Cisco CCNA 200-125 Exam Dumps Latest – New Questions & Answers

Section I: Network Fundamentals

I.1. In which two formats can the IPv6 address fd15:0db8:0000:0000:0700:0003:400F:572B be written? (Choose two.)

  • A. fd15:0db8:0000:0000:700:3:400F:527B*
  • B. fd15:0db8::7:3:4F:527B
  • C. fd15::db8::700:3:400F:527B
  • D. fd15:db8::700:3:400F:572B*
  • E. fd15:db8:0::700:3:4F:527B
Show (Hide) Explanation/Reference
In this case we use two rules:

+ Leading zeros in a field are optional
+ Successive fields of 0 are represented as ::, but only once in an address

If you are not sure about IPV6, please read our IPv6 tutorial.

I.2. What are three characteristics of the TCP protocol? (Choose three.)

  • It uses a single SYN-ACK message to establish a connection.
  • The connection is established before data is transmitted.*
  • It ensures that all data is transmitted and received by the remote device.*
  • It supports significantly higher transmission speeds than UDP.
  • It requires applications to determine when data packets must be retransmitted.
  • It uses separate SYN and ACK messages to establish a connection.*
Show (Hide) Explanation/Reference

Note: Answer F is not correct because TCP does not require applications to determine the retranmission. TCP itself will determine if the data packets should be retransmitted or not.

I.3. DRAG DROP. Drag and drop the Ethernet terms from the left onto the correct descriptions on the right.

Select and Place:

Correct Answer:

I.4. Refer to the exhibit

All of the routers in the network are configured with the ip subnet-zero command. Which network addresses should be used for Link A and Network A? (Choose two.)

  • Link A ­ 172.16.3.0/30*
  • Link A ­ 172.16.3.112/30
  • Network A ­ 172.16.3.48/26
  • Network A ­ 172.16.3.128/25*
  • Link A ­ 172.16.3.40/30
  • Network A ­ 172.16.3.192/26
Show (Hide) Explanation/Reference
Network A needs 120 hosts < 128 = 27 -> Need a subnet mask of 7 bit 0s -> “/25″.

Because the ip subnet-zero command is used, network 172.16.3.0/30 can be used.

Answer E “Link A – 172.16.3.40/30″ is not correct because this subnet belongs to MARKETING subnet (172.16.3.32/27).
Answer F “Link A – 172.16.3.112/30″ is not correct because this subnet belongs to ADMIN subnet (172.16.3.96/27).

I.5. Which type of device can be replaced by the use of subinterfaces for VLAN routing?

  • Layer 2 bridge
  • Layer 2 switch
  • Layer 3 switch*
  • router

I.6. What are two benefits of private IPv4 IP addresses? (Choose two.)

  • They are routed the same as public IP addresses.
  • They are less costly than public IP addresses.*
  • They can be assigned to devices without Internet connections.*
  • They eliminate the necessity for NAT policies.
  • They eliminate duplicate IP conflicts.
Show (Hide) Explanation/Reference
Usually using private IPv4 addresses in a organization is free so surely they are less costly than public IP addresses which you have to buy -> B is correct.

Also we can use private IPv4 addresses to devices that do not need to connect to the Internet because Internet requires public IPv4 addresses -> C is correct.

Answer D is not correct as we still need to use NAT policies to limit which private IPv4 addresses in our company can access our resources.

I.7. Which two server types are used to support DNS lookup? (Choose two.)

  • web server
  • ESX host
  • authoritative name server*
  • file transfer server
  • name resolver*

I.8. Which three statements about IPv6 prefixes are true? (Choose three.)

  • FEC0::/10 is used for IPv6 broadcast.
  • FC00::/7 is used in private networks.*
  • FE80::/8 is used for link-local unicast.
  • FE80::/10 is used for link-local unicast.*
  • 2001::1/127 is used for loopback addresses.
  • FF00::/8 is used for IPv6 multicast.*
Show (Hide) Explanation/Reference
Below is the list of common kinds of IPv6 addresses:

Loopback address ::1
Link-local address FE80::/10
Site-local address FEC0::/10 (but it is deprecated and replaced with FC00::/7 for used in private networks)
Global address 2000::/3
Multicast address FF00::/8

I.9. Refer to the exhibit

The network administrator cannot connect to Switch 1 over a Telnet session, although the hosts attached to Switch1 can ping the interface Fa0/0 of the router. Given the information in the graphic and assuming that the router and Switch2 are configured properly, which of the following commands should be issued on Switch1 to correct this problem?

  • Switch1(config)# ip default-gateway 192.168.24.1*
  • Switch1(config)# interface fa0/1Switch1(config-if)# switchport mode trunk
  • Switch1(config)# line con0Switch1(config-line)# password ciscoSwitch1(config-line)# login
  • Switch1(config)# interface fa0/1Switch1(config-if)# ip address 192.168.24.3 255.255.255.0
  • Switch1(config)# interface fa0/1Switch1(config-if)# duplex fullSwitch1(confiq-if)# speed 100

I.10. Which two statements about IPv6 and routing protocols are true? (Choose two.)

  • Link-local addresses are used to form routing adjacencies.*
  • OSPFv3 was developed to support IPv6 routing.*
  • EIGRP, OSPF, and BGP are the only routing protocols that support IPv6.
  • Loopback addresses are used to form routing adjacencies.
  • EIGRPv3 was developed to support IPv6 routing.
Show (Hide) Explanation/Reference
Link-local addresses only used for communications within the local subnetwork (automatic address configuration, neighbor discovery, router discovery, and by many routing protocols). It is only valid on the current subnet. It is usually created dynamically using a link-local prefix of FE80::/10 and a 64-bit interface identifier (based on 48-bit MAC address).

I.11. What will happen if a private IP address is assigned to a public interface connected to an ISP?

  • Addresses in a private range will be not be routed on the Internet backbone.*
  • Only the ISP router will have the capability to access the public network.
  • The NAT process will be used to translate this address to a valid IP address.
  • A conflict of IP addresses happens, because other public routers can use the same range.

I.12. DRAG DROP. Refer to the exhibit.

Select and Place:

Correct Answer:

I.13. Which two statements about wireless LAN controllers are true? (Choose two.)

  • They can simplify the management and deployment of wireless LANs.*
  • They rely on external firewalls for WLAN security.
  • They are best suited to smaller wireless networks.
  • They must be configured through a GUI over HTTP or HTTPS.
  • They can manage mobility policies at a systemwide level.*
Show (Hide) Explanation/Reference
Cisco Wireless is designed to provide 802.11 wireless networking solutions for enterprises and service providers. Cisco Wireless simplifies deploying and managing large-scale wireless LANs and enables a unique best-in-class security infrastructure. The operating system manages all data client, communications, and system administration functions, performs radio resource management (RRM) functions, manages system-wide mobility policies using the operating system security solution, and coordinates all security functions using the operating system security framework.

Reference: http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-2/config-guide/b_cg82/b_cg82_chapter_01.html

I.14. Which step in the router boot process searches for an IOS image to load into the router?

  • bootstrap*
  • POST
  • mini-IOS
  • ROMMON mode
Show (Hide) Explanation/Reference
The following details the router boot process:

1. The router is powered on.

2. The router first runs Power-On Self Test (POST)

3. The bootstrap checks the Configuration Register value to specify where to load the IOS. By default (the default value of Configuration Register is 2102, in hexadecimal), the router first looks for “boot system” commands in startup-config file. If it finds these commands, it will run boot system commands in order they appear in startup-config to locate the IOS. If not, the IOS image is loaded from Flash . If the IOS is not found in Flash, the bootstrap can try to load the IOS from TFTP server or from ROM (mini-IOS).

4. After the IOS is found, it is loaded into RAM.

5. The IOS attempts to load the configuration file (startup-config) from NVRAM to RAM. If the startup-config is not found in NVRAM, the IOS attempts to load a configuration file from TFTP. If no TFTP server responds, the router enters Setup Mode (Initial Configuration Mode).

For more information about booting process please read our Cisco Router Boot Sequence tutorial.

I.15. Which protocol advertises a virtual IP address to facilitate transparent failover of a Cisco routing device?

  • FHRP*
  • DHCP
  • RSMLT
  • ESRP

Show (Hide) Explanation/Reference
First Hop Redundancy Protocol (FHRP) is a protocol that enables two or more devices to work together in a group, sharing a single IP address, the virtual IP address. One router is elected to handle all requests sent to the virtual IP address. With HSRP, this is the active router. An HSRP group has one active router and at least one standby router.

I.16. Refer to exhibit. Which command can you enter to verify link speed and duplex setting on the interface?

R1(config)#interface gigabitEthernet0/1 
R1(config-if)#ip address 192.168.1.1. 255.255.255.0 
R1(config-if)#speed 100 
R1(config-if)#duplex full
  • router#show ip protocols
  • router#show startup-config
  • router#show line
  • router#show interface gig 0/1*
Show (Hide) Explanation/Reference
The “show interfaces …” command gives us information about speed and duplex mode of the interface. In the output below, the link speed is 100Mbps and it is working in Full-duplex mode.

I.17. Which utility can you use to determine whether a switch can send echo requests and replies?

  • ping*
  • traceroute
  • ssh
  • telnet
Show (Hide) Explanation/Reference
“ping” command is used to send echo requests and receive echo replies.

I.18. If computer A is sending traffic to computer B, which option is the source IP address when a packet leaves R1 on interface F0/1?

  • IP address of the R2 interface F0/1
  • Ip address of computer B
  • Ip address of R1 interface F0/1
  • Ip address of Computer A*
Show (Hide) Explanation/Reference
In all the way on the path, the source and destination IP addresses never change, only the source and destination MAC address are changed on each segment.

I.19. Which functionality does split horizon provide?

  • It prevents switching loops in distance-vector protocols.
  • It prevents switching loops in link-state protocols.
  • It prevents routing loops in distance-vector protocols.*
  • It prevents routing loops in link-state protocols.

I.20. Which MAC protocol sets a random timer to reattempt communication ?

  • RARP
  • CSMA/CA
  • CSMA/CD*
  • IEEE 802.1x

I.21. How many host addresses are available on the network 192.168.1.0 subnet 255.255.255 240?

  • 6
  • 8
  • 14*
  • 16

I.22. Which two statements about unique local IPv6 addresses are true?

  • They are identical to IPv4 private addresses.*
  • They are defined by RFC 1884
  • They use the prefix FEC0::/10
  • They use the prefix FC00::/7*
  • They can be routed on the IPv6 global internet.
Show (Hide) Explanation/Reference
A IPv6 Unique Local Address is an IPv6 address in the block FC00::/7. It is the approximate IPv6 counterpart of the IPv4 private address. It is not routable on the global Internet.Note: In the past, Site-local addresses (FEC0::/10) are equivalent to private IP addresses in IPv4 but now they are deprecated.

I.23. If three devices are plugged into one port on a switch and two devices are plugged into a different port, how many collision domains are on the switch?

  • 2*
  • 4
  • 5
  • 6

I.24. DRAG DROP. Drag the cable type on the left to the purpose for which is the best suited on the right. Not all options are used.

Select and Place:

Correct Answer:

I.25. DRAG DROP. Drag the IPv6 multicast address type on the left to their purpose on the right..

Select and Place:

Correct Answer:

I.26. How does a router handle an incoming packet whose destination network is missing from the routing table?

  • it broadcast the packet to each interface on the router
  • it discards the packet*
  • it broadcasts the packet to each network on the router
  • it routes the packet to the default route
Show (Hide) Explanation/Reference
Change from “it discards the packet” to “it routes the packet to the default route” because there is new question Which definition of default route is true? with answer “A route used when a destination route is missing.”

I.27. Which two statements about Ethernet standards are true?(choose two)

  • Ethernet is defined by IEEE standard 802.2
  • Ethernet is defined by IEEE standard 802.3*
  • Ethernet 10BASE-T dose not support full-duplex.
  • When an Ethernet network uses CSMA/CD ,it terminates transmission as soon as collision occurs*
  • When an Ethernet network uses CSMA/CA ,it terminates transmission as soon as collision occurs

I.28. Which command enables IPv6 forwarding on a Cisco router?

  • ipv6 local
  • ipv6 host
  • ipv6 unicast-routing*
  • ipv6 neighbor
Show (Hide) Explanation/Reference
An example of configuring RIPng (similar to RIPv2 but is used for IPv6) is shown below:

Router(config)#ipv6 unicast-routing (Enables the forwarding of IPv6 unicast datagrams globally on the router)
Router(config)#interface fa0/0
Router(config-if)#ipv6 rip 9tut enable (9tut is the process name of this RIPng)

I.29. Refer to the exhibit. If R1 receives a packet destined to 172.16.1.1, to which IP address does it send the packet?

  • 192.168.14.4*
  • 192.168.12.2
  • 192.168.13.3
  • 192.168.15.5
Show (Hide) Explanation/Reference
It can’t find the address 172.16.1.1 so it will be directed to the Gate of last resort 192.168.14.4

I.30. What is known as “one-to-nearest” addressing in IPv6?

  • global unicast
  • anycast*
  • multicast
  • unspecified address

I.31. When a router is unable to find a known route in the routing table, how does it handle the packet?

  • It discards the packet*
  • It sends the packet over the route with the best metric
  • It sends the packet to the next hop address
  • It sends the packet to the gateway of last resort
Show (Hide) Explanation/Reference
In fact this question is not clear. If we understand that “router is unable to find a known route in the routing table” and there is no default route in the routing table then the router will surely discard the packet -> A is correct. But we are not sure if there is a default route or not so let learn more about gateway of last resort.

A Gateway of Last Resort is a route used by the router when no other known route exists to send the IP packet. For CCNA level, when ip routing feature is enabled, a gateway of last resort is usually created by:
+ The “ip default-network” command (but dynamic routing protocols have different behaviors). But in general, the “ip default-network” cannot set the gateway of last resort without a known route in the routing table.
+ Creating a static route to network 0.0.0.0 0.0.0.0 is another way to set the gateway of last resort on a router. This is the reason why this question is not clear as it does not tell us if a default route exists or not.

Maybe in this question a default route does not exist. Otherwise the author would notice and indicate it in the question.

For more information about Gateway of Last Resort, please read: http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html

I.32. If router R1 knows a static route to a destination network and then learns about the same destination network through a dynamic routing protocol, how does R1 respond?

  • It refuses to advertise the dynamic route to other neighbors
  • It sends a withdrawal signal to the neighboring router
  • It disables the routing protocol
  • It prefers the static route*
Show (Hide) Explanation/Reference
By default the administrative distance of a static route is 1, meaning it will be preferred over all dynamic routing protocols. If you want to have the dynamic routing protocol used and have the static route be used only as a backup, you need to increase the AD of the static route so that it is higher than the dynamic routing protocol.

I.33. Which option is the correct CIDR notation for 192.168.0.0 subnet 255.255.255.252?

  • /29
  • /30*
  • /31
  • /32

I.34. Which six-byte field in a basic Ethernet frame must be an individual address?

  • SOF
  • FCS
  • DA
  • SA*

Show (Hide) Explanation/Reference
The picture below shows the fields in IEEE 802.1Q frame.

The SA field is the source address field. The field should be set to the MAC address of the switch port that transmits the frame. It is a 48-bit value (6 bytes). The receiving device may ignore the SA field of the frame.

In fact there is another correct answer for this question: DA (Destination Address) which also consists of 6 bytes. Maybe there is a mistake or typo in this question.

Which statement a

I.35. If a router has four interfaces and each interface is connected to four switches, how many broadcast domains are present on the router?

  • 1
  • 2
  • 4*
  • 8
Show (Hide) Explanation/Reference
Remember that only route interface can separate broadcast domain (while switch interface separate collision domain) so the broadcast domains are equal to the number of router interfaces, which is four in this case.

I.36. Refer to the exhibit. What is the most appropriate summarization for these routes?

  • 10.0.0.0 /21
  • 10.0.0.0 /22*
  • 10.0.0.0 /23
  • 10.0.0.0 /24
Show (Hide) Explanation/Reference
The 10.0.0.0/22 subnet mask will include the 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 networks, and only those four networks.

I.37. What 8-bit field exists in IP packet for QoS?

  • Tos Field*
  • DSCP
  • IP Precedence
  • Cos
  • -ANOTHER OPTION-
Show (Hide) Explanation/Reference
The IP datagram header contains an 8-bit field called ToS (Type of Service). The field has been part of the IP header since the beginning, but it was rarely used until the recent introduction of Differentiated Services (Diff-Serv).

Note:
+ CoS does not exists in an IP header. It appears in the header of a 802.1Q frame only. CoS is used for QoS on a trunk link.
+ DSCP uses the first 6 bits of the TOS field.

I.38. What feature uses a random time to re-send a frame?

  • CSMA/CA
  • -ANOTHER OPTION-
  • -ANOTHER OPTION-
  • CSMA/CD*

I.39. Two hosts are attached to a switch with the default configuration. Which statement about the configuration is true?

  • IP routing must be enabled to allow the two hosts to communicate.
  • The two hosts are in the same broadcast domain.*
  • The switch must be configured with a VLAN to allow the two hosts to communicate.
  • Port security prevents the hosts from connecting to the switch.
Show (Hide) Explanation/Reference
All ports on a Layer 2 switch are in the same broadcast domain. Only router ports separate broadcast domains.

I.40. If a router has 3 hosts connected in one port and two other hosts connected in another port, how may broadcast domains are present on the router?

  • 5
  • 2*
  • 3
  • 4

I.41. What are three parts of an IPv6 global unicast address? (Choose three.)

  • an interface ID that is used to identify the local host on the network.*
  • an interface ID that is used to identify the local network for a particular host.
  • a subnet ID that is used to identify networks inside of the local enterprise site*
  • a global routing prefix that is used to identify the network portion of the address that has been provided by an ISP*
  • a global routing prefix that is used to identify the portion of the network address provided by a local administrator
Show (Hide) Explanation/Reference
IPv6 includes two different unicast address assignments:

+ Global unicast address
+ Link-local address

The global unicast address is globally unique in the Internet. The example IPv6 address that is shown below is a global unicast address.

Site prefix (global routing prefix): defines the public topology of your network to a router. You obtain the site prefix for your enterprise from an ISP or Regional Internet Registry (RIR).
Site Topology and Subnet ID: the subnet ID defines an administrative subnet of the network and is up to 16 bits in length. You assign a subnet ID as part of IPv6 network configuration. The subnet prefix defines the site topology to a router by specifying the specific link to which the subnet has been assigned
Interface ID: identifies an interface of a particular node. An interface ID must be unique within the subnet.

Reference: https://docs.oracle.com/cd/E23823_01/html/816-4554/ipv6-overview-10.html

I.42. You have been asked to come up with a subnet mask that will allow all three web servers to be on the same network while providing the maximum number of subnets. Which network address and subnet mask meet this requirement?

  • 192.168.252.0 255.255.255.252
  • 192.168.252.8 255.255.255.248*
  • 192.168.252.8 255.255.255.252
  • 192.168.252.16 255.255.255.240
  • 192.168.252.16 255.255.255.252

I.43. DRAG DROP. Drag and drop the IPv6 IP addresses from the left onto the correct IPv6 address types on the right.

Select and Place:

Correct Answer:

I.44. What is the correct routing match to reach 172.16.1.5/32?

  • 172.16.1.0/26*
  • 172.16.1.0/25
  • 172.16.1.0/24
  • the default route
Show (Hide) Explanation/Reference
Although all above answers are correct but 172.16.1.0/26 is the best choice as it is the most specific prefix-match one.

I.45. Which layer in the OSI reference model is responsible for determining the availability of the receiving program and checking to see if enough resources exist for that communication?

  • transport
  • network
  • presentation
  • session
  • application*

I.46. What are the address that will show at the show ip route if we configure the above statements? (Choose Three.)

  • 10.0.0.0*
  • 10.4.3.0
  • 172.15.4.0
  • 172.15.0.0*
  • 192.168.4.0*
  • 192.168.0.0
Show (Hide) Explanation/Reference
With auto-summary feature is turned on, EIGRP will summary these networks to their classful networks automatically. For example:

+ 172.15.4.0 belongs to class B so it will be summarized to 172.15.0.0
+ 10.4.3.0 belongs to class A so it will be summarized to 10.0.0.0
+ 192.168.4.0 belongs to class C so it will be summarized to 192.168.4.0 (same)

I.47. Which feature facilitates the tagging of frames on a specific VLAN?

  • Routing
  • Hairpinning
  • Encapsulation*
  • Switching

I.48. What does split horizon prevent?

  • routing loops, link state
  • routing loops, distance vector*
  • switching loops, STP
  • switching loops, VTP
Show (Hide) Explanation/Reference
Split horizon is used in distance vector routing protocols (like RIP, EIGRP) to prevent routing loops by prohibiting a router from advertising a route back to the interface from which it was learned.

I.49. Which IPV6 feature is supported in IPV4 but is not commonly used?

  • unicast
  • multicast
  • anycast*
  • broadcast
Show (Hide) Explanation/Reference
Only three connection types are commonly known and used in Internet Protocol version four (IPv4) networks: unicast, multicast and broadcast. A fourth connection type, Anycast, was unknown until IPv6 made it a standard connection type. Anycast is not standardized in IPv4 but can be emulated. IPv4 Anycast addressing is a good solution to provide localization for services and servers in order to obtain robustness, redundancy and resiliency.

The basic idea of Anycast is very simple: multiple servers, which share the same IP address, host the same service. The routing infrastructure sends IP packets to the nearest server (according to the metric of the routing protocol used). The major benefits of employing Anycast in IPv4 are improved latency times, server load balancing, and improved security.

Reference: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.116.6367&rep=rep1&type=pdf

I.50. What is the binary pattern of unique ipv6 unique local address?

  • 00000000
  • 11111100*
  • 11111111
  • 11111101
Show (Hide) Explanation/Reference
A IPv6 Unique Local Address is an IPv6 address in the block FC00::/7, which means that IPv6 Unique Local addresses begin with 7 bits with exact binary pattern as 1111 110 -> Answer B is correct.

Note: IPv6 Unique Local Address is the approximate IPv6 counterpart of the IPv4 private address. It is not routable on the global Internet.

I.51. Describe the best way to troubleshoot and isolate a network problem?

  • Create an action plan
  • Implement an action plan
  • Gather facts*
  • others
Show (Hide) Explanation/Reference
In fact all three of the above answers are in the problem-solving process but “gather facts” is at Step 2 while “Create an action plan” and “Implement an action plan” is at step 4 & 5 of this link http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1901.html

Step 2 Gather the facts that you need to help isolate possible causes.
Ask questions of affected users, network administrators, managers, and other key people. Collect information from sources such as network management systems, protocol analyzer traces, output from router diagnostic commands, or software release notes.

I.52. In which byte of an IP packet can traffic be marked?

  • the QoS byte
  • the CoS byte
  • the ToS byte*
  • the DSCP byte
Show (Hide) Explanation/Reference

I.53. What are two benefits of Private IPv4 Addresses? (Choose two.)

  • they can be implemented without requiring admin to coordinate with IANA*
  • they are managed by IANA
  • increase the flexibility of network design
  • provide network isloation from the internet*
  • they are routable over internet
Show (Hide) Explanation/Reference
http://smallbusiness.chron.com/advantages-disadvantages-using-private-ip-address-space-46424.html

I.54. How many bits represent network id in a IPv6 address?

  • 32
  • 48
  • 64*
  • 128
Show (Hide) Explanation/Reference
Each ISP receives a /32 and provides a /48 for each site-> every ISP can provide 2(48-32) = 65,536 site addresses (note: each network organized by a single entity is often called a site).

Each site provides /64 for each LAN -> each site can provide 2(64-48) = 65,536 LAN addresses for use in their private networks.
So each LAN can provide 264 interface addresses for hosts.

-> Global routing information is identified within the first 64-bit prefix.

Now let’s see an example of IPv6 prefix: 2001:0A3C:5437:ABCD::/64:

In this example, the RIR has been assigned a 12-bit prefix. The ISP has been assigned a 32-bit prefix and the site is assigned a 48-bit site ID. The next 16-bit is the subnet field and it can allow 216, or 65536 subnets. This number is redundant for largest corporations on the world!

The 64-bit left (which is not shown the above example) is the Interface ID or host part and it is much more bigger: 64 bits or 264 hosts per subnet! For example, from the prefix 2001:0A3C:5437:ABCD::/64 an administrator can assign an IPv6 address 2001:0A3C:5437:ABCD:218:34EF:AD34:98D to a host.

I.55. What layer of the OSI Model is included in TCP/IP Model’s INTERNET layer?

  • Application
  • Session
  • Data Link
  • Presentation
  • Network*
Show (Hide) Explanation/Reference
The Internet Layer in TCP/IP Model is equivalent to the Network Layer of the OSI Model.

I.56. Which two features can dynamically assign IPv6 addresses? (Choose two.)

  • IPv6 stateless autoconfiguration*
  • DHCP
  • NHRP
  • IPv6 stateful autoconfiguration*
  • ISATAP tunneling
Show (Hide) Explanation/Reference
Answer “DHCP” is not correct because DHCP can only assign IPv4 address. To assign IPv6 address, DHCPv6 should be used instead.

Answer “NHRP” is not correct because it is a protocol used in DMVPN.

Answer “ISATAP tunneling” is not correct because it is an IPv6 transition mechanism to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network.

The two types of autoconfiguration are “stateless” and “stateful.”

Stateful autoconfiguration is the IPv6 equivalent of DHCP. A new protocol, called DHCPv6 (and based closely on DHCP), is used to pass out addressing and service information in the same way that DHCP is used in IPv4. This is called “stateful” because the DHCP server and the client must both maintain state information to keep addresses from conflicting, to handle leases, and to renew addresses over time -> Answer “IPv6 stateful autoconfiguration” is correct.

Stateless Autoconfiguration allows an interface to automatically “lease” an IPv6 address and does not require the establishment of an server to delve out address space. Stateless autoconfiguration allows a host to propose an address which will probably be unique (based on the network prefix and its Ethernet MAC address) and propose its use on the network. Because no server has to approve the use of the address, or pass it out, stateless autoconfiguration is simpler. This is the default mode of operation for most IPv6 systems, including servers. So answer “IPv6 stateless autoconfiguration” is correct too.

I.57. How many usable host are there per subnet if you have the address of 192.168.10.0 with a subnet mask of 255.255.255.240?

  • 4
  • 8
  • 16
  • 14*
Show (Hide) Explanation/Reference
From the subnet mask of 255.255.255.240 (/28) we learn there are 24 – 2 = 14 hosts per subnet.

I.58. Which type of cable must you use to connect two devices with MDI interfaces?

  • rolled
  • crossover**
  • crossed
  • straight through
Show (Hide) Explanation/Reference
Use an Ethernet straight-through cable to connect an medium dependent interface (MDI) to an MDI-X port. Use a <strong>cross-over cable</strong> to connect an MDI to an MDI port, or an MDI-X to an MDI-X port.

Reference: <a href=”https://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5505guide/ASA5505HIG/pinouts.html” target=”_blank” rel=”noopener noreferrer”>https://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5505guide/ASA5505HIG/pinouts.html</a>

Note: MDI/MDIX is a type of Ethernet port connection using twisted pair cabling.

I.59. Which type of IPv6 address also exists in IPv4 but is barely used?

  • unicast
  • multicast
  • anycast**
  • broadcast

I.60. At which layer of the OSI model dose PPP perform?

  • Layer 2*
  • Layer 3
  • Layer 4
  • Layer 5
  • Layer 1

I.61. Which IPv6 header field is equivalent to the TTL?

  • Scan Timer.
  • TTD.
  • Flow Label.
  • Hop Limit.*
  • Hop Count.
Show (Hide) Explanation/Reference
This field is same as Time To Live (TTL) in IPv4, which is used to stop packet to loop in the network infinitely. The value of Hop Limit field is decremented by 1 when it passes a Layer 3 device (like a router). When this field reaches 0 the packet is dropped.

I.62. Which IP configuration does the CIDR notation 192.168.1.1/25 refer?

  • 192.168.1.1 255.255.255.64
  • 192.168.1.1 255.255.255.1
  • 192.168.1.1 255.255.255.32
  • 192.168.1.1 255.255.255.256
  • 192.168.1.1 255.255.255.128*
Show (Hide) Explanation/Reference
“/25” means 1111 1111.1111 1111.1000 0000 in binary or 255.255.255.128 in decimal.

I.63. Which option is the correct CIDR notation for 192.168.0.0 subnet 255.255.255.252?

  • 30*
  • 31
  • 32
  • 33

I.64. Which two functions can be performed by a local DNS server? (Choose two.)

  • assigning IP addresses to local clients
  • copying updated IOS images to Cisco switches
  • resolving names locally*
  • forwarding name resolution requests to an external DNS server*
  • transferring split horizon traffic between zones

I.65. Refer to the exhibit. Which three statements correctly describe Network Device A? (Choose three.)

  • With a network wide mask of 255.255.255.128, each interface does not require an IP address.
  • With a network wide mask of 255.255.255.128, each interface does require an IP address on a unique IP subnet.*
  • With a network wide mask of 255.255.255.0, must be a Layer 2 device for the PCs to communicate with each other.
  • With a network wide mask of 255.255.255.0, must be a Layer 3 device for the PCs to communicate with each other.*
  • With a network wide mask of 255.255.254.0, each interface does not require an IP address.*
Show (Hide) Explanation/Reference
The principle here is if the subnet mask makes two IP addresses 10.1.0.36 and 10.1.1.70 in the same subnet then the Network device A does not need to have IP addresses on its interfaces (and we don’t need a Layer 3 device here).

A quick way to find out the correct answers is notice that all 255.255.255.x subnet masks will separate these two IP addresses into two separate subnets so we need a Layer 3 device here and each interface must require an IP address on a unique IP subnet -> A, C are not correct while B, D are correct.

With 255.255.254.0 subnet mask, the increment here is 2 in the third octet -> the first subnet is from 10.1.0.0 to 10.1.1.255, in which two above IP addresses belong to -> each interface of Network device A does not require an IP address -> E is correct.

I.66. Which two tasks does a router perform when it receives a packet that is being forwarded from one network to another? (Choose two.)

  • It removes the Layer 2 frame header and trailer*
  • It encapsulates the Layer 2 packet
  • It removes the Layer 3 frame header and trailer
  • It examines the routing table for the best path to the destination IP address of the packet*
  • It examines the MAC address table for the forwarding interface

I.67. DRAG DROP. Drag and drop the application protocols from the left onto the transport protocols that is uses on the right.

Select and Place:

Correct Answer:

I.68. Which three encapsulation layers in the OSI model are combined into the TCP/IP application layer? (Choose three)

  • Session*
  • transport
  • presentation*
  • application*
  • data-link
  • network
Show (Hide) Explanation/Reference

I.69. When is the most appropriate time to escalate an issue that you troubleshooting?

  • A. When you lack the proper to resolve the issue*
  • B. When a more urgent issue that requires your intervention is detected
  • C. When you have gathered all information about an issue
  • D. When you have been unable to resolve the issue after 30 min
Show (Hide) Explanation/Reference
From this paragraph:

Step 2Resolve or escalate: Problem isolation should eventually uncover the root cause of the problem – that is, the cause which, if fixed, will resolve the problem. In short, resolving the problem means finding the root cause of the problem and fixing that problem. Of course, what do you do if you cannot find the root cause, or fix (resolve) that root cause once found? Escalate the problem. Most companies have a defined escalation process, with different levels of technical support and management support depending on whether the next step requires more technical expertise or management decision making.

Reference: ICND1 100-105 Official Cert Guide

Also from this link: http://www.ciscopress.com/articles/article.asp?p=1578504&seqNum=2

“After you have clearly defined the problem, you have one more step to take before starting the actual troubleshooting process. You must determine whether this problem is your responsibility or if it needs to be escalated to another department or person. For example, assume the reported problem is this: “When user Y tries to access the corporate directory on the company intranet, she gets a message that says permission is denied. She can access all other intranet pages.” You are a network engineer, and you do not have access to the servers. A separate department in your company manages the intranet servers. Therefore, you must know what to do when this type of problem is reported to you as a network problem. You must know whether to start troubleshooting or to escalate it to the server department. It is important that you know which type of problems is your responsibility to act on, what minimal actions you need to take before you escalate a problem, and how you escalate a problem.”

So we can say answer A is the most suitable choice.

I.70. Which address class includes network 191.168.0.1/27?

  • Class C
  • Class B*
  • Class D
  • Class A
Show (Hide) Explanation/Reference
This is a tricky question if you don’t have a close look on the network. The first octet is 191, not 192 so it belongs to class B, not class C.

I.71. Which RFC was created to alleviate the depletion of IPv4 public addresses?

  • RFC 4193
  • RFC 1519
  • RFC 1518 *
  • RFC 1918
Show (Hide) Explanation/Reference
The RFC 1518 is Classless Interdomain Routing (CIDR), which is created to save the IPv4 addresses because we can now assign IP addresses classless. Therefore, instead of assigning the whole block of a class B or C address, now smaller blocks of a class can be assigned. For example, instead of assigning a whole block of 200.1.45.0/24, a smaller block, like 200.1.45.0/27 or 200.1.45.32/27, can be assigned.

The RFC 1918 is Address Allocation for Private Internets, which reserves IP addresses for private and internal use. These addresses can be used for networks that do not need to connect to the Internet.

Therefore the RFC 1918 is the best choice to “alleviate the depletion of IPv4 public addresses”.

I.72. Which network topology allows all traffic to flow through a central hub?

  • bus
  • star*
  • mesh
  • ring
Show (Hide) Explanation/Reference
Star topology is the most popular topology for the network which allows all traffic to flow through a central device.

I.73. Which statement about a router on a stick is true?

  • Its date plane router traffic for a single VI AN over two or more switches.
  • It uses multiple subinterfaces of a single interface to encapsulate traffic for different VLANs on the same subnet
  • It requires the native VLAN to be disabled.
  • It uses multiple subinterfaces of a single interface to encapsulate traffic for different VLANs.*
Show (Hide) Explanation/Reference
https://www.freeccnaworkbook.com/workbooks/ccna/configuring-inter-vlan-routing-router-on-a-stick

I.74. Which component of the routing table ranks routing protocols according to their preferences?

  • administrative distance*
  • next hop
  • metric
  • routing protocol code
Show (Hide) Explanation/Reference
Administrative distance – This is the measure of trustworthiness of the source of the route. If a router learns about a destination from more than one routing protocol, administrative distance is compared and the preference is given to the routes with lower administrative distance. In other words, it is the believability of the source of the route

I.75. Which two options are the best reasons to use an IPV4 private IP space?(choose two)

  • to enable intra-enterprise communication*
  • to implement NAT
  • to connect applications
  • to conserve global address space*
  • to manage routing overhead

I.76. Assuming a subnet mask of 255.255.248.0, three of the following addresses are valid host addresses. Which are these addresses? (Choose three.)

  • 172.16.9.0*
  • 172.16.8.0
  • 172.16.31.0*
  • 172.16.20.0*
Show (Hide) Explanation/Reference
From the subnet mask of 255.255.248.0 we learn that the increment is 8 therefore 172.16.8.0 is a network address which cannot be assigned to a host. Other network addresses are 172.16.16.0, 172.16.24.0, 172.16.32.0… Notice that 172.16.31.0 is a valid host address (which belongs to 172.16.24.0 to 172.16.31.255 subnet).

I.77. Which entity assigns IPv6 addresses to end users?

  • ICANN
  • APNIC
  • RIR
  • ISPs*
Show (Hide) Explanation/Reference
According to the official IANA website “Users are assigned IP addresses by Internet service providers (ISPs). ISPs obtain allocations of IP addresses from a local Internet registry (LIR) or National Internet Registry (NIR), or from their appropriate Regional Internet Registry (RIR): https://www.iana.org/numbers

I.78. Which networking Technology is currently recognized as the standard for computer networking?

  • System network architecture
  • Transmission control protocol/Internet protocol*
  • Open system Interconnect
  • Open network architecture

I.79. Which two tasks does the Dynamic Host Configuration Protocol perform? (Choose two.) 

  • Set the IP gateway to be used by the network.
  • Perform host discovery used DHCPDISCOVER message.
  • Configure IP address parameters from DHCP server to a host.*
  • Provide an easy management of layer 3 devices.
  • Monitor IP performance using the DHCP server.
  • Assign and renew IP address from the default pool.*
Show (Hide) Explanation/Reference
Explanation:
The Dynamic Host Configuration Protocol (DHCP) is a network protocol used to configure devices that  are connected to a network (known as hosts) so they can communicate on that network using the  Internet Protocol (IP). It involves clients and a server operating in a client-server model. DHCP servers  assigns IP addresses from a pool of addresses and also assigns other parameters such as DNS and default  gateways to hosts. 

