses are used in a Cisco NAT device? (Choose two.)
- inside local*
- inside global*
- inside private
- outside private
- external global
- external local
* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.
V.53. Which statement describes the process of dynamically assigning IP addresses by the DHCP server?
- Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
- Addresses are permanently assigned so that the hosts use the same address at all times.
- Addresses are assigned for a fixed period of time, at the end of the period, a new request for an address must be made.
- Addresses are leased to hosts, which periodically contact the DHCP server to renew the lease.*
Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.
V.54. Refer to the exhibit. What statement is true of the configuration for this network?
- The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.
- Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown.
- The number 1 referred to in the ip nat inside source command references access-list number 1.
- ExternalRouter must be configured with static routes to networks 172.16.1.0/24 and 172.16.2.0/24.*
V.55. When a DHCP server is configured, which two IP addresses should never be assignable to hosts? (Choose two.)
- network or subnetwork IP address*
- broadcast address on the network*
- IP address leased to the LAN
- IP address used by the interfaces
- manually assigned address to the clients
- designated IP address to the DHCP server
V.56. Which two statements about static NAT translations are true? (Choose two.)
- They allow connections to be initiated from the outside.*
- They require no inside or outside interface markings because addresses are statically defined.
- They are always present in the NAT table.*
- They can be configured with access lists, to allow two or more connections to be initiated from the outside.
V.57. In a GLBP network, who is responsible for the arp request?
- AVF
- AVG*
- Active router
- Standby Router
V.58. In GLBP, which router will respond to client ARP requests?
- The active virtual gateway will reply with one of four possible virtual MAC addresses.*
- All GLBP member routers will reply in round-robin fashion.
- The active virtual gateway will reply with its own hardware MAC address.
- The GLBP member routers will reply with one of four possible burned in hardware addresses.
V.59. Which statement describes VRRP object tracking?
- It monitors traffic flow and link utilization.
- It ensures the best VRRP router is the virtual router master for the group.*
- It causes traffic to dynamically move to higher bandwidth links.
- It thwarts man-in-the-middle attacks.
V.60. What are three benefits of GLBP? (Choose three.)
- GLBP supports up to eight virtual forwarders per GLBP group.
- GLBP supports clear text and MD5 password authentication between GLBP group members.*
- GLBP is an open source standardized protocol that can be used with multiple vendors.
- GLBP supports up to 1024 virtual routers.*
- GLBP can load share traffic across a maximum of four routers.*
- GLBP elects two AVGs and two standby AVGs for redundancy.
V.61. Which three statements about HSRP operation are true? (Choose three.)?
- The virtual IP address and virtual MAC address are active on the HSRP Master router.*
- The HSRP default timers are a 3 second hello interval and a 10 second dead interval.*
- HSRP supports only clear-text authentication
- The HSRP virtual IP address must be on a different subnet than the routers’ interfaces on the same LAN.
- The HSRP virtual IP address must be the same as one of the router’s interface addresses on the LAN.
- HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing.*
“The active router sources hello packets from its configured IP address and the HSRP virtual MAC address. The standby router sources hellos from its configured IP address and the burned-in MAC address (BIA).”
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic14
“By default, these timers are set to 3 and 10 seconds, respectively…” http://www.cisco.com/c/en/us/support/docs/switches catalyst-6000-series-switches/29545-168.html#q1
Load Sharing with HSRP
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13781-7.html#conf
“…has a 256 unique HSRP group ID limit.”
“…the allowed group ID range (0-255). … MSFC2A (Supervisor Engine 32) can use any number of group IDs from that range.
V.62. Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Protocol?
- VRRP*
- GLBP
- TFTP
- DHCP
V.63. Which NAT function can map multiple inside addresses to a single outside address?
- PAT*
- SFTP
- RARP
- ARP
- TFTP
V.64. Which three options are the HSRP states for a router? (Choose three)
- initialize
- learn*
- secondary
- listen*
- speak*
- primary
| State | Description |
| Initial | This is the beginning state. It indicates HSRP is not running. It happens when the configuration changes or the interface is first turned on |
| Learn | The router has not determined the virtual IP address and has not yet seen an authenticated hello message from the active router. In this state, the router still waits to hear from the active router. |
| Listen | The router knows both IP and MAC address of the virtual router but it is not the active or standby router. For example, if there are 3 routers in HSRP group, the router which is not in active or standby state will remain in listen state. |
| Speak | The router sends periodic HSRP hellos and participates in the election of the active or standby router. |
| Standby | In this state, the router monitors hellos from the active router and it will take the active state when the current active router fails (no packets heard from active router) |
| Active | The router forwards packets that are sent to the HSRP group. The router also sends periodic hello messages |
Please notice that not all routers in a HSRP group go through all states above. In a HSRP group, only one router reaches active state and one router reaches standby state. Other routers will stop at listen state.
V.65. Which NTP command configures the local device as an NTP reference clock source?
- ntp peer
- ntp broadcast
- ntp master*
- ntp server
V.66. Which technology supports the stateless assignment of IPv6 addresses? (Choose two.)
- DNS
- DHCPv6*
- DHCP
- autoconfiguration*
IPv6 Internet Address Assignment Overview
IPv6 has been developed with Internet Address assignment dynamics in mind. Being aware that IPv6 Internet addresses are 128 bits in length and written in hexadecimals makes automation of address- assignment an important aspect within network design. These attributes make it inconvenient for a user to manually assign IPv6 addresses, as the format is not naturally intuitive to the human eye. To facilitate address assignment with little or no human intervention, several methods and technologies have been developed to automate the process of address and configuration parameter assignment to IPv6 hosts. The various IPv6 address assignment methods are as follows:
1. Manual Assignment
An IPv6 address can be statically configured by a human operator. However, manual assignment is quite
open to errors and operational overhead due to the 128 bit length and hexadecimal attributes of the addresses, although for router interfaces and static network elements and resources this can be an appropriate solution.
2. Stateless Address Autoconfiguration (RFC2462)
Stateless Address Autoconfiguration (SLAAC) is one of the most convenient methods to assign Internet
addresses to IPv6 nodes. This method does not require any human intervention at all from an IPv6 user. If one wants to use IPv6 SLAAC on an IPv6 node, it is important that this IPv6 node is connected to a network with at least one IPv6 router connected. This router is configured by the network administrator and sends out Router Advertisement announcements onto the link. These announcements can allow the on-link connected IPv6 nodes to configure themselves with IPv6 address and routing parameters, as specified in RFC2462, without further human intervention.
3. Stateful DHCPv6
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) has been standardized by the IETF through
RFC3315. DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to “IPv6 Stateless Address Autoconfiguration” (RFC 2462), and can be used separately, or in addition to the stateless autoconfiguration to obtain configuration parameters.
4. DHCPv6-PD
DHCPv6 Prefix Delegation (DHCPv6-PD) is an extension to DHCPv6, and is specified in RFC3633. Classical
DHCPv6 is typically focused upon parameter assignment from a DHCPv6 server to an IPv6 host running a DHCPv6 protocol stack. A practical example would be the stateful address assignment of “2001:db8::1” from a DHCPv6 server to a DHCPv6 client. DHCPv6-PD however is aimed at assigning complete subnets and other network and interface parameters from a DHCPv6-PD server to a DHCPv6-PD client. This means that instead of a single address assignment, DHCPv6-PD will assign a set of IPv6 “subnets”. An example could be the assignment of “2001:db8::/60” from a DHCPv6-PD server to a DHCPv6-PD client. This will allow the DHCPv6-PD client (often a CPE device) to segment the received address IPv6 address space, and assign it dynamically to its IPv6 enabled interfaces.
5. Stateless DHCPv6
Stateless DHCPv6 is a combination of “stateless Address Autoconfiguration” and “Dynamic Host Configuration Protocol for IPv6” and is specified by RFC3736. When using stateless-DHCPv6, a device will use Stateless Address Auto-Configuration (SLAAC) to assign one or more IPv6 addresses to an interface, while it utilizes DHCPv6 to receive “additional parameters” which may not be available through SLAAC. For example, additional parameters could include information such as DNS or NTP server addresses, and are provided in a stateless manner by DHCPv6. Using stateless DHCPv6 means that the DHCPv6 server does not need to keep track of any state of assigned IPv6 addresses, and there is no need for state refreshment as result. On network media supporting a large number of hosts associated to a single DHCPv6 server, this could mean a significant reduction in DHCPv6 messages due to the reduced need for address state refreshments. From Cisco IOS 12.4(15)T onwards the client can also receive timing information, in addition to the “additional parameters” through DHCPv6. This timing information provides an indication to a host when it should refresh its DHCPv6 configuration data. This behavior (RFC4242) is particularly useful in unstable environments where changes are likely to occur.
V.67. DRAG DROP. Order the DHCP message types as they would occur between a DHCP client and a DHCP server.Select and Place:
Correct Answer:
V.68. Which command can you enter to troubleshoot the failure of address assignment?
- sh ip dhcp database
- sh ip dhcp pool*
- sh ip dhcp import
- sh ip dhcp server statistics
R1#show ip dhcp pool Pool SERVER : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 1 Leased addresses : 1 Pending event : none 0 subnet is currently in the pool : Current index IP address range Leased addresses 172.16.200.100 172.16.200.100 - 172.16.200.100 1
V.69. Which command can you enter to verify that a router is synced with a configures time source?
- show ntp authenticate
- ntp associations
- ntp server time
- ntp authenticate
- show ntp associations*
R1#show ntp associations
address ref clock st when poll reach delay offset disp
*~10.1.2.1 209.65.200.226 9 509 64 200 32.2 15.44 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
V.70. Which statement about QoS default behavior is true?
- Ports are untrusted by default.
- VoIP traffic is passed without being tagged.
- Video traffic is passed with a well-known DSCP value of 46.
- Packets are classified internally with an environment.
- Packets that arrive with a tag are untagged at the edge of an administrative domain.*
Frames received from users in the administratively-defined VLANs are classified or tagged for transmission to other devices. Based on rules that you define, a unique identifier (the tag) is inserted in each frame header before it is forwarded. The tag is examined and understood by each device before any broadcasts or transmissions to other switches, routers, or end stations. When the frame reaches the last switch or router, the tag is removed before the frame is sent to the target end station. VLANs that are assigned on trunk or access ports without identification or a tag are called native or untagged frames. For IEEE 802.1Q frames with tag information, the priority value from the header frame is used. For native frames, the default priority of the input port is used. Each port on the switch has a single receive queue buffer (the ingress port) for incoming traffic. When an untagged frame arrives, it is assigned the value of the port as its port default priority. You assign this value by using the CLI or CMS. A tagged frame continues to use its assigned CoS value when it passes through the ingress port.