I.80. Which statement about IPv6 link-local addresses is true ?

  • They must be configured on all IPv6 interface*
  • They must be globally unique
  • They must be manually configured
  • They are advertised globally on the network
Show (Hide) Explanation/Reference
Link-local addresses refer only to a particular physical link and are used for addressing on a single link for purposes such as automatic address configuration and neighbor discovery protocol. Link-local addresses can be used to reach the neighboring nodes attached to the same link. The nodes do not need a globally unique address to communicate. Routers will not forward datagram using link-local addresses. All IPv6 enabled interfaces have a link-local unicast address.

A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format. Link-local addresses are not necessarily bound to the MAC address (configured in a EUI-64 format). Link-local addresses can also be manually configured in the FE80::/10 format using the “ipv6 address link-local” command.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/113328-ipv6-lla.html

In summary, if you do not configure a link-local on an IPv6 enabled interface, it will automatically use the FE80::/10 and the interface identifier in the modified EUI-64 format to form a link-local address.

I.81. Which header field is new on IPv6?

  • Version
  • Hop Limit
  • Flow Label*
  • Traffic Class
Show (Hide) Explanation/Reference
Only three connection types are commonly known and used in Internet Protocol version four (IPv4) networks: unicast, multicast and broadcast. A fourth connection type, Anycast, was unknown until IPv6 made it a standard connection type. Anycast is not standardized in IPv4 but can be emulated. IPv4 Anycast addressing is a good solution to provide localization for services and servers in order to obtain robustness, redundancy and resiliency.

The basic idea of Anycast is very simple: multiple servers, which share the same IP address, host the same service. The routing infrastructure sends IP packets to the nearest server (according to the metric of the routing protocol used). The major benefits of employing Anycast in IPv4 are improved latency times, server load balancing, and improved security.

Reference: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.116.6367&rep=rep1&type=pdf

I.82. Which two statements about access points are true? (Choose Two)

  • They can provide access within enterprises and to the public.
  • in Most cases, they are physically connected to other network devices to provide network connectivity*
  • They can protect a network from internal and external threats.
  • Most access points provide Wi-Fi and Bluetooth connectivity.*
  • They must be hardwired to a modem.

I.83. Which two statements describe characteristics of IPv6 unicast addressing? (Choose two.)

  • Global addresses start with 2000::/3.*
  • Link-local addresses start with FE00:/12.
  • Link-local addresses start with FF00::/10.
  • There is only one loopback address and it is ::1.*
  • If a global address is assigned to an interface, then that is the only allowable address for the interface.
Show (Hide) Explanation/Reference
Below is the list of common kinds of IPv6 addresses:

Loopback address ::1
Link-local address FE80::/10
Site-local address FEC0::/10
Global address 2000::/3
Multicast address FF00::/8

From the above table, we learn that A and D are correct while B and C are incorrect. Notice that the IPv6 unicast loopback address is equivalent to the IPv4 loopback address, 127.0.0.1. The IPv6 loopback address is 0:0:0:0:0:0:0:1, or ::1.

E is not correct because of anycast addresses which are indistinguishable from normal unicast addresses. You can think of anycast addresses like this: “send it to nearest one which have this address”. An anycast address can be assigned to many interfaces and the first interface receives the packet destined for this anycast address will proceed the packet. A benefit of anycast addressing is the capability to share load to multiple hosts. An example of this benefit is if you are a Television provider with multiple servers and you want your users to use the nearest server to them then you can use anycast addressing for your servers. When the user initiates a connection to the anycast address, the packet will be routed to the nearest server (the user does not have to specify which server they want to use).

I.84. Which three statements about IPv6 address fd14:920b:f83d:4079::/64 are true? (Choose two)

  • A. The subnet ID is 14920bf83d
  • B. The subnet ID is 4079*
  • C. The global ID is 14920bf83d
  • D. The address is a link-local address
  • E. The global ID is 4079
  • F. The address is a unique local address*
Show (Hide) Explanation/Reference
Let’s see an example of IPv6 prefix: 2001:0A3C:5437:ABCD::/64:

In this example, the RIR has been assigned a 12-bit prefix. The ISP has been assigned a 32-bit prefix and the site is assigned a 48-bit site ID. The next 16-bit is the subnet field and it can allow 216, or 65536 subnets. This number is redundant for largest corporations on the world!

The 64-bit left (which is not shown the above example) is the Interface ID or host part and it is much more bigger: 64 bits or 264 hosts per subnet!

Therefore in this question 4079 is the subnet ID. The FD14 prefix belongs to FC00::/7 which is an IPv6 Unique Local Address (The address block fc00::/7 is divided into two /8 groups which are FC00::/8 & FD00::/8)

I.85. Which tunneling mechanism embeds an IPv4 address within an IPv6 address?

  • Teredo
  • 6to4*
  • 4to6
  • GRE
  • ISATAP

I.86. Which of the following statements describe the network shown in the graphic? (Choose two.)

  • There are two broadcast domains in the network.*
  • There are four broadcast domains in the network.
  • There are six broadcast domains in the network.
  • There are four collision domains in the network.
  • There are five collision domains in the network.
  • There are seven collision domains in the network.*
Show (Hide) Explanation/Reference
Only router can break up broadcast domains so in the exhibit there are 2 broadcast domains: from e0 interface to the left is a broadcast domain and from e1 interface to the right is another broadcast domain -> A is correct.

Both router and switch can break up collision domains so there is only 1 collision domain on the left of the router (because hub doesn’t break up collision domain) and there are 6 collision domains on the right of the router (1 collision domain from e1 interface to the switch + 5 collision domains for 5 PCs in Production) -> F is correct.

I.87. Which protocol does ipv6 use to discover other ipv6 nodes on the same segment?

  • CLNS
  • TCPv6
  • NHRP
  • NDP
  • ARP**

I.88. What is the most efficient subnet mask for a point to point ipv6 connection?

  • /127*
  • /128
  • /64
  • /48
  • /32
Show (Hide) Explanation/Reference
On inter-router point-to-point links, it is useful, for security and other reasons, to use 127-bit IPv6 prefixes. Such a practice parallels the use of 31-bit prefixes in IPv4.

Reference: https://tools.ietf.org/html/rfc6164

I.89. What are three features of the IPV6 protocol?(choose three)

  • complicated header
  • plug-and-play*
  • no broadcasts*
  • checksums
  • optional IPsec
  • autoconfiguration**

I.90. Where does routing occur within the DoD TCP/IP reference model?

  • application
  • internet*
  • network
  • transport
Show (Hide) Explanation/Reference
The picture below shows the comparison between TCP/IP model & OSI model. Notice that the Internet Layer of TCP/IP is equivalent to the Network Layer which is responsible for routing decision.

I.91. Which address block identifies all link-local addresses?

  • FC00::/7
  • FC00::/8
  • FE80::/10*
  • FF00::/8
Show (Hide) Explanation/Reference
Link-local addresses only used for communications within the local subnetwork (automatic address configuration, neighbor discovery, router discovery, and by many routing protocols). It is only valid on the current subnet. It is usually created dynamically using a link-local prefix of FE80::/10 and a 64-bit interface identifier (based on 48-bit MAC address).

I.92. For which two reasons was RFC 1918 address space define (Choose two)

  • to preserve public IPv4 address space*
  • to reduce the occurrence of overlapping IP addresses*
  • to preserve public IPv6 address space
  • reduce the size of ISP routing tables
  • to support the NAT protocol
Show (Hide) Explanation/Reference
The RFC 1518 is Classless Interdomain Routing (CIDR). CIDR is a mechanism developed to help alleviate the problem of exhaustion of IP addresses and growth of routing tables.

The problems were:

+ With the classful routing system, individual networks were either limited to 254 hosts (/24) or 65,534 hosts (/16). For many network enterprises, 254 hosts were not enough and 65,534 were too large to be used efficiently.
+ Routing information overload. The size and rate of growth of the routing tables in Internet routers is beyond the ability of current software (and people) to effectively manage.
+ Eventual exhaustion of IP network numbers.

To solve these problem, CIDR was selected as the solution in 1992.

In contrast to classful routing, which categorizes addresses into one of three blocks, CIDR allows for blocks of IP addresses to be allocated to Internet service providers. The blocks are then split up and assigned to the provider’s customers.

According to the CIDR standard, the first part of an IP address is a prefix, which identifies the network. The prefix is followed by the host identifier so that information packets can be sent to particular computers within the network. A CIDR address includes the standard 32-bit IP address and also the network prefix. For example, a CIDR address of 200.1.45.2/26, the “/26” indicates the first 26 bits are used to identify the unique network, leaving the remaining bits to identify the specific hosts.

Therefore, instead of assigning the whole block of a class B or C address, now smaller blocks of a class can be assigned. For example, instead of assigning a whole block of 200.1.45.0/24, a smaller block, like 200.1.45.0/27 or 200.1.45.32/27, can be assigned.

I.93. In which two circumstances are private IPv4 addresses appropriate? (Choose two)

  • on internal hosts that stream data solely to external resources
  • on hosts that communicates only with other internal hosts*
  • on the public-facing interface of a firewall
  • on hosts that require minimal access to external resources*
  • to allow hosts inside an enterprise to communicate in both directions with hosts  outside the enterprise

I.94. DRAG DROP. Drag and drop the IEEE standard cable names from the left onto the correct cable types on the right.

Select and Place:

Correct Answer:

I.95. Which major IPv6 address type is supported in IPv4 but rarely used?

  • Broadcast
  • Anycast*
  • Unicast
  • Multicast

I.96. Refer to the exhibit, you determine that Computer A cannot ping Computer. Which reason for the problem is most likely true?

  • The Subnet mask for Computer A is incorrect.*
  • The default gateway address for Computer A is incorrect.
  • The subnet mask for computer B is incorrect.
  • The default gateway address for computer B is incorrect.
Show (Hide) Explanation/Reference
255.255.255.224 = /27

I.97. Which option is a valid IPv6 address?

  • 2001:0000:130F::099a::12a
  • 2002:7654:A1AD:61:81AF:CCC1
  • FEC0:2927:1860:W067::2A4
  • 2004:1:25A4:886F::1*

I.98. Refer to the exhibit. A new subnet with 60 hosts has been added to the network. Which subnet address should this network use to provide enough usable addresses while wasting the fewest addresses?

  • 192.168.1.56/27
  • 192.168.1.64/26*
  • 192.168.1.64/27
  • 192.168.1.56/26

I.99. DRAG DROP. A user is unable to connect to the Internet. Based on the layered approach to troubleshooting and beginning with the lowest layer, drag each procedure on the left to its proper category on the right.

Select and Place:

Correct Answer:

I.100. Refer to the exhibit. Which subnet mask will place all hosts on Network B in the same subnet with the least amount of wasted addresses?

  • 255.255.255.0
  • 255.255.254.0*
  • 255.255.252.0
  • 255.255.248.0
Show (Hide) Explanation/Reference
310 hosts < 512 = 29 -> We need a subnet mask of 9 bits 0 -> 1111 1111.1111 1111.1111 1110.0000 0000 -> 255.255.254.0

I.101. Which two are features of IPv6?(choose two)

  • multicast*
  • broadcast
  • allcast
  • podcast
  • anycast*
Show (Hide) Explanation/Reference
IPv6 addresses are classified by the primary addressing and routing methodologies common in networkinG.
unicast addressing, anycast addressing, and multicast addressing.

I.102. Given an IP address 172.16.28.252 with a subnet mask of 255.255.240.0, what is the correct network address?

  • 172.16.16.0*
  • 172.16.0.0
  • 172.16.24.0
  • 172.16.28.0
Show (Hide) Explanation/Reference
For this example, the network range is 172.16.16.1 – 172.16.31.254, the network address is 172.16.16.0 and
the broadcast IP address is 172.16.31.255.

I.103. Which IPv6 address is the equivalent of the IPv4 interface loopback address 127.0.0.1?

  • ::1*
  • ::
  • 2000::/3
  • 0::/10
Show (Hide) Explanation/Reference

In IPv6 the loopback address is written as,
This is a 128bit number, with the first 127 bits being ‘0’ and the 128th bit being ‘1’. It’s just a single address, so
could also be written as ::1/128.

I.104. You are working in a data center environment and are assigned the address range 10.188.31.0/23. You are asked to develop an IP addressing plan to allow the maximum number of subnets with as many as 30 hosts each. Which IP address range meets these requirements?

  • 10.188.31.0/26
  • 10.188.31.0/25
  • 10.188.31.0/25
  • 10.188.31.0/27*
  • 10.188.31.0/29
Show (Hide) Explanation/Reference
Each subnet has 30 hosts < 32 = 25 so we need a subnet mask which has at least 5 bit 0s -> /27. Also the
question requires the maximum number of subnets (which minimum the number of hosts- per-subnet) so /27
is the best choice -> .

I.105. A network administrator is verifying the configuration of a newly installed host by establishing an FTP connection to a remote server. What is the highest layer of the protocol stack that the network administrator is using for this operation?

  • application*
  • presentation
  • session
  • transport
  • internet
  • data link
Show (Hide) Explanation/Reference
FTP belongs to Application layer and it is also the highest layer of the OSI model.

I.106. A receiving host computes the checksum on a frame and determines that the frame is damaged. The frame is then discarded. At which OSI layer did this happen?

  • session
  • transport
  • network
  • data link*
  • physical
Show (Hide) Explanation/Reference
The Data Link layer provides the physical transmission of the data and handles error notification, network topology, and flow control. The Data Link layer formats the message into pieces, each called a data frame, and adds a customized header containing the hardware destination and source address. Protocols Data Unit (PDU) on Datalink layer is called frame. According to this question the frame is damaged and discarded which will happen at the Data Link layer.

I.107. Which two statements correctly describe steps in the OSI data encapsulation process? (Choose two.)

  • The transport layer divides a data stream into segments and may add reliability and flow control information.*
  • The data link layer adds physical source and destination addresses and an FCS to the segment.
  • Packets are created when the network layer encapsulates a frame with source and destination host addresses and protocol-related control information.
  • Packets are created when the network layer adds Layer 3 addresses and control information to a segment.*
  • The presentation layer translates bits into voltages for transmission across the physical link.
Show (Hide) Explanation/Reference
The Application Layer (Layer 7) refers to communications services to applications and is the interface between the network and the application. Examples include. Telnet, HTTP, FTP, Internet browsers, NFS, SMTP gateways, SNMP, X.400 mail, and FTAM. The Presentation Layer (Layer 6) defining data formats, such as ASCII text, EBCDIC text, binary, BCD, and JPEG. Encryption also is defined as a presentation layer service. Examples include. JPEG, ASCII, EBCDIC, TIFF, GIF, PICT, encryption, MPEG, and MIDI. The Session Layer (Layer 5) defines how to start, control, and end communication sessions.

This includes the control and management of multiple bidirectional messages so that the application can be notified if only some of a series of messages are completed. This allows the presentation layer to have a seamless view of an incoming stream of data. The presentation layer can be presented with data if all flows occur in some cases. Examples include. RPC, SQL, NFS, NetBios names, AppleTalk ASP, and DECnet SCP The Transport Layer (Layer 4) defines several functions, including the choice of protocols. The most important Layer 4 functions are error recovery and flow control. The transport layer may provide for retransmission, i.e., error recovery, and may use flow control to prevent unnecessary congestion by attempting to send data at a rate that the network can accommodate, or it might not, depending on the choice of protocols. Multiplexing of incoming data for different flows to applications on the same host is also performed. Reordering of the incoming data stream when packets arrive out of order is included. Examples include. TCP, UDP, and SPX.

The Network Layer (Layer 3) defines end-to-end delivery of packets and defines logical addressing to accomplish this. It also defines how routing works and how routes are learned; and how to fragment a packet into smaller packets to accommodate media with smaller maximum transmission unit sizes. Examples include. IP, IPX, AppleTalk DDP, and ICMP. Both IP and IPX define logical addressing, routing, the learning of routing information, and end-to-end delivery rules. The IP and IPX protocols most closely match the OSI network layer (Layer 3) and are called Layer 3 protocols because their functions most closely match OSI’s Layer 3. The Data Link Layer (Layer 2) is concerned with getting data across one particular link or medium. The data link protocols define delivery across an individual link. These protocols are necessarily concerned with the type of media in use. Examples includE. IEEE 802.3/802.2, HDLC, Frame Relay, PPP, FDDI, ATM,and IEEE 802.5/802.2.

I.108. Refer to the graphic. Host A is communicating with the server. What will be the source MAC address of the frames received by Host A from the server?

  • the MAC address of router interface e0*
  • the MAC address of router interface e1
  • the MAC address of the server network interface
  • the MAC address of host A
Show (Hide) Explanation/Reference
Whereas switches can only examine and forward packets based on the contents of the MAC header, routers can look further into the packet to discover the network for which a packet is destined. Routers make forwarding decisions based on the packet’s network-layer header (such as an IPX header or IP header). These network-layer headers contain source and destination network addresses. Local devices address packets to the router’s MAC address in the MAC header. After receiving the packets, the router must perform the following steps:

1. Check the incoming packet for corruption, and remove the MAC header. The router checks the packet for MAC-layer errors. The router then strips off the MAC header and examines the network- layer header to determine what to do with the packet.

2. Examine the age of the packet. The router must ensure that the packet has not come too far to be forwarded. For example, IPX headers contain a hop count. By default, 15 hops is the maximum number of hops (or routers) that a packet can cross. If a packet has a hop count of 15, the router discards the packet. IP headers contain a Time to Live (TTL) value. Unlike the IPX hop count, which increments as the packet is forwarded through each router, the IP TTL value decrements as the IP packet is forwarded through each router. If an IP packet has a TTL value of 1, the router discards the packet. A router cannot decrement the TTL value to 1 and then forward the packet.

3. Determine the route to the destination. Routers maintain a routing table that lists available networks, thedirection to the desired network (the outgoing interface number), and the distance to those networks. After determining which direction to forward the packet, the router must build a new header. (If you want to read the IP routing tables on a Windows 95/98 workstation, type ROUTE PRINT in the DOS box.)

4. Build the new MAC header and forward the packet. Finally, the router builds a new MAC header for the packet. The MAC header includes the router’s MAC address and the final destination’s MAC address or the MAC address of the next router in the path.

I.109. Refer to exhibit: Which destination addresses will be used by Host A to send data to Host C? (Choose two.)

  • the IP address of Switch 1
  • the MAC address of Switch 1
  • the IP address of Host C*
  • the MAC address of Host C
  • the IP address of the router’s E0 interface
  • the MAC address of the router’s E0 interface*
Show (Hide) Explanation/Reference
While transferring data through many different networks, the source and destination IP addresses are not changed. Only the source and destination MAC addresses are changed. So in this case Host A will use the IP address of Host C and the MAC address of E0 interface to send data. When the router receives this data, it replaces the source MAC address with it own E1 interface’s MAC address and replaces the destination MAC address with Host C’s MAC address before sending to Host C.

I.110. At which layer of the OSI model is RSTP used to prevent loops?

  • physical
  • data link*
  • network
  • transport
Show (Hide) Explanation/Reference
RSTP and STP operate on switches and are based on the exchange of Bridge Protocol Data Units (BPDUs) between switches. One of the most important fields in BPDUs is the Bridge Priority in which the MAC address is used to elect the Root Bridge -> RSTP operates at Layer 2 ?Data Link layer -> .

I.111. What does a Layer 2 switch use to decide where to forward a received frame?

  • source MAC address
  • source IP address
  • source switch port
  • destination IP address
  • destination port address
  • destination MAC address*
Show (Hide) Explanation/Reference
When a frame is received, the switch looks at the destination hardware address and finds the interface if it is in its MAC address table. If the address is unknown, the frame is broadcast on all interfaces except the one it was received on.

I.112. Based on the network shown in the graphic. Which option contains both the potential networking problem and the protocol or setting that should be used to prevent the problem?

  • routing loops, hold down timers
  • switching loops, split horizon
  • routing loops, split horizon
  • switching loops, VTP
  • routing loops, STP
  • switching loops, STP*
Show (Hide) Explanation/Reference
The Spanning-Tree Protocol (STP) prevents loops from being formed when switches or bridges are interconnected via multiple paths. Spanning-Tree Protocol implements the 802.1D IEEE algorithm by exchanging BPDU messages with other switches to detect loops, and then removes the loop by shutting down selected bridge interfaces. This algorithm guarantees that there is one and only one active path between two network devices.

I.113. Refer to the exhibit. The network administrator normally establishes a Telnet session with the switch from host A. However, host A is unavailable. The administrator’s attempt to telnet to the switch from host fails, but pings to the other two hosts are successful. What is the issue?

  • The switch interfaces need the appropriate IP addresses assigned.
  • Host and the switch need to be in the same subnet.
  • The switch needs an appropriate default gateway assigned.*
  • The switch interface connected to the router is down.
  • Host needs to be assigned an IP address in VLAN 1.
Show (Hide) Explanation/Reference
Host A (172.19.1.1) and the management IP address of the Switch (172.19.1.250) are in the same subnet so telnet from host A to the switch can be successful even if a default gateway is not set on host A.

But host B (172.19.32.2) and the management IP address of the Switch (172.19.1.250) are not in the same subnet. Therefore packets from host B must reach the router Fa0/0.32 interface before forwarding to the switch. But when the switch replies, it does not know how to send packets so an appropriate default gateway must be assigned on the switch (to Fa0/0.32 – 172.19.32.254).

Answer A is not correct because even when host B & the switch are in the same subnet, they cannot communicate because of different VLANs.

Answer C is not correct as host B can ping other two hosts.

Answer D is not correct because host B always belongs to VLAN 32 so assigning an IP address in VLAN 1 does not solve the problem.

I.114. What is the alternative notation for the IPv6 address B514:82C3:0000:0000:0029:EC7A:0000:EC72?

  • B514 : 82C3 : 0029 : EC7A : EC72
  • B514 : 82C3 :: 0029 : EC7A : EC72
  • B514 : 82C3 : 0029 :: EC7A : 0000 : EC72
  • B514 : 82C3 :: 0029 : EC7A : 0 : EC72*
Show (Hide) Explanation/Reference
There are two ways that an IPv6 address can be additionally compressed: compressing leading zeros and substituting a group of consecutive zeros with a single double colon (::). Both of these can be used in any number of combinations to notate the same address. It is important to note that the double colon (::) can only be used once within a single IPv6 address notation. So, the extra 0’s can only be compressed once.

I.115. Refer to the diagram. All hosts have connectivity with one another. Which statements describe the addressing scheme that is in use in the network? (Choose three.)

  • The subnet mask in use is 255.255.255.192
  • The subnet mask in use is 255.255.255.128*
  • The IP address 172.16.1.25 can be assigned to hosts in VLAN1*
  • The IP address 172.16.1.205 can be assigned to hosts in VLAN1
  • The LAN interface of the router is configured with one IP address.
  • The LAN interface of the router is configured with multiple IP addresses.*
Show (Hide) Explanation/Reference
The subnet mask in use is 255.255.255.128: This is subnet mask will support up to 126 hosts, which is needed.
The IP address 172.16.1.25 can be assigned to hosts in VLAN1: The usable host range in this subnet is 172.16.1.1-172.16.1.126
The LAN interface of the router is configured with multiple IP addresses: The router will need 2 subinterfaces for the single physical interface, one with an IP address that belongs in each VLAN.

I.116. The network administrator has been asked to give reasons for moving from IPv4 to IPv6. What are two valid reasons for adopting IPv6 over IPv4? (Choose two.)

  • no broadcast*
  • change of source address in the IPv6 header
  • change of destination address in the IPv6 header
  • Telnet access does not require a password
  • autoconfiguration*
  • NAT
Show (Hide) Explanation/Reference
IPv6 does not use broadcasts, and autoconfiguration is a feature of IPV6 that allows for hosts to automatically obtain an IPv6 address.

I.117. An administrator must assign static IP addresses to the servers in a network. For network 192.168.20.24/29, the router is assigned the first usable host address while the sales server is given the last usable host address. Which of the following should be entered into the IP properties box for the sales server?

Correct Answer: C

Show (Hide) Explanation/Reference
For the 192.168.20.24/29 network, the usable hosts are 192.168.24.25 (router) ?192.168.24.30 (used for the
sales server).

I.118. Which subnet mask would be appropriate for a network address range to be subnetted for up to eight LANs, with each LAN containing 5 to 26 hosts?

  • 0.0.0.240
  • 255.255.255.252
  • 255.255.255.0
  • 255.255.255.224*
  • 255.255.255.240
Show (Hide) Explanation/Reference
For a class C network, a mask of 255.255.255.224 will allow for up to 8 networks with 32 IP addresses each
(30 usable).

I.119. How many bits are contained in each field of an IPv6 address?

  • 24
  • 4
  • 8
  • 16*
Show (Hide) Explanation/Reference
An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). An example of an IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

I.120. What are three approaches that are used when migrating from an IPv4 addressing scheme to an IPv6 scheme. (Choose three.)

  • enable dual-stack routing*
  • configure IPv6 directly
  • configure IPv4 tunnels between IPv6 islands*
  • use proxying and translation to translate IPv6 packets into IPv4 packets*
  • statically map IPv4 addresses to IPv6 addresses
  • use DHCPv6 to map IPv4 addresses to IPv6 addresses
Show (Hide) Explanation/Reference
Several methods are used terms of migration including tunneling, translators, and dual stack. Tunnels are used to carry one protocol inside another, while translators simply translate IPv6 packets into IPv4 packets. Dual stack uses a combination of both native IPv4 and IPv6. With dual stack, devices are able to run IPv4 and IPv6 together and if IPv6 communication is possible that is the preferred protocol. Hosts can simultaneously reach IPv4 and IPv6 content.

I.121. Refer to the exhibit. In this VLSM addressing scheme, what summary address would be sent from router A?

  • 172.16.0.0 /16*
  • 172.16.0.0 /20
  • 172.16.0.0 /24
  • 172.32.0.0 /16
  • 172.32.0.0 /17
  • 172.64.0.0 /16
Show (Hide) Explanation/Reference
Router A receives 3 subnets: 172.16.64.0/18, 172.16.32.0/24 and 172.16.128.0/18. All these 3 subnets have the same form of 172.16.x.x so our summarized subnet must be also in that form -> Only A, B or. The smallest subnet mask of these 3 subnets is /18 so our summarized subnet must also have its subnet mask equal or smaller than /18. -> Only answer A has these 2 conditions ->

I.122. How is an EUI-64 format interface ID created from a 48-bit MAC address?

  • by appending 0xFF to the MAC address
  • by prefixing the MAC address with 0xFFEE
  • by prefixing the MAC address with 0xFF and appending 0xFF to it
  • by inserting 0xFFFE between the upper three bytes and the lower three bytes of the MAC address*
  • by prefixing the MAC address with 0xF and inserting 0xF after each of its first three bytes
Show (Hide) Explanation/Reference
The modified EUI-64 format interface identifier is derived from the 48-bit link-layer (MAC) address by inserting the hexadecimal number FFFE between the upper three bytes (OUI field) and the lower three bytes (serial number) of the link layer address.

I.123. Refer to the exhibit. What is the most efficient summarization that R1 can use to advertise its networks to R2?

  • 172.1.0.0/24
  • 172.1.2.0/21
  • 172.1.4.0/22*
Show (Hide) Explanation/Reference
The 172.1.4.0/22 subnet encompasses all routes from the IP range 172.1.4.0 ?172.1.7.255.

I.124. Which three are characteristics of an IPv6 anycast address? (Choose three.)

  • one-to-many communication model
  • one-to-nearest communication model
  • any-to-many communication model
  • a unique IPv6 address for each device in the group
  • the same address for multiple devices in the group*
  • delivery of packets to the group interface that is closest to the sending device*
Show (Hide) Explanation/Reference
A new address type made specifically for IPv6 is called the Anycast Address. These IPv6 addresses are global addresses, these addresses can be assigned to more than one interface unlike an IPv6 unicast address. Anycast is designed to send a packet to the nearest interface that is a part of that anycast group. The sender creates a packet and forwards the packet to the anycast address as the destination address which goes to the nearest router. The nearest router or interface is found by using the metric of a routing protocol currently running on the network. However, in a LAN setting the nearest interface is found depending on the order the neighbors were learned. The anycast packet in a LAN setting forwards the packet to the neighbor it learned about first.

I.125. A national retail chain needs to design an IP addressing scheme to support a nationwide network. The company needs a minimum of 300 sub-networks and a maximum of 50 host addresses per subnet. Working with only one Class B address, which of the following subnet masks will support an appropriate addressing scheme? (Choose two.)

  • 255.255.255.0
  • 255.255.255.128*
  • 255.255.252.0
  • 255.255.255.224
  • 255.255.255.192*
  • 255.255.248.0
Show (Hide) Explanation/Reference
Subnetting is used to break the network into smaller more efficient subnets to prevent excessive rates of Ethernet packet collision in a large network. Such subnets can be arranged hierarchically, with the organization’s network address space (see also Autonomous System) partitioned into a tree-like structure. Routers are used to manage traffic and constitute borders between subnets. A routing prefix is the sequence of leading bits of an IP address that precede the portion of the address used as host identifier. In IPv4 networks, the routing prefix is often expressed as a “subnet mask”, which is a bit mask covering the number of bits used in the prefix. An IPv4 subnet mask is frequently expressed in quad-dotted decimal representation, e.g., 255.255.255.0 is the subnet mask for the 192.168.1.0 network with a 24-bit routing prefix (192.168.1.0/24).

I.126. Refer to the exhibit. A network administrator is adding two new hosts to Switch A . Which three values could be used for the configuration of these hosts? (Choose three.)

  • host A IP address: 192.168.1.79*
  • host A IP address: 192.168.1.64
  • host A default gateway: 192.168.1.78*
  • host B IP address: 192.168.1.128
  • host B default gateway: 192.168.1.129
  • host B IP address: 192.168.1.190*

I.127. Which IPv6 address is the all-router multicast group?

  • FF02::1
  • FF02::2*
  • FF02::3
  • FF02::4
Show (Hide) Explanation/Reference
Well-known IPv6 multicast addresses:
Address
Description
ff02::1
All nodes on the local network segment
ff02::2
All routers on the local network segment

I.128. Refer to the exhibit. Which address range efficiently summarizes the routing table of the addresses for router Main?

  • 172.16.0.0./21
  • 172.16.0.0./20*
  • 172.16.0.0./16
  • 172.16.0.0/18
Show (Hide) Explanation/Reference
The 172.16.0.0./20 network is the best option as it includes all networks from 172.16.0.0 – 172.16.16.0 anddoes it more efficiently than the /16 and /18 subnets. The /21 subnet will not include all the other subnets in this one single summarized address.

I.129. Which IPv6 address is valid?

  • 2001:0db8:0000:130F:0000:0000:08GC:140B
  • 2001:0db8:0:130H::87C:140B
  • 2031::130F::9C0:876A:130B
  • 2031:0:130F::9C0:876A:130B*
Show (Hide) Explanation/Reference
An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). An example of an IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334. The leading 0’s in a group can be collapsed using ::, but this can only be done once in an IP address.

I.130. Which command can you use to manually assign a static IPv6 address to a router interface?

  • ipv6 autoconfig 2001:db8:2222:7272::72/64
  • ipv6 address 2001:db8:2222:7272::72/64*
  • ipv6 address PREFIX_1 ::1/64
  • ipv6 autoconfig
Show (Hide) Explanation/Reference
To assign an IPv6 address to an interface, use the “ipv6 address” command and specify the IP address you
wish to use.

I.131. Which of these represents an IPv6 link-local address?

  • FE80::380e:611a:e14f:3d69*
  • FE81::280f:512b:e14f:3d69
  • FEFE:0345:5f1b::e14d:3d69
  • FE08::280e:611:a:f14f:3d69
Show (Hide) Explanation/Reference
In the Internet Protocol Version 6 (IPv6), the address block fe80::/10 has been reserved for link- local unicast addressing. The actual link local addresses are assigned with the prefix fe80::/64. They may be assigned byautomatic (stateless) or stateful (e.g. manual) mechanisms.

I.132. Refer to the exhibit. What is the meaning of the output MTU 1500 bytes?

  • The maximum number of bytes that can traverse this interface per second is 1500.
  • The minimum segment size that can traverse this interface is 1500 bytes.
  • The maximum segment size that can traverse this interface is 1500 bytes.
  • The minimum packet size that can traverse this interface is 1500 bytes.
  • The maximum packet size that can traverse this interface is 1500 bytes.*
  • The maximum frame size that can traverse this interface is 1500 bytes.
Show (Hide) Explanation/Reference
The Maximum Transmission Unit (MTU) defines the maximum Layer 3 packet (in bytes) that the layer can
pass onwards.

I.133. On a corporate network, hosts on the same VLAN can communicate with each other, but they are unable to communicate with hosts on different VLANs. What is needed to allow communication between the VLANs?

  • a router with subinterfaces configured on the physical interface that is connected to the switch*
  • a router with an IP address on the physical interface connected to the switch
  • a switch with an access link that is configured between the switches
  • a switch with a trunk link that is configured between the switches
Show (Hide) Explanation/Reference
Different VLANs can’t communicate with each other, they can communicate with the help of Layer3 router. Hence, it is needed to connect a router to a switch, then make the sub-interface on the router to connect to the switch, establishing Trunking links to achieve communications of devices which belong to different VLANs.

When using VLANs in networks that have multiple interconnected switches, you need to use VLAN trunking between the switches. With VLAN trunking, the switches tag each frame sent between switches so that the receiving switch knows to what VLAN the frame belongs. End user devices connect to switch ports that provide simple connectivity to a single VLAN each.

The attached devices are unaware of any VLAN structure. By default, only hosts that are members of the same VLAN can communicate. To change this and allow interVLAN communication, you need a router or a layer 3 switch. Here is the example of configuring the router for inter-vlan communication RouterA(config)#int f0/0.1 RouterA(config-subif)#encapsulation ? dot1Q IEEE 802.1Q Virtual LAN RouterA(config-subif)#encapsulation dot1Q or isl VLAN ID RouterA(config-subif)# ip address x.x.x.x y.y.y.y

I.134. Refer to the exhibit. Users on the 172.17.22.0 network cannot reach the server located on the 172.31.5.0 network. The network administrator connected to router Coffee via the console port, issued the show ip route command, and was able to ping the server. Based on the output of the show ip route command and the topology shown in the graphic, what is the cause of the failure?

  • The network has not fully converged.
  • IP routing is not enabled.
  • A static route is configured incorrectly.*
  • The FastEthernet interface on Coffee is disabled.
  • The neighbor relationship table is not correctly updated.
  • The routing table on Coffee has not updated.
Show (Hide) Explanation/Reference
The default route or the static route was configured with incorrect next-hop ip address 172.19.22.2 The correct ip address will be 172.18.22.2 to reach server located on 172.31.5.0 network. Ip route 0.0.0.0 0.0.0.0 172.18.22.2

I.135. Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true? (Choose two.)

  • Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.*
  • Router C will use ICMP to inform Router B that Host 2 cannot be reached.
  • Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached.
  • Router C will send a Destination Unreachable message type.*
  • Router C will send a Router Selection message type.
  • Router C will send a Source Quench message type.
Show (Hide) Explanation/Reference
Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Router C will send ICMP
packets to inform Host 1 that Host 2 cannot be reached.

I.136. Refer to the exhibit. A network technician is asked to design a small network with redundancy. The exhibit represents this design, with all hosts configured in the same VLAN. What conclusions can be made about  this design?

  • The design will function as intended
  • Spanning-tree will need to be used
  • The router will not accept the addressing scheme*
  • The connection between switches should be a trunk.
  • The router interfaces must be encapsulated with the 802.1Q protocol.
Show (Hide) Explanation/Reference
Each interface on a router must be in a different network. If two interfaces are in the same network, the router will not accept it and show error when the administrator assigns it.

I.137. In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN?

  • during high traffic periods
  • after broken links are re-established
  • when upper-layer protocols require high reliability
  • in an improperly implemented redundant topology*
  • when a dual ring topology is in use
Show (Hide) Explanation/Reference
If we connect two switches via 2 or more links and do not enable STP on these switches then a loop (which creates multiple copies of the same unicast frame) will occur. It is an example of an improperly implemented redundant topology.

I.138. The network shown in the diagram is experiencing connectivity problems. Which of the following will correct the problems? (Choose two.)

  • Configure the gateway on Host A as 10.1.1.1
  • Configure the gateway on Host B as 10.1.2.254*
  • Configure the IP address of Host A as 10.1.2.2
  • Configure the IP address of Host B as 10.1.2.2*
  • Configure the masks on both hosts to be 255.255.255.224
  • Configure the masks on both hosts to be 255.255.255.240
Show (Hide) Explanation/Reference

The switch 1 is configured with two VLANs: VLAN1 and VLAN2. The IP information of member Host A in VLAN1 is as follows:
Address : 10.1.1.126
Mask : 255.255.255.0
Gateway : 10.1.1.254
The IP information of member Host B in VLAN2 is as follows:
Address : 10.1.1.12
Mask : 255.255.255.0
Gateway : 10.1.1.254
The configuration of sub-interface on router 2 is as follows:
Fa0/0.1 — 10.1.1.254/24 VLAN1
Fa0/0.2 — 10.1.2.254/24 VLAN2
It is obvious that the configurations of the gateways of members in VLAN2 and the associated network segments are wrong. The layer3 addressing information of Host B should be modified as follows:
Address : 10.1.2.X
Mask : 255.255.255.0

I.139. Refer to the exhibit. A problem with network connectivity has been observed. It is suspected that the cable connected to switch port Fa0/9 on Switch1 is disconnected. What would be an effect of this cable being disconnected?

  • Host B would not be able to access the server in VLAN9 until the cable is reconnected.
  • Communication between VLAN3 and the other VLANs would be disabled.
  • The transfer of files from Host B to the server in VLAN9 would be significantly slower.
  • For less than a minute, Host B would not be able to access the server in VLAN9. Then normal network function would resume.*
Show (Hide) Explanation/Reference
Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm to discover physical loops in a network and effect a logical loop-free topology. STP creates a loop- free tree structure consisting of leaves and branches that span the entire Layer 2 network. The actual mechanics of how bridges communicate and how the STP algorithm works will be discussed at length in the following topics. Note that the terms bridge and switch are used interchangeably when discussing STP. In addition, unless otherwise indicated, connections between switches are assumed to be trunks

I.140. Refer to the exhibit. HostA cannot ping HostB. Assuming routing is properly configured, what is the cause of this problem?

  • HostA is not on the same subnet as its default gateway.
  • The address of SwitchA is a subnet address.
  • The Fa0/0 interface on RouterA is on a subnet that can’t be used.
  • The serial interfaces of the routers are not on the same subnet.*
  • The Fa0/0 interface on RouterB is using a broadcast address.
Show (Hide) Explanation/Reference
Now let’s find out the range of the networks on serial link:
For the network 192.168.1.62/27:
Increment: 32
Network address: 192.168.1.32
Broadcast address: 192.168.1.63
For the network 192.168.1.65/27:
Increment: 32
Network address: 192.168.1.64
Broadcast address: 192.168.1.95
-> These two IP addresses don’t belong to the same network and they can’t see each other

I.141. Refer to the exhibit. The two connected ports on the switch are not turning orange or green. What would be the most effective steps to troubleshoot this physical layer problem? (Choose three.)

  • Ensure that the Ethernet encapsulations match on the interconnected router and switch ports.
  • Ensure that cables A and B are straight-through cables.*
  • Ensure cable A is plugged into a trunk port.
  • Ensure the switch has power.*
  • Reboot all of the devices.
  • Reseat all cables.*
Show (Hide) Explanation/Reference
The ports on the switch are not up indicating it is a layer 1 (physical) problem so we should check cable type, power and how they are plugged in.

I.142. Refer to the exhibit. A network administrator attempts to ping Host2 from Host1 and receives the results that are shown. What is the problem?

  • The link between Host1 and Switch1 is down.
  • TCP/IP is not functioning on Host1
  • The link between Router1 and Router2 is down.*
  • The default gateway on Host1 is incorrect.
  • Interface Fa0/0 on Router1 is shutdown.
  • The link between Switch1 and Router1 is down.
Show (Hide) Explanation/Reference
Host1 tries to communicate with Host2. The message destination host unreachable from Router1 indicates that the problem occurs when the data is forwarded from Host1 to Host2. According to the topology, we can infer that The link between Router1 and Router2 is down.

I.143. Refer to the exhibit. Hosts in network 192.168.2.0 are unable to reach hosts in network 192.168.3.0. Based on the output from RouterA, what are two possible reasons for the failure? (Choose two.)

  • The cable that is connected to S0/0 on RouterA is faulty.
  • Interface S0/0 on RouterB is administratively down.
  • Interface S0/0 on RouterA is configured with an incorrect subnet mask.
  • The IP address that is configured on S0/0 of RouterB is not in the correct subnet.
  • Interface S0/0 on RouterA is not receiving a clock signal from the CSU/DSU.*
  • The encapsulation that is configured on S0/0 of RouterB does not match the encapsulation that is configured on S0/0 of RouterA*
Show (Hide) Explanation/Reference
From the output we can see that there is a problem with the Serial 0/0 interface. It is enabled, but the line protocol is down. The could be a result of mismatched encapsulation or the interface not receiving a clock signal from the CSU/ DSU.

I.144. Refer to the exhibit. An administrator pings the default gateway at 10.10.10.1 and sees the output as shown. At which OSI layer is the problem?

  • data link layer
  • application layer
  • access layer
  • session layer
  • network layer*
Show (Hide) Explanation/Reference
The command ping uses ICMP protocol, which is a network layer protocol used to propagate control message
between host and router. The command ping is often used to verify the network connectivity, so it works at the
network layer.

I.145. Refer to the exhibit. What will Router1 do when it receives the data frame shown? (Choose three.)

  • Router1 will strip off the source MAC address and replace it with the MAC address 0000.0c36.6965.*
  • Router1 will strip off the source IP address and replace it with the IP address 192.168.40.1.
  • Router1 will strip off the destination MAC address and replace it with the MAC address 0000.0c07.4320.*
  • Router1 will strip off the destination IP address and replace it with the IP address of 192.168.40.1.
  • Router1 will forward the data packet out interface FastEthernet0/1.
  • Router1 will forward the data packet out interface FastEthernet0/2.*
Show (Hide) Explanation/Reference
Remember, the source and destination MAC changes as each router hop along with the TTL being decremented but the source and destination IP address remain the same from source to destination.

I.146. Refer to the exhibit. Host A pings interface S0/0 on router 3. What is the TTL value for that ping?

  • 252
  • 253*
  • 254
  • 255
Show (Hide) Explanation/Reference
From the CCNA ICND2 Exam book: “Routers decrement the TTL by 1 every time they forward a packet; if a router decrements the TTL to 0, it throws away the packet. This prevents packets from rotating forever.” I want to make it clear that before the router forwards a packet, the TTL is still remain the same. For example, in the topology above, pings to S0/1 and S0/0 of Router 2 have the same TTL.

I.147. Which of the following describes the roles of devices in a WAN? (Choose three.)

  • A CSU/DSU terminates a digital local loop.*
  • A modem terminates a digital local loop.
  • A CSU/DSU terminates an analog local loop.
  • A modem terminates an analog local loop.*
  • A router is commonly considered a DTE device.*
  • A router is commonly considered a DCE device.
Show (Hide) Explanation/Reference
The idea behind a WAN is to be able to connect two DTE networks together through a DCE network. The network’s DCE device (includes CSU/DSU) provides clocking to the DTE-connected interface (the router’s serial interface).

A modem modulates outgoing digital signals from a computer or other digital device to analog signals for a conventional copper twisted pair telephone line and demodulates the incoming analog signal and converts it to a digital signal for the digital device. A CSU/DSU is used between two digital lines -> A & D are correct but B & C are not correct.

For more explanation of answer D, in telephony the local loop (also referred to as a subscriber line) is the physical link or circuit that connects from the demarcation point of the customer premises to the edge of the carrier or telecommunications service provider’s network. Therefore a modem terminates an analog local loop is correct.

I.148. The network administrator is asked to configure 113 point-to-point links. Which IP addressing scheme defines the address range and subnet mask that meet the requirement and waste the fewest subnet and host addresses?

  • 10.10.0.0/16 subnetted with mask 255.255.255.252
  • 10.10.0.0/18 subnetted with mask 255.255.255.252
  • 10.10.1.0/24 subnetted with mask 255.255.255.252
  • 10.10.0.0/23 subnetted with mask 255.255.255.252*
  • 10.10.1.0/25 subnetted with mask 255.255.255.252
Show (Hide) Explanation/Reference
We need 113 point-to-point links which equal to 113 sub-networks < 128 so we need to borrow 7 bits (because
2^7 = 128).
The network used for point-to-point connection should be /30.
So our initial network should be 30 ?7 = 23.
So 10.10.0.0/23 is the correct answer.
You can understand it more clearly when writing it in binary form:
/23 = 1111 1111.1111 1110.0000 0000
/30 = 1111 1111.1111 1111.1111 1100 (borrow 7 bits)

I.149. Which of the following IP addresses fall into the CIDR block of 115.64.4.0/22? (Choose three.)

  • 115.64.8.32
  • 115.64.7.64*
  • 115.64.6.255*
  • 115.64.3.255
  • 115.64.5.128*
  • 115.64.12.128

I.150. Which of the following are types of flow control? (Choose three.)

  • buffering*
  • cut-through
  • windowing*
  • congestion avoidance*
  • load balancing

I.151. Which additional configuration step is necessary in order to connect to an access point that has SSID broadcasting disabled?

  • Set the SSID value in the client software to public.
  • Configure open authentication on the AP and the client.
  • Set the SSID value on the client to the SSID configured on the AP.*
  • Configured MAC address filtering to permit the client to connect to the AP.

I.152. What is one reason that WPA encryption is preferred over WEP?

  • A WPA key is longer and requires more special characters than the WEP key.
  • The access point and the client are manually configured with different WPA key values.
  • WPA key values remain the same until the client configuration is changed.
  • The values of WPA keys can change dynamically while the system is used.*

I.153. As a CCNA candidate, you must have a firm understanding of the IPv6 address structure. Refer to IPv6 address, could you tell me how many bits are included in each filed?

  • 24
  • 4
  • 3
  • 16*

I.154. While troubleshooting a connectivity issue from a PC you obtain the following information:


What is the underlying cause of this problem?

  • A remote physical layer problem exists.
  • The host NIC is not functioning.
  • TCP/IP has not been correctly installed on the host.
  • A local physical layer problem exists.*

I.155. Which name describes an IPV6 host-enable tunneling technique that uses IPV4 UDP,does not require dedicated gateway tunnels,and can pass through existing IPV4 NAT gateways?

  • dual stack
  • dynamic
  • Teredo*
  • Manual 6to4

I.156. What are two advantages of Layer 2 Ethernet switches over hubs? (Choose two.)

  • decreasing the number of collision domains
  • filtering frames based on MAC addresses*
  • allowing simultaneous frame transmissions*
  • increasing the size of broadcast domains
  • increasing the maximum length of UTP cabling between devices

I.157. What are two security appliances that can be installed in a network? (Choose two.)

  • ATM
  • IDS*
  • IOS
  • IOX
  • IPS*
  • SDM

I.158. A network administrator is planning a network installation for a large organization. The design requires 100 separate subnetworks, so the company has acquired a Class B network address. What subnet mask will provide the 100 subnetworks required, if 500 usable host addresses are required per subnet?

  • 255.255.240.0
  • 255.255.248.0
  • 255.255.252.0
  • 255.255.254.0*
  • 255.255.255.0
  • 255.255.255.192

I.159. Which of the following services use UDP? (Choose three.)

  • Telnet
  • TFTP*
  • SNMP*
  • DNS*
  • SMTP
  • HTTP

I.160. Which technology allows a large number of private IP addresses to be represented by a smaller number of public IP addresses?

  • NAT*
  • NTP
  • RFC 1631
  • RFC 1918

I.161. What are three broadband wireless technologies? (Choose three)

  • A. WiMax*
  • B. satellite Internet*
  • C. municipal Wi-Fi*
  • D. site-to-site VPN
  • E. DSLAM
  • F. CMTS
Show (Hide) Explanation/Reference
WiMAX is short for Worldwide Interoperability for Microwave Access. WiMAX is a family of wireless communication standards based on the IEEE 802.16 set of standards.

Satellite Internet provides Internet access via satellite. It is a form of wireless broadband technology. But it is usually slower than DSL and cable modem.

Municipal wireless network is a city-wide wireless network. This is usually done by providing municipal broadband via Wi-Fi to large parts or all of a municipal area by deploying a wireless mesh network. The typical deployment design uses hundreds of wireless access points deployed outdoors, often on poles.

DSLAM (Digital Subscriber Line Access Multiplexer) is a network device, usually at a telephone company central office, that receives signals from multiple customer Digital Subscriber Line (DSL) connections and puts the signals on a high-speed backbone line using multiplexing techniques. It is a cable technology, not a wireless technology.

Cable Modem Termination Systems (CMTS) is a piece of equipment, typically located in a cable company’s headend or hubsite, which is used to provide high speed data services, such as cable Internet or Voice over Internet Protocol, to cable subscribers. It is a cable technology, not a wireless technology.

I.162. In which three ways is an IPv6 header simpler than an IPv4 header? (Choose three)

  • A. Unlike IPv4 headers, IPv6 headers have a fixed length.*
  • B. IPv6 uses an extension header instead of the IPv4 Fragmentation field.*
  • C. IPv6 headers eliminate the IPv4 Checksum field.*
  • D. IPv6 headers use the Fragment Offset field in place of the IPv4 Fragmentation field.
  • E. IPv6 headers use a smaller Option field size than IPv4 headers.
  • F. IPv6 headers use a 4-bit TTL field, and IPv4 headers use an 8-bit TTL field.
Show (Hide) Explanation/Reference
The IPv4 and IPv6 headers are shown below for your comparison:

IPv6 Header fields

IPv6 eliminates the Header Checksum field, which handles error checking in IPv4. IPv6 depends on reliable transmission in the data link protocols and on error checking in upper-layer protocols instead -> Answer C is correct.

While IPv4 header’s total length comprises a minimum of 20 octets (8 bits per octet), IPv6 header has only 8 fields with a fixed length of 40 octets -> Answer A is correct.

IPv4 header does not have a fixed length because of the Options fields. This field is used to convey additional information on the packet or on the way it should be processed. Routers, unless instructed otherwise, must process the Options in the IPv4 header. The processing of most header options pushes the packet into the slow path leading to a forwarding performance hit.

IPv4 Options perform a very important role in the IP protocol operation therefore the capability had to be preserved in IPv6. However, the impact of IPv4 Options on performance was taken into consideration in the development of IPv6. The functionality of Options is removed from the main header and implemented through a set of additional headers called extension headers. The “Next Header” field in IPv6 can be used to point to the extension headers.

Reference: http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html

I.163. Which type of address is the public IP address of a NAT device?

  • outside public
  • inside local
  • inside global*
  • inside public
  • outside global
  • outside local
Show (Hide) Explanation/Reference
NAT use four types of addresses:

* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.

* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.

* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.

* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.

I.164. Which command can you enter to display the hits counter for NAT traffic?

  • A. show ip nat statistics*
  • B. debug ip nat
  • C. show ip debug nat
  • D. clear ip nat statistics
Show (Hide) Explanation/Reference
An example of the output of the “show ip nat statistics” is shown below. As we can see, the “Hits” counter is displayed.

I.165. What is the first step in the NAT configuration process?

  • Define inside and outside interfaces*
  • Define public and private IP addresses
  • Define IP address pools
  • Define global and local interfaces
Show (Hide) Explanation/Reference
In NAT configuration we should specify the inside and outside interfaces first with the command “ip nat inside” and “ip nat outside” under interface mode.

I.166. What is the best way to verify that a host has a path to other hosts in different networks?

  • A. Ping the loopback address.
  • B. Ping the default gateway.
  • C. Ping the local interface address.
  • D. Ping the remote network.*
Show (Hide) Explanation/Reference

Ping is a tool that helps to verify IP-level connectivity; PathPing is a tool that detects packet loss over multiple-hop trips. When troubleshooting, the ping command is used to send an ICMP Echo Request to a target host name or IP address. Use Ping whenever you want to verify that a host computer can send IP packets to a destination host. You can also use the Ping tool to isolate network hardware problems and incompatible configurations.

If you call ipconfig /all and receive a response, there is no need to ping the loopback address and your own IP address — Ipconfig has already done so in order to generate the report. It is best to verify that a route exists between the local computer and a network host by first using ping and the IP address of the network host to which you want to connect. The command syntax is: ping < IP address > Perform the following steps when using Ping: Ping the loopback address to verify that TCP/IP is installed and configured correctly on the local computer. ping 127.0.0.1 If the loopback step fails, the IP stack is not responding. This might be because the TCP drivers are corrupted, the network adapter might not be working, or another service is interfering with IP. Ping the IP address of the local computer to verify that it was added to the network correctly.

Note that if the routing table is correct, this simply forwards the packet to the loopback address of 127.0.0.1. ping < IP address of local host > Ping the IP address of the default gateway to verify that the default gateway is functioning and that you can communicate with a local host on the local network. ping < IP address of default gateway > Ping the IP address of a remote host to verify that you can communicate through a router. ping < IP address of remote host > Ping the host name of a remote host to verify that you can resolve a remote host name. ping < Host name of remote host > Run a PathPing analysis to a remote host to verify that the routers on the way to the destination are operating correctly. pathping < IP address of remote host >

I.167. If host Z needs to send data through router R1 to a storage server, which destination MAC address does host Z use to transmit packets?

  • A. the host Z MAC address
  • B. the MAC address of the interface on R1 that connects to the storage server
  • C. the MAC address of the interface on R1 that connects to host Z*
  • D. the MAC address of the storage server interface
Show (Hide) Explanation/Reference
Host Z will use ARP to get the MAC address of the interface on R1 that connects to it and use this MAC as the destination MAC address. It use the IP address of the storage server as the destination IP address.

For example in the topology below, host A will use the MAC address of E0 interface of the router as its destination MAC address to reach the Email Server.

I.168. While you were troubleshooting a connection issue, a ping from one VLAN to another VLAN on the same switch failed. Which command verifies that IP routing is enabled on interfaces and the local VLANs are up?

  • A. show ip interface brief*
  • B. show ip nat statistics
  • C. show ip statistics
  • D. show ip route
Show (Hide) Explanation/Reference
The “show ip nat statistics” only gives us information about NAT translation. We cannot know if IP routing is enabled or the VLANs are up not not.

The “show ip statistics” command does not exist.

In the Troubleshoot part of “How to configure InterVLAN Routing on Layer 3 switches” (http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html) Cisco recommends to use the “show ip interface brief” command as follows:
Also verify the interface VLAN status by issuing the show ip interface brief command.

+ If the interface status is administratively down, enter the no shutdown command in the VLAN interface configuration mode.

+ If the interface status is down/down, verify the VTP configuration and that the VLANs have been added to the VLAN database. Check to see if a port is assigned to the VLAN and whether it is in the Spanning Tree forwarding state.

Initiate a ping from an end device in one VLAN to the interface VLAN on another VLAN in order to verify that the switch routes between VLANs. In this example, ping from VLAN 2 (10.1.2.1) to Interface VLAN 3 (10.1.3.1) or Interface VLAN 10 (10.1.10.1). If the ping fails, verify that IP routing is enabled and that the VLAN interfaces status is up with the show ip interface brief command.

Also in the above link Cisco only mentions about the “show ip route” in the “Verify” part, not “Troubleshooting” part so “show ip interface brief” is a better answer.

I.169. Under which circumstance should a network administrator implement one-way NAT?

  • A. when the network must route UDP traffic
  • B. when traffic that originates outside the network must be routed to internal hosts *
  • C. when traffic that originates inside the network must be routed to internal hosts
  • D. when the network has few public IP addresses and many private IP addresses require outside access
Show (Hide) Explanation/Reference

NAT operation is typically transparent to both the internal and external hosts. Typically, the internal host is aware of the true IP address and TCP or UDP port of the external host. Typically, the NAT device may function as the default gateway for the internal host. However, the external host is only aware of the public IP address for the NAT device and the particular port being used to communicate on behalf of a specific internal host.
NAT and TCP/UDP
“Pure NAT”, operating on IP alone, may or may not correctly parse protocols that are totally concerned with IP information, such as ICMP, depending on whether the payload is interpreted by a host on the “inside” or “outside” of translation. As soon as the protocol stack is traversed, even with such basic protocols as TCP and UDP, the protocols will break unless NAT takes action beyond the network layer. IP packets have a checksum in each packet header, which provides error detection only for the header. IP datagrams may become fragmented and it is necessary for a NAT to reassemble these fragments to allow correct recalculation of higher-level checksums and correct tracking of which packets belong to which connection. The major transport layer protocols, TCP and UDP, have a checksum that covers all the data they carry, as well as the TCP/UDP header, plus a “pseudo-header” that contains the source and destination IP addresses of the packet carrying the TCP/UDP header. For an originating NAT to pass TCP or UDP successfully, it must recompute the TCP/ UDP header checksum based on the translated IP addresses, not the original ones, and put that checksum into the TCP/UDP header of the first packet of the fragmented set of packets. The receiving NAT must recompute the IP checksum on every packet it passes to the destination host, and also recognize and recompute the TCP/UDP header using the retranslated addresses and pseudo-header. This is not a completely solved problem. One solution is for the receiving NAT to reassemble the entire segment and then recompute a checksum calculated across all packets. The originating host may perform Maximum transmission unit (MTU) path discovery to determine the packet size that can be transmitted without fragmentation, and then set the don’t fragment (DF) bit in the appropriate packet header field. Of course, this is only a one-way solution, because the responding host can send packets of any size, which may be fragmented before reaching the NAT.

I.170. When a router makes a routing decision for a packet that is received from one network and destined to another, which portion of the packet does if replace?

  • A. Layer 2 frame header and trailer*
  • B. Layer 3 IP address
  • C. Layer 5 session
  • D. Layer 4 protocol
Show (Hide) Explanation/Reference
The Layer 2 information (source and destination MAC) would be changed when passing through each router. The Layer 3 information (source and destination IP addresses) remains unchanged.

I.171. On which type of device is every port in the same collision domain?

  • A. a router
  • B. a Layer 2 switch
  • C. a hub*
Show (Hide) Explanation/Reference

Collision domain A collision domain is, as the name implies, a part of a network where packet collisions can
occur. A collision occurs when two devices send a packet at the same time on the shared network segment.
The packets collide and both devices must send the packets again, which reduces network efficiency.
Collisions are often in a hub environment, because each port on a hub is in the same collision domain. By
contrast, each port on a bridge, a switch or a router is in a separate collision domain.

I.172. What is one requirement for interfaces to run IPv6?

  • A. An IPv6 address must be configured on the interface.*
  • B. An IPv4 address must be configured.
  • C. Stateless autoconfiguration must be enabled after enabling IPv6 on the interface.
  • D. IPv6 must be enabled with the ipv6 enable command in global configuration mode.
Show (Hide) Explanation/Reference
To run IPv6 on an interface we have to configure an IPv6 on that interface somehow -> A is correct.

IPv6 must be enabled first but with the “ipv6 unicast-routing”, not “ipv6 enable” command -> D is not correct.

I.173. Which destination IP address can a host use to send one message to multiple devices across different subnets?

  • A. 172.20.1.0
  • B. 127.0.0.1
  • C. 192.168.0.119
  • D. 239.255.0.1*
Show (Hide) Explanation/Reference
In order to send traffic to multiple devices (not all) across different subnets we need to use multicast addresses, which are in the range 224.0.0.0 through 239.255.255.255 -> D is correct.

I.174. Which MTU size can cause a baby giant error?

  • A. 1500
  • B. 9216
  • C. 1600
  • D. 1518*
Show (Hide) Explanation/Reference
Ethernet frame size refers to the whole Ethernet frame, including the header and the trailer while MTU size refers only to Ethernet payload. Baby giant frames refer to Ethernet frame size up to 1600 bytes, and jumbo frame refers to Ethernet frame size up to 9216 bytes (according to this link: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/29805-175.html)

For example, standard Ethernet frame MTU is 1500 bytes. This does not include the Ethernet header and Cyclic Redundancy Check (CRC) trailer, which is 18 bytes in length, to make the total Ethernet frame size of 1518.

So according to strict definition, MTU size of 1600 cannot be classified as baby giant frames as the whole Ethernet frames will surely larger than 1600 -> Answer C is not correct.

Answer D is a better choice as the MTU is 1518, so the whole Ethernet frame would be 1536 (1518 + 18 Ethernet header and CRC trailer). This satisfies the requirement of baby giant frames “Baby giant frames refer to Ethernet frame size up to 1600 bytes”.

I.175. DRAG DROP. Drag the terms on the left onto the appropriate OSI layer on the right. (Not all options are used.)

Select and Place:

Correct Answer:

I.176. SIMULATION

A network associate is configuring a router for the Weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 – 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.

The following have already been configured on the router:
The basic router configuration
The appropriate interfaces have been configured for NAT inside and NAT outside
The appropriate static routes have also been configured (since the company will
be a stub network, no routing protocol will be required.)
All passwords have been temporarily set to “cisco”
The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide internet
access for the hosts in the weaver LAN. Functionality can be tested by clicking on the host provided for
testing.
Configuration information:

Correct Answer: See Explanation
Section: Network Fundamentals
Explanation
Explanation/Reference:
Explanation:
Step 1: Router Name


Step 2: NAT Configuration

Step 3: Save Configuration
Weaver#copy run start
Verification:
We can verify the answer by pinging the ISP IP Address (192.0.2.114) from Host for testing.
Click “Host for testing”
In command prompt, type “ping 192.0.2.114”. If ping succeeded, then the NAT is working properly.
Screen Shots:

I.177. Instructions

This item contains several questions that you must answer. You can view these questions by clicking on the corresponding button to the left. Changing questions can be accomplished by clicking the numbers to the left question. In order to complete the questions, you will need to refer to the topology.

To gain access to the topology, click on the topology button of the screen. When you have finished viewing the topology, you can return to your questions by clicking on the Questions button to the left.

Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it by the title bar.
Scenario

Refer to the topology. The diagram represents a small network with a single connection to the Internet.

If the router R1 has a packet with a destination address 192.168.1.255, what describes the operation of the network?

  • R1 will forward the packet out all interfaces.
  • R1 will drop this packet because this it is not a valid IP address.*
  • As R1 forwards the frame containing this packet, Sw-A will add 192.168.1.255 to its MAC table.
  • R1 will encapsulate the packet in a frame with a destination MAC address of FF-FF-FF-FF-FF-FF.
  • As R1 forwards the frame containing this packet, Sw-A will forward it to the device assigned the IP address of 192.168.1.255.

I.178. Instructions

This item contains several questions that you must answer. You can view these questions by clicking on the corresponding button to the left. Changing questions can be accomplished by clicking the numbers to the left question. In order to complete the questions, you will need to refer to the topology.

To gain access to the topology, click on the topology button of the screen. When you have finished viewing the topology, you can return to your questions by clicking on the Questions button to the left.

Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it by the title bar.

Scenario

Refer to the topology. The diagram represents a small network with a single connection to the Internet.

Users on the 192.168.1.0/24 network must access files located on the Server 1. What route could be configured on router R1 for file requests to reach the server?

  • ip route 0.0.0.0 0.0.0.0 s/0/0/0*
  • ip route 0.0.0.0 0.0.0.0 209.265.200.226
  • ip route 209.165.200.0 255.255.255.0 192.168.1.250
  • ip route 192.168.1.0 255.255.255.0 209.165.100.250
Show (Hide) Explanation/Reference
In order to allow the network of 192.168.1.0/24 to access Server 1, we need to establish a default route. The format of this default route is as follows:

ip route prefix mask {ip-address interface-type interface-number [ip-address]}
[distance] [name]
[permanent track number] [tag tag]

Based on the request of this subject, we need to configure the correct route as follows:

ip route 0.0.0.0 0.0.0.0 s0/0/0

I.179. Instructions

This item contains several questions that you must answer. You can view these questions by clicking on the corresponding button to the left. Changing questions can be accomplished by clicking the numbers to the left question. In order to complete the questions, you will need to refer to the topology.

To gain access to the topology, click on the topology button of the screen. When you have finished viewing the topology, you can return to your questions by clicking on the Questions button to the left.

Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging itby the title bar.

Scenario

Refer to the topology. The diagram represents a small network with a single connection to the Internet.

When a packet is sent from Host 1 to Server 1, in how many different frames will the packet be encapsulated as it is sent across the internetwork?

  • 0
  • 1
  • 2*
  • 3
  • 4
Show (Hide) Explanation/Reference
We believe the correct answer is 3 because the packet will be encapsulated in one more frame sent between
routers R1 and R2. Source MAC is interface S0/0/0 on router R1 and destination is
the serialinterface on router R2.

I.180. Instructions

This item contains several questions that you must answer. You can view these questions by clicking on the corresponding button to the left. Changing questions can be accomplished by clicking the numbers to the left question. In order to complete the questions, you will need to refer to the topology.

To gain access to the topology, click on the topology button of the screen. When you have finished viewing the topology, you can return to your questions by clicking on the Questions button to the left.Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it by the title bar.

Scenario

Refer to the topology. The diagram represents a small network with a single connection to the Internet.

What must be configured on the network on order for users on the Internet to view web pages located on Web
Server 2?

    • On Router R2, configure a default static route to the 192.168.1.0 network
    • On router R2, configure DNS to resolve the URL assigned to Web Server 2 to the 192.168.1.10 address.
    • On router R1, configure NAT to translate an address on the 209.165.100.0/24 network to 192.168.1.10.*
    • On router R1, configure DHCP to assign a registered IP address on the 209.165.100.0/24 network to Web

Server 2.

Show (Hide) Explanation/Reference
In order to allow internet users to access Web Server 2, we need to configure NAT address translation on
router R1.

I.181. Instructions

This item contains several questions that you must answer. You can view these questions by clicking on the corresponding button to the left. Changing questions can be accomplished by clicking the numbers to the left question. In order to complete the questions, you will need to refer to the topology.

To gain access to the topology, click on the topology button of the screen. When you have finished viewing the topology, you can return to your questions by clicking on the Questions button to the left.Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it by the title bar.

Scenario

Refer to the topology. The diagram represents a small network with a single connection to the Internet.

The router address 192.168.1.250 is the default gateway for both the Web Server 2 and Host 1. What is the correct subnet mask for this network?

  • 255.255.255.0*
  • 255.255.255.192
  • 255.255.255.250
  • 255.255.255.252
Show (Hide) Explanation/Reference

1. Based on the information provided in the exhibit, we know that the IP address of the interface Fa0/0 is 192.168.1.250/24, that is to say the subnet mask is 255.255.255.0??
2. When configuring the correct IP address and not wasting IP address, the network of 192.168.1.0 needs to contain the following three IP addresses of interfaces:

The correct mask is 255.255.255.0.

I.182. Which type of broadcast barely used in IPv4 which also exist in IPv6 like?

  • unicast
  • multicast
  • broadcast
  • anycast*

I.183. Which type of cable must you use to connect to device with mdi interfaces?

  • rolled
  • crossover*
  • crossed
  • straight through

I.184. DRAG DROP. Refer to the exhibit.

You are configuring the router to provide Static NAT for the web server.
Drag and drop the configuration commands from left onto the letters that correspond to its position in the
configuration on the right.
Select and Place:

Correct Answer:

I.185. DRAG DROP. Drag and drop each cable type from the left onto the type of connection for which it is best suited on the right.

Select and Place:

Correct Answer:

I.186. DRAG DROP. Drag and drop the characteristics of a cloud environment from the left onto the correct examples on the right

Select and Place:

Correct Answer:

I.187. DRAG DROP. Drag and drop each broadcast IP address on the left to the Broadcast Address column on the right. Not alloptions are used.

Select and Place:

Correct Answer:

I.188. Which two of these statements are true of IPv6 address representation? (Choose two.)

  • There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast.
  • A single interface may be assigned multiple IPv6 addresses of any type.*
  • Every IPv6 interface contains at least one loopback address.*
  • The first 64 bits represent the dynamically created interface ID.
  • Leading zeros in an IPv6 16 bit hexadecimal field are mandatory.
Show (Hide) Explanation/Reference
Leading zeros in IPv6 are optional do that 05C7 equals 5C7 and 0000 equals 0 -> D is not correct.

I.189. What is the first 24 bits in a MAC address called?

  • NIC
  • BIA
  • OUI*
  • VAI
Show (Hide) Explanation/Reference
An Organizationally Unique Identifier (OUI) is a 24-bit number that uniquely identifies a vendor, manufacturer,
or other organization globally or worldwide. They are used as the first 24 nits of the MAC address to uniquely
identify a particular piece of equipment.

I.190. What is the difference between a CSU/DSU and a modem?

  • A CSU/DSU converts analog signals from a router to a leased line; a modem converts analog signals from a router to a leased line.
  • A CSU/DSU converts analog signals from a router to a phone line; a modem converts digital signals from a router to a leased line.
  • A CSU/DSU converts digital signals from a router to a phone line; a modem converts analog signals from a router to a phone line.
  • A CSU/DSU converts digital signals from a router to a leased line; a modem converts digital signals from a router to a phone line.*
Show (Hide) Explanation/Reference
CSU/DSU is used to convert digital signals from a router to a network circuit such as a T1, while a modem is
used to convert digital signals over a regular POTS line.

I.191. Which two statements about EUI-64 addressing are true? (Choose two.)

  • The address includes the hex digits FFFE after the last 24 bits of the interface MAC address.*
  • A 64-bit interface identifier is derived from the interface MAC address.
  • A locally administrated address has the universal/local bit set to 0.*
  • A 96-bit interface identifier is derived from the interface MAC address.
  • The address includes the hex digits FFFE after the first 14 bits of the interface MAC address.
Show (Hide) Explanation/Reference
Extended Unique Identifier (EUI) allows a host to assign itself a unique 64-Bit IPv6 interface identifier (EUI-64). This feature is a key benefit over IPv4 as it eliminates the need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained through the 48-bit MAC address. The MAC address is first separated into two 24-bits, with one being OUI (Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted between these two 24-bits for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which can only appear in EUI-64 generated from the an EUI-48 MAC address.

For example, suppose we have the MAC address of C601.420F.0007. It would be divided into two 24-bit parts, which are “C60142” (OUI) and “0F0007” (NIC). Then “FFFE” is inserted in the middle. Therefore we have the address: C601.42FF.FE0F.0007.

Then, according to the RFC 3513 we need to invert the Universal/Local bit (“U/L” bit) in the 7th position of the first octet. The “u” bit is set to 1 to indicate Universal, and it is set to zero (0) to indicate local scope.

Therefore with the subnet of 2001:DB8:0:1::/64, the full IPv6 address is 2001:DB8:0:1:C601:42FF:FE0F:7/64

I.192. DRAG DROP. Drag and Drop the descriptions of IP protocol transmissions from the left onto the correct IP traffic types on
the right.

Select and Place:

Correct Answer:

I.193. DRAG DROP. Drag each category on the left to its corresponding router output line on the right. Each router output line is in
the result of a show ip interface command. Not all categories are used.

Select and Place:

Correct Answer:

I.194. Which two statements about IPv4 multicast traffic are true? (Choose two.)

  • It burdens the source host without affecting remote hosts.
  • It uses a minimum amount of network bandwidth.*
  • It is bandwidth-intensive.
  • It simultaneously delivers multiple streams of data.
  • It is the most efficient way to deliver data to multiple receivers.*
Show (Hide) Explanation/Reference
http://www.cisco.com/c/dam/en_us/about/ciscoitatwork/downloads/ciscoitatwork/pdf/cisco_it_case_study_multicast.pdf
Cisco IOS IP Multicast in the Cisco Network
“IP Multicast as defined in RFC1112, the standard for IP Multicast across networks and the Internet, supports one-to-many content needs by delivering application-source traffic to multiple users without burdening the source or the network, using a minimum amount of network bandwidth. At the point where paths diverge, Cisco routers replace IP Multicast packets in the network, resulting in the most efficient delivery of data to multiple receivers.”

Even low-bandwidth applications can benefit fro IP Multicast when there are thousands of receivers. High-bandwidth applications, such as MPEG video, may need a large portion of the available network bandwidth for a
single stream. In these applications, IP Multicast is the only way to efficiently send the same content to more than one
receiver simultaneously, because it makes sure that only one copy of the data stream is sent across any one network
link. It relies on each router in the stream to intelligently copy the data stream whenever it needs to deliver it to
multiple receivers.

I.195. Which two statements about IPv6 router advertisement messages are true? (Choose two.)