V.71. What is the authoritative source for an address lookup?
- a recursive DNS search*
- the operating system cache
- the ISP local cache
- the browser cache
V.72. Which configuration command can you apply to a HSRP router so that its local interface becomes active if all other routers in the group fail?
- Router(config)#standby 1 priority 250
- No additional configuration is required*
- Router(config)#standby 1 preempt
- Router(config)#standby 1 track Ethernet
V.73. Which option is the benefit of implementing an intelligent DNS for a cloud computing solution?
- It reduces the need for a backup data center.
- It can redirect user requests to locations that are using fewer network resources.*
- It enables the ISP to maintain DNS records automatically.
- It eliminates the need for a GSS.
V.74. Which value is used to determine the active router in an HSRP default configuration?
- Router loopback address
- Router IP address*
- Router priority
- Router tracking number
V.75. What is a valid HSRP virtual MAC address?
- 007.3313.9734
- 0000.0C07.AC15*
- 0007.B400.AE01
- 0000.5E00.01A3
+ With HSRP version 1, the virtual router’s MAC address is 0000.0c07.ACxx , in which xx is the HSRP group. Therefore C is correct.
+ With HSRP version 2, the virtual MAC address is 0000.0C9F.Fxxx, in which xxx is the HSRP group.
Note: Another case is HSRP for IPv6, in which the MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF.
(Good resource for HSRP: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html)
V.75. Requirement to configure DHCP binding ( 2 options)
- DHCP pool
- ip address*
- Hardware address*
- other option
All DHCP clients send a client identifier (DHCP option 61) in the DHCP packet. To configure manual bindings, you must enter the client-identifier DHCP pool configuration command with the appropriate hexadecimal values identifying the DHCP client. For example:
ip dhcp pool SERVER host 172.16.200.100 255.255.255.0 client-identifier 01aa.bbcc.0003.00 default-router 172.16.200.1 !
Therefore two requirements for DHCP binding is the IP address and the hardware address (MAC address) of the client. Notice that in the above example “aabb.cc00.0300” is the MAC address of the client while prefix “01” represents the Ethernet media type.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfdhcp.html
In fact the “DHCP pool” option is also correct but two above choices are better.
Section VI: Infrastructure Security
VI.1. Which statement about RADIUS security is true?
- It supports EAP authentication for connecting to wireless networks.*
- It provides encrypted multiprotocol support.
- Device-administration packets are encrypted in their entirety.
- It ensures that user activity is fully anonymous.
VI.2. Which command can you enter to block HTTPS traffic from the whole class A private network range to a host?
- R1(config)#access-list 105 deny tcp 10.1.0.0 0.0.255.255 40.0.0.2 0.0.0.0 eq 443
- R1(config)#access-list 105 deny tcp 10.1.0.0 0.0.255.255 40.0.0.2 0.0.0.0 eq 53
- R1(config)#access-list 105 deny tcp 10.0.0.0 0.255.255.255 40.0.0.2 0.0.0.0 eq 53
- R1(config)#access-list 105 deny tcp 10.0.0.0 0.255.255.255 40.0.0.2 0.0.0.0 eq 443*
VI.3. Which two options are valid numbers for a standard access list? (Choose two.)
- A. 50*
- B. 150
- C. 1250
- D. 1550*
- E. 2050
VI.4. Which utility can you use to identify the cause of a traffic-flow blockage between the two devices in a network?
- ACL path analysis tool in APIC-EM*
- I WAN application
- ACL analysis tool in APIC-EM
- APIC-EM automation scheduler
Icon 
means “there are ACLs that permit the traffic applied on the interface”.
Icon 
means “traffic may or may not be blocked. For example, if your traffic matches a deny access control entry (ACE), traffic is denied. However, if your traffic matches any other ACEs, it is permitted. You can get this type of results if you leave out the protocol, source port, or destination port when defining a path trace”.
Icon 
means “there is an ACL on the device or interface that is blocking the traffic on the path”.
Icon 
means “there are no ACLs applied on the interface”.
VI.5. Which set of commands is recommended to prevent the use of a hub in the access layer?
- switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security maximum 1 - switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1 - switch(config-if)#switchport mode access
switch(config-if)#switchport port-security maximum 1* - switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address 1
Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.
VI.6. Which two options are primary responsibilities of the APlC-EM controller? (Choose two.)
- lt automates network actions between different device types.*
- lt provides robust asset management.
- lt tracks license usage and Cisco lOS versions.
- lt automates network actions between legacy equipment.
- lt makes network functions programmable.*
http://www.cisco.com/c/en/us/products/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/index.html
Automate network configuration and setup
Deploy network devices faster
Automate device deployment and provisioning across the enterprise.
Provide a programmable network
Enable developers to create new applications that use the network to fuel business growth.
VI.7. Which utility can you use to identify redundant or shadow rules?
- The ACL trace tool in Cisco APIC-EM.
- The ACL analysis tool in Cisco APIC-EM.*
- The Cisco APIC-EM automation scheduler.
- The Cisco IWAN application.
+ Inspection, interrogation, and analysis of network access control policies.
+ Ability to trace application specific paths between end devices to quickly identify ACLs in use and problem areas.
+ Enables ACL change management with easy identification of conflicts and shadows -> Maybe B is the most suitable answer.
The ACL trace tool can only help us to identify Which ACL on Which router is blocking or allowing traffic. It cannot help identify redundant/shadow rules.
Note:
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) is a Cisco Software Defined Networking (SDN) controller, Which uses open APIs for policy-based management and security through a single controller, abstracting the network and making network services simpler. APIC-EM provides centralized automation of policy-based application profiles.
Reference: CCNA Routing and Switching Complete Study Guide
Cisco Intelligent WAN (IWAN) application simplifies the provisioning of IWAN network profiles with simple business policies. The IWAN application defines business-level preferences by application or groups of applications in terms of the preferred path for hybrid WAN links. Doing so improves the application experience over any connection and saves telecom costs by leveraging cheaper WAN links.
Shadow rules are the rules that are never matched (usually because of the first rules). For example two access-list statements:
access-list 100 permit ip any any
access-list 100 deny tcp host A host B
Then the second access-list statement would never be matched because all traffic have been already allowed by the first statement. In this case we call statement 1 shadows statement 2.
VI.8. What will be the result if the following configuration commands are implemented on a Cisco switch?
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
- A dynamically learned MAC address is saved in the startup-configuration file.
- A dynamically learned MAC address is saved in the running-configuration file.*
- A dynamically learned MAC address is saved in the VLAN database.
- Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
- Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.
VI.9. Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.
2950Switch(config-if)# switchport port-security
2950Switch(config-if)# switchport port-security mac-address sticky
2950Switch(config-if)# switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)
- The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
- Only host A will be allowed to transmit frames on fa0/1.*
- This frame will be discarded when it is received by 2950Switch.
- All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.*
- Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
- Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.
In the second command 2950Switch(config-if)#switchport port-security mac-address sticky, we need to know the full syntax of this command is switchport port-security mac-address sticky [MAC]. The STICKY keyword is used to make the MAC address appear in the running configuration and you can save it for later use. If you do not specify any MAC addresses after the STICKY keyword, the switch will dynamically learn the attached MAC Address and place it into your running-configuration. In this case, the switch will dynamically learn the MAC address 0000.00aa.aaaa of host A and add this MAC address to the running configuration.
In the last command 2950Switch(config-if)#switchport port-security maximum 1 you limited the number of secure MAC addresses to one and dynamically assigned it (because no MAC address is mentioned, the switch will get the MAC address of the attached MAC address to interface fa0/1), the workstation attached to that port is assured the full bandwidth of the port.Therefore only host A will be allowed to transmit frames on fa0/1 -> B is correct.
After you have set the maximum number of secure MAC addresses for interface fa0/1, the secure addresses are included in the “Secure MAC Address” table (this table is similar to the Mac Address Table but you can only view it with the show port-security address command). So in this question, although you don’t see the MAC address of host A listed in the MAC Address Table but frames with a destination of 0000.00aa.aaaa will be forwarded out of fa0/1 interface -> D is correct.
VI.10. Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands. Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)
- Port security needs to be globally enabled.
- Port security needs to be enabled on the interface.*
- Port security needs to be configured to shut down the interface in the event of a violation.
- Port security needs to be configured to allow only one learned MAC address.*
- Port security interface counters need to be cleared before using the show command.
- The port security configuration needs to be saved to NVRAM before it can become active.
SwitchA(config-if)#switchport port-security
-> B is correct.
Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.
VI.11. What to do when the router password was forgotten?
- use default password cisco to reset
- access router physically
- use ssl/vpn
- Type confreg 0x2142 at the rommon 1*
VI.12. A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the internet. Which ACL can be used?
- reflexive
- extended
- standard
- dynamic*
VI.13. What should be part of a comprehensive network security plan?
- Allow users to develop their own approach to network security
- Physically secure network equipment from potential access by unauthorized individuals*
- Encourage users to use personal information in their passwords to minimize the likelihood of passwords being forgotten
- Delay deployment of software patches and updates until their effect on end-user equipment is well known and widely reported
- Minimize network overhead by deactivating automatic antivirus client updates
VI.14. Which password types are encrypted?
- SSH
- Telnet
- enable secret*
- enable password
Note: The “enable password” does not encrypt the password and can be view in clear text in the running-config. In order to encrypt the “enable password”, use the “service password-encryption” command. In general, don’t use enable password, use enable secret instead.
VI.15. Which statement about ACLs is true?
- An ACL have must at least one permit action, else it just blocks all traffic.*
- ACLs go bottom-up through the entries looking for a match
- An ACL has a an implicit permit at the end of ACL.
- ACLs will check the packet against all entries looking for a match.
VI.16. Which three options are benefits of using TACACS+ on a device? (Choose three)
- A. It ensures that user activity is untraceable.
- B. It provides a secure accounting facility on the device.