  • They use ICMPv6 type 134.*
  • The advertised prefix length must be 64 bits.*
  • The advertised prefix length must be 48 bits.
  • They are sourced from the configured IPv6 interface address.
  • Their destination is always the link-local address of the neighboring node.
Show (Hide) Explanation/Reference
IPv6 router advertisement message is one type of the ICMPv6 packets with Type field value of 134. It lists many facts, including the link-local IPv6 address of the router. Normally, it is sent to the all-IPv6-hosts local-scope multicast address of FF02::1. When sent in response to router solicitation messages (ICMPv6 Type 133), it flows back to either the unicast address of the host that sent the RS or to the all-IPv6-hosts address FF02::1.

The advertised IPv6 prefix length must be 64 bits for the stateless address autoconfiguration to be operational.

I.196. Which three technical services support cloud computing?

  • A. network-monitored power sources
  • B. layer 3 network routing*
  • C. ip localization*
  • D. redundant connections
  • E. VPN connectivity
  • F. extended SAN services*
Show (Hide) Explanation/Reference
Four technical services are essential to supporting the high level of flexibility, resource availability, and transparent resource connectivity required for cloud computing:

+ The Layer 3 network offers the traditional routed interconnection between remote sites and provides end-user access to cloud services.
+ The extended LAN between two or more sites offers transparent transport and supports application and operating system mobility.
+ Extended SAN services support data access and accurate data replication.
+ IP Localization improves northbound and southbound traffic as well as server-to-server workflows.

Reference: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-xr-software/white_paper_c11-694882.html

I.197. Which component of the Cisco SDN solution serves as the centralized management system?

  • Cisco OpenDaylight
  • Cisco ACI
  • Cisco APIC*
  • Cisco IWAN
Show (Hide) Explanation/Reference

http://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/index.html
Cisco Application Policy Infrastructure Controller (APIC)
Provides single-click access to all Cisco ACI fabric information, enabling network automation, programmability, and centralized management.

http://www.cisco.com/c/en/us/products/cloud-systems-management/application-policy-infrastructure-controller-apic/index.html
The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the unifying point of automation and management for the Application Centric Infrastructure (ACI) fabric. The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources.

The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources.

Centralized application-level policy engine for physical, virtual, and cloud infrastructures
Designed for automation, programmability, and centralized management, the Cisco APIC itself exposes northbound APIs through XML and JSON. It provides both a command-line interface (CLI) and GUI which utilize the APIs to manage the fabric holistically.
Cisco APIC provides:
A single pane of glass for application-centric network policies
Fabric image management and inventory
Application, tenant, and topology monitoring
Troubleshooting

I.198. What are the three major components of cisco network virtualization? (Choose Three)

  • network access control*
  • path isolation*
  • virtual network services*
  • policy enforcement
Show (Hide) Explanation/Reference
Network virtualization architecture has three main components:

+ Network access control and segmentation of classes of users: Users are authenticated and either allowed or denied into a logical partition. Users a re segmented into employees, contractors and consultants, and guests, with respective access to IT assets. This component identifies users who are authorized to access the network and then places them into the appropriate logical partition.

Path isolation: Network isolation is preserved across the entire enterprise: from the edge to the campus to the WAN and back again. This component maintains traffic partitioned over a routed infrastructure and transports traffic over and between isolated partitions. The function of mapping isolated paths to VLANs and to virtual services is also performed in component.

Network Services virtualization: This component provides access to shared or dedicated network services such as security, quality of service (QoS), and address management (Dynamic Host Configuration Protocol [DHCP] and Domain Name System [DNS]). It also applies policy per partition and isolates application environments, if required.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series switches/white_paper_c11-531522.pdf

I.199. Which IPV6 function serves the same purpose as ARP entry verification on an IPv4 network?

  • interface ip address verification
  • MAC address table verification
  • neighbor discovery verification*
  • Routing table entry verification
Show (Hide) Explanation/Reference
Neighbor Discovery Protocol is an umbrella that defines these mechanisms:

+ Subsitute of ARP – Since ARP has been removed in IPv6, IPv6 follows a newer way to find the link-layer addresses of nodes on the local link. This new mechanism uses a mix of ICMPv6 messages and multicast addresses

Reference: https://supportforums.cisco.com/document/77521/ipv6-neighbor-discovery-protocol-ndp

I.200. When you troubleshoot an IPv4 connectivity issue on a router, which three router configuration checks you
must perform?

  • Verify that the router interface IP address is correct.*
  • Verify that the DNS is configured correctly.
  • Verify that the router and the host use the same subnet mask.*
  • Verify that the router firmware is up-to-date.
  • Verify that a default route is configured.
  • Verify that the route appears in the Routing table*

I.201. Which Type of ipv6 unicast ip address is reachable across the internet?

  • Unique Local
  • Compatible
  • Link local
  • Global*

I.202. Which two statements about IPv6 address 2002:ab10:beef::/48 are true?(choose two)

  • The embedded IPv4 address can be globally routed.*
  • It is used for an ISATAP tunnel
  • The embedded IPv4 address is an RFC 1918 address
  • The MAC address 20:02:b0:10:be:ef is embedded into the IPv6 address
  • It is used for a 6to4 tunnel*
Show (Hide) Explanation/Reference
Any IPv6 address that begins with the 2002::/16 prefix is known as a 6to4 address. A 6to4 gateway adds its IPv4 address to this 2002::/16, creating a unique /48 prefix (because an IPv4 consists of 32 bits).

For example: In the IPv6 address 2002:ab10:beef::/48, “ab10:beef” is equivalent to 171.16.190.239 (convert “ab” in hexadecimal to “171” in decimal; “10” in hexadecimal to “16” in decimal…). Therefore the corresponding IPv4 address can be globally routed.

I.203. Which three functions are major components of a network virtualization architecture? (Choose three.)

  • virtual network services*
  • policy enforcement
  • network access control*
  • network resilienceE. authentication services
  • path isolation*

I.204. Which two benefits are provided by using a hierarchical addressing network addressing scheme? (Choose two.)

  • reduces routing table entries*
  • auto-negotiation of media rates
  • efficient utilization of MAC addresses
  • dedicated communications between devices
  • ease of management and troubleshooting*
Show (Hide) Explanation/Reference
Here are some of the benefits of hierarchical addressing:
Reference: http://www.ciscopress.com/articles/article.asp?p=174107

I.205. Refer to the exhibit. Both switches are using a default configuration. Which two destination addresses will host 4 use to send data to host 1? (Choose two.)

  • the IP address of host 1*
  • the IP address of host 4
  • the MAC address of host 1
  • the MAC address of host 4
  • the MAC address of the Fa0/0 interface of the R1 router
  • the MAC address of the Fa0/1 interface of the R1 router*

I.206. Which technology supports the stateless assignment of IPv6 addresses? (Choose two.)

  • DNS
  • DHCPv6**
  • DHCP
  • autoconfiguration*
Show (Hide) Explanation/Reference
DHCPv6 Technology Overview
IPv6 Internet Address Assignment Overview
IPv6 has been developed with Internet Address assignment dynamics in mind. Being aware that IPv6 Internet addresses are 128 bits in length and written in hexadecimals makes automation of address- assignment an important aspect within network design. These attributes make it inconvenient for a user to manually assign IPv6 addresses, as the format is not naturally intuitive to the human eye. To facilitate address assignment with little or no human intervention, several methods and technologies have been developed to automate the process of address and configuration parameter assignment to IPv6 hosts. The various IPv6 address assignment methods are as follows:

1. Manual Assignment
An IPv6 address can be statically configured by a human operator. However, manual assignment is quite
open to errors and operational overhead due to the 128 bit length and hexadecimal attributes of the addresses, although for router interfaces and static network elements and resources this can be an appropriate solution.
2. Stateless Address Autoconfiguration (RFC2462)
Stateless Address Autoconfiguration (SLAAC) is one of the most convenient methods to assign Internet
addresses to IPv6 nodes. This method does not require any human intervention at all from an IPv6 user. If one wants to use IPv6 SLAAC on an IPv6 node, it is important that this IPv6 node is connected to a network with at least one IPv6 router connected. This router is configured by the network administrator and sends out Router Advertisement announcements onto the link. These announcements can allow the on-link connected IPv6 nodes to configure themselves with IPv6 address and routing parameters, as specified in RFC2462, without further human intervention.
3. Stateful DHCPv6
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) has been standardized by the IETF through
RFC3315. DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to “IPv6 Stateless Address Autoconfiguration” (RFC 2462), and can be used separately, or in addition to the stateless autoconfiguration to obtain configuration parameters.
4. DHCPv6-PD
DHCPv6 Prefix Delegation (DHCPv6-PD) is an extension to DHCPv6, and is specified in RFC3633. Classical
DHCPv6 is typically focused upon parameter assignment from a DHCPv6 server to an IPv6 host running a DHCPv6 protocol stack. A practical example would be the stateful address assignment of “2001:db8::1” from a DHCPv6 server to a DHCPv6 client. DHCPv6-PD however is aimed at assigning complete subnets and other network and interface parameters from a DHCPv6-PD server to a DHCPv6-PD client. This means that instead of a single address assignment, DHCPv6-PD will assign a set of IPv6 “subnets”. An example could be the assignment of “2001:db8::/60” from a DHCPv6-PD server to a DHCPv6-PD client. This will allow the DHCPv6-PD client (often a CPE device) to segment the received address IPv6 address space, and assign it dynamically to its IPv6 enabled interfaces.
5. Stateless DHCPv6
Stateless DHCPv6 is a combination of “stateless Address Autoconfiguration” and “Dynamic Host Configuration Protocol for IPv6” and is specified by RFC3736. When using stateless-DHCPv6, a device will use Stateless Address Auto-Configuration (SLAAC) to assign one or more IPv6 addresses to an interface, while it utilizes DHCPv6 to receive “additional parameters” which may not be available through SLAAC. For example, additional parameters could include information such as DNS or NTP server addresses, and are provided in a stateless manner by DHCPv6. Using stateless DHCPv6 means that the DHCPv6 server does not need to keep track of any state of assigned IPv6 addresses, and there is no need for state refreshment as result. On network media supporting a large number of hosts associated to a single DHCPv6 server, this could mean a significant reduction in DHCPv6 messages due to the reduced need for address state refreshments. From Cisco IOS 12.4(15)T onwards the client can also receive timing information, in addition to the “additional parameters” through DHCPv6. This timing information provides an indication to a host when it should refresh its DHCPv6 configuration data. This behavior (RFC4242) is particularly useful in unstable environments where changes are likely to occur.

I.207. Which command can you enter to verify that a 128-bit address is live and responding?

  • traceroute
  • telnet
  • ping*
  • show ipv6

I.208. Which device allows users to connect to the network using a single or double radio?

  • access point*
  • switch
  • wireless controller
  • firewall
Show (Hide) Explanation/Reference
Many Cisco access points offer single or double (dual) radio (2.4 and 5.0 GHz).

Note: The wireless controller automates wireless configuration and management functions. It does not connect directly to users.

I.209. A switch is configured with all ports assigned to VLAN 2 with full duplex FastEthernet to segment existing departmental traffic. What is the effect of adding switch ports to a new VLAN on the switch?

  • More collision domains will be created.
  • IP address utilization will be more efficient.
  • More bandwidth will be required than was needed previously.
  • An additional broadcast domain will be created.*

I.210. When troubleshooting Ethernet connectivity issues, how can you verify that an IP address is known to a router?

  • Check whether the IP address is in the routing table
  • Check whether an ACL is blocking the IP address
  • Check whether the IP address is in the CAM table
  • Check whether the IP address is in the ARP table*
Show (Hide) Explanation/Reference
If the IP address exists in the routing table then we can say the local router knew the way to reach that destination. But this question wants to ask if the destination has communicated to the local router or not (“an IP address is known to a router”). Maybe it is a tricky question.

I.211. Which two statements about the tunnel mode ipv6ip command are true? (Choose two.)

  • It enables the transmission of IPv6 packets within the configured tunnel.
  • It specifies IPv4 as the encapsulation protocol.
  • It specifies IPv6 as the encapsulation protocol.
  • It specifies IPv6 as the transport protocol.
  • It specifies that the tunnel is a Teredo tunnel.
Show (Hide) Explanation/Reference
The “tunnel mode ipv6ip” command specifies IPv6 as the passenger protocol and IPv4 as both the encapsulation and transport protocol for the manual IPv6 tunnel. Notice that the tunnel source and destination are configured with IPv4 addressing and the tunnel interface is configured with IPv6.

An example of configuring using this command is shown below:

R1(config)#int tunnel 1
R1(config-if)#ipv6 address 1cde:7ea:348:1::3/127
R1(config-if)#tunnel source 10.1.1.1
R1(config-if)#tunnel destination 10.1.1.2
R1(config-if)#tunnel mode ipv6ip

I.212. Which configuration can you apply to enable encapsulation on a subinterface?

  • A. interface FastEthernet 0/0
    encapsulation dot1Q 30
    ip address 10.1.1.30 255.255.255.0
  • B. interface FastEthernet 0/0.30
    ip address 10.1.1.30 255.255.255.0
  • C. interface FastEthernet 0/0.30
    description subinterface vlan 30
  • D. interface FastEthernet 0/0.30
    encapsulation dot1Q 30
    ip address 10.1.1.30 255.255.255.0*
Show (Hide) Explanation/Reference
To enabe encapsulation on a subinterface we have type the “encapsulation” command under that subinterface, not the main interface. An example of configuring encapsulation on subinterface of Fa0/1 is shown below:

Router(config)#interface f0/0
Router(config-if)#no shutdown

(Note: The main interface f0/0 doesn’t need an IP address but it must be turned on)

Router(config)#interface f0/0.0
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config-subif)#interface f0/0.1
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 192.168.2.1 255.255.255.0

Note: In the “encapsulation dot1q 10”, number 10 is the VLAN applied to that subinterface. Or you can understand that the subinterface belongs to that VLAN.

I.213. What happens when an 802.11a node broadcasts within the range of an 802.11g access point?

  • The access point transmits, but the node is unable to receive.
  • A connection occurs.
  • Both the node and the access point are unable to transmit.
  • The node transmits, but the access point is unable to receive.*
Show (Hide) Explanation/Reference
802.11g is only compatible with 802.11b, not 802.11a so when 802.11a node broadcast, 802.11g access point cannot receive it.

I.214. A network administrator receives an error message while trying to configure the Ethernet interface of a router with IP address 10.24.24.24/29. Which statement explains the reason for this issue?

  • This address is a broadcast address.
  • VLSM-capable routing protocols must be enabled first on the router.
  • The Ethernet interface is faulty.
  • This address is a network address.*

I.215. DRAG DROP. Drag and drop the networking features of functions from the left onto the planes on which they operate on the
right.

Select and Place:

Correct Answer:

I.216. Which two statements about 1000BASE-T UTP cable are true? (Choose two.)

  • It uses four wire pairs*
  • It is most appropriate for installations up to 1000 feet in length
  • It is most appropriate for installations up to 1000 meters in length
  • Both ends of the cable can transmit and receive simultaneously*
  • It uses four wires

I.217. Which two statements about IPv6 multicast addresses are true? (Choose two.)

  • They use the prefix FC80::/8
  • If the lifetime parameter is set to 1, the route is permanent
  • They identify a group of interfaces on different devices*
  • They use the prefix FF00::/8*
  • If the scope parameter is set to 5, the route is local to the node

I.218. Which command can you enter on a Cisco IOS device to enable a scheduled algorithm that directs lookup calls to multiple DNS hosts?

  • ip name-server 192.168.10.14 192.168.10.15
  • ip domain list
  • ip domain lookup
  • ip domain round-robin*

I.219. Which three elements are field in a basic Ethernet data frame? (Choose three.)

  • Preamble*
  • Frame Check Sequence*
  • Header Checksum
  • Length/Type*
  • Time to Live
  • Version

I.220. Which prompt does a Cisco switch display when it is running in privileged exec mode?

  • switch#*
  • switch(config)#
  • switch(config-if)#
  • switch>

I.221. DRAG DROP. You are connecting a variety of devices on your network. Drag and drop the combinations of devices from the
left onto the correct cable types on the right.

Select and Place:

Correct Answer:

I.222. Which benefit of implementing a dual-homed WAN connection instead of a single-homed connection is true?

  • Only dual-homed connections support recursive routing
  • Only dual-homed connections enable an individual router to tolerate the loss of a network link*
  • Only dual-homed connections support split horizon with EIGRP
  • Only dual-homed connections support OSPF in conjunction with BGP

Section II: LAN Switching Technologies

II.1. Which statement about Cisco Discovery Protocol is true?

  • It is Cisco-proprietary Protocol*
  • It can discover information from routers, firewalls and switches
  • It runs on the network layer
  • It runs on the physical layer and the data link layer.

II.2. A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)

  • A. The network administrator can apply port security to dynamic access ports
  • B. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
  • C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.*
  • D. The network administrator can apply port security to EtherChannels.
  • E. When dynamic mac address learning is enabled on an interface, the switch can learn new addresses up to the maximum defined.*
Show (Hide) Explanation/Reference
Follow these guidelines when configuring port security:
Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct
You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtrafc.html#wp1038546)

Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064

II.3. Which interface counter can you use to diagnose a duplex mismatch problem?

  • no carrier
  • late collisions*
  • giants
  • CRC errors
  • deferred
  • runts
Show (Hide) Explanation/Reference
A late collision is defined as any collision that occurs after the first 512 bits of the frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, non-compliant number of hubs in the network, or a bad NIC.

We can check the interface counter with the “show interface <interface>” command on a Cisco device. For example:

On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex.

Note:
+ Runts are frames which do not meet the minimum frame size of 64 bytes. Runts are usually created by collisions.
+ Giants: frames that are larger than 1,518 bytes

II.4. Which switching method duplicates the first six bytes of a frame before making a switching decision?

  • fragment-free switching
  • store-and-forward switching
  • cut-through switching*
  • ASIC switching
Show (Hide) Explanation/Reference
In cut-through switching, the switch copies into its memory only the destination MAC address (first six bytes of the frame) of the frame. After processing these first six bytes, the switch had enough information to make a forwarding decision and move the frame to the appropriate switchport. This switching method is faster than store-and-forward switching method.

In store-and-forward switching, the switch copies each complete Ethernet frame into the switch memory and computes a Cyclic Redundancy Check (CRC) for errors. If a CRC error is found, the Ethernet frame is dropped. If no CRC error is found then that frame is forwarded.

II.5. Which command can you enter to determine whether a switch is operating in trunking mode?

  • show ip interface brief
  • show vlan
  • show interfaces
  • show interface switchport*
Show (Hide) Explanation/Reference
Below is an example of the output of this command. Interface Ethernet1/0 is operating in trunking mode.

II.6. What are three benefits of implementing VLANs? (Choose three.)

  • A higher level of network security can be reached by separating sensitive data traffic from other network traffic.*
  • A more efficient use of bandwidth can be achieved allowing many physical groups to use the same network infrastructure.
  • A more efficient use of bandwidth can be achieved allowing many logical networks to use the same network infrastructure.*
  • Broadcast storms can be mitigated by increasing the number of broadcast domains, thus reducing their size.*
  • Broadcast storms can be mitigated by decreasing the number of broadcast domains, thus increasing their size.
  • VLANs make it easier for IT staff to configure new logical groups, because the VLANs all belong to the same broadcast domain.
  • Port-based VLANs increase switch-port use efficiency, thanks to 802.1Q trunks.

II.7. Which command can you enter to view the ports that are assigned to VLAN 20?

  • Switch#show ip interface vlan 20
  • Switch#show vlan id 20*
  • Switch#show ip interface brief
  • Switch#show interface vlan 20

II.8. When an interface is configured with PortFast BPDU guard, how does the interface respond when it receives a BPDU?

  • It continues operating normally.
  • It goes into a down/down state.
  • It becomes the root bridge for the configured VLAN.
  • It goes into an errdisable state.*
Show (Hide) Explanation/Reference
PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state.

In a valid configuration, PortFast-configured interfaces do not receive BPDUs (because PortFast should only be configured on interfaces which are connected to hosts). If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/stp_enha.html

II.9. What are three advantages of VLANs? (Choose three.)

  • VLANs establish broadcast domains in switched networks.*
  • VLANs utilize packet filtering to enhance network security.
  • VLANs provide a method of conserving IP addresses in large networks.
  • VLANs provide a low-latency internetworking alternative to routed networks.
  • VLANs allow access to network services based on department, not physical location.*
  • VLANs can greatly simplify adding, moving, or changing hosts on the network.*

II.10. Refer to the exhibit.

Which of these statements correctly describes the state of the switch once the boot process has been completed?

  • A. The switch will need a different IOS code in order to support VLANs and ST.
  • B. Remote access management of this switch will not be possible without configuration change.*
  • C. As FastEthernet0/12 will be the last to come up, it will be blocked by STP.
  • D. More VLANs will need to be created for this switch.
Show (Hide) Explanation/Reference
From the output we notice that the administrator has just shut down Interface Vlan1, which is the default VLAN so no one can access it remotely (like telnet) -> B is correct.

Answer A is not correct as STP calculation does not depend on which port comes up first or last. STP recalculates when there is a change in the network.

A normal switch can operate without VLAN -> C is not correct.

This IOS does support VLAN because it has VLAN 1 on it -> D is not correct.

II.11. Which condition does the err-disabled status indicate on an Ethernet interface?

  • There is a duplex mismatch.
  • The device at the other end of the connection is powered off.
  • The serial interface is disabled.
  • The interface is configured with the shutdown command.
  • Port security has disabled the interface.*
  • The interface is fully functioning.
Show (Hide) Explanation/Reference
There are various reasons for the interface to go into errdisable. The reason can be:

+ Duplex mismatch
+ Port channel misconfiguration
+ BPDU guard violation
+ UniDirectional Link Detection (UDLD) condition
+ Late-collision detection
+ Link-flap detection
+ Security violation
+ Port Aggregation Protocol (PAgP) flap
+ Layer 2 Tunneling Protocol (L2TP) guard
+ DHCP snooping rate-limit
+ Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
+ Address Resolution Protocol (ARP) inspection
+ Inline power

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html

Therefore in fact there are two correct answers in this question, which are “There is a duplex mismatch” and “Port security has disabled the interface” but maybe you should choose the port security answer as it is the most popular reason.

II.12. Which statement about LLDP is true?

  • It is configured in global configuration mode.
  • It is configured in global configuration mode.*
  • The LLDP update frequency is a fixed value.
  • It runs over the transport layer.
Show (Hide) Explanation/Reference
Link Layer Discovery Protocol (LLDP) is a industry standard protocol that allows devices to advertise, and discover connected devices, and there capabilities (same as CDP of Cisco). To enable it on Cisco devices, we have to use this command under global configuration mode:

Sw(config)# lldp run

II.13. If the primary root bridge experiences a power loss, which switch takes over?

  • switch 0040.00.90C5
  • switch 00E0.F90B.6BE3
  • switch 0004.9A1A.C182*
  • switch 00E0.F726.3DC6
Show (Hide) Explanation/Reference
The switches compare their Bridge ID with each other to find out who will be the root bridge. The root bridge is the bridge with the lowest bridge ID.

Bridge ID = Bridge Priority + MAC Address

In this question the bridge priority was not mentioned so we suppose they are the same. Therefore the switch with lowest MAC address will become the new root bridge.

II.14. Refer to the exhibit.

Each of these four switches has been configured with a hostname, as well as being configured to run RSTP.No other configuration changes have been made. Which three of these show the correct RSTP port roles for the indicated switches and interfaces? (Choose three.)

  • A. SwitchA, Fa0/2, designated *
  • B. SwitchA, Fa0/1, root *
  • C. SwitchB, Gi0/2, root
  • D. SwitchB, Gi0/1, designated
  • E. SwitchC, Fa0/2, root
  • F. SwitchD, Gi0/2, root*
Show (Hide) Explanation/Reference
The question says “no other configuration changes have been made” so we can understand these switches have the same bridge priority. Switch C has lowest MAC address so it will become root bridge and 2 of its ports (Fa0/1 & Fa0/2) will be designated ports -> E is incorrect.

Because SwitchC is the root bridge so the 2 ports nearest SwitchC on SwitchA (Fa0/1) and SwitchD (Gi0/2) will be root ports -> B and F are correct.

Now we come to the most difficult part of this question: SwitchB must have a root port so which port will it choose? To answer this question we need to know about STP cost and port cost.

In general, “cost” is calculated based on bandwidth of the link. The higher the bandwidth on a link, the lower the value of its cost. Below are the cost values you should memorize:

Link speed Cost
10Mbps 100
100Mbps 19
1 Gbps 4

SwitchB will choose the interface with lower cost to the root bridge as the root port so we must calculate the cost on interface Gi0/1 & Gi0/2 of SwitchB to the root bridge. This can be calculated from the “cost to the root bridge” of each switch because a switch always advertises its cost to the root bridge in its BPDU. The receiving switch will add its local port cost value to the cost in the BPDU.

In the exhibit you also we FastEthernet port is connecting to GigabitEthernet port. In this case GigabitEthernet port will operate as a FastEthernet port so the link can be considered as FastEthernet to FastEthernet connection.

One more thing to notice is that a root bridge always advertises the cost to the root bridge (itself) with an initial value of 0.

Now let’s have a look at the topology again

SwitchC advertises its cost to the root bridge with a value of 0. Switch D adds 19 (the cost value of 100Mbps link although the port on Switch D is GigabitEthernet port) and advertises this value (19) to SwitchB. SwitchB adds 4 (the cost value of 1Gbps link) and learns that it can reach SwitchC via Gi0/1 port with a total cost of 23. The same process happens for SwitchA and SwitchB learns that it can reach SwitchC via Gi0/2 with a total cost of 38 -> Switch B chooses Gi0/1 as its root port -> D is not correct.

Now our last task is to identify the port roles of the ports between SwitchA & SwitchB. It is rather easy as the MAC address of SwitchA is lower than that of SwitchB so Fa0/2 of SwitchA will be designated port while Gi0/2 of SwitchB will be alternative port -> A is correct but C is not correct.

Below summaries all the port roles of these switches:

+ DP: Designated Port (forwarding state)
+ RP: Root Port (forwarding state)
+ AP: Alternative Port (blocking state)

II.15. Which feature builds a FIB and an adjacency table to expedite packet forwarding?

  • cut through
  • fast switching
  • process switching
  • Cisco Express Forwarding*
Show (Hide) Explanation/Reference
Cisco Express Forwarding (CEF) provides the ability to switch packets through a device in a very quick and efficient way while also keeping the load on the router’s processor low. CEF is made up of two different main components: the Forwarding Information Base (FIB) and the Adjacency Table. These are automatically updated at the same time as the routing table.

The Forwarding Information Base (FIB) contains destination reachability information as well as next hop information. This information is then used by the router to make forwarding decisions. The FIB allows for very efficient and easy lookups.

The adjacency table is tasked with maintaining the layer 2 next-hop information for the FIB.

II.16. What are two reasons that duplex mismatches can be difficult to diagnose? (Choose two.)

  • The interface displays a connected (up/up) state even when the duplex settings are mismatched.**
  • 1-Gbps interfaces are full-duplex by default.
  • Full-duplex interfaces use CSMA/CD logic, so mismatches may be disguised by collisions.
  • The symptoms of a duplex mismatch may be intermittent.*
  • Autonegotiation is disabled.

II.17. Which command would you configure globally on a Cisco router that would allow you to view directly connected Cisco devices?

  • enable cdp
  • cdp enable
  • cdp run*
  • run cdp
Show (Hide) Explanation/Reference
CDP is enabled by default on all Cisco routers. If it is turned off by any reason, we can turn it on again with the following command on global configuration mode:

Router(config)#cdp run

Note: CDP can be turned on or turned off on each interface. For example to turn off CDP on an interface we use this command:

Router(config-if)#no cdp enable

II.18. If all switches are configured with default values, which switch will take over when the primary root bridge experiences a power loss?

  • switch O0E0.F726 3DC6
  • switch 00E0.F90B 6BE3
  • switch 0004.9A1A C182*
  • switch 0040.0BC0 90C5

II.19. Which two protocols can detect native VLAN mismatch errors? (Choose two.)

  • STP*
  • PAgP
  • Cisco Discovery Protocol*
  • DTP
  • VTP

II.20. Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in trunk mode, dynamic desirable mode, or desirable auto mode?

  • trunk
  • access
  • dynamic desirable
  • dynamic auto*
Show (Hide) Explanation/Reference
The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco for the purpose of negotiating trunking on a link between two switches, and for negotiating the type of trunking encapsulation to be used.

In dynamic auto mode, the interface is able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. The default switchport mode for newer Cisco switch Ethernet interfaces is dynamic auto. Note that if two Cisco switches are left to the common default setting of auto, a trunk will never form.

In dynamic desirable mode, the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default switchport mode on older switches, such as the Catalyst 2950 and 3550 Series switches -> This is the best answer in this question.

Reference: http://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=8

II.21. Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in trunk mode, dynamic desirable mode, or desirable or auto mode?

  • Dynamic Auto
  • Dynamic Desirable*
  • Access
  • Trunk

II.22. Which three statements about DWDM are true? (Choose three)

  • It allows a single strand of fiber to support bidirectional communications*
  • It is used for long-distance and submarine cable systems*
  • It can multiplex up to 256 channels on a single fiber
  • It supports both the SDH and SONET standards*
  • Each channel can carry up to a 1-Gbps signal
  • It supports simplex communications over multiple strands of fiber
Show (Hide) Explanation/Reference
A newer fiber-optic media development for long-range communications is called dense wavelength-division multiplexing (DWDM). DWDM multiplies the amount of bandwidth that a single strand of fiber can support.

DWDM circuits are used in all modern submarine communications cable systems and other long-haul circuits.

Specifically, DWDM:

Enables bidirectional communications over one strand of fiber -> Answer A is correct
+ Assigns incoming optical signals to specific wavelengths of light (i.e., frequencies)
+ Each channel is capable of carrying a 10-Gbps multiplexed signal -> Answer E is not correct
+ Can multiplex more than 80 different channels of data (i.e., wavelengths) onto a single fiber -> Answer C is not correct
+ Can amplify these wavelengths to boost the signal strength
Supports SONET and SDH standards

Reference: http://www.ciscopress.com/articles/article.asp?p=2202411&seqNum=6

II.23. Which three statements about DTP are true? (Choose three.)

  • It is a proprietary protocol.*
  • It is a universal protocol.
  • It is a Layer 2-based protocol.*
  • It is enabled by default.*
  • It is disabled by default.
  • It is a Layer 3-based protocol.

II.24. Which three commands must you enter to create a trunk that allows VLAN 20? (Choose three.)

  • Switch(config-if)#switchport mode trunk*
  • Switch(config-if)#switchport mode dynamic desirableC. Switch(config-if)#switchport trunk native vlan 20
  • Switch(config-if)#switchport trunk encapsulation dot1q
  • Switch(config-if)#switchport trunk allowed vlan 20*
  • Switch(config-if)#switchport mode dynamic auto*

II.25. Which feature facilitates the tagging of frames on a specific VLAN?

  • Routing
  • Hairpinning
  • Encapsulation*
  • Switching

II.26. Which statement about spanning-tree root-bridge election is true?

  • It is always performed automatically
  • Each VLAN must have its own root bridge*
  • Each VLAN must use the same root bridge
  • Each root bridge must reside on the same root switch
Show (Hide) Explanation/Reference
Answer A is not correct as we can choose which switch to become root bridge by configuring bridge priority. The switch with lowest bridge priority (value) would become the root bridge.

For answer B, this paragraph from Cisco confirms it is the correct answer:

“When you implement a root bridge in a switching network, you usually refer to the root bridge as the root switch. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs can all reside in a single switch or in various switches.”

Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/5234-5.html

The meaning of answer C is not clear but maybe it means “every VLAN must use the same root bridge” which is not correct as Sw1 can be the root bridge for VLANs 1, 3, 5 but Sw2 can be the root bridge for VLAN 2, 4, 6…

From the quote above we can say answer D is not correct.

II.27. Which two statements about data VLANs on access ports are true? ( Choose two)

  • They can be configured as trunk ports.
  • Two or more VLANs can be configured on the interface.
  • 802.1Q encapsulation must be configured on the interface.
  • Exactly one VLAN can be configured on the interface.*
  • They can be configured as host ports.*

II.28. Which three options are switchport configurations that can always avoid duplex mismatch errors between two switches? (Choose three.)

  • set both side on auto-negotation.*
  • set both sides on half-duplex*
  • set one side auto and other side half-duplex
  • set both side of connection to full-duplex*
  • set one side auto and other side on full-duplex
  • set one side full-duplex and other side half-duplex
Show (Hide) Explanation/Reference
http://www.pathsolutions.com/network-enemy-1-duplex-mismatch/

II.29. Under normal operations, cisco recommends that you configure switch ports on which vlan?

  • on the default vlan
  • on the management vlan
  • on the native vlan
  • on any vlan except the default vlan*
Show (Hide) Explanation/Reference

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/24330-185.html

Note: There is a potential security consideration with dot1q that the implicit tagging of the native VLAN causes. The transmission of frames from one VLAN to another without a router can be possible. Refer to the Intrusion Detection FAQ leavingcisco.com for further details. The workaround is to use a VLAN ID for the native VLAN of the trunk that is not used for end-user access. In order to achieve this, the majority of Cisco customers simply leave VLAN 1 as the native VLAN on a trunk and assign access ports to VLANs other than VLAN 1.

II.30. Which statement about VLAN operation on Cisco Catalyst switches is true?

  • When a packet is received from an 802.1Q trunk, the VLAN ID can be determined from the source MAC
    address and the MAC address table.
  • Unknown unicast frames are retransmitted only to the ports that belong to the same VLAN.*
  • Broadcast and multicast frames are retransmitted to ports that are configured on different VLAN.
  • Ports between switches should be configured in access mode so that VLANs can span across the ports.
Show (Hide) Explanation/Reference
Each VLAN resides in its own broadcast domain, so incoming frames with unknown destinations are only transmitted to ports that reside in the same VLAN as the incoming frame.

II.31. Which two options describe benefits of aggregated chassis technology ( choose 2)?

  • it reduces management overhead.*
  • switches can be located anywhere regardless of there physical location.
  • it requires only 1 IP add per VLAN.*
  • it requires only 3 IP add per VLAN.
  • it supports HSRP VRRP GLBP.
  • it support redundant configuration files.
Show (Hide) Explanation/Reference
Chassis aggregation is a Cisco technology to make multiple switches operate as a single switch. It is similar to stacking but meant for powerful switches (like the 6500 and 6800 series switches). Chassis aggregation is often used in the core layer and distribution layer (while switching stacking is used for access layer).

The books do not mention about the benefits of chassis aggregation but they are the same as switch stacking.

+ The stack would have a single management IP address.
+ The engineer would connect with Telnet or SSH to one switch (with that one management IP address), not multiple switches.
+ One configuration file would include all interfaces in all physical switches.
+ STP, CDP, VTP would run on one switch, not multiple switches.
+ The switch ports would appear as if all are on the same switch.
+ There would be one MAC address table, and it would reference all ports on all physical switches.

Reference: CCNA Routing and Switching ICND2 200-105 Official Cert Guide

VSS is a chassis aggregation technology but it is dedicated for Cisco Catalyst 6500 Series Switches. VSS increases operational efficiency by simplifying the network, reducing switch management overhead by at least 50 percent -> A is correct

Single point of management, IP address, and routing instance for the Cisco Catalyst 6500 virtual switch
+ Single configuration file and node to manage. Removes the need to configure redundant switches twice with identical policies.
Only one gateway IP address is required per VLAN, instead of the three IP addresses per VLAN used today -> C is correct while D is not correct.
+ Removes the need for Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP)-> so maybe E is not correct.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-virtual-switching-system-1440/prod_qas0900aecd806ed74b.html

II.32. Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network segment that services the printers? 

  • Switch1
  • Switch2
  • Switch3*
  • Switch4
Show (Hide) Explanation/Reference
First, the question asks what switch services the printers, so it can be Switch 3 or Switch 4 which is connected directly to the Printers.

Next, by comparing the MAC address of Switch 3 and Switch 4 we found that the MAC of Switch 3 is smaller. Therefore the interface connected to the Printers of Switch 3 will become designated interface and the interface of Switch 4 will be blocked. The picture below shows the roles of all ports:

DP: Designated Port
RP: Root Port
BP: Blocked Port

(Please notice that Switch 1 will become the root bridge because of its lowest priority, not Switch 3)

II.33. Which type of MAC address is aged automatically by the switch?