- C. device-administration packets are encrypted in their entirely.*
- D. It allows the user to remotely access devices from other vendors.
- E. It allows the users to be authenticated against a remote server.*
- F. It supports access-level authorization for commands.*
TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header -> C is correct.
TACACS+ supports access-level authorization for commands. That means you can use commands to assign privilege levels on the router -> F is correct.
Note:
By default, there are three privilege levels on the router.
+ privilege level 1 = non-privileged (prompt is router>), the default level for logging in
+ privilege level 15 = privileged (prompt is router#), the level after going into enable mode
+ privilege level 0 = seldom used, but includes 5 commands: disable, enable, exit, help, and logout
VI.17. How to verify SSH connections was secured?
- A. ssh -v 1 -l admin IP
- B. ssh -v 2 -l admin IP*
- C. ssh -l admin IP
- D. ssh -v -l admin IP
VI.18. Which cisco platform can verify ACLs?
- Cisco Prime Infrastructure
- Cisco Wireless LAN Controller
- Cisco APIC-EM*
- Cisco IOS-XE
VI.18. Which major component of the network virtualization architecture isolate users according to policy?
- policy enforcement
- network access control*
- network services virtualization
- path isolation
+ Network access control and segmentation of classes of users: Users are authenticated and either allowed or denied into a logical partition. Users are segmented into employees, contractors and consultants, and guests, with respective access to IT assets. This component identifies users who are authorized to access the network and then places them into the appropriate logical partition.
+ Path isolation: Network isolation is preserved across the entire enterprise: from the edge to the campus to the WAN and back again. This component maintains traffic partitioned over a routed infrastructure and transports traffic over and between isolated partitions. The function of mapping isolated paths to VLANs and to virtual services is also performed in component.
+ Network Services virtualization: This component provides access to shared or dedicated network services such as security, quality of service (QoS), and address management (Dynamic Host Configuration Protocol [DHCP] and Domain Name System [DNS]). It also applies policy per partition and isolates application environments, if required.
VI.20. Which two statements about firewalls are true?
- They can be used with an intrusion prevention system.*
- They can limit unauthorized user access to protect data.*
- Each wireless access point requires its own firewall.
- They must be placed only at locations where the private network connects to the internet.
- They can prevent attacks from the internet only.
VI.21. Which three options are types of Layer 2 network attack? (Choose three)
- Spoofing attacks*
- Vlan Hopping*
- botnet attacks
- DDOS attacks
- ARP Attacks*
- Brute force attacks
(DHCP) Spoofing attack is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.
The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.
VLAN Hopping: By altering the VLAN ID on packets encapsulated for trunking, an attacking device can send or receive packets on various VLANs, bypassing Layer 3 security measures. VLAN hopping can be accomplished by switch spoofing or double tagging.
1) Switch spoofing:
The attacker can connect an unauthorized Cisco switch to a Company switch port. The unauthorized switch can send DTP frames and form a trunk with the Company Switch. If the attacker can establish a trunk link to the Company switch, it receives traffic to all VLANs through the trunk because all VLANs are allowed on a trunk by default.
(Instead of using a Cisco Switch, the attacker can use a software to create and send DTP frames).
2) Double-Tagging:
In this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the native VLAN of the trunk port (VLAN 10 in this case), and the second matches the VLAN of a host it wants to attack (VLAN 20).
When the packet from the attacker reaches Switch A, Switch A only sees the first VLAN 10 and it matches with its native VLAN 10 so this VLAN tag is removed. Switch A forwards the frame out all links with the same native VLAN 10. Switch B receives the frame with an tag of VLAN 20 so it removes this tag and forwards out to the Victim computer.
Note: This attack only works if the trunk (between two switches) has the same native VLAN as the attacker.
ARP attack (like ARP poisoning/spoofing) is a type of attack in Which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. This is an attack based on ARP Which is at Layer 2.
VI.22. By default, how many MAC addresses are permitted to be learned on a switch port with port security enabled?
- 8
- 2
- 1*
- 0
VI.23. Which option is the default switch port port-security violation mode?
- shutdown*
- protect
- shutdown vlan
- restrict
VI.24. Which three features are represented by the letter A in AAA authentication? (Choose three)
- A. authorization*
- B. accounting*
- C. authentication*
- D. accountability
- E. accessibility
- F. authority
VI.25. What is a possible reason why a host is able to ping a web server but it is not able to do an HTTP request?
- A. ACL blocking port 23
- B. ACL blocking All ports
- C. ACL blocking port 80*
- D. ACL blocking port 443
- E. None of the above
VI.26. Which item represents the standard IP ACL?
- Access-list 110 permit any any
- Access-list 50 deny 192.168.1.1 0.0.0.255*
- Access list 101 deny tvp any host 192.168.1.1
- Access-list 2500 deny tcp any host 192.168.1.1 eq 22
VI.27. Which statement about recovering a password on a Cisco router is true?
- The default reset password is cisco
- It requires a secure SSl/VPN connection
- A factory resset is required if you forget the password
- It requires physical access to the router*
VI.28. Where information about untrusted hosts are stored?
- CAM table
- Trunk table
- MAC table
- binding database*
VI.29. Which two statements about TACACS+ are true? (Choose two.)
- lt can run on a UNlX server.*
- lt authenticates against the user database on the local device.
- lt is more secure than AAA authentication.
- lt is enabled on Cisco routers by default.
- lt uses a managed database.*
http://tacacs.net/docs/TACACS_Advantages.pdf
Many IT departments choose to use AAA (Authentication, Authorization and Accounting) protocols RADIUS or TACACS+ to address these issues.
http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/13865-tacplus.pdf
This document describes how to configure a Cisco router for authentication with the TACACS+ that runs on
UNIX. TACACS+ does not offer as many features as the commercially available Cisco Secure ACS for
Windows or Cisco Secure ACS UNIX.
TACACS+ software previously provided by Cisco Systems has been discontinued and is no longer supported
by Cisco Systems.
VI.30. Which two passwords must be supplied in order to connect by Telnet to a properly secured Cisco switch and make changes to the device configuration? (Choose two.)
- tty password
- enable secret password*
- vty password*
- aux password
- console password
- username password
VI.31. In order to comply with new auditing standards, a security administrator must be able to correlate system security alert logs directly with the employee who triggers the alert. Which of the following should the security administrator implement in order to meet this requirement?
- Access control lists on file servers
- Elimination of shared accounts
- Group-based privileges for accounts
- Periodic user account access reviews*
VI.32. Which action can change the order of entries in a named access-list?
- removing an entry
- opening the access-list in notepad
- adding an entry
- resequencing*
R1#show ip access-list
Standard IP access list nat_traffic
10 permit 10.1.0.0, wildcard bits 0.0.255.255
15 permit 10.2.0.0, wildcard bits 0.0.255.255
20 permit 10.3.0.0, wildcard bits 0.0.255.255
We can resequence a named access-list with the command: “ip access-list resequence access-list-name starting-sequence-number increment“. For example:
R1(config)#ip access-list nat_traffic 100 10
Then we can check this access-list again:
R1#show ip access-list
Standard IP access list nat_traffic
100 permit 10.1.0.0, wildcard bits 0.0.255.255
110 permit 10.2.0.0, wildcard bits 0.0.255.255
120 permit 10.3.0.0, wildcard bits 0.0.255.255
We can see the starting sequence number is now 100 and the increment is 10. But notice that resequencing an access-list cannot change the order of entries inside it but it is the best choice in this question. Adding or removing a n entry does not change the order of entries. Maybe we should understand this question “how to renumber the entries in a named access-list”.
VI.33. What is the effect of using the service password-encryption command?
- only passwords configured after the command has been entered will be encrypted.
- Only the enable password will be encrypted.
- Only the enable secret password will be encrypted
- It will encrypt the secret password and remove the enable secret password from the configuration.
- It will encrypt all current and future passwords.*
VI.34. Refer to the exhibit. Which user-mode password has just been set?
- Telnet*
- Auxiliary
- SSH
- Console
VI.35. What is a difference between TACACS+ and RADIUS in AAA?
- Only TACACS+ allows for separate authentication.*
- Only RADIUS encrypts the entire access-request packet.
- Only RADIUS uses TCP
- Only TACACS+ couples authentication and authorization.
Authentication and authorization are not separated in a RADIUS transaction. When the authentication request is sent to a AAA server, the AAA client expects to have the authorization result sent back in reply.
VI.36. Which port security violation mode allows traffic from valid mac address to pass but block traffic from invalid mac address?
- protect*
- shutdown
- shutdown vlan
- restrict
protect: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
restrict: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.
Therefore the only difference between these two modes is “restrict” mode causes the SecurityViolation counter to increment (only useful for statistics).
VI.37. Which command can you enter in a network switch configuration so that learned mac addresses are saved in configuration as they connect?
- Switch(config-if)#Switch port-security
- Switch(config-if)#Switch port-security Mac-address stcky*
- Switch(config-if)#Switch port-security maximum 10
- Switch(config-if)#Switch mode access
VI.38. Which major component of the Cisco network virtualization architecture isolates users according to policy?
- A. network services virtualization
- B. policy enforcement
- C. access control*
- D. path isolation
VI.39. DRAG DROP. Drag the security features on the left to the specific security risks they help protect against on the right. (Not all options are used.)
Select and Place:
Correct Answer:
VI.40. On Which combinations are standard access lists based?
- A. destination address and wildcard mask
- B. destination address and subnet mask
- C. source address and subnet mask
- D. source address and wildcard mask*
Standard ACL’s only examine the source IP address/mask to determine if a match is made. Extended ACL’s
examine the source and destination address, as well as port information.
VI.41. Which statement about access lists that are applied to an interface is true?
- A. You can place as many access lists as you want on any interface.
- B. You can apply only one access list on any interface.
- C. You can configure one access list, per direction, per Layer 3 protocol.*
- D. You can apply multiple access lists with the same protocol or in different directions.
+ We cannot have 2 inbound access lists on an interface + We can have 1 inbound and 1 outbound access
list on an interface
VI.42. A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two.)