  • dynamic*
  • manual
  • automatic
  • static

II.34. For what two purposes does the Ethernet protocol use physical addresses? (Choose two.)

  • to uniquely identify devices at Layer 2*
  • to allow communication with devices on a different network
  • to differentiate a Layer 2 frame from a Layer 3 packet
  • to establish a priority system to determine which device gets to transmit first
  • to allow communication between different devices on the same network*
  • to allow detection of a remote device when its physical address is unknown
Show (Hide) Explanation/Reference
Physical addresses or MAC addresses are used to identify devices at layer 2 -&gt; A is correct.

MAC addresses are only used to communicate on the same network. To communicate on different network we have to use Layer 3 addresses (IP addresses) -&gt; B is not correct; E is correct.

Layer 2 frame and Layer 3 packet can be recognized via headers. Layer 3 packet also contains physical address -&gt; C is not correct.

On Ethernet, each frame has the same priority to transmit by default -&gt; D is not correct.

All devices need a physical address to identify itself. If not, they can not communicate -&gt; F is not correct. 

II.35. When you enable PortFast on a switch port, the port immediately transitions to which state?

  • Blocking
  • Forwarding*
  • Learning
  • Listening
Show (Hide) Explanation/Reference
PortFast causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch or trunk ports that are connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.

II.36. Which two EtherChannel PAgP modes can you configure? (Choose two.)

  • on
  • desirable*
  • passive
  • auto*
  • active

II.37. Which command sequence can you enter to create VLAN 20 and assign it to an interface on a switch?

  • Switch(config)#vlan 20
    Switch(config)#Interface gig x/y
    Switch(config-if)#switchport access vlan 20  *
  • Switch(config)#Interface gig x/y
    Switch(config-if)#vlan 20
    Switch(config-vlan)#switchport access vlan 20
  • Switch(config)#vlan 20
    Switch(config)#Interface vlan 20
    Switch(config-if)#switchport trunk native vlan 20
  • Switch(config)#vlan 20
    Switch(config)#Interface vlan 20
    Switch(config-if)#switchport access vlan 20
  • Switch(config)#vlan 20
    Switch(config)#Interface vlan 20
    Switch(config-if)#switchport trunk allowed vlan 20

II.38. Which two statements about late collisions are true? (Choose two.)

  • They may indicate a duplex mismatch.*
  • By definition, they occur after the 512th bit of the frame has been transmitted.*
  • They indicate received frames that did not pass the FCS match.
  • They are frames that exceed 1518 bytes.
  • They occur when CRC errors and interference occur on the cable.
Show (Hide) Explanation/Reference
A late collision is defined as any collision that occurs after the first 512 bits of the frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, non-compliant number of hubs in the network, or a bad NIC.

Note: On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex.

II.39. Which command can you enter to re-enable Cisco Discovery Protocol on a local router after it has been disabled?

  • Router(config-if)#cdp run
  • Router(config-if)#cdp enable
  • Router(config)#cdp run*
  • Router(config)#cdp enable

II.40. Refer to the exhibit. The output that is shown is generated at a switch. Which three of these statements are true? (Choose three.)

  • All ports will be in a state of discarding, learning, or forwarding.*
  • Thirty VLANs have been configured on this switch.
  • The bridge priority is lower than the default value for spanning tree.*
  • All interfaces that are shown are on shared media.
  • All designated ports are in a forwarding state.*
  • This switch must be the root bridge for all VLANs on this switch.
Show (Hide) Explanation/Reference
From the output, we see that all ports are in Designated role (forwarding state) -> A and E are correct.

The command “show spanning-tree vlan 30″ only shows us information about VLAN 30. We don’t know how many VLAN exists in this switch -> B is not correct.

The bridge priority of this switch is 24606 which is lower than the default value bridge priority 32768 -> C is correct.

All three interfaces on this switch have the connection type “p2p”, which means Point-to-point environment – not a shared media -> D is not correct.

The only thing we can specify is this switch is the root bridge for VLAN 30 but we can not guarantee it is also the root bridge for other VLANs -> F is not correct.

II.41. Which two commands can be used to verify a trunk link configuration status on a given Cisco switch interface? (Choose two.)

  • show interface trunk*
  • show interface interface
  • show ip interface brief
  • show interface vlan
  • show interface switchport*
Show (Hide) Explanation/Reference
The “show interfaces trunk” command and “show interfaces switchport” command can be used to verify the status of an interface (trunking or not). The outputs of these commands are shown below (port Ethernet 1/0 has been configured as trunk):

The “show ip interface brief” command only gives us information about the IP address, the status (up/down) of an interface:

The “show interfaces vlan” command only gives us information about that VLAN, not about which ports are the trunk links:

II.42. Which two states are the port states when RSTP has converged? (Choose two.)

  • discarding*
  • listening
  • learning
  • forwarding*
  • disabled
Show (Hide) Explanation/Reference
RSTP only has 3 port states that are discarding, learning and forwarding. When RSTP has converged there are only 2 port states left: discarding and forwarding.

II.43. Refer to the exhibit. A technician has installed SwithchB and needs to configure it for remote access from the management workstation connected SwitchA. Which set of commands is required to accomplish this task?

Correct Answer: B

  • SwitchB(config)# interface FastEthernet 0/1
    SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0 SwitchB(config-if)# no shutdown
  • SwitchB(config)# interface vlan 1
    SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0 SwitchB(config-if)# ip default-gateway 192.168.8.254 255.255.255.0 SwitchB(config-if)# no shutdown
  • SwitchB(config)# ip default-gateway 192.168.8.254
    SwitchB(config)# interface vlan 1
    SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0 SwitchB(config-if)# no shutdown*
  • SwitchB(config)# ip default-network 192.168.8.254
    SwitchB(config)# interface vlan 1
    SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0 SwitchB(config-if)# no shutdown
  • SwitchB(config)# ip route 192.168.8.254 255.255.255.0
    SwitchB(config)# interface FastEthernet 0/1
    SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0 SwitchB(config-if)# no shutdown

II.43.

A technician has installed SwitchB and needs to configure it for remote access from the management workstation connected SwitchA. Which set of commands is required to accomplish this task?

  • A.
    SwitchB(config)#interface FastEthernet 0/1
    SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
    SwitchB(config-if)#no shutdown
  • B.
    SwitchB(config)#ip default-gateway 192.168.8.254
    SwitchB(config)#interface vlan 1
    SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
    SwitchB(config-if)#no shutdown*
  • C.
    SwitchB(config)#interface vlan 1
    SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
    SwitchB(config-if)#ip default-gateway 192.168.8.254 255.255.255.0
    SwitchB(config-if)#no shutdown
  • D.
    SwitchB(config)#ip default-network 192.168.8.254
    SwitchB(config)#interface vlan 1
    SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
    SwitchB(config-if)#no shutdown
Show (Hide) Explanation/Reference
To remote access to SwitchB, it must have a management IP address on a VLAN on that switch. Traditionally, we often use VLAN 1 as the management VLAN (but in fact it is not secure).

In the exhibit, we can recognize that the Management Workstation is in a different subnet from the SwitchB. For intersubnetwork communication to occur, you must configure at least one default gateway. This default gateway is used to forward traffic originating from the switch only, not to forward traffic sent by devices connected to the switch.

II.44. Which of the following are benefits of VLANs? (Choose three.)

  • They increase the size of collision domains.
  • They allow logical grouping of users by function.*
  • They can enhance network security.*
  • They increase the size of broadcast domains while decreasing the number of collision domains.
  • They increase the number of broadcast domains while decreasing the size of the broadcast domains.*
  • They simplify switch administration.
Show (Hide) Explanation/Reference
When using VLAN the number and size of collision domains remain the same -> A is not correct.

VLANs allow to group users by function, not by location or geography -> B is correct.

VLANs help minimize the incorrect configuration of VLANs so it enhances the security of the network -> C is correct.

VLAN increases the size of broadcast domains but does not decrease the number of collision domains -> D is not correct.

VLANs increase the number of broadcast domains while decreasing the size of the broadcast domains which increase the utilization of the links. It is also a big advantage of VLAN -> E is correct.

VLANs are useful but they are more complex and need more administration -> F is not correct.

II.45. Which three statements accurately describe Layer 2 Ethernet switches? (Choose three.)

  • Spanning Tree Protocol allows switches to automatically share VLAN information.
  • Establishing VLANs increases the number of broadcast domains.**
  • Switches that are configured with VLANs make forwarding decisions based on both Layer 2 and Layer 3 address information.
  • Microsegmentation decreases the number of collisions on the network.*
  • In a properly functioning network with redundant switched paths, each switched segment will contain one root bridge with all its ports in the forwarding state. All other switches in that broadcast domain will have only one root port.*
  • If a switch receives a frame for an unknown destination, it uses ARP to resolve the address.
Show (Hide) Explanation/Reference
Microsegmentation is a network design (functionality) where each workstation or device on a network gets its own dedicated segment (collision domain) to the switch. Each network device gets the full bandwidth of the segment and does not have to share the segment with other devices. Microsegmentation reduces and can even eliminate collisions because each segment is its own collision domain

Note: Microsegmentation decreases the number of collisions but it increases the number of collision domains.

II.46. What is the status of port-channel if LACP is misconfigured?

  • Forwarding
  • Enabled
  • Disabled*
  • Errdisabled
Show (Hide) Explanation/Reference
EtherChannel misconfiguration occurs when the channel parameters do not match on both sides of the EtherChannel, resulting in the following message:

%PM-SP-4-ERR_DISABLE: channel-misconfig error detected on Po3, putting E1/3 in err-disable state

Therefore from the output above we can see that when miconfigured, the physical (member) interface is put into err-disable state.

But this question asks above “the status of port-channel” (not the physical member interface) so answer “Disabled” is a better choice.

II.47. How to create a trunk port and allow VLAN 20? (Choose Three.)

  • switchport trunk encapsulation dot1q*
  • switchport mode trunk*
  • switchport trunk allowed vlan 20*
  • switchport trunk native vlan 20
  • switchport mode dynamic desirable
Show (Hide) Explanation/Reference
In switches that support both InterSwitch Link (ISL) and 802.1Q trunking encapsulations, we need to specify an trunking protocol so we must use the command “switchport trunk encapsulation dot1q” command first to set the trunk mode to 802.1Q. Then we configure trunking interface with the “switchport mode trunk” command. Then we explicitly allow vlan 20 with the command “switchport trunk allowed vlan 20” command. By default all VLANs are allowed to pass but after entering this command, only VLAN 20 is allowed.

II.48. Which mode is compatible with Trunk, Access, and desirable ports?

  • Trunk Ports
  • Access Ports
  • Dynamic Auto*
  • Dynamic Desirable

Show (Hide) Explanation/Reference
Explanation from http://www.9tut.com/trunking-questions
Maybe this question wanted to ask “if the other end is configured with trunk/access/desirable mode” then which mode is compatible so that the link can work. In that case both “dynamic auto” and “dynamic desirable” mode are correct. The difference between these two modes is “dynamic auto” is passively waiting for the other end to request to form a trunk while “dynamic desirable” will actively attempt to negotiate to convert the link into a trunk.

II.49. What parameter can be different on ports within an EtherChannel?

  • speed
  • DTP negotiation settings*
  • trunk encapsulation
  • duplex
Show (Hide) Explanation/Reference
All interfaces in an EtherChannel must be configured identically to form an EtherChannel. Specific settings that must be identical include:

Speed settings
Duplex settings
+ STP settings
+ VLAN membership (for access ports)
+ Native VLAN (for trunk ports)
+ Allowed VLANs (for trunk ports)
Trunking Encapsulation (ISL or 802.1Q, for trunk ports)

II.50. Which spanning-tree protocol rides on top of another spanning-tree protocol?

  • MSTP*
  • RSTP
  • PVST+
  • Mono Spanning Tree
Show (Hide) Explanation/Reference
Multiple Spanning Tree (MST) rides on top of RSTP so it converges very fast. The idea behind MST is that some VLANs can be mapped to a single spanning tree instance because most networks do not need more than a few logical topologies.

II.51. Which three statements about RSTP are true? (Choose three.)

  • RSTP significantly reduces topology reconverging time after a link failure.*
  • RSTP expands the STP port roles by adding the alternate and backup roles.*
  • RSTP port states are blocking, discarding, learning, or forwarding.
  • RSTP provides a faster transition to the forwarding state on point-to-point links than STP does.*
  • RSTP also uses the STP proposal-agreement sequence.
  • RSTP uses the same timer-based process as STP on point-to-point links

II.52. Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two.)

  • SW1#show port-secure interface FastEthernet 0/12
  • SW1#show switchport port-secure interface FastEthernet 0/12
  • SW1#show running-config*
  • SW1#show port-security interface FastEthernet 0/12*
  • SW1#show switchport port-security interface FastEthernet 0/12
Show (Hide) Explanation/Reference
We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:

II.53. Refer to the exhibit. Switch port FastEthernet 0/24 on ALSwitch1 will be used to create an IEEE 802.1Q-compliant trunk to another switch. Based on the output shown, what is the reason the trunk does not form, even though the proper cabling has been attached?

  • VLANs have not been created yet.
  • An IP address must be configured for the port.
  • The port is currently configured for access mode.*
  • The correct encapsulation type has not been configured.
  • The no shutdown command has not been entered for the port.
Show (Hide) Explanation/Reference
According to the output shown the switchport (layer 2 Switching) is enabled and the port is in access mode. To make a trunk link the port should configured as a trunk port, not an access port, by using the following command: (Config-if)#switchport mode trunk

II.54. Refer to the exhibit. Switch-1 needs to send data to a host with a MAC address of 00b0.d056.efa4. What will Switch-1 do with this data?

  • Switch-1 will drop the data because it does not have an entry for that MAC address.
  • Switch-1 will flood the data out all of its ports except the port from which the data originated.*
  • Switch-1 will send an ARP request out all its ports except the port from which the data originated.
  • Switch-1 will forward the data to its default gateway.
Show (Hide) Explanation/Reference
The MAC address of 00b0.d056.efa4 has not been learned in its MAC address table so Switch-1 will broadcast the frame out all of its ports except the port from which the data originated.

II.55. Standard industrialized protocol of etherchannel?

  • LACP*
  • PAGP
  • PRP
  • REP

II.56. How to enable vlans automatically across multiple switches?

  • Configure VLAN
  • Confiture NTP
  • Configure each VLAN
  • Configure VTP*

II.57. What are contained in layer 2 ethernet frame? (Choose Three.)

  • Preamble*
  • TTL
  • Type/length*
  • Frame check sequence*
  • version
  • others
Show (Hide) Explanation/Reference
At the end of each frame there is a Frame Check Sequence (FCS) field. FCS can be analyzed to determine if errors have occurred. FCS uses cyclic redundancy check (CRC) algorithm to detect errors in the transmitted frames. Before sending data, the sending host generates a CRC based on the header and data of that frame. When this frame arrives, the receiving host uses the same algorithm to generate its own CRC and compare them. If they do not match then a CRC error will occur.

Preamble is used to indicate the start of the frame by arranging the first 62 bits as alternating “1/0s” and the last two bits as “1”s. Like so, 010101010101010………………………10101011. Therefore when the receiving end sees the “11” it knows where the actual Ethernet header starts. The alternating 1s and 0s will also allow the two endpoints to sync their internal clocks. In summary, preamble is used for synchronization.

The “Type/Length” field is used to indicate the “Type”of the payload (Layer 3 protocol) which is indicated as a Hexadecimal value.

Note: Ethernet II uses “Type” while the old Ethernet version use “Length”

II.58. Which two of these are characteristics of the 802.1Q protocol? (Choose two.)

  • It is used exclusively for tagging VLAN frames and does not address network reconvergence following switched network topology changes.
  • It modifies the 802.3 frame header, and thus requires that the FCS be recomputed.*
  • It is a Layer 2 messaging protocol which maintains VLAN configurations across networks.
  • It includes an 8-bit field which specifies the priority of a frame.
  • It is a trunking protocol capable of carrying untagged frames.*
Show (Hide) Explanation/Reference
IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet network. It is a protocol that allows VLANs to communicate with one another using a router. 802.1Q trunks support tagged and untagged frames.

If a switch receives untagged frames on a trunk port, it believes that frame is a part of the native VLAN. Also, frames from a native VLAN are not tagged when exiting the switch via a trunk port.

The 802.1q frame format is same as 802.3. The only change is the addition of 4 bytes fields. That additional header includes a field with which to identify the VLAN number. Because inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer.

Note: Frame Check Sequence (FCS) is a four-octet field used to verify that the frame was received without loss or error. FCS is based on the contents of the entire frame.

II.59. Which command is used to know the duplex speed of serial link?

  • show line
  • show interface*
  • show protocol
  • show run
Show (Hide) Explanation/Reference
Nowadays all serial links are full-duplex (as serial interfaces have separate Rx & Tx pins) so maybe this question wants to ask about how to check the speed of the serial link. The “show interface” command gives us information about this. An example of this command is shown below:

In this output the speed of S0/0 interface is 1544 Kbits.

II.60. A BPDU guard is configured on an interface that has PortFast enabled. Which state does the interface enter when it receives a BPDU?

  • Blocking
  • Shutdown
  • Listening
  • Errdisable*
Show (Hide) Explanation/Reference
PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port.In a valid configuration, PortFast-configured interfaces do not receive BPDUs (because PortFast should only be configured on interfaces which are connected to hosts). If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service.Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/stp_enha.html

II.61. Which mode are in PAgP? (choose two)

  • Auto.*
  • Desirable.*
  • Active.
  • Passive.
  • On.
Show (Hide) Explanation/Reference
There are two PAgP modes:

Auto Responds to PAgP messages but does not aggressively negotiate a PAgP EtherChannel. A channel is formed only if the port on the other end is set to Desirable. This is the default mode.
Desirable Port actively negotiates channeling status with the interface on the other end of the link. A channel is formed if the other side is Auto or Desirable.

The table below lists if an EtherChannel will be formed or not for PAgP:

PAgP Desirable Auto
Desirable Yes Yes
Auto Yes No

II.62. In an Ethernet network, under what two scenarios can devices transmit? (Choose two.)

  • when they receive a special token.
  • when there is a carrier.
  • when they detect no other devices are sending.*
  • when the server grants access.
  • when the medium is idle.*

II.63. At the end of an RSTP election process, which access layer switch port will assume the discarding role?

  • Switch3, port fa0/1
  • Switch3, port fa0/12
  • Switch4, port fa0/11*
  • Switch4, port fa0/2
  • Switch3, port Gi0/1
  • Switch3, port Gi0/2
Show (Hide) Explanation/Reference
In this question, we only care about the Access Layer switches (Switch3 & 4). Switch 3 has a lower bridge
ID than Switch 4 (because the MAC of Switch3 is smaller than that of Switch4) so both ports of Switch3
will be in forwarding state. The alternative port will surely belong to Switch4.
Switch4 will need to block one of its ports to avoid a bridging loop between the two switches. But how
does Switch4 select its blocked port? Well, the answer is based on the BPDUs it receives from Switch3. A
BPDU is superior to another if it has:
1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID
These four parameters are examined in order. In this specific case, all the BPDUs sent by Switch3 have
the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only
parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). In this
case the port priorities are equal because they use the default value, so Switch4 will compare port index
values, which are unique to each port on the switch, and because Fa0/12 is inferior to Fa0/1, Switch4 will
select the port connected with Fa0/1 (of Switch3) as its root port and block the other port -> Port fa0/11
of Switch4 will be blocked (discarding role). 

II.64. Which switch would STP choose to become the root bridge in the selection process?

  • 32768: 11-22-33-44-55-66*
  • 32768: 22-33-44-55-66-77
  • 32769: 11-22-33-44-55-65
  • 32769: 22-33-44-55-66-78

II.65. Refer to the exhibit. What two results would occur if the hub were to be replaced with a switch that is configured with one Ethernet VLAN? (Choose two.)

  • The number of collision domains would remain the same.
  • The number of collision domains would decrease.
  • The number of collision domains would increase.*
  • The number of broadcast domains would remain the same.*
  • The number of broadcast domains would decrease.
  • The number of broadcast domains would increase.

II.66. For which two protocols can PortFast alleviate potential host startup is-sues? (Choose two.)

  • DHCP*
  • DNS*
  • OSPF
  • RIP
  • CDP

II.67. Which method does a connected trunk port use to tag VLAN traffic?

  • IEEE 802 1w
  • IEEE 802 1D
  • IEEE 802 1Q*
  • IEEE 802 1p
Show (Hide) Explanation/Reference
IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network. When a frame enters the VLAN-aware portion of the network (a trunk link, for example), a VLAN ID tag is added to represent the VLAN membership of that frame. The picture below shows how VLAN tag is added and removed while going through the network.

II.68. Configuration of which option is required on a Cisco switch for the Cisco IP phone to work?

  • PortFast on the interface
  • the interface as an access port to allow the voice VLAN ID*
  • a voice VLAN ID in interface and global configuration mode
  • Cisco Discovery Protocol in global configuration mode
Show (Hide) Explanation/Reference
When you connect an IP phone to a switch using a trunk link, it can cause high CPU utilization in the switches. As all the VLANs for a particular interface are trunked to the phone, it increases the number of STP instances the switch has to manage. This increases the CPU utilization. Trunking also causes unnecessary broadcast / multicast / unknown unicast traffic to hit the phone link.

In order to avoid this, remove the trunk configuration and keep the voice and access VLAN configured along with Quality of Service (QoS). Technically, it is still a trunk, but it is called a Multi-VLAN Access Port (MVAP). Because voice and data traffic can travel through the same port, you should specify a different VLAN for each type of traffic. You can configure a switch port to forward voice and data traffic on different VLANs. Configure IP phone ports with a voice VLAN configuration. This configuration creates a pseudo trunk, but does not require you to manually prune the unnecessary VLANs.

The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. You can configure a voice VLAN with the “switchport voice vlan …” command under interface mode. The full configuration is shown below:

Switch(config)#interface fastethernet0/1
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport access vlan 10 
Switch(config-if)#switchport voice vlan 20

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4500-series-switches/69632-configuring-cat-ip-phone.html

II.69. Refer to the exhibit. Which statement describes the effect of this configuration?

  • The VLAN 10 VTP configuration is displayed
  • VLAN 10 spanning-tree output is displayed
  • The VLAN 10 configuration is saved when the router exits VLAN configuration mode*
  • VLAN 10 is added to the VLAN database
Show (Hide) Explanation/Reference
With the configuration above, when we type “do show vlan” we would not see VLAN 10 in the VLAN database because it has not been created yet. VLAN 10 is only created when we exits VLAN configuration mode (with “exit” command).

II.70. Which statement about native VLAN traffic is true?

  • Cisco Discovery Protocol traffic travels on the native VLAN by default*
  • Traffic on the native VLAN is tagged with 1 by default
  • Control plane traffic is blocked on the native VLAN.
  • The native VLAN is typically disabled for security reasons

II.71. Which statement about unicast frame forwarding on a switch is true?

  • The TCAM table stores destination MAC addresses
  • If the destination MAC address is unknown, the frame is flooded to every port that is configured in the same VLAN except on the port that it was received on.*
  • The CAM table is used to determine whether traffic is permitted or denied on a switch
  • The source address is used to determine the switch port to which a frame is forwarded

II.72. Which two statements about VTP are true? (Choose two.)

  • All switches must be configured with the same VTP domain name*
  • All switches must be configured to perform trunk negotiation.
  • All switches must be configured with a unique VTP domain name
  • The VTP server must have the highest revision number in the domain*
  • All switches must use the same VTP version.

II.73. Which type does a port become when it receives the best BPDU on a bridge?

  • The designated port
  • The backup port
  • The alternate port
  • The root port*
Show (Hide) Explanation/Reference
Root port is the port on non-root bridge which is closest to the root bridge (in term of cost). Therefore when a port receives the best BPDU on a non-root bridge it will become the root port.

II.74. Which value can you modify to configure a specific interface as the preferred forwarding interface?

  • The interface number
  • The port priority*
  • The VLAN priority
  • The hello time
Show (Hide) Explanation/Reference
We can configure the port priority to change the preferred forwarding interface as we wish. For example we can change the port priority of an interface for VLAN 20 to 64 as follows:

Switch(config-if)#spanning-tree vlan 20 port-priority 64

II.75. Which statement about VLAN configuration is true?

  • The switch must be in VTP server or transparent mode before you can configure a VLAN*
  • The switch must be in config-vlan mode before you configure an extended VLAN
  • Dynamic inter-VLAN routing is supported on VLAN2 through VLAN 4064`
  • A switch in VTP transparent mode save the VLAN databases to the running configuration only

II.76. Which two protocols are used by bridges and/or switches to prevent loops in a layer 2 network? (Choose two.)

  • 802.1d*
  • VTP
  • 802.1q
  • SAP
  • STP*

II.77. How can you disable DTP on a switch port?

  • Configure the switch port as a trunk.* (no correct answer, in fact) 
  • Add an interface on the switch to a channel group.
  • Change the operational mode to static access
  • Change the administrative mode to access
Show (Hide) Explanation/Reference
Although some books and websites said DTP is disabled if the switch port is configured as trunk or access mode (via the command “switchport mode trunk” or “switchport mode access”) but in fact DTP is still running in these modes. Please read at http://packetlife.net/blog/2008/sep/30/disabling-dynamic-trunking-protocol-dtp/. The only way to disable DTP on a switch port is to use the “switchport nonegotiate” command. But notice this command can only be used after configuring that switch port in “trunk” or “access” mode.

Therefore this is a question with no correct answer but if we have to choose an answer, we will choose answer A. At least it is correct in theory.

II.78. Which command can you enter on a switch to display the IP addresses associated with connected devices?

  • Show cdp neighbors detail*
  • Show cdp neighbor
  • Show cdp interface
  • Show cdp traffic
Show (Hide) Explanation/Reference
Only the “show cdp neighbor detail” gives us information about the IP address of the connected device. Below is an example of this command.

II.79. Which protocol is a Cisco proprietary implementation of STP?

  • CST
  • RSTP
  • MSTP
  • PVST+*

II.80. VLAN 3 is not yet configured on your switch. What happens if you set the switchport access vlan 3 command in interface configuration mode?

  • The command is rejected.
  • The port turns amber.
  • The command is accepted and the respective VLAN is added to vlan.dat.*
  • The command is accepted and you must configure the VLAN manually.
Show (Hide) Explanation/Reference
The “switchport access vlan 3″will put that interface as belonging to VLAN 3 while also updated the VLAN database automatically to include VLAN 3.

II.81. Three switches are connected to one another via trunk ports. Assuming the default switch configuration, which switch is elected as the root bridge for the spanning-tree instance of VLAN 1?

  • the switch with the highest MAC address
  • the switch with the lowest MAC address*
  • the switch with the highest IP address
  • the switch with the lowest IP address
Show (Hide) Explanation/Reference
Each switch in your network will have a Bridge ID Priority value, more commonly referred to as a BID.
This BID is a combination of a default priority value and the switch’s MAC address, with the priority value listed first. The lowest BID will win the election process.
For example, if a Cisco switch has the default priority value of 32,768 and a MAC address of 11-22-33- 44-55-66, the BID would be 32768:11-22-33-44-55-66. Therefore, if the switch priority is left at the default, the MAC address is the deciding factor in the root bridge election.

II.82. Which command enables RSTP on a switch?

  • spanning-tree uplinkfast
  • spanning-tree mode rapid-pvst*
  • spanning-tree backbonefast
  • spanning-tree mode mst
Show (Hide) Explanation/Reference
Rapid Spanning Tree Protocol (RSTP) is an enhancement of the original STP 802.1D protocol. The RSTP 802.1w protocol is an IEEE open implementation. Cisco has its own proprietary implementation of RSTP, that includes the benefits of its Per-VLAN spanning tree protocols, called Rapid-PVST+.
To activate the Rapid-PVST+ protocol: switch(config)#spanning-tree mode rapid-pvst

II.83. Cisco Catalyst switches CAT1 and CAT2 have a connection between them using ports FA0/13. An 802.1Q trunk is configured between the two switches. On CAT1, VLAN 10 is chosen as native, but on CAT2 the native VLAN is not specified. What will happen in this scenario?

  • 802.1Q giants frames could saturate the link.
  • VLAN 10 on CAT1 and VLAN 1 on CAT2 will send untagged frames.
  • A native VLAN mismatch error message will appear.*
  • VLAN 10 on CAT1 and VLAN 1 on CAT2 will send tagged frames.
Show (Hide) Explanation/Reference
A “native VLAN mismatch” error will appear by CDP if there is a native VLAN mismatch on an 802.1Q link. “VLAN mismatch” can cause traffic from one vlan to leak into another vlan.

II.84. Refer to the exhibit

All switch ports are assigned to the correct VLANs, but none of the hosts connected to SwitchA can communicate with hosts in the same VLAN connected to SwitchB. Based on the output shown, what is the most likely problem?

  • The access link needs to be configured in multiple VLANs.
  • The link between the switches is configured in the wrong VLAN.
  • The link between the switches needs to be configured as a trunk.*
  • VTP is not configured to carry VLAN information between the switches.
  • Switch IP addresses must be configured in order for traffic to be forwarded between the switches.
Show (Hide) Explanation/Reference
In order to pass traffic from VLANs on different switches, the connections between the switches must be configured as trunk ports.

II.85. What is the function of the command switchport trunk native vlan 999 on a Cisco Catalyst switch?

  • It creates a VLAN 999 interface.
  • It designates VLAN 999 for untagged traffic.*
  • It blocks VLAN 999 traffic from passing on the trunk.
  • It designates VLAN 999 as the default for all unknown tagged traffic.
Show (Hide) Explanation/Reference
Configuring the Native VLAN for Untagged Traffic A trunk port configured with 802.1Q tagging can receive both tagged and untagged traffic. By default, the switch forwards untagged traffic in the native VLAN configured for the port. The native VLAN is VLAN 1 by default.

II.86. Refer to the exhibit. A frame on VLAN 1 on switch S1 is sent to switch S2 where the frame is received on VLAN 2. What causes this behavior?

  • trunk mode mismatches
  • vlans that do not correspond to a unique IP subnet
  • native vlan mismatches*
  • allowing only vlan 2 on the destination

II.87. Why will a switch never learn a broadcast address?

  • Broadcast frames are never sent to swiches.
  • Broadcast addresses use an incorrect format for the switching table.
  • A broadcast address will never be the source address of a frame.*
  • Broadcasts only use network layer addressing.
  • A broadcast frame is never forwarded by a switch.

II.88. What can you change to select switch as root bridge?

  • make lower priority*
  • make higher priority
  • make lower path cost
  • make higher path cost

II.89. Which two types of information are held in the MAC address table? (Choose two)

  • MAC address*
  • soure IP address
  • destination IP address
  • Protocols
  • Port numbers*
Show (Hide) Explanation/Reference
We can check the MAC address table with the command “show mac address-table”:

As we can see here, the “MAC address” field is the source MAC address and the “Ports” field are the ports of the switch from which the frames (with corresponding source MAC address) were received.

II.90. Which three are valid modes for a switch port used as a VLAN trunk? (choose three)

  • Desirable*
  • Auto*
  • On*
  • Blocking
  • Transparent
  • Forwarding

II.91. Which type of attack can be mitigated by configuring the default native VLAN to be unused?

  • CAM table overflow
  • switch spoofing
  • VLAN hopping*
  • MAC spoofing

II.92. Which process is associated with spanning-tree convergence?

  • determining the path cost
  • electing designated ports*
  • learning the sender bridge ID
  • assigning the port ID
Show (Hide) Explanation/Reference
SPT must performs three steps to provide a loop-free network topology:

1. Elects one root bridge
2. Select one root port per nonroot bridge
3. Select one designated port on each network segment -> Answer B is correct.

II.93. Which option is a benefit of switch stacking?

  • It provides redundancy with no impact on resource usage
  • It simplifies adding and removing hosts.
  • It supports better performance of high-needs applications.
  • It provides higher port density with better resource usage.*
Show (Hide) Explanation/Reference
Switch stacking technology allows the network engineer to make that stack of physical switches act like one switch. The stacking cables together make a ring between the switches. That is, the switches connect in series, with the last switch connecting again to the first.

Answer B is not correct as switch stacking is about connecting switches together so that they act as one switch, not about adding and removing hosts.

Answer C is not correct because switch stacking has nothing to do with performance of high-needs applications.

Surely switch stacking provides redundancy as stacking creates a ring of connection with two opposite paths. Whenever a frame is ready for transmission onto the path, a calculation is made to see which path has the most available bandwidth. The entire frame is then copied onto this half of the path.

With switch stacking, STP, CDP and VTP would run on one switch, not multiple switches. Also there would be one MAC address table, and it would reference all ports on all physical switches so we may say switch stacking has better resource usage. Also if we consider all stacking switches as one logical switch then surely the port density is increase very much. Therefore answer D is the most suitable one.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/prod_white_paper09186a00801b096a.html

II.94. Which port state is introduced by Rapid-PVST?

  • learning
  • listening
  • discarding*
  • forwarding
Show (Hide) Explanation/Reference
PVST+ is based on IEEE802.1D Spanning Tree Protocol (STP). But PVST+ has only 3 port states (discarding, learning and forwarding) while STP has 5 port states (blocking, listening, learning, forwarding and disabled). So discarding is a new port state in PVST+.

II.95. What are the possible trunking modes for a switch port? (Choose three.)

  • transparent
  • auto*
  • on*
  • desirable*
  • client
  • forwarding

II.96. Refer to the exhibit. What set of commands was configured on interface Fa0/3 to produce the given the output?

  • interface FastEthernet 0/3
    Channel-group 1 mode desirable
    Switchport trunk encapsulation dot1q
    Switchport mode trunk
  • interface FastEthernet 0/3
    Channel-group 2 mode passive
    Switchport trunk encapsulation dot1q
    Switchport mode trunk*
  • interface FastEthernet 0/3
    Channel-group 2 mode on
    Switchport trunk encapsulation dot1q
    Switchport mode trunk
  • interface FastEthernet 0/3
    Channel-group 2 mode active
    Switchport trunk encapsulation dot1q
    Switchport mode trunk

II.97. Which type of secure MAC address must be configured manually?

  • dynamic
  • bia
  • static*
  • sticky

II.98. Which two elements are fields in an Ethernet frame? (Choose two.)

  • frame check sequence*
  • header
  • source IP address
  • destination IP address
  • type*

II.99. What is one benefit of PVST+?

  • PVST+ supports Layer 3 load balancing without loops.
  • PVST+ reduces the CPU cycles for all the switches in the network.
  • PVST+ allows the root switch location to be optimized per VLAN.*
  • PVST+ automatically selects the root bridge location, to provide optimized bandwidth usage.
Show (Hide) Explanation/Reference
The PVST+ provides Layer 2 load-balancing for the VLAN on which it runs. You can create different logical topologies by using the VLANs on your network to ensure that all of your links are used but that no one link is oversubscribed. Each instance of PVST+ on a VLAN has a single root switch. This root switch propagates the spanning-tree information associated with that VLAN to all other switches in the network. Because each switch has the same information about the network, this process ensures that the network topology is maintained and optimized per VLAN.

II.100. Which three of these statements regarding 802.1Q trunking are correct? (Choose three.)

  • 802.1Q native VLAN frames are untagged by default.*
  • 802.1Q trunking ports can also be secure ports.
  • 802.1Q trunks can use 10 Mb/s Ethernet interfaces.*
  • 802.1Q trunks require full-duplex, point-to-point connectivity.
  • 802.1Q trunks should have native VLANs that are the same at both ends.*

II.101. Which IEEE standard protocol is initiated as a result of successful DTP completion in a switch over FastEthernet?

  • 802.3ad
  • 802.1w
  • 802.1Q*
  • 802.1d
Show (Hide) Explanation/Reference
Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol for negotiating trunking on a link between two devices and for negotiating the type of trunking encapsulation (802.1Q) to be used.

II.102. Which of the port is not part of STP protocol.

  • Listening
  • Learning
  • Forwarding
  • Discarding*

II.103. Assuming the default switch configuration which vlan range can be added modified and removed on a cisco switch?

  • 2 through 1001*
  • 1 through 1001
  • 1 through 1002
  • 2 through 1005

II.104. Based on the output below, which two statements are true of the interfaces on Switch1? (Choose two.)