- A. access-list 10 permit ip 192.168.146.0 0.0.1.255*
- B. access-list 10 permit ip 192.168.147.0 0.0.255.255
- C. access-list 10 permit ip 192.168.148.0 0.0.1.255*
- D. access-list 10 permit ip 192.168.149.0 0.0.255.255
- E. access-list 10 permit ip 192.168.146.0 0.0.0.255
- F. access-list 10 permit ip 192.168.146.0 255.255.255.0
while access-list 10 permit ip 192.168.148.0 0.0.1.255 will include
VI.43. What can be done to secure the virtual terminal interfaces on a router? (Choose two.)
- A. Administratively shut down the interface.
- B. Physically secure the interface.
- C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
- D. Configure a virtual terminal password and login process.*
- E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.*
VI.44. How does using the service password-encryption command on a router provide additional security?
- A. by encrypting all passwords passing through the router
- B. by encrypting passwords in the plain text configuration file*
- C. by requiring entry of encrypted passwords for access to the device
- D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
- E. by automatically suggesting encrypted passwords for use in configuring the router
useful for keeping unauthorized individuals from viewing your password in your configuration file.
VI.A network administrator needs to allow only one Telnet connection to a router. For anyone viewing the configuration and issuing the show run command, the password for Telnet access should be encrypted. Which set of commands will accomplish this task?
Correct Answer: A
Incorrect answer: command.
line vty0 4
would enable all 5 vty connections.
VI.45. Refer to the exhibit. What is the effect of the configuration that is shown?
- A. It configures SSH globally for all logins.
- B. It tells the router or switch to try to establish an SSh connection first and if that fails to use Telnet.
- C. It configures the virtual terminal lines with the password 030752180500.
- D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual terminal ports.*
- E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.
Secure Shell (SSH) is a protocol Which provides a secure remote access connection to network devices.
Communication between the client and server is encrypted in both SSH version 1 and SSH version 2. If you want to prevent non-SSH connections, add the “transport input ssh” command under the lines to limit the router to SSH connections only. Straight (non-SSH) Telnets are refused.
Reference: www.cisco.com/warp/public/707/ssh.shtml
VI.46. Which command encrypts all plaintext passwords?
- A. Router# service password-encryption
- B. Router(config)# password-encryption
- C. Router(config)# service password-encryption*
- D. Router# password-encryption
VI.47. What will be the result if the following configuration commands are implemented on a Cisco switch?
- A. A dynamically learned MAC address is saved in the startup-configuration file.
- B. A dynamically learned MAC address is saved in the running-configuration file.*
- C. A dynamically learned MAC address is saved in the VLAN database.
- D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
- E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.
VI.48. Refer to exhibit. A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this failure?
- A. A Level 5 password is not set.
- B. An ACL is blocking Telnet access.
- C. The vty password is missing.*
- D. The console password is missing.
message to users trying to telnet to this router.
VI.49. When you are troubleshooting an ACL issue on a router, Which command would you use to verify Which interfaces are affected by the ACL?
- A. show ip access-lists
- B. show access-listsC. show interface
- D. show ip interface*
- E. list ip interface
VI.50. Refer to the exhibit. An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?
- A. no ip access-class 102 in
- B. no ip access-class 102 out
- C. no ip access-group 102 in
- D. no ip access-group 102 out*
- E. no ip access-list 102 in
For the network 192.168.1.62/27:
Increment: 32
Network address: 192.168.1.32
Broadcast address: 192.168.1.63
For the network 192.168.1.65/27:Increment: 32
Network address: 192.168.1.64
Broadcast address: 192.168.1.95
-> These two IP addresses don’t belong to the same network and they can’t see each other
VI.51. Refer to the exhibit. Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?
- A. ACDB
- B. BADC
- C. DBAC
- D. CDBA*
VI.52. What are two characteristics of SSH? (Choose two.)
- A. most common remote-access method
- B. unsecured
- C. encrypted*
- D. uses port 22*
- E. operates at the transport layer
VI.53. Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)
- A. source ip address: 192.168.15.5; destination port: 21
- B. source ip address:, 192.168.15.37 destination port: 21
- C. source ip address:, 192.168.15.41 destination port: 21
- D. source ip address:, 192.168.15.36 destination port: 23*
- E. source ip address: 192.168.15.46; destination port: 23*
- F. source ip address:, 192.168.15.49 destination port: 23
VI.54. Refer to the graphic. It has been decided that Workstation 1 should be denied access to Server1. Which of the following commands are required to prevent only Workstation 1 from accessing Server1 while allowing all other traffic to flow normally? (Choose two.)
Correct Answer: BC
VI.55. An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect?
- A. access-list 10 permit 172.29.16.0 0.0.0.255
- B. access-list 10 permit 172.29.16.0 0.0.1.255
- C. access-list 10 permit 172.29.16.0 0.0.3.255*
- D. access-list 10 permit 172.29.16.0 0.0.15.255
- E. access-list 10 permit 172.29.0.0 0.0.255.255
VI.56. A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?
- A. access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any*
- B. access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- C. access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
- D. access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
VI.57. As a network administrator, you have been instructed to prevent all traffic originating on the LAN from entering the R2 router. Which the following command would implement the access list on the interface of the R2 router?
- A. access-list 101 in
- B. access-list 101 out
- C. ip access-group 101 in*
- D. ip access-group 101 out
VI.58. The access control list shown in the graphic has been applied to the Ethernet interface of router R1 using the ip access-group 101 in command. Which of the following Telnet sessions will be blocked by this ACL? (Choose two.)
- A. from host A to host 5.1.1.10
- B. from host A to host 5.1.3.10*
- C. from host B to host 5.1.2.10
- D. from host B to host 5.1.3.8*
- E. from host C to host 5.1.3.10
- F. from host F to host 5.1.1.10
VI.59. The following access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29 LAN: access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any How will the above access lists affect traffic?
- A. FTP traffic from 192.169.1.22 will be denied
- B. No traffic, except for FTP traffic will be allowed to exit E0
- C. FTP traffic from 192.169.1.9 to any host will be denied
- D. All traffic exiting E0 will be denied*
- E. All FTP traffic to network 192.169.1.9/29 will be denied
VI.60. The following configuration line was added to router R1 Access-list 101 permit ip 10.25.30.0 0.0.0.255 any. What is the effect of this access list configuration?
- A. permit all packets matching the first three octets of the source address to all destinations*
- B. permit all packet matching the last octet of the destination address and accept all source addresses
- C. permit all packet matching the host bits in the source address to all destinations
- D. permit all packet from the third subnet of the network address to all destinations
VI.61. This graphic shows the results of an attempt to open a Telnet connection to router ACCESS1 from router Remote27
Which of the following command sequences will correct this problem?
Correct Answer: C
VI.62. What are two recommended ways of protecting network device configuration files from outside network security threats? (Choose two.)
-
- A. Allow unrestricted access to the console or VTY ports.
B. Use a firewall to restrict access from the outside to the network devices.
-
- C. Always use Telnet to access the device command line because its data is automatically encrypted.
D. Use SSH or another encrypted and authenticated transport to access device configurations.
- E. Prevent the loss of passwords by disabling password encryption.
VI.63. Refer to the exhibit. What is the result of setting the no login command?
Router#config t Router(config)#line vty 0 4 Router(config-line)#password c1sc0 Router(config-line)#no login
- A. Telnet access is denied.
- B. Telnet access requires a new password at the first login.
- C. Telnet access requires a new password.
- D. no password is required for telnet access.*
VI.64. Which identification number is valid for an extended ACL?
- A. 1
- B. 64
- C. 99
- D. 100*
- E. 299
- F. 1099
| Access list type | Range |
| Standard | 1-99, 1300-1999 |
| Extended | 100-199, 2000-2699 |
In most cases we only need to remember 1-99 is dedicated for standard access lists while 100 to 199 is dedicated for extended access lists.
VI.65. Which statement about named ACLs is true?
- A. They support standard and extended ACLs.*
- B. They are used to filter usernames and passwords for Telnet and SSH.
- C. They are used to filter Layer 7 traffic.
- D. They support standard ACLs only.
- E. They are used to rate limit traffic destined to targeted networks.
VI.66. Which two values are needed to run the APIC-EM ACL Analysis tool ?(choose two)
- destination address*
- destination port
- periodic refresh intervlan
- source address*
- protocol
- source port
VI.67. Which command sets and automatically encrypts the privileged enable mode password?
- A. enable password cisco
- B. secret enable cisco
- C. password enable cisco
- D. enable secret cisco*
VI.68. The enable secret command is used to secure access to Which CLI mode?
- A. user EXEC mode
- B. global configuration mode
- C. privileged EXEC mode *
- D. auxiliary setup mode
VI.69. Which two statements about stateful firewalls in an enterprise network are true?
- A. They can use information about previous packets to make decisions about future packets.*
- B. They are most effective when placed in front of the router connected to the Internet.
- C. they are more susceptible to DoS attacks than stateless firewalls.
- D. they can track the number of active TCP connections.*
- E. They can filter HTTP and HTTPS traffic in the inbound direction only.
VI.70. Which type of access list compares source and destination IP addresses?
- A. standard
- B. extended*
- C. reflexive
- D. IP named
VI.71. Which two descriptions of TACACS+ are true? (Choose two.)
- A. It encrypts only the password.
- B. It can authorize specific router commands.*
- C. It separates authentication, authorization, and accounting functions.*
- D. It uses UDP as its transport protocol.
- E. It combines authentication and authorization.
VI.72. Which condition indicates that service password-encryption is enabled?
- The local username password is in clear text in the configuration.
- The enable secret is in clear text in the configuration.
- The local username password is encrypted in the configuration.*
- The enable secret is encrypted in the configuration.
VI.73. Which command can you use to test whether a switch supports secure connections and strong authentication?
- Router#ssh –v 1 –l admin 10.1.1.1
- Switch>ssh –v 1 –l admin 10.1.1.1
- Switch#ssh –l admin 10.1.1.1
- Router>ssh –v 2 –l admin10.1.1.1*
VI.74. Which port security mode can assist with troubleshooting by keeping count of violations?
- access.
- protect.
- restrict.*
- shutdown.
VI.75. DRAG DROP. An interface has been configured with the access list that is shown below. On the basis of that access list,drag each information packet on the left to the appropriate category on the right.
Select and Place:
Correct Answer:
VI.76. Which range represents the standard access list?
- 99*
- 150
- 299
- 2000
| Access list type | Range |
| Standard | 1-99, 1300-1999 |
| Extended | 100-199, 2000-2699 |
VI.77. Which of the following encrypts the traffic on a leased line?
- telnet
- ssh*
- vtp
- vpn
- dmvpn
Note: Virtual Private Networks (VPNs) are only secure if encrypted. The word “private” only means a given user’s virtual network is not shared with others. In reality a VPN still runs on a shared infrastructure and is not secured if not encrypted. VPNs are used over a connection you already have. That might be a leased line. It might be an ADSL connection. It could be a mobile network connection.
Therefore answer “SSH” is still better than the answer “VPN”.
VI.78. A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions?
- Monitor mode*
- High-Security mode
- Low-impact mode
- Closed mode
+ Monitor mode
+ Low impact mode
+ High security mode
Monitor mode allows for the deployment of the authentication methods IEEE 802.1X without any effect to user or endpoint access to the network. Monitor mode is basically like placing a security camera at the door to monitor and record port access behavior.
With AAA RADIUS accounting enabled, you can log authentication attempts and gain visibility into who and what is connecting to your network with an audit trail. You can discover the following:
+ Which endpoints such as PCs, printers, cameras, and so on, are connecting to your network
+ Where these endpoints connected
+ Whether they are 802.1X capable or not
+ Whether they have valid credentials
+ In the event of failed MAB attempts, whether the endpoints have known, valid MAC addresses
Monitor mode is enabled using 802.1X with the open access and multiauth mode Cisco IOS Software features enabled, as follows:
sw(config-if)#authentication open
sw(config-if)#authentication host-mode multi-auth
For more information about each mode, please read this article: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Phased_Deploy/Phased_Dep_Guide.html
VI.79. What are two statements for SSH? (Choose two.)
- A. use port 22*
- B. unsecured
- C. encrypted*
- D. most common remote-access method
- E. operate at transport
VI.80. Which command shows your active Telnet connections?
- show cdp neigbors
- show session*
- show users
- show vty logins
VI.81. Which IPsec security protocol should be used when confidentiality is required?
- MD5
- PSK
- AH
- ESP*
ESP can provide the properties authentication, integrity, replay protection, and confidentiality of the data (it secures everything in the packet that follows the IP header).
AH provides authentication, integrity, and replay protection (but not confidentiality) of the sender.
VI.82. What are two characteristics of Telnet? (Choose two.)
- A. It sends data in clear text format.*
- B. It is no longer supported on Cisco network devices.
- C. It is more secure than SSH.
- D. It requires an enterprise license in order to be implemented.
- E. It requires that the destination device be configured to support Telnet connections.*
VI.83. Which protocol authenticates connected devices before allowing them to access the LAN?
- A. 802.1d
- B. 802.11
- C. 802.1w
- D. 802.1x*
802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN. The term ‘supplicant’ is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The authenticator is a network device, such as an Ethernet switch or wireless access point; and the authentication server is typically a host running software supporting the RADIUS and EAP protocols.
The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity hasbeen validated and authorized. An analogy to this is providing a valid visa at the airport’s arrival immigration before being allowed to enter the country. With 802.1X port-based authentication, the supplicant provides credentials, such as user name/password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification. If the authentication server determines the credentials are valid, the supplicant (client device) is allowed to access resources located on the protected side of the network.
VI.84. Refer to the exhibit. You have determined that computer A cannot ping computer B. Which reason for the problem is most likely true?
- The computer B default gateway address is incorrect.
- The computer B subnet mask is incorrect.
- The computer A subnet mask is incorrect.
- The computer A default gateway address is incorrect.*
VI.85. Which IEEE mechanism is responsible for the authentication of devices when they attempt to connect to a local network?
- 802.1x*
- 802.11
- 802.2x
- 802.3x
VI.86. Which two values must you specify to perform an ACL-based Path Trace using APIC-EM? (Choose two.)
- A. source IP address*
- B. destination port
- C. destination IP address*
- D. source interface
- E. source port
VI.87. Which two services can be provided by a wireless controller? (Choose two.)
- A. Layer 3 routing between wired and wireless devices
- B. providing authentication services to users*
- C. mitigating threats from the Internet
- D. issuing IP addresses to wired devices*
- E. managing interference in a dense network
VI.88. Which of the following privilege level is the most secured?
- Level 0
- Level 1
- Level 15*
- Level 16
+ User EXEC mode (privilege level 1): provides the lowest EXEC mode user privileges and allows only user-level commands available at the Router> prompt.
+ Privileged EXEC mode (privilege level 15): includes all enable-level commands at the Router# prompt. Level 15 users can execute all commands and this is the most secured and powerful privilege level.
However, there are actually 16 privilege levels available on the CLI, from 0 to 15 and you can assign users to any of those levels. Zero-level access allows only five commands -logout, enable, disable, help, and exit. User level (level 1) provides very limited read-only access to the router, and privileged level (level 15) provides complete control over the router.
Section VII: Infrastructure Management
VII.1. Which command is used to show the interface status of a router?
- show interface status
- show ip interface brief*
- show ip route
- show interface
VII.2. After you configure the Loopback0 interface, Which command can you enter to verify the status of the interface and determine whether fast switching is enabled?
- Router#show ip interface loopback 0*
- Router#show run
- Router#show interface loopback 0
- Router#show ip interface brief
Router2901#sh int g0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is c471.fe99.9999 (bia c471.fe99.9999)
Description: Lan
Internet address is 10.1.1.1/25
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/61/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 39000 bits/sec, 30 packets/sec
5 minute output rate 73000 bits/sec, 37 packets/sec
41068530 packets input, 3905407112 bytes, 0 no buffer
Received 8678853 broadcasts (0 IP multicasts)
0 runts, 0 giants, 45 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 79853 multicast, 0 pause input
39267208 packets output, 2262399504 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
79926 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Router2901#
Router2901 ip int g0/0
GigabitEthernet0/0 is up, line protocol is up
Internet address is 10.1.1.1/25
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Secondary address 192.168.1.7/24
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, CAR, MCI Check
Output features: NAT Inside, Common Flow Table, Stateful Inspection, NAT ALG proxy, CAR
Post encapsulation features: CAR
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
Router2901#
VII.3. In Which CLI configuration mode can you configure the hostname of a device?
- line mode
- interface mode
- global mode*
- router mode
VII.4. Which command can you use to set the hostname on a switch?
- A. switch-mdf-c1(config)#hostname switch-mdf1*
- B. switch-mdf-c1>hostname switch-mdf1
- C. switch-mdf-c1#hostname switch-mdf1
- D. switch-mdf-c1(config-if)#hostname switch-mdf1
VII.5. Which logging command can enable administrators to correlate syslog messages with millisecond precision?
- no logging console
- logging buffered 4
- no logging monitor
- service timestamps log datetime mscec*
- logging host 10.2.0.21
VII.6. Which function of the IP SLAs ICMP jitter operation can you use to determine whether a VoIP issue is caused by excessive end-to-end time?
- packet loss
- jitter
- successive packet loss
- round-trip time latency*
VII.7. Which two statements about northbound and southbound APIs are true? (Choose two.)
- Only southbound APIs allow program control of the network.
- Only northbound APIs allow program control of the network.*
- Only southbound API interfaces use a Service Abstraction Layer.*
- Only northbound API interfaces use a Service Abstraction Layer.
- Both northbound and southbound API interfaces use a Service Abstraction Layer.
- Both northbound and southbound APIs allow program control of the network.
The northbound APIs on an SDN controller enable applications and orchestration systems to program the network and request services from it.
Southbound interfaces are implemented with a Service Abstraction Layer (SAL) Which speak to network devices using SNMP and CLI (Command Line Interface) of the elements that make up the network. The main functions of SAL are:
+ Expose device services and capabilities to apps
+ Determine how to fulfill requested service irrespective of the underlying protocol
Note:
+ An API is a method for one application (program) to exchange data with another application.
+ Interface here refers to the “software interface”, not the physical interfaces.
VII.8. While viewing the running configuration of a router, you observe the command logging trap warning. Which syslog messages will the router send?
- A. levels 1-4
- B. levels 0-4*
- C. levels 0-5
- D. warnings only
- E. levels 1-5
VII.9. Which statement about SNMPv2 is true?
- Its privacy algorithms use MD5 encryption by default.
- it requires passwords to be encrypyed.
- Its authetication and privacy algorithms are enable without default values.*
- It requires passwords at least eight characters en length.
VII.10. Which two statements about the extended traceroute command are true? (Choose two.)
- A. It can validate the reply data.
- B. It can be repeated automatically at a specified interval.
- C. It can send packets from a specified interface or IP address.*
- D. It can use a specified ToS.
- E. It can use a specified TTL value.*
VII.11. Refer to the exhibit. You have determined that computer A cannot ping computer B. Which reason for the problem is most likely true?
- The computer B default gateway address is incorrect.
- The computer B subnet mask is incorrect.
- The computer A subnet mask is incorrect.
- The computer A default gateway address is incorrect.*
VII.12. If you configure syslog messages without specifying the logging trap level, Which log messages will the router send?
- informational messages only
- warning and error conditions only
- normal but significant conditions only
- error conditions only
- all levels except debugging*
| Level | Keyword | Description |
| 0 | emergencies | System is unusable |
| 1 | alerts | Immediate action is needed |
| 2 | critical | Critical conditions exist |
| 3 | errors | Error conditions exist |
| 4 | warnings | Warning conditions exist |
| 5 | notification | Normal, but significant, conditions exist |
| 6 | informational | Informational messages |
| 7 | debugging | Debugging messages |
The highest level is level 0 (emergencies). The lowest level is level 7. By default, the router will send informational messages (level 6). That means it will send all the syslog messages from level 0 to 6.
VII.13. Which two statements about syslog logging are true?
- Syslog logging is disabled by default
- Messages are stored in the internal memory of device*
- Messages can be erased when device reboots*
- Messages are stored external to the device
- The size of the log file is dependent on the resources of the device.
The syslog messages are stored in the internal buffer of the device. The buffer size is limited to few kilobytes. However, when the device reboots, these syslog messages are lost -> B is correct; C is correct; D is not correct.
VII.14. What is the purpose of the POST operation on a router?