  • A hub is connected directly to FastEthernet0/5*
  • FastEthernet0/1 is configured as a trunk link.*
  • FastEthernet0/5 has statically assigned mac address
  • Interface FastEthernet0/2 has been disable.
  • Multiple devices are connected directly to FastEthernet0/1.
  • FastEthernet0/1 is connected to a host with multiple network interface cards.
Show (Hide) Explanation/Reference
From the “show mac address-table” output, we see FastEthernet0/1 can receive traffic from multiple VLANs -> it is configured as a trunk. Also from the “show cdp neighbors” output, we see Fa0/1 of this switch is connecting to Switch2 so it is configured as a trunk.

There are two MAC addresses learned from FastEthernet0/5 while FastEthernet0/5 is not configured as trunk (only Fa0/2 & Fa0/3 are configured as trunk links) -> a hub is used on this port.

II.105. Refer to the exhibit. How should the FastEthernet0/1 port on the 2950 model switches that are shown in the exhibit be configured to allow connectivity between all devices?

  • The ports only need to be connected by a crossover cable.
  • SwitchX(config)# interface FastEthernet 0/1
    SwitchX(config-if)# switchport mode trunk
  • SwitchX(config)# interface FastEthernet 0/1 SwitchX(config-if)# switchport mode access SwitchX(config-if)# switchport access vlan 1
  • SwitchX(config)# interface FastEthernet 0/1 SwitchX(config-if)# switchport mode trunk SwitchX(config-if)# switchport trunk vlan 1 SwitchX(config-if)# switchport trunk vlan 10 SwitchX(config-if)# switchport trunk vlan 20

II.106. Which RPVST+ port state is excluded from all STP operations?

  • learning
  • forwarding
  • blocking
  • disabled*

II.107. Which option is the industry-standard protocol for EtherChannel?

  • PAgP
  • LACP*
  • Cisco Discovery Protocol
  • DTP
Show (Hide) Explanation/Reference
LACP is the IEEE Standard (IEEE 802.3ad) and is the most common dynamic Etherchannel protocol, whereas PAgP is a Cisco proprietary protocol and works only between supported vendors and Cisco devices.

II.108. Which two pieces of information can be shared with LLDP TLVs? (Choose two)

  • device management address.*
  • device type*
  • spanning-tree topology
  • routing configuration
  • access-list configuration

II.109. Which two statements about stacking Cisco switches are true ?(choose two)

  • It enables the administrator to manage multiple switches from a single management interface*
  • The administrator can create only one stack of switches in a network which is under the same administrative domian
  • When a new master switch is elected,it queries the previous master for its running configuration
  • The administrator can add additional switches to the stack as demand increases*
  • Each switch manages its own MAC address table

II.110. Refer to the exhibit.If the devices produced the given output, what is the cause of the EtherChannel problem?

  • There is a speed mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interfaces.*
  • There is an MTU mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interfaces
  • There is an encapsulation mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interface
  • SW1’s Fa0/1 interface is administratively shut down.

II.111. For which two reasons might be you choose chassis aggregation instead of stacking switches? (Choose two.)

  • to increase the number of devices in use*
  • Bto increase the maximum port count
  • to avoid the use of a centralized configuration manager*
  • to allow hot-swapping modules
  • to avoid relying solely on Ethernet interfaces

II.112. Refer to the exhibit. The two exhibited devices are the only Cisco devices on the network. The serial network between the two devices has a mask of 255.255.255.252. Given the output that is shown, what three statements are true of these devices? (Choose three.)

  • The Manchester serial address is 10.1.1.1.*
  • The Manchester serial address is 10.1.1.2.
  • The London router is a Cisco 2610.*
  • The Manchester router is a Cisco 2610.
  • The CDP information was received on port Serial0/0 of the Manchester router.
  • The CDP information was sent by port Serial0/0 of the London router.*

II.113. Refer to the exhibit. Based on the information given, which switch will be elected root bridge and why?

  • Switch A, because it has the lowest MAC address
  • Switch A, because it is the most centrally located switch
  • Switch B, because it has the highest MAC address
  • Switch C, because it is the most centrally located switch
  • Switch C, because it has the lowest priority*
  • Switch D, because it has the highest priority

II.114. A network interface port has collision detection and carrier sensing enabled on a shared twisted pair network. From this statement, what is known about the network interface port?

  • This is a 10 Mb/s switch port.
  • This is a 100 Mb/s switch port.
  • This is an Ethernet port operating at half duplex.*
  • This is an Ethernet port operating at full duplex.
  • This is a port on a network interface card in a PC.
Show (Hide) Explanation/Reference
Modern Ethernet networks built with switches and full-duplex connections no longer utilize CSMA/CD. CSMA/CD is only used in obsolete shared media Ethernet (which uses repeater or hub).

II.115. Refer to the exhibit. Given the output shown from this Cisco Catalyst 2950, what is the reason that interface FastEthernet 0/10 is not the root port for VLAN 2?

  • This switch has more than one interface connected to the root network segment in VLAN 2.
  • This switch is running RSTP while the elected designated switch is running 802.1d Spanning Tree.
  • This switch interface has a higher path cost to the root bridge than another in the topology.*
  • This switch has a lower bridge ID for VLAN 2 than the elected designated switch.
Show (Hide) Explanation/Reference
Since the port is in the blocked status, we must assume that there is a shorter path to the root bridge elsewhere.

II.116. Refer to the exhibit. Why has this switch not been elected the root bridge for VLAN1?

  • It has more than one interface that is connected to the root network segment.
  • It is running RSTP while the elected root bridge is running 802.1d spanning tree.
  • It has a higher MAC address than the elected root bridge.
  • It has a higher bridge ID than the elected root bridge.*
Show (Hide) Explanation/Reference
The root bridge is determined by the lowest bridge ID, and this switch has a bridge ID priority of 32768, which is higher than the roots priority of 20481.

II.117. Which two link protocols are used to carry multiple VLANs over a single link? (Choose two.)

  • VTP
  • 802.1q*
  • IGP
  • ISL*
  • 802.3u
Show (Hide) Explanation/Reference
Cisco switches can use two different encapsulation types for trunks, the industry standard 802.1q or the Cisco
proprietary ISL. Generally, most network engineers prefer to use 802.1q since it is standards based and will
interoperate with other vendors.

II.118. Assuming the default switch configuration, which VLAN range can be added, modified, and removed on a Cisco switch?

  • 1 through 1001
  • 2 through 1001*
  • 1 through 1002
  • 2 through 1005
Show (Hide) Explanation/Reference
VLAN 1 is the default VLAN on Cisco switch. It always exists and cannot be added, modified or removed.
VLANs 1002-1005 are default VLANs for FDDI & Token Ring and they can’t be deleted or used for Ethernet.

II.119. Refer to the topology shown in the exhibit. Which ports will be STP designated ports if all the links are operating at the same bandwidth? (Choose three.)

  • Switch A – Fa0/0
  • Switch A – Fa0/1*
  • Switch B – Fa0/0*
  • Switch B – Fa0/1*
  • Switch C – Fa0/0
  • Switch C – Fa0/1
Show (Hide) Explanation/Reference
This question is to check the spanning tree election problem.
1. First, select the root bridge, which can be accomplished by comparing the bridge ID, the smallest will be
selected. Bridge-id= bridge priority + MAC address. The three switches in the figure all have the default
priority, so we should compare the MAC address, it is easy to find that SwitchB is the root bridge.
2. Select the root port on the non-root bridge, which can be completed through comparing root path cost. The
smallest will be selected as the root port.
3. Next, select the Designated Port. First, compare the path cost, if the costs happen to be the same, then
compare the BID, still the smallest will be selected. Each link has a DP. Based on the exhibit above, we can
find DP on each link. The DP on the link between SwitchA and SwitchC is SwitchA’Fa0/1, because it has the
smallest MAC address.

II.120. Refer to the exhibit. Which statement is true?

  • The Fa0/11 role confirms that SwitchA is the root bridge for VLAN 20.
  • VLAN 20 is running the Per VLAN Spanning Tree Protocol
  • The MAC address of the root bridge is 0017.596d.1580.
  • SwitchA is not the root bridge, because not all of the interface roles are designated*
Show (Hide) Explanation/Reference
Only non-root bridge can have root port. Fa0/11 is the root port so we can confirm this switch is not the root bridge -> A is not correct.

From the output we learn this switch is running Rapid STP, not PVST -> B is not correct.

0017.596d.1580 is the MAC address of this switch, not of the root bridge. The MAC address of the root bridge is 0017.596d.2a00 -> C is not correct.

All of the interface roles of the root bridge are designated. SwitchA has one Root port and 1 Alternative port so it is not the root bridge -> D is correct.

II.121. Which two benefits are provided by creating VLANs? (Choose two.)

  • added security*
  • dedicated bandwidth
  • provides segmentation*
  • allows switches to route traffic between subinterfaces
  • contains collisions
Show (Hide) Explanation/Reference
A VLAN is a switched network that is logically segmented on an organizational basis, by functions, project teams, or applications rather than on a physical or geographical basis.
Security:
VLANs also improve security by isolating groups. High-security users can be grouped into a VLAN, possible on the same physical segment, and no users outside that VLAN can communicate with them LAN Segmentation VLANs allow logical network topologies to overlay the physical switched infrastructure such that any arbitrary collection of LAN ports can be combined into an autonomous user group or community of interest. The technology logically segments the network into separate Layer 2 broadcast domains whereby packets are switched between ports designated to be within the same VLAN. By containing traffic originating on a particular LAN only to other LANs in the same VLAN, switched virtual networks avoid wasting bandwidth.

II.122. How many broadcast domains are shown in the graphic assuming only the default VLAN is confgured on the switches?

  • one*
  • two
  • six
  • twelve
Show (Hide) Explanation/Reference
Only router can break up broadcast domains but in this exhibit no router is used so there is only 1 broadcast domain.

For your information, there are 7 collision domains in this exhibit (6 collision domains between hubs &amp; switches + 1 collision between the two switches).

II.123. Which term describes a spanning-tree network that has all switch ports in either the blocking or forwarding state?

  • converged*
  • redundant
  • provisioned
  • spanned
Show (Hide) Explanation/Reference
Spanning Tree Protocol convergence (Layer 2 convergence) happens when bridges and switches have transitioned to either the forwarding or blocking state. When layer 2 is converged, root bridge is elected and all port roles (Root, Designated and Non-Designated) in all switches are selected.

II.124. A network administrator creates a layer 3 EtherChannel, bundling four interfaces into channel group 1. On what interface is the IP address configured?

  • the port-channel 1 interface*
  • the highest number member interface
  • all member interfaces
  • the lowest number member interface

II.125. Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?

  • BackboneFast
  • UplinkFast
  • Root Guard
  • BPDU Guard*
  • BPDU Filter
Show (Hide) Explanation/Reference
We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports. With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop.

II.126. Refer to the exhibit. A technician is troubleshooting host connectivity issues on the switches. The hosts inVLANs 10 and 15 on Sw11 are unable to communicate with hosts in the same VLANs on Sw12. Hosts in the Admin VLAN are able to communicate. The port-to-VLAN assignments are identical on the two switches. What could be the problem?

  • The Fa0/1 port is not operational on one of the switches.
  • The link connecting the switches has not been configured as a trunk.*
  • At least one port needs to be configured in VLAN 1 for VLANs 10 and 15 to be able to communicate.
  • Port FastEthernet 0/1 needs to be configured as an access link on both switches.
  • A router is required for hosts on SW11 in VLANs 10 and 15 to communicate with hosts in the same VLAN on Sw12.
Show (Hide) Explanation/Reference
In order for hosts in the same VLAN to communicate with each other over multiple switches, those switches need to be configured as trunks on their connected interfaces so that they can pass traffic from multiple VLANs.

II.127. Refer to the exhibit. Given this output for SwitchC, what should the network administrator’s next action be?

  • Check the trunk encapsulation mode for Switch C’s fa0/1 port.
  • Check the duplex mode for Switch C’s fa0/1 port.
  • Check the duplex mode for Switch A’s fa0/2 port.*
  • Check the trunk encapsulation mode for Switch A’s fa0/2 port
Show (Hide) Explanation/Reference
Here we can see that this port is configured for full duplex, so the next step would be to check the duple setting of the port on the other switch. A mismatched trunk encapsulation would not result in input errors and CRC errors.

II.128. In a switched environment, what does the IEEE 802.1Q standard describe?

  • the operation of VTP
  • a method of VLAN trunking*
  • an approach to wireless LAN communication
  • the process for root bridge selection
  • VLAN pruning
Show (Hide) Explanation/Reference
A broadcast domain must sometimes exist on more than one switch in the network. To accomplish this, one switch must send frames to another switch and indicate which VLAN a particular frame belongs to. On Cisco switches, a trunk link is created to accomplish this VLAN identification. ISL and IEEE 802.1Q are different methods of putting a VLAN identifier in a Layer 2 frame. The IEEE 802.1Q protocol interconnects VLANs between multiple switches, routers, and servers. With 802.1Q, a network administrator can define a VLAN topology to span multiple physical devices. Cisco switches support IEEE 802.1Q for FastEthernet and Gigabit Ethernet interfaces. An 802.1Q trunk link provides VLAN identification by adding a 4-byte tag to an Ethernet Frame as it leaves a trunk port.

II.129. An administrator is unsuccessful in adding VLAN 50 to a switch. While troubleshooting the problem, the administrator views the output of the show vtp status command, which is displayed in the graphic. What commands must be issued on this switch to add VLAN 50 to the database? (Choose two.)

  • Switch(config-if)# switchport access vlan 50
  • Switch(vlan)# vtp server*
  • Switch(config)# config-revision 20
  • Switch(config)# vlan 50 name Tech
  • Switch(vlan)# vlan 50*
  • Switch(vlan)# switchport trunk vlan 50

II.130. Refer to the exhibit. How many broadcast domains exist in the exhibited topology?

  • one
  • two
  • three*
  • four
  • five
  • six

II.131. Refer to the exhibit. The network administrator has created a new VLAN on Switch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/14 to be members of the new VLAN. However, after the network administrator completed the configuration, host A could communicate with host B, but host A could not communicate with host C or host D. Which commands are required to resolve this problem?

Correct Answer: A

II.132. On a network of one department, there are four PCs connected to a switch, as shown in the following figure: After the Switch1 restarts. Host A (the host on the left) sends the first frame to Host C (the host on the right). What the first thing should the switch do?

  • Switch1 will add 192.168.23.12 to the switching table.
  • Switch1 will add 192.168.23.4 to the switching table.
  • Switch1 will add 000A.8A47.E612 to the switching table.*
  • None of the above

II.133. A network administrator is explaining VTP configuration to a new technician. What should the network administrator tell the new technician about VTP configuration? (Choose three.)

  • A switch in the VTP client mode cannot update its local VLAN database.*
  • A trunk link must be configured between the switches to forward VTP updates.*
  • A switch in the VTP server mode can update a switch in the VTP transparent mode.
  • A switch in the VTP transparent mode will forward updates that it receives to other switches.*
  • A switch in the VTP server mode only updates switches in the VTP client mode that have a higher VTP revision number.
  • A switch in the VTP server mode will update switches in the VTP client mode regardless of the configured VTP domain membership.

II.134. A company is installing IP phones. The phones and office computers connect to the same device. To ensure maximum throughput for the phone data, the company needs to make sure that the phone traffic is on a different network from that of the office computer data traffic. What is the best network device to which to directly connect the phones and computers, and what technology should be implemented on this device? (Choose two.)

  • hub
  • router
  • switch*
  • STP
  • subinterfaces
  • VLAN*

II.135. What are two benefits of using VTP in a switching environment? (Choose two.)

  • It allows switches to read frame tags.
  • It allows ports to be assigned to VLANs automatically.
  • It maintains VLAN consistency across a switched network.*
  • It allows frames from multiple VLANs to use a single interface.
  • It allows VLAN information to be automatically propagated throughout the switching environment.*

II.136. Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.)

  • amount of RAM
  • bridge priority*
  • IOS version
  • IP address
  • MAC address*
  • speed of the links

II.137. Which three statements are typical characteristics of VLAN arrangements? (Choose three.)

  • A new switch has no VLANs configured.
  • Connectivity between VLANs requires a Layer 3 device.*
  • VLANs typically decrease the number of collision domains.
  • Each VLAN uses a separate address space.*
  • A switch maintains a separate bridging table for each VLAN.*
  • VLANs cannot span multiple switches.

II.138. Switch ports operating in which two roles will forward traffic according to the IEEE 802.1w standard? (Choose two.)

  • alternate
  • backup
  • designated*
  • disabled
  • root*

II.139. Refer to the exhibit. This command is executed on 2960Switch: Which two of these statements correctly identify results of executing the command? (Choose two.)

  • Port security is implemented on the fa0/1 interface.
  • MAC address 0000.00aa.aaaa does not need to be learned by this switch.*
  • Only MAC address 0000.00aa.aaaa can source frames on the fa0/1 segment.
  • Frames with a Layer 2 source address of 0000.00aa.aaaa will be forwarded out fa0/1.
  • MAC address 0000.00aa.aaaa will be listed in the MAC address table for interface fa0/1 only.*

II.140. Refer to the exhibit. The switches on a campus network have been interconnected as shown. All of the switches are running Spanning Tree Protocol with its default settings. Unusual traffic patterns are observed and it is discovered that Switch9 is the root bridge. Which change will ensure that Switch1 will be selected as the root bridge instead of Switch9?

  • Raise the bridge priority on Switch1.
  • Lower the bridge priority on Switch9.
  • Raise the bridge priority on Switch9.
  • Physically replace Switch9 with Switch1 in the topology.
  • Disable spanning tree on Switch9.
  • Lower the bridge priority on Switch1.*

II.141. Which statement about DTP is true?

  • It uses the native VLAN.
  • It negotiates a trunk link after VTP has been configured.
  • It uses desirable mode by default.
  • It sends data on VLAN 1.*
Show (Hide) Explanation/Reference

Disabling Dynamic Trunking Protocol (DTP)
Cisco’s Dynamic Trunking Protocol can facilitate the automatic creation of trunks between two switches. When two connected ports are configured in dynamic mode, and at least one of the ports is configured as desirable, the two switches will negotiate the formation of a trunk across the link. DTP isn’t to be confused with VLAN Trunking Protocol (VTP), although the VTP domain does come into play.

DTP on the wire is pretty simple, essentially only advertising the VTP domain, the status of the interface, and its DTP type. These packets are transmitted in the native (or access) VLAN every 60 seconds both natively and with ISL encapsulation (tagged as VLAN 1) when DTP is enabled.

II.142. Which feature can you use to monitor traffic on a switch by replicating it to another port or ports on the same switch?

  • copy run start
  • traceroute
  • the ICMP Echo IP SLA
  • SPAN*
Show (Hide) Explanation/Reference
Switched Port Analyzer (SPAN) is used to analyze network traffic passing through ports on a switch. For example we can configure the Switch to monitor its interface Fa0/0, which connects to the Core, by sending all traffic to/from Fa0/0 to its Fa0/1 interface. At Fa0/1 interface we connect to a computer and use such a software like Wireshark to capture the packets.

II.143. Refer to the exhibit. While troubleshooting a switch, you executed the show interface port-channel 1 etherchannel command and it returned this output.
Which information is provided by the Load value?

  • the percentage of use of the link
  • the preference of the link
  • the session count of the link
  • the number source-destination pairs on the link*
Show (Hide) Explanation/Reference
The way EtherChannel load balancing works is that the switch assigns a hash result from 0-7 based on the configured hash method ( load balancing algorithm ) for the type of traffic. This hash result is commonly called as Result Bundle Hash (RBH).

Now we need to convert Load value from Hexadecimal to Binary numbers. Therefore:
+ Gi1/1: 36 (Hex) = ‭00110110‬ (Bin) -> Bits 3, 4, 6, 7 are chosen
+ Gi1/2: 84 (Hex) = ‭10000100‬ (Bin) -> Bits 1, 6 are chosen
+ Gi1/3: 16 (Hex) = ‭00010110‬ (Bin) -> Bits 4, 6, 7 are chosen

Therefore if the RBH is 3, it will choose Gi1/1. If RBH is 4, it will choose Gi1/1 and Gi1/3 interfaces. If RBH is 6 it will choose all three above interfaces. And the bit sharing ratio is 3:3:2 (from “No of bits” column) hence two links has higher probability of getting utilized as compared to the third link.

II.144. Which statement about slow inter VLAN forwarding is true?

  • The VLAN is experiencing slowness in the point-to-point collisionless connection.
  • The VLANs are experiencing slowness because multiple devices are connected to the same hub.
  • The local VLAN is working normally, but traffic to the alternate VLAN is forwarded slower than expected.
  • The entire VLAN is experiencing slowness.
  • The VLANs are experiencing slowness due to a duplex mismatch.*
Show (Hide) Explanation/Reference
Common Causes of Slow IntraVLAN and InterVLAN Connectivity The symptoms of slow connectivity on a VLAN can be caused by multiple factors on different network layers. Commonly the network speed issue may be occurring on a lower level, but symptoms can be observed on a higher level as the problem masks itself under the term “slow VLAN”. To clarify, this document defines the following new terms: “slow collision domain”, “slow broadcast domain” (in other words, slow VLAN), and “slow interVLAN forwarding”. These are defined in the section Three Categories of Causes, below.
In the following scenario (illustrated in the network diagram below), there is a Layer 3 (L3) switch performing interVLAN routing between the server and client VLANs. In this failure scenario, one server is connected to a switch, and the port duplex mode is configured half- duplex on the server side and full-duplex on the switch side. This misconfiguration results in a packet loss and slowness, with increased packet loss when higher traffic rates occur on the link where the server is connected. For the clients who communicate with this server, the problem looks like slow interVLAN forwarding because they do not have a problem communicating to other devices or clients on the same VLAN. The problem occurs only when communicating to the server on a different VLAN. Thus, the problem occurred on a single collision domain, but is seen as slow interVLAN forwarding.

Three Categories of Causes
The causes of slowness can be divided into three categories, as follows:
Slow Collision Domain Connectivity
Collision domain is defined as connected devices configured in a half-duplex port configuration, connected to each other or a hub. If a device is connected to a switch port and full-duplex mode is configured, such a pointto-point connection is collisionless. Slowness on such a segment still can occur for different reasons.
Slow Broadcast Domain Connectivity (Slow VLAN)
Slow broadcast domain connectivity occurs when the whole VLAN (that is, all devices on the same VLAN)
experiences slowness.
Slow InterVLAN Connectivity (Slow Forwarding Between VLANs) Slow interVLAN connectivity (slow forwarding between VLANs) occurs when there is no slowness on the local VLAN, but traffic needs to be forwarded to an alternate VLAN, and it is not forwarded at the expected rate.
Causes for Network Slowness
Packet Loss
In most cases, a network is considered slow when higher-layer protocols (applications) require extended time to complete an operation that typically runs faster. That slowness is caused by the loss of some packets on the network, which causes higher-level protocols like TCP or applications to time out and initiate retransmission.
Hardware Forwarding Issues
With another type of slowness, caused by network equipment, forwarding (whether Layer 2 [L2] or L3) is performed slowly. This is due to a deviation from normal (designed) operation and switching to slow path forwarding. An example of this is when Multilayer Switching (MLS) on the switch forwards L3 packets between
VLANs in the hardware, but due to misconfiguration, MLS is not functioning properly and forwarding is done by the router in the software (which drops the interVLAN forwarding rate significantly).

II.145. Which option describes how a switch in rapid PVST+ mode responds to a topology change?

  • It immediately deletes dynamic MAC addresses that were learned by all ports on the switch.
  • It sets a timer to delete all MAC addresses that were learned dynamically by ports in the same STP instance.
  • It sets a timer to delete dynamic MAC addresses that were learned by all ports on the switch.
  • It immediately deletes all MAC addresses that were learned dynamically by ports in the same STP instance.*
Show (Hide) Explanation/Reference
Rapid PVST+This spanning-tree mode is the same as PVST+ except that is uses a rapid convergence based
on the IEEE 802.1w standard. To provide rapid convergence, the rapid PVST+ immediately deletes
dynamically learned MAC address entries on a per-port basis upon receiving a topology change. By contrast,
PVST+ uses a short aging time for dynamically learned MAC address entries.
The rapid PVST+ uses the same configuration as PVST+ (except where noted), and the switch needs only
minimal extra configuration. The benefit of rapid PVST+ is that you can migrate a large PVST+ install base to
rapid PVST+ without having to learn the complexities of the MSTP configuration and without having to
reprovision your network. In rapid-PVST+ mode, each VLAN runs its own spanning-tree instance up to the
maximum supported.

II.146. Which statement about switch access ports is true?

  • They drop packets with 802.1Q tags.*
  • A VLAN must be assigned to an access port before it is created.
  • They can receive traffic from more than one VLAN with no voice support
  • By default, they carry traffic for VLAN 10.
Show (Hide) Explanation/Reference
A VLAN does not need to be assigned to any port -> B is not correct.
An access port can only receive traffic from one VLAN -> C is not correct.
If not assigned to a specific VLAN, an access port carries traffic for VLAN 1 by default -> D is not correct.
An access port will drop packets with 802.1Q tags -> A is correct. Notice that 802.1Q tags are used to packets moving on trunk links.

II.147. Which two switch states are valid for 802.1w? (Choose two.)

  • listening
  • backup
  • disabled
  • learning*
  • discarding*
Show (Hide) Explanation/Reference
IEEE 802.1w is Rapid Spanning Tree Protocol (RSTP). There are only three port states left in RSTP that correspond to the three possible operational states. The 802.1D disabled, blocking, and listening states are merged into the 802.1w discarding state.
* Discarding – the port does not forward frames, process received frames, or learn MAC addresses – but it does listen for BPDUs (like the STP blocking state)
* Learning – receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP).
* Forwarding – receives and sends data, normal operation, learns MAC address, receives and transmits BPDUs (same as STP).

II.148. Which feature allows a device to use a switch port that is configured for half-duplex to access the network?

  • CSMA/CD*
  • IGMP
  • port security
  • split horizon
Show (Hide) Explanation/Reference
Ethernet began as a local area network technology that provided a half-duplex shared channel for stations connected to coaxial cable segments linked with signal repeaters. In this appendix, we take a detailed look at the half-duplex shared-channel mode of operation, and at the CSMA/CD mechanism that makes it work. In the original half-duplex mode, the CSMA/CD protocol allows a set of stations to compete for access to a shared Ethernet channel in a fair and equitable manner. The protocol’s rules determine the behavior of Ethernet stations, including when they are allowed to transmit a frame onto a shared Ethernet channel, and what to do when a collision occurs. Today, virtually all devices are connected to Ethernet switch ports over full-duplex media, such as twisted-pair cables. On this type of connection, assuming that both devices can support the full-duplex mode of operation and that Auto-Negotiation (AN) is enabled, the AN protocol will automatically select the highest-performance mode of operation supported by the devices at each end of the link. That will result in full-duplex mode for the vast majority of Ethernet connections with modern interfaces that support full duplex and AN.

II.149. Which two statements about switch stacking are true? (Choose two)

  • The stack is powered by a single power cable*
  • The switches are connected in a daisy-chain fashion*
  • The first and last switch in the stack must be connected to one another
  • The switches are connected by crossover cables
  • The switches must be fully meshed

II.150. Which symptom most commonly indicates that two connecting interfaces are configured with a duplex mismatch?

  • the spanning-tree process shutting down
  • collisions on the interface*
  • an interface with a down/down status
  • an interface with an up/down status
Show (Hide) Explanation/Reference
A late collision is defined as any collision that occurs after the first 512 bits of the frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, non-compliant number of hubs in the network, or a bad NIC.

Note: On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex.

Duplex mismatch would not cause the link to be down/down, but would only result in poor performance like increase late collisions on the interface.

II.151. Which option is the main function of congestion management?

  • discarding excess traffic
  • queuing traffic based on priority*
  • classifying traffic
  • providing long-term storage of buffered data

II.152. Which feature must you enable to distribute vlans automatically across multiple switch?

  • Configure NTP
  • Configure the native VLAN
  • Define Each vlan
  • Configure VTP*

II.153. Which three statements about VTP features are true? (Choose three.)

  • VTP works at Layer 3 of the OSI model and requires that a management VLAN IP address be configured.
  • When properly configured, VTP minimizes VLAN misconfigurations and configuration inconsistencies.*
  • When properly configured, VTP maintains VLAN configuration consistency and accelerates trunk link negotiation.
  • Each broadcast domain on a switch can have its own unique VTP domain.
  • VTP pruning is used to increase available bandwidth in trunk links.*
  • To configure a switch to be part of two VTP domains, each domain must have its own passwords.
  • Client, server, and transparent are valid VTP modes.*

II.154. Which two statements about LLDP are true ?(choose two)

  • It uses mandatory TLVs to discover the neighboring devices*
  • It functions at Layer 2 and Layer 3
  • It is a Cisco-proprietary technology
  • It is implemented in accordance with the 802.11a specification
  • It enables systems to learn about one another over the data-link layer*

II.155. Which two benefits can you get by stacking Cisco switches?(choose two)

  • Each switch in the stack handles the MAC table independently from the others
  • You can add or remove switches without taking the stack down.*
  • Each switch in the stack can use a different IOS image
  • The stack enables any active member to take over as the master switch if the existing master fails.*
  • You can license the entire stack with a single master license
Show (Hide) Explanation/Reference
Each stack has only one configuration file, which is distributed to each member in the stack. This allows each switch in the stack to share the same network topology, MAC address, and routing information. In addition, it allows for any member to become the master, if the master ever fails -> Answer D is correct while answer A is not correct.

Switches can be added and deleted to a working stack without affecting stack performance. When a new switch is added, the master switch automatically configures the unit with the currently running Cisco IOS Software image and configuration of the stack. The stack will gather information such as switching table information and update the MAC tables as new addresses are learned. The network manager does not have to do anything to bring up the switch before it is ready to operate. Similarly, switches can be removed from a working stack without any operational effect on the remaining switches. When the stack discovers that a series of ports is no longer present, it will update this information without affecting forwarding or routing. A working stack can accept new members or delete old ones without service interruption -> Answer B is correct.

Reference: https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/prod_white_paper09186a00801b096a.html

II.156. Which VTP mode cannot make a change to vlan?

  • server
  • off
  • client*
  • transparent
Show (Hide) Explanation/Reference
VTP Client
· VTP clients function the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
· A VTP client only stores the VLAN information for the entire domain while the switch is on.
· A switch reset deletes the VLAN information.
· You must configure VTP client mode on a switch. 

II.157. Which two circumstances can cause collision domain issues on VLAN domain? (Choose two)

  • duplex mismatches on Ethernet segments in the same VLAN*
  • multiple errors on switchport interfaces
  • congestion on the switch inband path*
  • a failing NIC in an end device
  • an overloaded shared segment
Show (Hide) Explanation/Reference
On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex. Duplex mismatch can easily cause collision domain issue as the device that operates in full duplex mode turns off CSMA/CD. So it is eager to send data immediately without checking if the link is free to use -> A is correct.

An “inband path” is the path which provides path for management traffic (like CDP, VTP, PAgP…) but we are not sure why congestion on the switch inband path can cause collision domain issues. Maybe congestion on inband path prevents the JAM signal (sent when a collision occurs on the link) to be sent correctly on the link.

II.158. Which protocol supports sharing the VLAN configuration between two or more switches?

  • multicast
  • STP
  • VTP*
  • split-horizon
Show (Hide) Explanation/Reference
VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network” VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the VLAN database across multiple switches. VTP is a Cisco-proprietary protocol and is available on most of the Cisco switches

II.159. Which spanning-tree feature places a port immediately into a forwarding stated?

  • BPDU guard
  • PortFast*
  • loop guard
  • UDLD
  • Uplink Fast
Show (Hide) Explanation/Reference
PortFast causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch or trunk ports that are connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.

II.160. In which STP state does MAC address learning take place on a PortFast-enabled port?

  • listening
  • forwarding*
  • discarding
  • learning

II.161. Refer to the exhibit.
A network associate needs to configure the switches and router in the graphic so that the hosts in VLAN3 and VLAN4 can communicate with the enterprise server in VLAN2. Which two Ethernet segments would need to be configured as trunk links? (Choose two.)

  • A
  • B
  • C*
  • D
  • E
  • F*

II.162. Which IEEE standard does PVST+ use to tunnel information?

  • 802.1x
  • 802.1q*
  • 802.1w
  • 802.1s
Show (Hide) Explanation/Reference
Cisco developed PVST+ to allow strolling numerous STP instances, even over an 802.1Q network via the use of a tunneling mechanism. PVST+ utilizes Cisco gadgets to hook up with a Mono Spanning Tree area to a PVST+ region. No particular configuration is needed to attain this. PVST+ affords assist for 802.1Q trunks and the mapping of a couple of spanning trees to the single spanning tree of popular 802.1Q switches strolling Mono Spanning Tree.

II.163. What is the default VLAN on an access port?

  • 0
  • 1*
  • 10
  • 1024
Show (Hide) Explanation/Reference
If we configure an access port as follows:

Switch(config)#interface fa0/1
Switch(config-if)#switchport mode access

Then this interface, by default, will belong to VLAN 1. Of course we can assign another VLAN to this port via the “switchport access vlan {vlan-number}” command. 

II.164. Which VTP mode prevents you from making changes to VLANs?

  • server
  • off
  • client*
  • transparent

II.165. On which type of port can switches interconnect for multi-VLAN communication?

  • interface port
  • access port
  • switch port
  • trunk port*

II.166. Which two of these statements regarding RSTP are correct? (Choose two)

  • RSTP cannot operate with PVST+.
  • RSTP defines new port roles.*
  • RSTP defines no new port states.
  • RSTP is a proprietary implementation of IEEE 802.1D STP.
  • RSTP is compatible with the original IEEE 802.1D STP.*

II.167. If primary and secondary root switches with priority 16384 both experience catastrophic losses, which tertiary switch can take over?

  • a switch with priority 20480*
  • a switch with priority 8192
  • a switch with priority 4096
  • a switch with priority 12288
Show (Hide) Explanation/Reference
This is a tricky question. We know the switch with lowest value of priority is elected the root switch. Therefore in this question the switches with priority of 4096, 8192, 12288 (which are lower than the current value of the root bridge 16384) are not joining the root bridge election by somehow. The only suitable answer is the switch with priority 20480 will become the root bridge.

II.168. What is true about Ethernet? (Choose Two.)

  • 802.2 Protocol
  • 802.3 Protocol*
  • 10BaseT half duplex
  • CSMA/CD Stops transmitting when congestion occurs*
  • CSMA/CA Stops transmitting when congestion occurs
Show (Hide) Explanation/Reference
Carrier sense multiple access with collision detection (CSMA/CD) is a media access control method used most notably in early Ethernet (IEEE 802.3) technology for local area networking. When collision detection (CD) observes a collision (excess current above what it is generating, i.e. > 24 mA for coaxial Ethernet), it stops transmission immediately and instead transmits a 32-bit jam sequence.

Note: CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) is a protocol for carrier transmission used in wireless networks. Unlike CSMA/CD (Carrier Sense Multiple Access/Collision Detect) which deals with transmissions after a collision has occurred, CSMA/CA acts to prevent collisions before they happen.

II.169. What field is consisted of 6 bytes in the field identification frame in IEEE 802.1Q?

  • SA*
  • DA
  • FCS
  • SOF

II.170. Which three options are switchport configurations that can always avoid duplex mismatch errors between theswitches? (Choose three.)

  • Set both side auto-negotiation*
  • Set both sides on half duplex*
  • Set one side auto and the other side half duplex.
  • Set both sides of connection to full duplex.*
  • Set one side auto and the other side on full duplex.
  • Set one side full duplex and the other side half duplex.

II.171. Which technology can enable multiple VLANs to communicate with one another?

  • Intra-vlan routing using a layer 3 switch
  • Inter-vlan routing using a layer 3 switch*
  • Inter-vlan routing using a layer 2 switch
  • Intra-vlan routing using router on a stick

II.172. Refer to the exhibit. Which two statements are true about interVLAN routing in the topology that is shown in the exhibit? (Choose two.)

  • Host E and host F use the same IP gateway address.
  • Router1 and Switch2 should be connected via a crossover cable.
  • Router1 will not play a role in communications between host A and host D.
  • The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.*
  • Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.
  • The FastEthernet 0/0 interface on Router1 and the FastEthernet 0/1 interface on Switch2 trunk ports must be configured using the same encapsulation type.*
Show (Hide) Explanation/Reference
In order for multiple VLANs to connect to a single physical interface on a Cisco router, subinterfaces must be used, one for each VLAN. This is known as the router on a stick configuration. Also, for any trunk to be formed, both ends of the trunk must agree on the encapsulation type, so each one must be configured for 802.1q or ISL.