- determine whether additional hardware has been added*
- locate an IOS image for booting
- enable a TFTP server
- set the configuration register
1. Run POST to check hardware
2. Search for a valid IOS (the Operating System of the router)
3. Search for a configuration file (all the configurations applied to this router)
VII.15. Which function does the IP SLAs ICMP Echo operation perform to assist with troubleshooting?
- A. packet-loss detection*
- B. congestion detection
- C. hop-by-hop response time
- D. one way jitter measurements
VII.16. Which three commands can you use to set a router boot image? (Choose three.)
- Router(config)# boot system flash c4500-p-mz.121-20.bin*
- Router(config)# boot system tftp c7300-js-mz.122-33.SB8a.bin*
- Router(config)#boot system rom c7301-advipservicesk9-mz.124-24.T4.bin*
- Router> boot flash:c180x-adventerprisek9-mz-124-6T.bin
- Router(config)#boot flash:c180x-adventerprisek9-mz-124-6T.bin
- Router(config)#boot bootldr bootflash:c4500-jk9s-mz.122-23f.bin
+ flash
+ rom
+ tftp
+ ftp
+ IP address (IP address of the server containing the system image file)
Therefore answers A, B, C are correct.
VII.17. A Cisco router is booting and has just completed the POST process. It is now ready to find and load an IOS image. What function does the router perform next?
- It checks the configuration register.*
- It attempts to boot from a TFTP server.
- It loads the first image file in flash memory.
- It inspects the configuration file in NVRAM for boot instructions.
The Power-On Self Test (POST) checks the router’s hardware. When the POST completes successfully, the System OK LED indicator comes on.
The router checks the configuration register to identify where to load the IOS image from. A setting of 0×2102 means that the router will use information in the startup-config file to locate the IOS image. If the startup-config file is missing or does not specify a location, it will check the following locations for the IOS image:
1. Flash (the default location)
2. TFTP server
3. ROM (used if no other source is found)
The router loads the configuration file into RAM (Which configures the router). The router can load a configuration file from:
+ NVRAM (startup-configuration file)
+ TFTP server
If a configuration file is not found, the router starts in setup mode.
VII.18. If you are configuring syslog messages specifying `logging trap warning’, Which log messages will the router send?
- 0-4*
- 0-5
- 0-2
- 0-6
- 0-1
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages
VII.19. Which function does the IP SLA ICMP ECHO operation perform to assist with troubleshooting?
- A. packet-loss detection
- B. congestion detection
- C. hop-by-hop response time
- D. one way jitter measurements
VII.20. If you configure syslog messages without specifying the logging trap level, Which log messages will the router send?
- 0-4
- 0-5
- 0-2
- 0-6*
- 0-1
Emergency: 0
Alert: 1
Critical: 2
Error: 3
Warning: 4
Notice: 5
Informational: 6
Debug: 7
VII.21. Which command can you execute to set the user inactivity timer to 10 seconds?
- SW1(config-line)#exec-timeout 0 10*
- SW1(config-line)#exec-timeout 10
- SW1(config-line)#absolute-timeout 0 10
- SW1(config-line)#absolute-timeout 10
exec-timeout minutes [seconds]
Therefore we need to use the “exec-timeout 0 10” command to set the user inactivity timer to 10 seconds.
VII.22. How do you configure a hostname?
- A. Router(config)#hostname R1*
- B. Router#hostname R1
- C. Router(config)#host name R1
- D. Router>hostname R1
VII.23. Which command is necessary to permit SSH or Telnet access to a cisco switch that is otherwise configured for these vty line protocols?
- transport type all
- transport output all
- transport preferred all
- transport input all*
VII.24. Which two Cisco IOS commands, used in troubleshooting, can enable debug output to a remote location? (Choose two)
- no logging console
- logging host ip-address*
- terminal monitor*
- show logging | redirect flashioutput.txt
- snmp-server enable traps syslog
The command “logging host ip-address” instructs the device to send syslog messages to an external syslog server -> B is correct.
The “show logging | redirect flashioutput.txt” command will put the text file in the router flash memory because we did not specify a remote location (like tftp) -> D is not correct.
The command “snmp-server enable traps syslog” instructs the device to send syslog messages to your network management server as SNMP traps instead of syslog packets. This command itself does not enable debug output to a remote location -> E is not correct.
By default, Cisco IOS does not send log messages to a terminal session over IP, that is, telnet or SSH connections don’t get log messages. But notice that console connections on a serial cable do have logging enabled by default. The command “terminal monitor” helps logging messages appear on the your terminal. First we don’t think this is a correct answer but after reading the question again, we believe it is a suitable one as a Telnet/SSH session may be considered a “remote location” -> C is correct.
VII.25. Which two options are features of the extended ping command? (Choose two.)
- A. It can send a specific number of packets*
- B. It can send packet from specified interface of IP address*
- C. It can resolve the destination host name
- D. It can ping multiple host at the same time
- E. It can count the number of hops to the remote host.
In which:
+ Repeat count [5]: Number of ping packets that are sent to the destination address. The default is 5 -> A is correct.
+ Source address or interface: The interface or IP address of the router to use as a source address for the probes -> B is correct.
For more information about extended ping, please read: http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13730-ext-ping-trace.html
VII.26. What is the cause of the Syslog output messages?
- The EIGRP neighbor on Fa0/1 went down due to a failed link.
- The EIGRP neighbor connected to Fa0/1 is participating in a different EIGRP process, causing the adjacency to go down.
- A shut command was executed on interface Fa0/1, causing the EIGRP adjacency to go down.*
- Interface Fa0/1 has become error disabled, causing the EIGRP adjacency to go down.
VII.27. Why is flash memory erased prior to upgrading the IOS image from the TFTP server?
- The router cannot verify that the Cisco IOS image currently in flash is valid.
- Flash memory on Cisco routers can contain only a single IOS image.
- Erasing current flash content is requested during the copy dialog.*
- In order for the router to use the new image as the default, it must be the only IOS image in flash.
Note: In this case, the flash has enough space to copy a new IOS without deleting the current one. The current IOS is deleted just because the administrator wants to do so. If the flash does not have enough space you will see an error message like this:
| %Error copying tftp://192.168.2.167/ c1600-k8sy-mz.l23-16a.bin (Not enough space on device) |
VII.28. In Which two situations should you use out-of-band management?
- when a network device fails to forward packets*
- when you require ROMMON access*
- when management applications need concurrent access to the device
- when you require administrator access from multiple locations
- when the control plane fails to respond
VII.29. Which command can you enter to configure a local username with an encrypted password and EXEC mode user privileges?
- Router(config)#username jdone privilege 1 password 7 08314D5D1A48*
- Router(config)#username jdone privilege 1 password 7 PASSWORD1
- Router(config)#username jdone privilege 15 password 0 08314D5D1A48
- Router(config)#username jdone privilege 15 password 0 PASSWORD1
username bill password westward
And the system display this command as follows:
username bill password 7 21398211
The encrypted version of the password is 21398211. The password was encrypted by the Cisco-defined encryption algorithm, as indicated by the “7”.
However, if you enter the following command: “username bill password 7 21398211”, the system determines that the password is already encrypted and performs no encryption. Instead, it displays the command exactly as you entered it.
VII.30. Which statement about the IP SLAs ICMP Echo operation is true?
- The frequency of the operation .s specified in milliseconds.
- It is used to identify the best source interface from Which to send traffic.
- It is configured in enable mode.
- It is used to determine the frequency of ICMP packets.*
VII.31. What are three components that comprise the SNMP framework? (Choose three)
- MIB*
- manager*
- supervisor
- agent*
- set
- AES
VII.32. Which command can be used from a PC to verify the connectivity between hosts that connect through a switch in the same LAN?
- ping address*
- tracert address
- traceroute address
- arp address
Note: “traceroute” command has the same function of the “tracert” command but it is used on Cisco routers only, not on a PC.
VII.33. What command instructs the device to timestamp Syslog debug messages in milliseconds?
- service timestamps log datetime localtime
- service timestamps debug datetime msec*
- service timestamps debug datetime localtime
- service timestamps log datetime msec
(Reference: http://www.cisco.com/c/en/us/td/docs/ios/fundamentals/command/reference/cf_book/cf_r1.html#wp1030116)
VII.34. Which command can you enter on a switch to determine the current SNMP security model?
- show snmp group*
- show snmp pending
- snmp-server contact
- show snmp engineID
The command “show snmp group” displays the names of groups on the router and the security model, the status of the different views, and the storage type of each group. Below is an example of this command.
VII.35. Which statement about upgrading a cisco IOS device with TFTP server ?
- the operation is performed in active mode
- the operation is performed in unencrypted format
- the operation is performed in passive mode
- the cisco IOS device must be on the same LAN as the TFTP server*
– Configure a default gateway on the router.
– Make sure that the server and the router each have an IP address in the same network or subnet.
The first option implies the router can be in a different subnet from the TFTP server -> D is not correct.
TFTP has no encryption process so answer B is correct.
VII.36. Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose three.)
- SNMPv3 enhanced SNMPv2 security features*
- SNMPv3 added the Inform protocol message to SNMP.
- SNMPv2 added the Inform protocol message to SNMP*
- SNMPv3 added the GetBulk protocol messages to SNMP
- SNMPv2 added the GetBulk protocol message to SNMP.*
- SNMPv2 added the GetNext protocol message to SNMP.
(Reference: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-3/snmpv3.html)
The two additional messages are added in SNMP2 (compared to SNMPv1)
GetBulkRequest The GetBulkRequest message enables an SNMP manager to access large chunks of data. GetBulkRequest allows an agent to respond with as much information as will fit in the response PDU. Agents that cannot provide values for all variables in a list will send partial information. -> E is correct.
InformRequest The InformRequest message allows NMS stations to share trap information. (Traps are issued by SNMP agents when a device change occurs.) InformRequest messages are generally used between NMS stations, not between NMS stations and agents. -> C is correct.
Note: These two messages are carried over SNMPv3.
VII.37. Which command do use we to see SNMP version
- show snmp pending*
- show snmp engineID
- snmp-server something
- http://bbs.hh010.com
Router# show snmp pending req id: 47, dest: 171.69.58.33.161, V2C community: public, Expires in 5 secs req id: 49, dest: 171.69.58.33.161, V2C community: public, Expires in 6 secs req id: 51, dest: 171.69.58.33.161, V2C community: public, Expires in 6 secs req id: 53, dest: 171.69.58.33.161, V2C community: public, Expires in 8 secs
Note:
The “show snmp engineID” displays the identification of the local SNMP engine and all remote engines that have been configured on the router. The following example specifies 00000009020000000C025808 as the local engineID and 123456789ABCDEF000000000 as the remote engine ID, 171.69.37.61 as the IP address of the remote engine (copy of SNMP) and 162 as the port from Which the remote device is connected to the local device:
Router# show snmp engineID Local SNMP engineID: 00000009020000000C025808 Remote Engine ID IP-addr Port 123456789ABCDEF000000000 171.69.37.61 162
VII.38. Which feature can you use to restrict SNMP queries to a specific OID tree?
- server group
- a community
- a view record*
- an access group
Router(config)# snmp-server view view-name oid-tree {included | excluded}
Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.html
VII.39. What authentication type is used by SNMPv2 ?
- username and password
- community strings*
- HMAC-MD5
- HMAC-SHA
VII.40. Which two IP SLA operations can you use to measure the end-to-end response time for all IP traffic between a Cisco router and an end device ?(choose two)
- A. ICMP path echo*
- B. UDP echo
- C. ICMP path jitter
- D. UDP jitter
- E. TCP connect
- F. ICMP echo*
VII.41. DRAG DROP. Drag and drop the extended traceroute options from the left onto the correct descriptions on the right.
Select and Place:
Correct Answer:
VII.42. Refer to the exhibit. The technician wants to upload a new IOS in the router while keeping the existing IOS. What is the maximum size of an IOS file that could be loaded if the original IOS is also kept in flash?
- A. 3 MB
- B. 4 MB*
- C. 5 MB
- D. 7 MB
- E. 8 MB
VII.43. Before installing a new, upgraded version of the IOS, what should be checked on the router, and Which command should be used to gather this information? (Choose two.)
- A. the amount of available ROM
- B. the amount of available flash and RAM memory*
- C. the version of the bootstrap software presents on the router
- D. show version*
- E. show processes
- F. show running-config
VII.44. Which command reveals the last method used to powercycle a router?
- A. show reload
- B. show boot
- C. show running-config
- D. show version*
VII.45. Which command would you use on a Cisco router to verify the Layer 3 path to a host?
- A. tracert address
- B. traceroute address*
- C. telnet address
- D. ssh address
VII.46. Refer to the exhibit. A network administrator configures a new router and enters the copy startup- config running-config command on the router. The network administrator powers down the router and sets it up at a remote location. When the router starts, it enters the system configuration dialog as shown. What is the cause of the problem?
- A. The network administrator failed to save the configuration.*
- B. The configuration register is set to 0x2100.
- C. The boot system flash command is missing from the configuration.
- D. The configuration register is set to 0x2102.
- E. The router is configured with the boot system startup command.
VII.47. Which two locations can be configured as a source for the IOS image in the boot system command? (Choose two.)
- A. RAM
- B. NVRAM
- C. flash memory*
- D. HTTP server
- E. TFTP server*
- F. Telnet server
1. + Flash (the default location)
2. + TFTP server3. + ROM (used if no other source is found)
VII.48. Refer to the exhibit. For what two reasons has the router loaded its IOS image from the location that is shown? (Choose two.)
- A. Router1 has specific boot system commands that instruct it to load IOS from a TFTP server.*
- B. Router1 is acting as a TFTP server for other routers.
- C. Router1 cannot locate a valid IOS image in flash memory.*
- D. Router1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server.
- E. Cisco routers will first attempt to load an image from TFTP for management purposes.
Booting up the router and locating the Cisco IOS
1. POST (power on self test)
2. Bootstrap code executed
3. Check Configuration Register value (NVRAM) Which can be modified using the config-register command
0 = ROM Monitor mode
1 = ROM IOS
2 – 15 = startup-config in NVRAM
4. Startup-config filE. Check for boot system commands (NVRAM) If boot system commands in startup-config
a. Run boot system commands in order they appear in startup-config to locate the IOS b. [If boot system commands fail, use default fallback sequence to locate the IOS (Flash, TFTP, ROM)?] If no boot system commands in startup-config use the default fallback sequence in locating the IOS:
a. Flash (sequential)
b. TFTP server (netboot)
c. ROM (partial IOS) or keep retrying TFTP depending upon router model
5. If IOS is loaded, but there is no startup-config file, the router will use the default fallback sequence for locating the IOS and then it will enter setup mode or the setup dialogue.
VII.49. Refer to the exhibit. What can be determined about the router from the console output?
- A. No configuration file was found in NVRAM.*
- B. No configuration file was found in flash.
- C. No configuration file was found in the PCMCIA card.
- D. Configuration file is normal and will load in 15 seconds.
we want to enter the initial configuration dialog or not.
VII.50. What is a global command?
- A. a command that is set once and affects the entire router*
- B. a command that is implemented in all foreign and domestic IOS versions
- C. a command that is universal in application and supports all protocols
- D. a command that is available in every release of IOS, regardless of the version or deployment status
- E. a command that can be entered in any configuration mode
VII.51. What are three factors a network administrator must consider before implementing Netflow in the network?
- A. CPU utilization*
- B. where Netflow data will be sent*
- C. number of devices exporting Netflow data*
- D. port availability
- E. SNMP version
- F. WAN encapsulation
VII.52. What SNMP message alerts the manager to a condition on the network?
- trap*
- get
- response
- capture
VII.53. What are three reasons to collect Netflow data on a company network? (Choose three.)
- A. To identify applications causing congestion.*
- B. To authorize user network access.
- C. To report and alert link up / down instances.
- D. To diagnose slow network performance, bandwidth hogs, and bandwidth utilization.*
- E. To detect suboptimal routing in the network.
- F. To confirm the appropriate amount of bandwidth that has been allocated to each Class of Service.*
VII.54. What Netflow component can be applied to an interface to track IPv4 traffic?
- A. flow monitor*
- B. flow record
- C. flow sampler
- D. flow exporter
Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, Which is configured for the flow monitor and stored in the flow monitor cache.
For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible
NetFlow flow monitor configuration mode:
Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)#
VII.55. Which command displays CPU utilization?
- A. show protocols
- B. show process*
- C. show system
- D. show version
A more friendly way to check the CPU utilization is the command “show processes cpu history”, in Which the total CPU usage on the router over a period of time: one minute, one hour, and 72 hours are clearly shown:
+ The Y-axis of the graph is the CPU utilization.+ The X-axis of the graph is the increment within the period displayed in the graph For example, from the last graph (last 72 hours) we learn that the highest CPU utilization within 72 hours is 37% about six hours ago.
VII.56. Which router IOS commands can be used to troubleshoot LAN connectivity problems? (Choose three.)
- A. ping*
- B. tracert
- C. ipconfig
- D. show ip route*
- E. winipcfg
- F. show interfaces*
winipcfg are PC commands, not IOS.
VII.57. Syslog was configured with a level 3 trap. Which 4 types of logs would be generated (Choose four.)
- A. Emergencies*
- B. Alerts*
- C. Critical*
- D. Errors*
- E. Warnings
The Message Logging is divided into 8 levels as listed below:
Level Keyword Description
0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist 6 informational Informational messages
7 debugging Debugging messages
The highest level is level 0 (emergencies). The lowest level is level 7. If you specify a level with the “logging console level” command, that level and all the higher levels will be displayed.
For example, by using the “logging console warnings” command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed.
VII.58. What are the benefit of using Netflow? (Choose three.)
- A. Network, Application & User Monitoring*
- B. Network Planning
- C. Security Analysis*
- D. Accounting/Billing*
VII.59. Which protocol can cause overload on a CPU of a managed device?
- A. Netflow
- B. WCCP
- C. IP SLA
- D. SNMP*
Sometimes, messages like this might appear in the router console:
%SNMP-3-CPUHOG: Processing [chars] of [chars]
They mean that the SNMP agent on the device has taken too much time to process a request.
You can determine the cause of high CPU use in a router by using the output of the show process cpu command.
Note: A managed device is a part of the network that requires some form of monitoring and management (routers, switches, servers, workstations, printers…).
VII.60. What are the three things that the Netflow uses to consider the traffic to be in a same flow? (Choose three.)
- A. IP address*
- B. Interface name
- C. Port numbers*
- D. L3 protocol type*
- E. MAC address
What is an IP Flow?
Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets. Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes.
IP Packet attributes used by NetFlow:
+ IP source address
+ IP destination address
+ Source port
+ Destination port
+ Layer 3 protocol type
+ Class of Service
+ Router or switch interface
VII.61. What is the alert message generated by SNMP agents called?
- A. TRAP*
- B. INFORM*
- C. GET
- D. SET
A TRAP is a SNMP message sent from one application to another (Which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they’re unacknowledged so you don’t actually know if the remote application received your oh-so-important message to it. SNMPv2 PDUs fixed this by introducing the notion of an INFORM, Which is nothing more than an acknowledged TRAP.
VII.62. Which three features are added in SNMPv3 over SNMPv2? (Choose three.)
- A. Message Integrity*
- B. Compression
- C. Authentication*
- D. Encryption*
- E. Error Detection
VII.63. Which three statements about Syslog utilization are true? (Choose three.)
- Utilizing Syslog improves network performance
- The Syslog server automatically notifies the network administrator of network problems
- A Syslog server provides the storage space necessary to store log files without using router disk space*
- There are more Syslog messages available within Cisco IOS than there are comparable SNMP trap messages.*
- Enabling Syslog on a router automatically enables NTP for accurate time stamping
- A Syslog server helps in aggregation of logs and alerts.*
VII.64. A network administrator enters the following command on a router:logging trap 3 . What are three message types that will be sent to the Syslog server?(choose three)
- warning
- informational
- error*
- emergency*
- debug
- critical*
VII.65. What is the default Syslog facility level?
- A. local4
- B. local5
- C. local6
- D. local7*
VII.66. What is the cause of the Syslog output messages?
- The EIGRP neighbor on Fa0/1 went down due to a failed link.
- The EIGRP neighbor connected to Fa0/1 is participating in a different EIGRP process, causing the adjacency to go down.
- A shut command was executed on interface Fa0/1, causing the EIGRP adjacency to go down.*
- Interface Fa0/1 has become error disabled, causing the EIGRP adjacency to go down.