II.173. What value is primarily used to determine which port becomes the root port on each non-root switch in a spanning-tree topology?

  • path cost*
  • lowest port MAC address
  • VTP revision number
  • highest port priority number
  • port priority number and MAC address
Show (Hide) Explanation/Reference
The path cost to the root bridge is the most important value to determine which port will become the root port on each non-root switch. In particular, the port with lowest cost to the root bridge will become root port (on non-root switch).

II.174. How is provided master redundancy on a stacked switches?

  • 1:N*
  • N:1
  • 1:1
  • 1+N
Show (Hide) Explanation/Reference
1:N master redundancy: Every switch in the stack can act as the master. If the current master fails, another master is elected from the stack.

1:N master redundancy allows each stack member to serve as a master, providing the highest reliability for forwarding. Each switch in the stack can serve as a master, creating a 1:N availability scheme for network control. In the unlikely event of a single unit failure, all other units continue to forward traffic and maintain operation.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/prod_white_paper09186a00801b096a.html

Note:

N+1 simply means that there is a power backup in place should any single system component fail. The ‘N’ in this equation stands for the number of components necessary to run your system. The ‘+1’ means there is one independent backup should a component of that system fail. An example of “N+1” is your family has 5 members, so you need 5 cups to drink. But you have one extra cup for redundancy (6 cups in total) so that if any cup breaks, you still have enough cups for the family.

II.175. DRAG DROP. Drag and drop the STP features from the left onto the correct descriptions on the right.

Select and Place:

Correct Answer:

II.176. Which three elements must be used when you configure a router interface for VLAN trunking? (Choose three.)

  • one physical interface for each subinterface
  • one IP network or subnetwork for each subinterface*
  • a management domain for each subinterface
  • subinterface encapsulation identifiers that match VLAN tags*
  • one subinterface per VLAN*
  • subinterface numbering that matches VLAN tags
Show (Hide) Explanation/Reference
This scenario is commonly called a router on a stick. A short, well written article on this operation can be
found here: http://www.thebryantadvantage.com/RouterOnAStickCCNACertificationExamTutorial.htm

II.177. Refer to the exhibit. A network administrator is configuring an EtherChannel between SW1 and SW2. The SW1 configuration is shown. What is the correct configuration for SW2?

Correct Answer: C

II.178. Refer to the exhibit. After HostA pings HostB, which entry will be in the ARP cache of HostA to support this transmission?

Correct Answer: A

Show (Hide) Explanation/Reference
When a host needs to reach a device on another subnet, the ARP cache entry will be that of the Ethernet
address of the local router (default gateway) for the physical MAC address. The destination IP address will not change, and will be that of the remote host (HostB).

II.179. Based on the output below from SwitchB, which statement is true?

  • The MAC address of the root bridge is 0017.596d.1580.
  • The Fa0/11 role confirms that SwitchB is the root bridge for VLAN 40.
  • SwitchB is not the root bridge, because not all of the interface roles are designated.*
  • VLAN 40 is running the Per VLAN Spanning Tree Protocol.

II.180. A router has two Fast Ethernet interfaces and needs to connect to four VLANs in the local network. How can you accomplish this task, using the fewest physical interfaces and without decreasing network performance?

  • A. Use a hub to connect the four VLANS with a Fast Ethernet interface on the router.
  • B. Add a second router to handle the VLAN traffic.
  • C. Add two more Fast Ethernet interfaces.
  • D. Implement a router-on-a-stick configuration.*
Show (Hide) Explanation/Reference
A router on a stick allows you to use sub-interfaces to create multiple logical networks on a single physical interface.

II.181. Refer to the exhibit, The VLAN configuration of S1 is not being in this VTP enabled environment. The VTP and uplink port configurations for each switch are displayed. Which two command sets, if issued, resolve this failure and allow VTP to operate as expected? (Choose two.)

Correct Answer: BE

II.182. How are VTP advertisements delivered to switches across the network?

  • anycast frames
  • multicast frames*
  • broadcast frames
  • unicast frames

II.183. What are two reasons a network administrator would use CDP? (Choose two.)

  • to verify the type of cable interconnecting two devices
  • to determine the status of network services on a remote device
  • to obtain VLAN information from directly connected switches
  • to verify Layer 2 connectivity between two devices when Layer 3 fails*
  • to obtain the IP address of a connected device in order to telnet to the device*
  • to determine the status of the routing protocols between directly connected routers

II.184. How can you manually configure a switch so that it is selected as the root Switch?

  • increase the priority number
  • lower the port priority number
  • lower the priority number*
  • increase the port priority number

II.185. DRAG DROP. Drag and drop the MAC address types from the left onto the correct descriptions on the right?

Select and Place:

Correct Answer:

II.186. Which three options are switch port config that can always avoid duplex mismatch error between the switches? (Choose three.)

  • set both side on auto-negotiation*
  • set both sides on half-duplex*
  • set one side auto and other side half-duplex
  • set both side of connection to full-duplexE. set one side auto and other side on full-duplex*
  • set one side full-duplex and other side half-duplex

II.187. Which option is the master redundancy scheme for stacked switches?

  • 1:N*
  • 1:1
  • N:1
  • 1+N

II.188. Under which two circumstances is a switch port that is configured with PortFast BPDU guard error-disabled? (Choose two.)

  • when the switch receives a BPDU from a connected switch*
  • when the switch receives a request for an IP address from an individual PC
  • when a connected server has more than one VLAN configured on its NIC*
  • when a wireless access point running in bridge mode is connected to a switch
  • when a single IP address is configured on the switch

Section III: Routing Technologies

III.1. Which three statements about link-state routing are true? (Choose three.)

  • OSPF is a link-state protocol.*
  • Updates are sent to a broadcast address.
  • It uses split horizon.
  • Routes are updated when a change in topology occurs.*
  • RIP is a link-state protocol.
  • Updates are sent to a multicast address by default.*

III.2. A router has learned three possible routes that could be used to reach a destination network. One route is from EIGRP and has a composite metric of 20514560. Another route is from OSPF with a metric of 782. The last is from RIPv2 and has a metric of 4. Which route or routes will the router install in the routing table?

  • the OSPF route
  • the EIGRP route*
  • the RIPv2 route
  • all three routes
  • the OSPF and RIPv2 routes
Show (Hide) Explanation/Reference
When one route is advertised by more than one routing protocol, the router will choose to use the routing protocol which has lowest Administrative Distance. The Administrative Distances of popular routing protocols are listed below:

III.3. A network administrator is troubleshooting an EIGRP problem on a router and needs to confirm the IP addresses of the devices with which the router has established adjacency. The retransmit interval and the queue counts for the adjacent routers also need to be checked. What command will display the required information?

  • Router# show ip eigrp neighbors*
  • Router# show ip eigrp interfaces
  • Router# show ip eigrp adjacency
  • Router# show ip eigrp topology
Show (Hide) Explanation/Reference
Below is an example of the “show ip eigrp neighbors” output.

Let’s analyze these columns:

H: lists the neighbors in the order this router was learned
Address: the IP address of the neighbors
+ Interface: the interface of the local router on which this Hello packet was received
Hold (sec): the amount of time left before neighbor is considered in “down” status
Uptime: amount of time since the adjacency was established
SRTT (Smooth Round Trip Timer): the average time in milliseconds between the transmission of a packet to a neighbor and the receipt of an acknowledgement.
RTO (Retransmission Timeout): if a multicast has failed, then a unicast is sent to that particular router, the RTO is the time in milliseconds that the router waits for an acknowledgement of that unicast.
Queue count (Q Cnt): shows the number of queued EIGRP packets. It is usually 0.
Sequence Number (Seq Num): the sequence number of the last update EIGRP packet received. Each update message is given a sequence number, and the received ACK should have the same sequence number. The next update message to that neighbor will use Seq Num + 1.

In this question we have to check the RTO and Q cnt fields.

III.4. Which command can you enter to verify that a BGP connection to a remote device is established?

  • show ip bgp summary*
  • show ip community-list
  • show ip bgp paths
  • show ip route
Show (Hide) Explanation/Reference
This command can be used to verify if a BGP connection to a BGP neighbor is good or not. Let’s see an example:

Please pay attention to the “State/PfxRcd” column of the output. It indicates the number of prefixes that have been received from a neighbor. If this value is a number (including “0”, which means BGP neighbor does not advertise any route) then the BGP neighbor relationship is good. If this value is a word (including “Idle”, “Connect”, “Active”, “OpenSent”, “OpenConfirm”) then the BGP neighbor relationship is not good.

In the outputs above we see the BGP neighbor relationship between R1 & 10.1.1.1 is good with 2 Prefix Received (PfxRcd) while the BGP neighbor relationships between R1 & 10.2.2.2; R1 & 10.3.3.3 are not good (they are in “Active” and “Idle” state).

III.5. Which command can you enter to set the default route for all traffic to an interface?

  • router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1*
  • router(config)#ip route 0.0.0.0 255.255.255.255 GigabitEthernet0/1
  • router(config-router)#default-information originate
  • router(config-router)#default-information originate always

III.6. Instructions:
– Enter IOS commands on the device to verify network operation and answer the multiple questions.
– THIS TASK DOES NOT REQUIRE DEVICE CONFIGURATION.
– Click the device icon to gain access to the console device. No console or enable passwords are required.
– To access the multiple choice questions, click the numbered boxes on the left of the top panel.
– there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.

Server1 and Server2 are unable to communicate with the rest of the network. Your initial check with system administrators shows that IP address settings are correctly configured on the server side. What could be an issue?

  • The VLAN encapsulation is misconfigured on the router subinterfaces.*
  • The IP address is misconfigured on the primary router interface.
  • The Router is missing subinterface configuration.
  • The Trunk is not configured on the L2SW1 switch.
Show (Hide) Explanation/Reference
Check the configuration of the interface that is connected to Server1 and Server2 on R2 with “show runningconfig” command.

We see that subinterface E0/1.100 has been configured with VLAN 200 (via “encapsulation dot1Q 200”
command) while Server1 belongs to VLAN 100. Therefore this configuration is not correct. It should be
“encapsulation dot1Q 100” instead. The same thing for interface E0/1.200, it should be “encapsulation dot1Q
200” instead.

III.7.
Instructions:
– Enter IOS commands on the device to verify network operation and answer the multiple questions.
– THIS TASK DOES NOT REQUIRE DEVICE CONFIGURATION.
– Click the device icon to gain access to the console device. No console or enable passwords are required.
– To access the multiple choice questions, click the numbered boxes on the left of the top panel.
– there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.Users in the main office complain that they are unable to reach Internet sites. You observe that Internet traffic that is destined towards ISP router is not forwarded correctly on R1. What could be an issue?

Ping to Internet server shows the following results from R1:

R1#ping 209.165.200.225
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.225, time out is 2 seconds.

Success rate is 0 percent (0/5)

  • The next-hop router address for the default route is incorrectly configured.
  • The default route that is to the ISP router is configured with an AD of 255.
  • The default route that is to the ISP router is not configured on R1.*
  • R1 is configured as the DHCP client and is not receiving the default route via DHCP from the ISP router.
Show (Hide) Explanation/Reference
When all the users cannot reach internet sites we should check on the router connecting to the ISP to see if it has a default route pointing to the ISP or not. Use the “show ip route” command on R1:

We cannot find a default route on R1 (something like this: S* 0.0.0.0/0 [1/0] via 209.165.201.2) so maybe R1 was not configured with a default route. We can check with the “show running-config” on R1:

We need a configure a default route (“ip route 0.0.0.0 0.0.0.0 209.165.201.2”) but we cannot find here so we can conclude R1 was not be configured with a default route pointing to the ISP router.

III.8.
Instructions:
– Enter IOS commands on the device to verify network operation and answer the multiple questions.
– THIS TASK DOES NOT REQUIRE REVICE CINFIGURATION.
– Click the device icon to gain access to the console device. No console or enable passwords are required.
– To access the multiple choice questions, click the numbered boxes on the left of the top panel.
– there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.
Examine the R2 configuration. The traffic that is destined to the R3 LAN network that is sourced from R2 is forwarded to R1 instead of R3. What could be an issue?

R2#traceroute 10.10.12.1 source 10.10.10.1
Type escape sequence to abort
Tracing the route to 10.10.12.1

VRF info: (vrf in name/id, vrf out name/id)
1 172.16.14.1 0 msec 1 msec 0 msec
2 172.16.14.1 !H !H *
R2#

  • RIPv2 routing updates are suppressed between R2 and R3 using passive interface feature.
  • RIPv2 is enabled on R3 but the R3 LAN network is not advertised into the RIPv2 domain.
  • There is no issue. This behavior is normal because the default route is propagated into the RIPv2 domain by R1.
  • RIPv2 is not enabled on R3.*
Show (Hide) Explanation/Reference

First we should check the routing table of R2 with the “show ip route” command.

In this table we cannot find the subnet “10.10.12.0/24” (R3 LAN network) so R2 will use the default route
advertised from R1 (with the command “default-information originate” on R1) to reach unknown destination, in
this case subnet 10.10.12.0/24 -> R2 will send traffic to 10.10.12.0/24 to R1.
Next we need to find out why R3 did not advertise this subnet to R2. A quick check with the “show runningconfig” on R3 we will see that R3 was not configured with RIP ( no “router rip” section). Therefore, we can
conclude RIPv2 was not enabled on R3.

III.9.
Instructions:
– Enter IOS commands on the device to verify network operation and answer the multiple questions.
– THIS TASK DOES NOT REQUIRE REVICE CINFIGURATION.
– Click the device icon to gain access to the console device. No console or enable passwords are required.
– To access the multiple choice questions, click the numbered boxes on the left of the top panel.
– there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.Which statement is correct, based on the R1 routing table?

  • Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses static route instead of RIPv2, because the static route AD that is configured is less than the AD of RIPv2.
  • Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses RIPv2 instead of static route, because the static route AD that is configured is higher than the AD of RIPv2.*
  • Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses static route instead of RIPv2, but the traffic is forwarded to the ISP instead of the internal network.
  • Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses RIPv2 instead of static route, because the static route AD that is configured is 255.
Show (Hide) Explanation/Reference
First use the “show ip route” command to check the R1 routing table:

As we see here, 10.10.10/24 is learned from RIP. Notice that although there is a static route on R1 to this destination (you can check with the “show running-config” on R1 to see the line “ip route 10.10.10.0 255.255.255.0 172.16.14.2 200”), this static route is not installed to the routing table because it is not the best path because the Administrative Distance (AD) of this static route is 200 while the AD of RIP is 120 so R1 chose the path with lowest AD so it chose path advertised via RIP.

III.10. Refer to the exhibit. If R1 sends traffic to 192.168.10.45, the traffic is sent through which interface?

  • FastEthernet0/1*
  • FastEthernet0/0
  • FastEthernet1/0
  • FastEthernet1/1
Show (Hide) Explanation/Reference
192.168.10.45 belongs to 192.168.10.32/27 subnet (range from 192.168.10.32 to 192.168.10.63) so the router will use FastEthernet0/1 as the exit interface.

III.11. To enable router on a stick on a router subinterface, which two steps must you perform? (Choose two.)

  • Configure an IP route to the VLAN destination network.
  • Configure encapsulation dot1q.*
  • Configure a default to route traffic between subinterfaces.
  • Configure full duplex and speed.
  • Configure the subinterface with an IP address.*

III.12. Which two statements about floating static routes are true? (Choose two)

  • They are routes to the exact /32 destination address
  • They are used when a route to the destination network is missing
  • They have a higher administrative distance than the default static route administrative distance*
  • They are used as back-up routes when the primary route goes down*
  • They are dynamic routes that are learned from a server
Show (Hide) Explanation/Reference
Floating static routes are static routes that have an administrative distance greater than the administrative distance (AD) of another static route or dynamic routes. By default a static route has an AD of 1 then floating static route must have the AD greater than 1. Floating static route has a manually configured administrative distance greater than that of the primary route and therefore would not be in the routing table until the primary route fails.

III.13. Refer to the exhibit. If RTR01 is configured as shown, which three addresses will be received by other routers that are running EIGRP on the network?(choose three)

  • 192.168.2.0*
  • 10.4.3.0
  • 10.0.0.0*
  • 172.16.0.0*
  • 172.16.4.0
  • 192.168.0.0

III.14.

interface Loopback0
ip address 172.16.1.33 255.255.255.224
router bgp 999
neighbor 10.1.5.2 remote-as 65001

Refer to the exhibit . Which Command do you enter so that R1 advertises the loopback0 interface to the BGP Peers?

  • Network 172.16.1.32 mask 255.255.255.224*
  • Network 172.16.1.0 0.0.0.255
  • Network 172.16.1.32 255.255.255.224
  • Network 172.16.1.33 mask 255.255.255.224
  • Network 172.16.1.32 mask 0.0.0.31
  • Network 172.16.1.32 0.0.0.31
Show (Hide) Explanation/Reference
First please notice that unlike other routing protocols like OSPF or EIGRP, we have to use subnet mask, not wildcard mask, to advertise the routes in the “network” command -> C is not correct.Secondly, with BGP, you must advertise the correct network and subnet mask in the “network” command ( in this case network 172.16.1.32/27). BGP is very strict in the routing advertisements. In other words, BGP only advertises the network which exists exactly in the routing table (in this case network x.x.x.32/27 exists in the routing table as the Fa0/0 interface). If you put the command “network x.x.0.0 mask 255.255.0.0” or “network x.0.0.0 mask 255.0.0.0” or “network x.x.x.33 mask 255.255.255.255” then BGP will not advertise anything.Therefore the full command in this question is “network 172.16.1.32 mask 255.255.255.224”.

For more information about BGP configuration, please read our Basic BGP Configuration tutorial.

III.15. Based on the exhibited routing table, how will packets from a host within the 192.168.10.192/26 LAN be forwarded to 192.168.10.1?

  • The router will forward packets from R3 to R2 to R1.
  • The router will forward packets from R3 to R1 to R2.
  • The router will forward packets from R3 to R2 to R1 AND from R3 to R1.*
  • The router will forward packets from R3 to R1.
Show (Hide) Explanation/Reference
From the routing table we learn that network 192.168.10.0/30 is learned via 2 equal-cost paths (192.168.10.9 &192.168.10.5) -> traffic to this network will be load-balancing.

III.16. Which definition of default route is true?

  • A route that is manually configured.
  • A route used when a destination route is missing.
  • A route to the exact /32 destination address*
  • Dynamic route learned from the server.
Show (Hide) Explanation/Reference
A host route for IPv4 has the mask /32, and a host route for IPv6 has the mask /128. If an IPv4 address is configured with a mask of /32 on an interface of the router, which is typical for loopback interfaces, the host route appears in the routing table only as connected (for example in the routing table we will see this line: “C 10.10.10.1/32 is directly connected, Loopback0”.

Reference: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/116264-technote-ios-00.html

III.17. Which value must you configure on a device before EIGRP for IPv6 can start running?

  • public IP address
  • loopback interface
  • router ID*
  • process ID

III.18. Which option describes a difference between EIGRP for IPv4 and IPv6?

  • Only EIGRP for IPv6 advertises all connected networks.
  • Only EIGRP for IPv6 requires a router ID to be configured under the routing process*
  • As numbers are configure in EIGRP but not in EIGRPv3.
  • Only EIGRP for IPv6 is enabled in the global configuration mode.
Show (Hide) Explanation/Reference
To configure EIGRP for IPv6 we must explicitly specify a router ID before it can start running. For example:

ipv6 router eigrp 1 
eigrp router-id 2.2.2.2 
no shutdown

EIGRPv3 also uses the AS number (for example: ipv6 eigrp 1 under interface mode).Notice that EIGRP for IPv6 router-id must be an IPv4 address. EIGRP for IPv4 can automatically pick-up an IPv4 to use as its EIGRP router-id with this rule:

+ The highest IP address assigned to a loopback interface is selected as the router ID.

+ If there are not any loopback addresses configured, the highest IP address assigned to any other active interface is chosen as the router ID

III.19. Refer to the exhibit. When running OSPF, What would cause router A not to form an adjacency with router B?

  • The loopback addresses are on different subnets.
  • The value of the dead timers on the router are different.*
  • Route summarization is enabled on both routers.
  • The process indentifier on router A is different than the process identifier on router B.
Show (Hide) Explanation/Reference
To form an adjacency (become neighbor), router A & B must have the same Hello interval, Dead interval and AREA number.

III.20. Which two steps must you perform on each device that is configured for IPv4 routing before you implement OSPFv3?(Choose two)

  • configure an autonomous system number
  • configure a loopback interface
  • configure a router ID
  • Enable IPv6 on an interface*
  • Enable IPv6 unicast routing*
Show (Hide) Explanation/Reference
Before you enable OSPF for IPv6 on an interface, you must perform the following:+ Complete the OSPF network strategy and planning for your IPv6 network. For example, you must decide whether multiple areas are required.
+ Enable IPv6 unicast routing.
+ Enable IPv6 on the interface.Reference: https://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/112100-ospfv3-config-guide.html

Note: If we have already had an active interface, we don’t need to configure the router ID for OSPFv3 anymore because the device will automatically choose that IPv4 address for its router ID).

III.21. Which command must you enter to enable OSPFV2 in an IPV4 network?

  • ip ospf hello-interval seconds
  • router ospfv2 process-id
  • router ospf value
  • router ospf process-id*

III.22. Refer to the exhibit. Given the output from the show ip eigrp topology command, which router is the feasible successor?

  • 10.1.0.1 (Serial0), from 10.1.0.1, Send flag is 0x0
    Composite metric is (46152000/41640000), Route is Internal
    Vector metric:
    Minimum bandwidth is 64 Kbit
    Total delay is 45000 Microseconds
    Reliability is 255/255
    Load is 1/255
    Minimum MTU is 1500
    Hop count is 2
  • 10.0.0.2 (Serial0.1), from 10.0.0.2, Send flag is 0x0
    Composite metric is (53973248/128256), Route is Internal
    Vector Metric:
    Minimum bandwidth is 48 Kbit
    Total delay is 25000 Microseconds
    Reliability is 255/255
    Load is 1/255
    Minimum MTU is 1500
    Hop count is 1
  • 10.1.0.3 (Serial0), from 10.1.0.3, Send flag is 0x0
    Composite metric is (46866176/46354176), Route is Internal
    Vector metric:
    Minimum bandwidth is 56 Kbit
    Total delay is 45000 microseconds
    Reliability is 255/255
    Load is 1/255
    Minimum MTU is 1500
    Hop count is 2
  • 10.1.1.1 (Serial0.1), from 10.1.1.1, Send flag is 0x0
    Composite metric is (46763776/46251776), Route is External
    Vector metric:
    Minimum bandwidth is 56 Kbit
    Total delay is 41000 microseconds
    Reliability is 255/255
    Load is 1/255
    Minimum MTU is 1500
    Hop count is 2

III.23. Which IPv6 routing protocol uses multicast group FF02::9 to send updates?

  • static
  • RIPng*
  • OSPFv3
  • IS-IS for IPv6
Show (Hide) Explanation/Reference
Below lists some reserved and well-known IPv6 multicast address in the reserved multicast address range:FF01::1 All IPv6 nodes within the node-local scope
FF01::2 All IPv6 routers within the node-local scope
FF02::1 All IPv6 nodes within the link-local scope
FF02::2 All IPv6 routers within the link-local scope
FF02::5 All OSPFv3 routers within the link-local scope
FF02::6 All OSPFv3 designated routers within the link-local scope
FF02::9 All RIPng routers within the link-local scope
FF02::A All EIGRP routers within the link-local scope
FF02::D All PIM routers within the link-local scope
FF02::1:2 All DHCPv6 agents (servers and relays) within the link-local scope
FF05::2 All IPv6 routers within the site-local scope
FF02::1:FF00:0/104 IPv6 solicited-node multicast address within the link-local scope

III.24. Which functionality does an SVI provide?

  • OSI Layer 2 connectivity to switches
  • remote switch administration
  • traffic routing for VLANs*
  • OSI Layer 3 connectivity to switches

III.25. If two OSPF neighbors have formed complete adjacency and are exchanging link-state advertisements, which state have they reached?

  • Exstart
  • 2-Way
  • FULL*
  • Exchange

III.26. Which three statements describe the reasons large OSPF networks use a hierarchical design? (Choose three.)

  • to confine network instability to single areas of the network.*
  • to reduce the complexity of router configuration
  • to speed up convergence*
  • to lower costs by replacing routers with distribution layer switches
  • to decrease latency by increasing bandwidth
  • to reduce routing overhead*
Show (Hide) Explanation/Reference
Hierarchical design of OSPF (basically means that you can separate the larger internetwork into smaller internetworks called areas) helps us create a network with all features listed above (decrease routing overhead, speed up convergence, confine network instability to single areas of the network).

III.27. after you apply the give configurations to R1 and R2 you notice that OSPFv3 fails to start Which reason for the problem is most likely true ?

  • The area numbers on R1 and R2 are mismatched*
  • The IPv6 network addresses on R1 and R2 are mismatched
  • The autonomous system numbers on R1 and R2 are mismatched
  • The router ids on R1 and R2 are mismatched

III.28. Which two statements about RIPv2 are true? (Choose two)

  • It must be manually enabled after RIP is configured as the routing protocol*
  • It uses multicast address 224.0.0.2 to share routing information between peers
  • its default administrative distances 120*
  • It is a link-state routing protocol
  • It is an EGP routing protocol

III.29. Which two statements about eBGP neighbor relationships are true? (Choose two)

  • The two devices must reside in different autonomous systems*
  • Neighbors must be specifically declared in the configuration of each device*
  • They can be created dynamically after the network statement is con-figured.
  • The two devices must reside in the same autonomous system
  • The two devices must have matching timer settings

III.30. DRAG DROP. Drag and drop the BGP components from the left onto the correct descriptions on the right.Select and Place:Correct Answer:

III.31. Which two statements about EIGRP on IPv6 networks are true? (Choose two.)

  • It is configured on the interface*
  • It is globally configured
  • It is vendor agnostic
  • It supports a shutdown feature*
  • It is configured using a network statement
Show (Hide) Explanation/Reference
http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/113267-eigrp-ipv6-00.html

III.32. Which command is used to display the collection of OSPF link states?

  • show ip ospf link-state
  • show ip ospf lsa database
  • show ip ospf neighbors
  • show ip ospf database*
Show (Hide) Explanation/Reference
The “show ip ospf database” command displays the link states. Here is an example:
Here is the lsa database on R2.
R2#show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count2.2.2.2 2.2.2.2 793 0x80000003 0x004F85 210.4.4.4
10.4.4.4 776 0x80000004 0x005643 1111.111.111.111 111.111.111.111 755 0x80000005 0x0059CA
2133.133.133.133 133.133.133.133 775 0x80000005 0x00B5B1 2 Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum10.1.1.1 111.111.111.111 794 0x80000001 0x001E8B10.2.2.3
133.133.133.133 812 0x80000001 0x004BA910.4.4.1 111.111.111.111 755 0x80000001 0x007F1610.4.4.3
133.133.133.133 775 0x80000001 0x00C31F

III.33. If IP routing is enabled, which two commands set the gateway of last resort to the default gateway? (Choose two.)

  • ip default-gateway 0.0.0.0
  • ip route 172.16.2.1 0.0.0.0 0.0.0.0
  • ip default-network 0.0.0.0*
  • ip default-route 0.0.0.0 0.0.0.0 172.16.2.1
  • ip route 0.0.0.0 0.0.0.0 172.16.2.1*
Show (Hide) Explanation/Reference
Both the “ip default-network” and “ip route 0.0.0.0 0.0.0.0 (next hop)” commands can be used to set the default gateway in a Cisco router.

III.34. Which parameter would you tune to affect the selection of a static route as a backup, when a dynamic protocol is also being used?

  • Hop count
  • administrative distance*
  • link bandwith
  • link delay
  • link cost
Show (Hide) Explanation/Reference
By default, the administrative distance of a static route is 1, meaning it will be preferred over all dynamic routing protocols. If you want to have the dynamic routing protocol used and have the static route be used only as a backup, you need to increase the AD of the static route so that it is higher than the dynamic routing protocol.

III.35. Refer to the exhibit.
A network associate has configured OSPF with the command:
City(config-router)# network 192.168.12.64 0.0.0.63 area 0
After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF. Which three of the interfaces shown in the exhibit will participate in OSPF according to this configuration statement? (Choose three.)

  • FastEthernet0 /0
  • FastEthernet0 /1*
  • Serial0/0*
  • Serial0/1.102*
  • Serial0/1.103
  • Serial0/1.104
Show (Hide) Explanation/Reference
The “network 192.168.12.64 0.0.0.63 equals to network 192.168.12.64/26. This network has:
+ Increment: 64 (/26= 1111 1111.1111 1111.1111 1111.1100 0000) + Network address:
192.168.12.64
+ Broadcast address: 192.168.12.127
Therefore, all interface in the range of this network will join OSPF.

III.36. Refer to the exhibit. The Lakeside Company has the internetwork in the exhibit. The administrator would like to reduce the size of the routing table on the Central router. Which partial routing table entry in the Central router represents a route summary that represents the LANs in Phoenix but no additional subnets?

Correct Answer: D

Show (Hide) Explanation/Reference
The 10.4.0.0/22 route includes 10.4.0.0/24, 10.4.1.0/24, 10.4.2.0/24 and 10.4.3.0/24 only.

III.37. Refer to the graphic. A static route to the 10.5.6.0/24 network is to be configured on the HFD router. Which commands will accomplish this? (Choose two.)

  • HFD(config)# ip route 10.5.6.0 0.0.0.255 fa0/0
  • HFD(config)# ip route 10.5.6.0 0.0.0.255 10.5.4.6
  • HFD(config)# ip route 10.5.6.0 255.255.255.0 fa0/0*
  • HFD(config)# ip route 10.5.6.0 255.255.255.0 10.5.4.6*
  • HFD(config)# ip route 10.5.4.6 0.0.0.255 10.5.6.0
  • HFD(config)# ip route 10.5.4.6 255.255.255.0 10.5.6.0
Show (Hide) Explanation/Reference
The simple syntax of static route:
ip route destination-network-address subnet-mask {next-hop-IP-address | exit-interface} + destination-networkaddress: destination network address of the remote network + subnet mask:
subnet mask of the destination network + next-hop-IP-address: the IP address of the receiving interface on the
next-hop router + exit-interface: the local interface of this router where the packets will go out in the statement
“ip route 10.5.6.0 255.255.255.0 fa0/0:
+ 10.5.6.0 255.255.255.0: the destination network
+fa0/0: the exit-interface

III.38. What information does a router running a link-state protocol use to build and maintain its topological database? (Choose two.)

  • hello packets*
  • SAP messages sent by other routers
  • LSAs from other routers*
  • beacons received on point-to-point links
  • routing tables received from other link-state routers
  • TTL packets from designated routers
Show (Hide) Explanation/Reference
Neighbor discovery is the first step in getting a link state environment up and running. In keeping with the friendly neighbor terminology, a Hello protocol is used for this step. The protocol will define a Hello packet format and a procedure for exchanging the packets and processing the information the packets contain.
After the adjacencies are established, the routers may begin sending out LSAs. As the term flooding implies, the advertisements are sent to every neighbor. In turn, each received LSA is copied and forwarded to every neighbor except the one that sent the LSA.

III.39. Which statements describe the routing protocol OSPF? (Choose three.)

  • It supports VLSM.*
  • It is used to route between autonomous systems.
  • It confines network instability to one area of the network.*
  • It increases routing overhead on the network.
  • It allows extensive control of routing updates.*
  • It is simpler to configure than RIP v2.
Show (Hide) Explanation/Reference
The OSPF protocol is based on link-state technology, which is a departure from the Bellman-Ford vector based algorithms used in traditional Internet routing protocols such as RIP. OSPF has introduced new concepts such as authentication of routing updates, Variable Length Subnet Masks (VLSM), route summarization, and so forth.
OSPF uses flooding to exchange link-state updates between routers. Any change in routing information is flooded to all routers in the network. Areas are introduced to put a boundary on the explosion of link-state updates. Flooding and calculation of the Dijkstra algorithm on a router is limited to changes within an area.

III.40. What is the default administrative distance of OSPF?

  • 90
  • 100
  • 110*
  • 120
Show (Hide) Explanation/Reference
Administrative distance is the feature that routers use in order to select the best path when there are two or more different routes to the same destination from two different routing protocols. Administrative distance defines the reliability of a routing protocol. Each routing protocol is prioritized in order of most to least reliable (believable) with the help of an administrative distance value.
Default Distance Value Table
This table lists the administrative distance default values of the protocols that Cisco supports:
Route Source
Default Distance Values
Connected interface
Static route
Enhanced Interior Gateway Routing Protocol (EIGRP) summary route External Border Gateway Protocol(BGP)
Internal EIGRP
IGRP
OSPF
Intermediate System-to-Intermediate System (IS-IS)
Routing Information Protocol (RIP)
Exterior Gateway Protocol (EGP)
On Demand Routing (ODR)
External EIGRP
Internal BGP
Unknown*

III.41. Refer to the exhibit. C-router is to be used as a “router-on-a-stick” to route between the VLANs. All the interfaces have been properly configured and IP routing is operational. The hosts in the VLANs have been configured with the appropriate default gateway. What is true about this configuration?
Correct Answer: D

Show (Hide) Explanation/Reference
Since all the same router (C-router) is the default gateway for all three VLANs, all traffic destined to a different VLA will be sent to the C-router. The C-router will have knowledge of all three networks since they will appear as directly connected in the routing table. Since the C-router already knows how to get to all three networks, no routing protocols need to be configured.

III.42. Refer to the exhibit. According to the routing table, where will the router send a packet destined for 10.1.5.65?

  • 10.1.1.2
  • 10.1.2.2
  • 10.1.3.3*
  • 10.1.4.4
Show (Hide) Explanation/Reference
The destination IP address 10.1.5.65 belongs to 10.1.5.64/28, 10.1.5.64/29 & 10.1.5.64/27 subnets but the “longest prefix match” algorithm will choose the most specific subnet mask -> the prefix “/29 will be chosen to route the packet. Therefore, the next-hop should be 10.1.3.3 ->.

III.43. Refer to the exhibit. Which address and mask combination represents a summary of the routes learned by EIGRP?

  • 192.168.25.0 255.255.255.240
  • 192.168.25.0 255.255.255.252
  • 192.168.25.16 255.255.255.240*
  • 192.168.25.16 255.255.255.252
  • 192.168.25.28 255.255.255.240
  • 192.168.25.28 255.255.255.252
Show (Hide) Explanation/Reference
The binary version of 20 is 10100.
The binary version of 16 is 10000.
The binary version of 24 is 11000.
The binary version of 28 is 11100.
The subnet mask is /28. The mask is 255.255.255.240.
Note:
From the output above, EIGRP learned 4 routes and we need to find out the summary of them:
+ 192.168.25.16
+ 192.168.25.20
+ 192.168.25.24
+ 192.168.25.28
-> The increment should bE. 28 ?16 = 12 but 12 is not an exponentiation of 2 so we must choose 16 (24).
Therefore, the subnet mask is /28 (=1111 1111.1111 1111.1111 1111.11110000) = 255.255.255.240
So the best answer should be 192.168.25.16 255.255.255.240

III.44. Refer to the exhibit. Given the output for this command, if the router ID has not been manually set, whatrouter ID will OSPF use for this router?

  • 10.1.1.2
  • 10.154.154.1
  • 172.16.5.1*
  • 192.168.5.3
Show (Hide) Explanation/Reference
The highest IP address of all loopback interfaces will be chosen -> Loopback 0 will be chosen as the router ID.

III.45. Which two statements describe the process identifier that is used in the command to configure OSPF on arouter? (Choose two.)
Router(config)# router ospf 1

  • All OSPF routers in an area must have the same process ID
  • Only one process number can be used on the same router.
  • Different process identifiers can be used to run multiple OSPF processes*
  • The process number can be any number from 1 to 65,535.*
  • Hello packets are sent to each neighbor to determine the processor identifier.
Show (Hide) Explanation/Reference
Multiple OSPF processes can be configured on a router using multiple process ID’s.
The valid process ID’s are shown below:
Edge-B(config)#router ospf ?
<1-65535> Process ID

III.46. Refer to the exhibit. What commands must be configured on the 2950 switch and the router to allow communication between host 1 and host 2? (Choose two.)

Correct Answer: BE

III.47. Which commands are required to properly configure a router to run OSPF and to add network 192.168.16.0/24 to OSPF area 0? (Choose two.)