VII.67. What Cisco IOS feature can be enabled to pinpoint an application that is causing slow network performance?
- A. SNMP
- B. Netflow*
- C. WCCP
- D. IP SLA
VII.68. What command visualizes the general NetFlow data on the command line?
- A. show ip flow export
- B. show ip flow top-talkers
- C. show ip cache flow*
- D. show mls sampling
- E. show mls netflow ip
VII.69. What are three values that must be the same within a sequence of packets for Netflow to consider them a network flow? (Choose three.)
- A. source IP address*
- B. source MAC address
- C. egress interface
- D. ingress interface*
- E. destination IP address*
- F. IP next-hop
VII.70. Which three are the components of SNMP? (Choose three)
- A. MIB*
- B. SNMP Manager*
- C. SysLog Server
- D. SNMP Agent*
- E. Set
SNMP is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network.
The SNMP framework has three parts:
+ An SNMP manager
+ An SNMP agent
+ A Management Information Base (MIB)
The SNMP manager is the system used to control and monitor the activities of network hosts using SNMP.
The most common managing system is called a Network Management System (NMS). The term NMS can be applied to either a dedicated device used for network management, or the applications used on such a device.
A variety of network management applications are available for use with SNMP. These features range from simple command-line applications to feature-rich graphical user interfaces (such as the CiscoWorks2000 line of products).
The SNMP agent is the software component within the managed device that maintains the data for the device and reports these data, as needed, to managing systems. The agent and MIB reside on the routing device (router, access server, or switch). To enable the SNMP agent on a Cisco routing device, you must define the relationship between the manager and the agent.
The Management Information Base (MIB) is a virtual information storage area for network management information, Which consists of collections of managed objects.
VII.71. What are the Popular destinations for syslog messages to be saved?
- A. Flash
- B. The logging buffer .RAM*
- C. The console terminal*
- D. Other terminals
- E. Syslog server*
By default, switches send the output from system messages and debug privileged EXEC commands to a logging process. The logging process controls the distribution of logging messages to various destinations, such as the logging buffer (on RAM), terminal lines (console terminal), or a UNIX syslog server, depending on your configuration. The process also sends messages to the console.
Note: Syslog messages can be written to a file in Flash memory although it is not a popular place to use. We can configure this feature with the command logging file flash:filename.
VII.72. What levels will be trapped if the administrator executes the command router(config)# logging trap 4? (Choose four.)
- A. Emergency*
- B. Notice
- C. Alert*
- D. Error*
- E. Warning*
The Message Logging is divided into 8 levels as listed below:
Level Keyword Description
0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist 6 informational Informational messages 7 debugging
Debugging messages
If you specify a level with the “logging trap level” command, that level and all the higher levels will be logged.
For example, by using the “logging trap 4 command, all the logging of emergencies, alerts, critical, errors,
warnings will be logged.
VII.73. When upgrading the IOS image, the network administrator receives the exhibited error message. What could be the cause of this error?
- A. The new IOS image is too large for the router flash memory.
- B. The TFTP server is unreachable from the router.*
- C. The new IOS image is not correct for this router platform.
- D. The IOS image on the TFTP server is corrupt.
- E. There is not enough disk space on the TFTP server for the IOS image.
VII.74. Refer to the exhibit. What could be possible causes for the “Serial0/0 is down” interface status? (Choose two.)
- A. A Layer 1 problem exists.*
- B. The bandwidth is set too low.
- C. A protocol mismatch exists.
- D. An incorrect cable is being used.*
- E. There is an incorrect IP address on the Serial 0/0 interface.
VII.75. Refer to the exhibit. What does the address 192.168.2.167 represent?
- A. the TFTP server from Which the file startup-config is being transferred
- B. the router from Which the file startup-config is being transferred
- C. the TFTP server from Which the file router-confg is being transferred
- D. the TFTP server to Which the file router-confg is being transferred*
- E. the router to Which the file router-confg is being transferred
- F. the router to Which the file startup-config is being transferred
VII.76. How can an administrator determine if a router has been configured when it is first powered up?
- A. A configured router prompts for a password.
- B. A configured router goes to the privileged mode prompt.
- C. An unconfigured router goes into the setup dialog.*
- D. An unconfigured router goes to the enable mode prompt.
VII.77. Which two commands can you enter to verify that a configured NetFlow data export is operational? (Choose two.)
- A. show ip flow export*
- B. show ip cache flow*
- C. ip flow ingress
- D. ip flow egress
- E. interface ethernet 0/0
- F. ip flow-export destination
VII.78. What is the first step you perform to configure an SNMPv3 user?
- A. Configure server traps.
- B. Configure the server group.*
- C. Configure the server host.
- D. Configure the remote engine ID.
Router(config)# snmp-server group MyGroup v3 auth access snmp_ac
In this example, the SNMP server group MyGroup is configured to enable user authentication for members of the named access list snmp_acl.
VII.79. A network administrator has configured access list 173 to prevent Telnet and ICMP traffic from reaching a server with the address of 192.168.13.26. Which commands can the administrator issue to verify that the access list is working properly? (Choose three.)
- A. Router# ping 192.168.13.26*
- B. Router# debug access-list 173
- C. Router# show open ports 192.168.13.26
- D. Router# show access-lists*
- E. Router# show ip interface*
VII.80. DRAG DROP. Drag and drop the descriptions of performing an initial device configuration from the left onto the correct features or components on the right.
Select and Place:
Correct Answer:
VII.81. DRAG DROP. Drag and drop the descriptions of logging from the left onto the correct logging features or components on the right.
Select and Place:
Correct Answer:
VII.82. DRAG DROP. You are performing the initial configuration on a new Cisco device. Drag the task from the left onto the required or optional category on the right.
Select and Place:
Correct Answer:
https://www.cisco.com/c/en/us/td/docs/routers/access/2900/hardware/installation/guide/
Hardware_Installation_Guide/Configure.html#91811
VII.83. DRAG DROP. Drag and drop the network programmability features from the left onto the correct description on the right.
Select and Place:
Correct Answer:
VII.84. Which configuration register value can you set on a Cisco device so that it ignores the NVRAM when it boots?
- 0x2124
- 0x2120
- 0x2142*
- 0x2102
VII.85. Which version of SNMP first allowed user-based access?
- A. SNMPv3 with RBAC
- B. SNMPv3*
- C. SNMPv1
- D. SNMPv2
VII.86. Which two criteria must be met to support the ICMP echo IP SLA? (Choose two)
- The destination device must support the echo protocol*
- default gateway must be configured for the source and destination devices
- The source device must be running Layer 2 services.
- The source and destination devices must be Cisco devices
- The source device must be a Cisco device but the destination device can be from any vendor*
VII.87. Which two characteristics of an ICMP echo-based IP SLA are true? (Choose two)
- It can use RSPAN to report network statistics to a designated remote port
- It aggregates traffic statistics for reporting on a configurable basis
- It requires a remote device to log and maintain collected data
- It measures traffic to determine the reliability of a connection from a Cisco router to a designated end device*
- It generates continuous traffic to monitor network performance*
VII.88. Which two commands can you use to verify an IP SLA? (Choose two.)
- A. show ip sla application*
- B. show ip sla history
- C. show ip sla configuration*
- D. show ip sla reaction-configuration
- E. show ip sla statistics
VII.89. Which effect of the terminal monitor command is true?
- A. It displays the configuration of the syslog server
- B. It configures a syslog server
- C. It configures the device to log messages to the console*
- D. It puts the device into global configuration mode
VII.90. Which command is configured on a switch to enable neighbor discovery in a multivendor environment?
- A. lldp run*
- B. lldp transmit
- C. lldp receive
- D. cdp run
VII.91. Which API uses HTTP messages to transfer data to applications residing on different hosts?
- A. OpenStack
- B. REST*
- C. OpenFlow
- D. OpFlex
VII.92. You are configuring an IP SLA ICMP Echo operation to troubleshoot a network connectivity issue. When do you enter an IP address to test the IP SLA?
- A. when you define the ICMP Echo operation*
- B. when you enable the ICMP Echo operation
- C. when you verify the IP SLA operation
- D. when you specify the test frequency
Section VIII. New Questions
VIII.1. What IP SLA ICMP Echo measures?
- A. Packet loss
- B. Congestion
- C. Hop-by-hop “something”
- D. End-to-end response time*
- E. ?
An IP SLA can be used to performs network performance monitoring, including measure the latency, packet loss, jitter and response time in the network. The example below shows how to configure an IP SLA ICMP Echo (send an ICMP request to 192.168.1.254 every 300 second with a timeout of 500ms):
Device(config)#ip sla 1 Device(config-ip-sla)#icmp-echo 192.168.1.254 Device(config-ip-sla-echo)#frequency 300 //send an ICMP Device(config-ip-sla-echo)#timeout 500 Device(config-ip-sla-echo)#exit Device(config)#ip sla schedule 1 start-time now
VIII.2. What are types of IPv6 static routes? (Choose Three )
- Recursive routes*
- Directly connected routes*
- Fully specified routes*
- Advertised routes
- Virtual links
- Redistributed routes
ipv6 route 2001:DB8::/32 gigabitethernet1/0/0
The example specifies that all destinations with address prefix 2001:DB8::/32 are directly reachable through interface GigabitEthernet1/0/0.
Recursive Static Routes: In a recursive static route, only the next hop is specified. The output interface is derived from the next hop. This example shows such a definition:
ipv6 route 2001:DB8::/32 2001:DB8:3000:1
This example specifies that all destinations with address prefix 2001:DB8::/32 are reachable via the host with address 2001:DB8:3000:1.
Fully Specified Static Routes: In a fully specified static route, both the output interface and the next hop are specified. This form of static route is used when the output interface is a multi-access one and it is necessary to explicitly identify the next hop. The next hop must be directly attached to the specified output interface. The following example shows a definition of a fully specified static route:
ipv6 route 2001:DB8:/32 gigabitethernet1/0/0 2001:DB8:3000:1
A fully specified route is valid (that is, a candidate for insertion into the IPv6 routing table) when the specified IPv6 interface is IPv6-enabled and up.
Besides three of the static IPv routes, there is one more type of IPv6 static route, that is Floating Static Routes (static route with a higher administrative distance than the dynamic routing