  • Router(config)# router ospf 0
  • Router(config)# router ospf 1*
  • Router(config)# router ospf area 0
  • Router(config-router)# network 192.168.16.0 0.0.0.255 0
  • Router(config-router)# network 192.168.16.0 0.0.0.255 area 0*
  • Router(config-router)# network 192.168.16.0 255.255.255.0 area 0
Show (Hide) Explanation/Reference
In the router ospf command, the ranges from 1 to 65535 so o is an invalid number -> but To configure OSPF, we need a wildcard in the “network” statement, not a subnet mask. We also need to assgin an area to this process -> .

III.48. Which type of EIGRP route entry describes a feasible successor?

  • a backup route, stored in the routing table
  • a primary route, stored in the routing table
  • a backup route, stored in the topology table*
  • a primary route, stored in the topology table
Show (Hide) Explanation/Reference
EIGRP uses the Neighbor Table to list adjacent routers. The Topology Table list all the learned routers to destination whilst the Routing Table contains the best route to a destination, which is known as the Successor.
The Feasible Successor is a backup route to a destination which is kept in the Topology Table.

III.49. Refer to the exhibit. The company uses EIGRP as the routing protocol. What path will packets take from a host on the 192.168.10.192/26 network to a host on the LAN attached to router R1?

  • The path of the packets will be R3 to R2 to R1.
  • The path of the packets will be R3 to R1 to R2.
  • The path of the packets will be both R3 to R2 to R1 AND R3 to R1.
  • The path of the packets will be R3 to R1.*
Show (Hide) Explanation/Reference
Host on the LAN attached to router R1 belongs to 192.168.10.64/26 subnet. From the output of the routing
table of R3 we learn this network can be reach via 192.168.10.9, which is an IP address in 192.168.10.8/30
network (the network between R1 & R3) -> packets destined for 192.168.10.64 will be routed from R3 -> R1 ->
LAN on R1.

III.50. Refer to the exhibit. The speed of all serial links is E1 and the speed of all Ethernet links is 100 Mb/s. A static route will be established on the Manchester router to direct traffic toward the Internet over the most direct path available. What configuration on the Manchester router will establish a route toward the Internet for traffic that originates from workstations on the Manchester LAN?

  • ip route 0.0.0.0 255.255.255.0 172.16.100.2
  • ip route 0.0.0.0 0.0.0.0 128.107.1.1
  • ip route 0.0.0.0 255.255.255.252 128.107.1.1
  • ip route 0.0.0.0 0.0.0.0 172.16.100.1
  • ip route 0.0.0.0 0.0.0.0 172.16.100.2*
  • ip route 0.0.0.0 255.255.255.255 172.16.100.2
Show (Hide) Explanation/Reference
We use default routing to send packets with a remote destination network not in the routing table to the nexthop router. You should generally only use default routing on stub networks–those with only one exit path out of the network.
According to exhibit, all traffic towards Internet that originates from workstations should forward to Router R1.
Syntax for default route is:
ip route .

III.51. Refer to the exhibit. The network administrator must establish a route by which London workstations can forward traffic to the Manchester workstations. What is the simplest way to accomplish this?

  • Configure a dynamic routing protocol on London to advertise all routes to Manchester.
  • Configure a dynamic routing protocol on London to advertise summarized routes to Manchester.
  • Configure a dynamic routing protocol on Manchester to advertise a default route to the London router.
  • Configure a static default route on London with a next hop of 10.1.1.1.
  • Configure a static route on London to direct all traffic destined for 172.16.0.0/22 to 10.1.1.2.*
  • Configure Manchester to advertise a static default route to London.
Show (Hide) Explanation/Reference
This static route will allow for communication to the Manchester workstations and it is better to use this more specific route than a default route as traffic destined to the Internet will then not go out the London Internet connection.

III.52. Refer to the exhibit. The network administrator requires easy configuration options and minimal routing protocol traffic. What two options provide adequate routing table information for traffic that passes between the two routers and satisfy the requests of the network administrator? (Choose two.)

  • a dynamic routing protocol on InternetRouter to advertise all routes to CentralRouter.
  • a dynamic routing protocol on InternetRouter to advertise summarized routes to CentralRouter.
  • a static route on InternetRouter to direct traffic that is destined for 172.16.0.0/16 to CentralRouter.*
  • a dynamic routing protocol on CentralRouter to advertise all routes to InternetRouter.
  • a dynamic routing protocol on CentralRouter to advertise summarized routes to InternetRouter.
  • a static, default route on CentralRouter that directs traffic to InternetRouter.*
Show (Hide) Explanation/Reference
The use of static routes will provide the necessary information for connectivity while producing no routing traffic overhead.

III.53. Which parameter or parameters are used to calculate OSPF cost in Cisco routers?

  • Bandwidth*
  • Bandwidth and Delay
  • Bandwidth, Delay, and MTU
  • Bandwidth, MTU, Reliability, Delay, and Load
Show (Hide) Explanation/Reference
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7039-1.html#t6OSPF Cost

The cost (also called metric) of an interface in OSPF is an indication of the overhead required to send packets across a certain interface. The cost of an interface is inversely proportional to the bandwidth of that interface. A higher bandwidth indicates a lower cost. There is more overhead (higher cost) and time delays involved in crossing a 56k serial line than crossing a 10M ethernet line. The formula used to calculate the cost is:
cost= 10000 0000/bandwith in bps
For example, it will cost 10 EXP8/10 EXP7 = 10 to cross a 10M Ethernet line and will cost 10 EXP8/1544000 = 64 to cross a T1 line.
By default, the cost of an interface is calculated based on the bandwidth; you can force the cost of an interface with the ip ospf cost <value> interface subconfiguration mode command.

III.54. Which two statements about the OSPF Router ID are true? (Choose two.)

  • It identifies the source of a Type 1 LSA.*
  • It should be the same on all routers in an OSPF routing instance.
  • By default, the lowest IP address on the router becomes the OSPF Router ID.
  • The router automatically chooses the IP address of a loopback as the OSPF Router ID.*
  • It is created using the MAC Address of the loopback interface.

III.55. What are two benefits of using a single OSPF area network design? (Choose two.)

  • It is less CPU intensive for routers in the single area.
  • It reduces the types of LSAs that are generated.*
  • It removes the need for virtual links.*
  • It increases LSA response times.
  • It reduces the number of required OSPF neighbor adjacencies.

III.56. What OSPF command, when configured, will include all interfaces into area 0?

  • network 0.0.0.0 255.255.255.255 area 0*
  • network 0.0.0.0 0.0.0.0 area 0
  • network 255.255.255.255 0.0.0.0 area 0
  • network all-interfaces area 0

III.57. What two things will a router do when running a distance vector routing protocol? (Choose two.)

  • Send periodic updates regardless of topology changes.*
  • Send entire routing table to all routers in the routing domain.
  • Use the shortest-path algorithm to the determine best path.
  • Update the routing table based on updates from their neighbors.*
  • Maintain the topology of the entire network in its database.
Show (Hide) Explanation/Reference
Distance means how far and Vector means in which direction. Distance Vector routing protocols pass periodic copies of routing table to neighbor routers and accumulate distance vectors. In distance vector routing protocols, routers discover the best path to destination from each neighbor. The routing updates proceed step by step from router to router.

III.58. When a router undergoes the exchange protocol within OSPF, in what order does it pass through each state?

  • exstart state > loading state > exchange state > full state
  • exstart state > exchange state > loading state > full state*
  • exstart state > full state > loading state > exchange state
  • loading state > exchange state > full state > exstart state

III.59. Refer to the exhibit. If the router Cisco returns the given output and has not had its router ID set manually, what value will OSPF use as its router ID?

  • A. 192.168.1.1
  • B. 172.16.1.1
  • C. 1.1.1.1
  • D. 2.2.2.2*

III.60. What command sequence will configure a router to run OSPF and add network 10.1.1.0 /24 to area 0?

Correct Answer: C

III.61. Refer to the exhibit. When running EIGRP, what is required for RouterA to exchange routing updates with RouterC?

  • AS numbers must be changed to match on all the routers*
  • Loopback interfaces must be configured so a DR is elected
  • The no auto-summary command is needed on Router A and Router C
  • Router B needs to have two network statements, one for each connected network
Show (Hide) Explanation/Reference
This question is to examine the understanding of the interaction between EIGRP routers. The following
information must be matched so as to create neighborhood. EIGRP routers to establish, must match the following information:
1. AS Number;
2. K value.

III.62. A network administrator is trying to add a new router into an established OSPF network. The networks attached to the new router do not appear in the routing tables of the other OSPF routers. Given the information in the partial configuration shown below, what configuration error is causing this problem?

  • The process id is configured improperly.
  • The OSPF area is configured improperly.
  • The network wildcard mask is configured improperly.*
  • The network number is configured improperly.
  • The AS is configured improperly.
  • The network subnet mask is configured improperly.
Show (Hide) Explanation/Reference
When configuring OSPF, the mask used for the network statement is a wildcard mask similar to an access list.
In this specific example, the correct syntax would have been “network 10.0.0.0 0.0.0.255 area 0.

III.63. Refer to the graphic. R1 is unable to establish an OSPF neighbor relationship with R3. What are possible reasons for this problem? (Choose two.)

  • All of the routers need to be configured for backbone Area 1.
  • R1 and R2 are the DR and BDR, so OSPF will not establish neighbor adjacency with R3
  • A static route has been configured from R1 to R3 and prevents the neighbor adjacency from being established.
  • The hello and dead interval timers are not set to the same values on R1 and R3.*
  • EIGRP is also configured on these routers with a lower administrative distance.
  • R1 and R3 are configured in different areas.*
Show (Hide) Explanation/Reference
A is not correct because the backbone area of OSPF is always Area 0.
B is not correct because R1 or R3 must be the DR or BDR -> it has to establish neighbor adjacency with the other.
C is not correct because OSPF neighbor relationship is not established based on static routing. It uses multicast address 224.0.0.5 to establish OSPF neighbor relationship.
E is not correct because configure EIGRP on these routers (with a lower administrative distance) will force these routers to run EIGRP, not OSPF.D and F are correct because these entries must match on neighboring routers:– Hello and dead intervals
– Area ID (Area 0 in this case)
– Authentication password
– Stub area flag

III.64. Which statement describes the process ID that is used to run OSPF on a router?

  • It is globally significant and is used to represent the AS number.
  • It is locally significant and is used to identify an instance of the OSPF database.*
  • It is globally significant and is used to identify OSPF stub areas.
  • It is locally significant and must be the same throughout an area.

III.65. A router receives information about network 192.168.10.0/24 from multiple sources. What will the router consider the most reliable information about the path to that network?

  • a directly connected interface with an address of 192.168.10.254/24
  • a static route to network 192.168.10.0/24
  • a RIP update for network 192.168.10.0/24
  • an OSPF update for network 192.168.0.0/16
  • a default route with a next hop address of 192.168.10.1
  • a static route to network 192.168.10.0/24 with a local serial interface configured as the next hop*
Show (Hide) Explanation/Reference
When there is more than one way to reach a destination, it will choose the best one based on a couple of things. First, it will choose the route that has the longest match; meaning the most specific route. So, in this case the /24 routes will be chosen over the /16 routes. Next, from all the /24 routes it will choose the one with the lowest administrative distance. Directly connected routes have an AD of 1 so this will be the route chosen.

III.66. What is the default maximum number of equal-cost paths that can be placed into the routing table of a Cisco OSPF router?

  • 2
  • 4*
  • 16
  • Dunlimited
Show (Hide) Explanation/Reference
maximum-paths (OSPF)
To control the maximum number of parallel routes that Open Shortest Path First (OSPF) can support, use the maximum-paths command.
Syntax Description maximum
Maximum number of parallel routes that OSPF can install in a routing table. The range is from 1 to 16 routes.
Command Default 8 paths

III.67. Refer to the exhibit. After a RIP route is marked invalid on Router_1, how much time will elapse before that route is removed from the routing table?

  • 30 seconds
  • 60 seconds*
  • 90 seconds
  • 180 seconds
  • 240 seconds
Show (Hide) Explanation/Reference
What you need to read up on is around the Count to infinity routing loops, the holddown timers are used to ensure that routing loops dont occur and the hold down timer only occurs after 180s then at 240s the bad route is flushed/deleted. Coming back to the question where it asks for the time elapsed before it gets removed. So once the holddown timer passes thats when it knows there is a bad route, then the question is asking how long does it stay in the routing table before it gets “flushed” so that is 240-180=60s

III.68. Refer to the exhibit. A network associate has configured the internetwork that is shown in the exhibit, but has failed to configure routing properly.
Which configuration will allow the hosts on the Branch LAN to access resources on the HQ LAN with the least impact on router processing and WAN bandwidth?

Correct Answer: A

III.69. Refer to the exhibit. The network is converged. After link-state advertisements are received from Router_A, what information will Router_E contain in its routing table for the subnets 208.149.23.64 and 208.149.23.96?Correct Answer: A

III.70. Which statement is true, as relates to classful or classless routing?

  • Automatic summarization at classful boundries can cause problems on discontinuous subnets*
  • EIGRP and OSPF are classful routing protocols and summarize routes by default
  • RIPv1 and OSPF are classless routing protocols
  • Classful routing protocols send the subnet mask in routing updates

III.71. Which pairing reflects a correct protocol-and-metric relationship?

  • OSPF and number of hops and reliability
  • EIGRP and link cost
  • IS-IS and delay and reliability
  • RIPv2 and number of hops*

III.72. Refer to the exhibit. Which two statements are true about the loopback address that is configured on RouterB? (Choose two.)

  • It ensures that data will be forwarded by RouterB.
  • It provides stability for the OSPF process on RouterB.*
  • It specifies that the router ID for RouterB should be 10.0.0.1.*
  • It decreases the metric for routes that are advertised from RouterB.
  • It indicates that RouterB should be elected the DR for the LAN.

III.73. Refer to the exhibit. The router has been configured with these commands:

What are the two results of this configuration? (Choose two.)

  • The default route should have a next hop address of 64.100.0.3.
  • Hosts on the LAN that is connected to FastEthernet 0/1 are using public IP addressing.
  • The address of the subnet segment with the WWW server will support seven more servers.
  • The addressing scheme allows users on the Internet to access the WWW server.*
  • Hosts on the LAN that is connected to FastEthernet 0/1 will not be able to access the Internet without address translation.*

III.74. Which two statements are true about the command ip route 172.16.3.0 255.255.255.0 192.168.2.4? (Choose two.)

  • It establishes a static route to the 172.16.3.0 network.*
  • It establishes a static route to the 192.168.2.0 network.
  • It configures the router to send any traffic for an unknown destination to the 172.16.3.0 network.
  • It configures the router to send any traffic for an unknown destination out the interface with the address 192.168.2.4.
  • It uses the default administrative distance.*
  • It is a route that would be used last if other routes to the same destination exist.

III.75. Refer to the exhibit. The networks connected to router R2 have been summarized as a 192.168.176.0/21 route and sent to R1. Which two packet destination addresses will R1 forward to R2? (Choose two.)

  • 192.168.194.160
  • 192.168.183.41*
  • 192.168.159.2
  • 192.168.183.255
  • 192.168.179.4*

III.76. Refer to the exhibit. Which three statements are true about how router JAX will choose a path to the 10.1.3.0/24 network when different routing protocols are configured? (Choose three.)

  • By default, if RIPv2 is the routing protocol, only the path JAX-ORL will be installed into the routing table.*
  • The equal cost paths JAX-CHI-ORL and JAX- NY-ORL will be installed in the routing table if RIPv2 is the routing protocol.
  • When EIGRP is the routing protocol, only the path JAX-ORL will be installed in the routing table by default.
  • When EIGRP is the routing protocol, the equal cost paths JAX-CHI-ORL, and JAX-NY-ORL will be installed in the routing table by default.*
  • With EIGRP and OSPF both running on the network with their default configurations, the EIGRP paths will be installed in the routing table.*
  • The OSPF paths will be installed in the routing table, if EIGRP and OSPF are both running on the network with their default configurations.

III.77. In which situation would the use of a static route be appropriate?

  • To configure a route to the first Layer 3 device on the network segment.
  • To configure a route from an ISP router into a corporate network.
  • To configure a route when the administrative distance of the current routing protocol is too low.
  • To reach a network is more than 15 hops away.
  • To provide access to the Internet for enterprise hosts*

III.78. Which three statements are correct about RIP version 2? (Choose three)

  • It uses broadcast for its routing updates
  • It supports authentication*
  • It is a classless routing protocol*
  • It has a lower default administrative distance than RIP version 1
  • It has the same maximum hop count as version 1*
  • It does not send the subnet mask un updates

III.79. Which address is the IPv6 all-RIP-routers multicast group address that is used by RIPng as the destination address for RIP updates?

  • FF02::9*
  • FF02::6
  • FF05::101
  • FF02::A

III.80. If all OSPF routers in a single area are configured with the same priority value, what value does a router use for the OSPF router ID in the absence of a loopback interface?<

  • the IP address of the first Fast Ethernet interface
  • the IP address of the console management interface
  • the highest IP address among its active interfaces*
  • the lowest IP address among its active interfaces
  • the priority value until a loopback interface is configured

III.81. The OSPF Hello protocol performs which of the following tasks? (Choose two.)

  • It provides dynamic neighbor discovery.*
  • It detects unreachable neighbors in 90 second intervals.
  • It maintains neighbor relationships.*
  • It negotiates correctness parameters between neighboring interfaces.
  • It uses timers to elect the router with the fastest links as the designated router.
  • It broadcasts hello packets throughout the internetwork to discover all routers that are running OSPF.

III.82. The network administrator of the Oregon router adds the following command to the router configuration: ip route 192.168.12.0 255.255.255.0 172.16.12.1. What are the results of adding this command? (Choose two.)

  • The command establishes a static route.*
  • The command invokes a dynamic routing protocol for 192.168.12.0.
  • Traffic for network 192.168.12.0 is forwarded to 172.16.12.1.*
  • Traffic for all networks is forwarded to 172.16.12.1.
  • This route is automatically propagated throughout the entire network.
  • Traffic for network 172.16.12.0 is forwarded to the 192.168.12.0 network.

III.83. The Company WAN is migrating from RIPv1 to RIPv2. Which three statements are correct about RIP version 2? (Choose three.)

  • It has the same maximum hop count as version 1.*
  • It uses broadcasts for its routing updates.
  • It is a classless routing protocol.*
  • It has a lower default administrative distance than RIP version 1.
  • It supports authentication.*
  • It does not send the subnet mask in updates.

III.84. Which EIGRP for IPv6 command can you enter to view the link-local addresses of the neighbors of a device?

  • show ipv6 eigrp 20 interfaces
  • show ipv6 route eigrp
  • show ipv6 eigrp neighbors*
  • show ip eigrp traffic
Show (Hide) Explanation/Reference
The “show ipv6 eigrp neighbors” command displays the neighbors discovered by the EIGRPv6. Notice that the neighbors are displayed by their link-local addresses.

III.85. Refer to the exhibit. Router edge-1 is unable to establish OSPF neighbor adjacency with router ISP-1. Which two configuration changes can you make on edge-1 to allow the two routers to establish adjacency? (Choose two)

  • Set the subnet mask on edge-1 to 255 255.255.252.
  • Reduce the MTU on edge-1 to 1514.
  • Set the OSPF cost on edge-1 to 1522.
  • Reduce the MTU on edge-1 to 1500.*
  • Configure the ip ospf mtu-ignore command on the edge-1 Gi0/0 interface.*
Show (Hide) Explanation/Reference
In order to become OSPF neighbor following values must be match on both routers:+ Area ID
+ Authentication
+ Hello and Dead Intervals
+ Stub Flag
MTU SizeTherefore we need to adjust the MTU size on one of the router so that they are the same. Or we can tell OSPF to ignore the MTU size check with the command “ip ospf mtu-ignore”.

III.86. You enter the show ipv6 route command on an OSPF device and the device displays a route. Which conclusion can you draw about the environment?

  • OSPF is distributing IPv6 routes to BGP.
  • The router is designated as an ABR.
  • The router is designated as totally stubby.
  • OSPFv3 is in use.*
Show (Hide) Explanation/Reference
The “show ipv6 route” displays the current contents of the IPv6 routing table. This device is running OSPF so we can deduce it is running OSPFv3 (OSPF for IPv6). An example of the “show ip v6 route” is shown below:

III.87. Which routing protocol has the smallest default administrative distance?

  • IBGP
  • OSPF
  • IS-IS
  • EIGRP*
  • RIP
Show (Hide) Explanation/Reference
The Administrative Distance (AD) of popular routing protocols is shown below. You should learn them by heart:Note: The AD of iBGP is 200

The smaller the AD is, the better it is. The router will choose the routing protocol with smallest AD.

In this case EIGRP with AD of 90 is the smallest one.

III.88. Which statement about static routes is true?

  • The source interface can be configured to make routing decisions.
  • A subnet mask is entered for the next-hop address.
  • The subnet mask is 255.255 255.0 by default
  • The exit interface can be specified to indicate where the packets will be routed.*
Show (Hide) Explanation/Reference
Static routing can be used to define an exit point from a router when no other routes are available or
necessary. This is called a default route.

III.89. Which statement about routing protocols is true?

  • Link-state routing protocols choose a path by the number of hops to the destination.
  • OSPF is a link-state routing protocol.*
  • Distance-vector routing protocols use the Shortest Path First algorithm.
  • IS-IS is a distance-vector routing protocol.
Show (Hide) Explanation/Reference

Link State Routing Protocols
Link state protocols are also called shortest-path-first protocols. Link state routing protocols have a complete picture of the network topology. Hence they know more about the whole network than any distance vector protocol.
Three separate tables are created on each link state routing enabled router. One table is used to hold details about directly connected neighbors, one is used to hold the topology of the entire internetwork and the last one is used to hold the actual routing table. Link state protocols send information about directly connected links to all the routers in the network.
Examples of Link state routing protocols include OSPF – Open Shortest Path First and IS-IS – Intermediate System to Intermediate System. There are also routing protocols that are considered to be hybrid in the sense that they use aspects of both distance vector and link state protocols. EIGRP – Enhanced Interior Gateway Routing Protocol is one of those hybrid routing protocols.

III.90. Which dynamic routing protocol uses only the hop count to determine the best path to a destination?

  • IGRP
  • RIP*
  • EIGRP
  • OSPF

III.91. DRAG DROP. Drag each definition on the left to the matching term on the right.Select and Place:
Correct Answer:

III.92. DRAG DROP. Drag the Cisco default administrative distance to the appropriate routing protocol or route. (Not all options are
used.)
Select and Place:
Correct Answer:

III.93. DRAG DROP. Routing has been configured on the local router with these commands:Drag each destination IP address on the left to its correct next hop address on the right.Select and Place:

Correct Answer:

III.94. When a device learns multiple routes to a specific network, it installs the route with :

  • Longest bit Match (highest subnet Mask)
  • lowest AD*
  • lowest metric
  • equal load balancing
Show (Hide) Explanation/Reference
Making a forwarding decision actually consists of three sets of processes: the routing protocols, the routing table, and the actual process which makes a forwarding decision and switches packets. The longest prefix match always wins among the routes actually installed in the routing table, while the routing protocol with the lowest administrative distance always wins when installing routes into the routing table.Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/8651-21.html

III.95. OSPF enable on interface with multiple ipv6 prefix which ip will OSPF use?

  • highest prefix
  • lowest prefix
  • all prefix*

III.96. Which type of routing protocol operates by using first information from each device peers?

  • link-state protocols*
  • distance-vector protocols
  • path-vector protocols
  • exterior gateway protocols
Show (Hide) Explanation/Reference
http://www.ciscopress.com/articles/article.asp?p=24090&seqNum=4

The reason is that unlike the routing-by-rumor approach of distance vector, link state routers have firsthand information from all their peer routers. Each router originates information about itself, its directly connected links, and the state of those links (hence the name). This information is passed around from router to router, each router making a copy of it, but never changing it. The ultimate objective is that every router has identical information about the internetwork, and each router will independently calculate its own best paths.

III.97. Which statements is true about Router on Stick?

  • When a router have multiple subnets on a single physical link.*
  • When a router have single subnet on multiple physical links.
  • When a router have multiple interface on single physical links.
  • When a router have single interface on multiple physical links

III.98. DRAG DROP. Drag and drop each advantage of static or dynamic routing from the left onto the correct routing type on the right.Select and Place:
Correct Answer:

III.99. What are two enhancements that OSPFv3 supports over OSPFv2? (Choose two.)

  • It requires the use of ARP.
  • It can support multiple IPv6 subnets on a single link.*
  • It supports up to 2 instances of OSPFv3 over a common link.
  • It routes over links rather than over networks.*

III.100. What are two drawbacks of implementing a link-state routing protocol? (Choose two)

  • the sequencing and acknowledgment of link-state packets
  • the high volume of link-state advertisements in a converged network
  • the requirement for a hierarchical IP addressing scheme for optimal functionality*
  • the high demand on router resources to run the link-state routing algorithm*
  • the large size of the topology table listing all advertised routes in the converged network

III.101. DRAG DROP. Drag and drop the BGP terms from the left onto the correct descriptions on the right.Select and Place:
Correct Answer:

III.102. Which command is needed to send RIPv2 updates as broadcast when configured for RIPv2?

  • ip rip v2-broadcast*
  • ip rip receive version 1
  • ip rip receive version 2
  • version 2
Show (Hide) Explanation/Reference
Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfrip.html

III.103. Router R1 has a static route that is configured to destination network.A directly connected interface is configured with an IP address in the same destination network.Which statement about R1 is true?

  • R1 refuses to advertise the dynamic route to other neighbors
  • R1 prefers the static route
  • R1 prefers the directly connected interface*
  • R1 sends a withdrawal notification to the neighboring router

III.104. Which feature is configured by setting a variance that is at least two times the metric?

  • equal cost load balancing
  • path count
  • path selection
  • unequal cost load balancing*
Show (Hide) Explanation/Reference
EIGRP provides a mechanism to load balance over unequal cost paths (or called unequal cost load balancing) through the “variance” command. In other words, EIGRP will install all paths with metric < variance * best_metric into the local routing table, provided that it meets the feasibility condition (to prevent routing loop). The feasibility condition states that, the Advertised Distance (AD) of a route must be lower than the feasible distance of the current successor route.

III.105. Which command can you enter to display the operational status of the network ports on a router?

  • show interface switchport
  • show ip interface brief*
  • show running-config interface fastethernet 0/1
  • show interface status

III.106.

interface fa0/0
ip address x.x.x.33 255.255.255.224
router bgp XXX
neighbor x.x.x.x remote as x.x.x.x

You need to advertise the network of Int fa0/0.

  • x.x.x.32 mask 255.255.255.224*
  • x.x.x.32 255.255.255.224
  • x.x.x.32 mask 0.0.0.31
  • x.x.x.33 mask 255.255.255.224

III.107. When enabled, which feature prevents routing protocols from sending hello messages on an interface?

  • virtual links
  • passive-interface*
  • directed neighbors
  • OSPF areas
Show (Hide) Explanation/Reference
You can use the passive-interface command in order to control the advertisement of routing information.
The command enables the suppression of routing updates over some interfaces while it allows updates to
be exchanged normally over other interfaces. With most routing protocols, the passive-interface command restricts outgoing advertisements only.
But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different.
This document demonstrates that use of the passive-interface command in EIGRP suppresses the
exchange of hello packets between two routers, which results in the loss of their neighbor relationship. This stops not only routing updates from being advertised, but it also suppresses incoming routing updates. This document also discusses the configuration required in order to allow the suppression of outgoing routing updates, while it also allows incoming routing updates to be learned normally from the neighbor

III.108. Which value is indicated by the next hop in a routing table?

  • preference of the route source
  • IP address of the remote router for forwarding the packets*
  • how the route was learned
  • exit interface IP address for forwarding the packets

III.109. Which two are advantages of static routing when compared to dynamic routing? (Choose two.) 

  • Configuration complexity decreases as network size increases.
  • Security increases because only the network administrator may change the routing table.*
  • Route summarization is computed automatically by the router.
  • Routing tables adapt automatically to topology changes.
  • An efficient algorithm is used to build routing tables, using automatic updates.
  • Routing updates are automatically sent to neighbors.
  • Routing traffic load is reduced when used in stub network links.*
Show (Hide) Explanation/Reference
Explanation:
Since static routing is a manual process, it can be argued that it is more secure (and more prone to  human errors) since the network administrator will need to make changes to the routing table directly.
Also, in stub networks where there is only a single uplink connection, the load is reduced as stub routers  just need a single static default route, instead of many routes that all have the same next hop IP address. 

III.110. Refer to exhibit. What Administrative distance has route to 192.168.10.1 ?

  • 1
  • 90*
  • 110
  • 120
  • III.111. Refer to the exhibit.After you apply the given configuration to R1, you determine that it is failing to advertise the 172.16.10.32/27 network .Which action most likely to correct the problem.

    • Enable passive interface
    • Enable RIPv2*
    • Enable manual summarization
    • Enable autosummarization.
    Show (Hide) Explanation/Reference
    The difference between RIPv1 and RIPv2 is RIPv1 is a classful protocol (no support for VLSM or CIDR) while RIPv2 is a classless protocol (which supports VLSM and CIDR). Therefore in this question if we forget to enable RIPv2 then the router will use RIPv1 and it only advertise major network 172.16.0.0/16 to other routers. By enabling RIPv2 (via the “version 2” command) the router will advertise two subnets 172.16.10.0/27 & 172.16.10.32/28.

    III.112. Under which circumstance is a router on a stick most appropriate?

    • When a router have multiple subnets on a single physical link.**
    • When a router have single subnet on multiple physical links.
    • When a router have multiple interface on single physical links.
    • When a router have single interface on multiple physical links.

    III.113. Which type of routing protocol operates by exchanging the entire routing information ?

    • distance vector protocols*
    • link state protocols
    • path vector protocols
    • exterior gateway protocols
    Show (Hide) Explanation/Reference
    Distance vector protocols (like RIP) exchanges the entire routing information each time the routers send the updates.Note: EIGRP is considered an advanced distance vector protocol so it does not send the whole routing table for each update.

    III.114. When is a routing table entry identified as directly connected?

    • when the local router is in use as the network default gateway
    • when the network resides on a remote router that is physically connected to the local router
    • when an interface on the router is configure with an ip address and enabled*
    • when the route is statically assigned to reach a specific network

    III.115. DRAG DROP. Drag and drop the values in a routing table from the left onto the correct meanings on the right.Select and Place:

    Correct Answer:

    III.116. Refer to the exhibit. What is the effect of the given configuration?

    Switch#configuration terminal
    Switch#interface VLAN 1
    Switch(config-if)#ip address 192.168.2.2 255.255.255.0
    Switch(config-if)#end
    • It configures an inactive switch virtual interface.*
    • It configures an active management interface.
    • It configures the native VLAN.
    • It configures the default VLAN.
    Show (Hide) Explanation/Reference
    In the configuration above, the “no shutdown” command was missing so interface Vlan 1 is still inactive. Notice that only the loopback command does not need the “no shutdown” command to work.

    III.117. Which function enables an administrator to route multiple VLANs on a router?

    • IEEE 802.1X
    • HSRP
    • port channel
    • router on a stick*

    III.118. Which path does a router choose when it receives a packet with multiple possible paths to the destination over different routing protocols?

    • the path with both the lowest administrative distance and the highest metric
    • the path with the lowest administrative distance*
    • the path with the lowest metric
    • the path with both the lowest administrative distance and lowest metric

    III.119. Which three characteristics are representative of a link-state routing protocol? (Choose three.)

    • provides common view of entire topology*
    • exchanges routing tables with neighbors
    • calculates shortest path*
    • utilizes event-triggered updates*
    • utilizes frequent periodic updates

    III.120. Which command can you enter to set the default route for all traffic to an IP enabled router interface?

    • router(config)#ip route 0.0.0.0. 255.255.255.255 GigabitEthernet0/1
    • router(config)#ip default-gateway GigabitEthernet0/1
    • router(config-router)#default-information originate
    • router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1*

    III.121. What are two advantages of static routing? (Choose two.)

    • It can be implemented easily even in large environments
    • It allows the administrator to control the path of traffic*
    • It produces minimal CPU load*
    • It allows the network to respond immediately to changes
    • It cannot be used to load-balance traffic over multiple links

    III.122. Which two advantages do dynamic routing protocols provide over static routing? (Choose two.)

    • Dynamic routing requires fewer resources than static routing
    • Only dynamic routing is supported on all topologies that require multiple routers
    • Dynamic routing protocols are easier to manage on very large networks*
    • Dynamic routing protocols automatically adapt to reroute traffic if possible*
    • Dynamic routing is more secure than static routing

    III.123. You have configured a router with an OSPF router ID, but its IP address still reflects the physical interface. Which action can you take to correct the problem in the least disruptive way?

    • Reload the OSPF process
    • Reboot the router
    • Specify a loopback address*
    • Save the router configuration

    III.124. Which two neighbor types are supported in a BGP environment? (Choose two.)

    • directly attached
    • internal*
    • external*
    • autonomous
    • remote

    III.125. Which two differences between distance-vector and link-state routing protocols are true? (Choose two.)

    • Only link-state routing use the Bellman-Ford algorithm
    • Only distance-vector routing protocols send full routing table updates*
    • Distance-vector routing protocols are less susceptible to loops than link-state protocols
    • Link-state routing protocols offer faster convergence than distance-vector protocols during network changes*
    • Only distance-vector routing protocols maintain identical topology tables on all connected neighbors

    III.126. For which routes does the distance bgp 10 50 70 command set the administrative distance?

    • for BGP internal routes only
    • for all BGP routes*
    • between BGP routes and IGP routes
    • for BGP external routes only

    III.127. Which 2 optns are requirements for configuring ripv2 for ipv4 (choose 2 )?

    • enabling RIP authentication.
    • connecting RIP to a WAN Interface.
    • enabling auto route sumamrization.
    • allowing unicast updates for RIP.*
    • enabling RIP on the router.*
    Show (Hide) Explanation/Reference
    To enable RIP surely we have to enable it first (with the “router rip” command in global configuration mode) -> E is correct.

    RIPv2 sends its updates via multicast but in Nonbroadcast Multiple Access (NBMA) environment, multicast is not allowed so we have to use unicast to send RIPv2 updates -> D is correct.

    III.128. Which two steps must you perform to enbale router- on- stick on a switch?

    • connect the router to a trunk port*
    • config the subint number exactly the same as the matching VLAN
    • config full duplex
    • cofigure an ip route to the vlan destn net
    • assign the access port to the vlan*
    Show (Hide) Explanation/Reference
    This question only asks about enable router-on-stick on a switch, not a router. We don’t have subinterface on a switch so B is not a correct answer.

    III.129. Which add prefix does OSPFv3 use when multiple IPv6 address are configured on a single interface?

    • all prefix on the interface*
    • the prefix that the administrator configure for OSPFv3 use
    • the lowest prefix on the interface
    • the highest prefix on the interface
    Show (Hide) Explanation/Reference
    http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-routeospfv3.html#GUID-05F3F09C-FE3E-41D6-9845-111FB17AD030
    “In IPv6, you can configure many address prefixes on an interface. In OSPFv3, all address prefixes on an
    interface are included by default. You cannot select some address prefixes to be imported into OSPFv3;
    either all address prefixes on an interface are imported, or no address prefixes on an interface are
    imported.”

    III.130. Which command can you enter to configure an IPV6 floating static route?

    • Router(config)# ipv6 route static resolve default
    • Router(config)# ipv6 route::/0 serail0/1
    • Router(config)# ipv6 route FE80:0202::/32 serail 0/1 201*
    • Router(config)# ipv6 route FE80:0202::/32 serail 0/1 1
    Show (Hide) Explanation/Reference
    Floating static routes are static routes that have an administrative distance greater than the administrative distance (AD) of another static route or dynamic routes. By default a static route has an AD of 1 then floating static route must have the AD greater than 1 -> Answer C is correct as it has the AD of 201.

    III.131. Refer to the exhibit. 

    After you apply the given configuration to R1, you notice that it failed to enable OSPF Which action can you take to correct the problem?

    • Configure a loopback interface on R1
    • Enable IPv6 unicast routing on R1.*
    • Configure an IPv4 address on interface FO/0.
    • Configure an autonomous system number on OSPF.
    Show (Hide) Explanation/Reference

    http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3.html

    Prerequisites for IPv6 Routing: OSPFv3
    Complete the OSPFv3 network strategy and planning for your IPv6 network. For example, you must decide whether multiple areas are required.
    Enable IPv6 unicast routing.
    Enable IPv6 on the interface.

    III.132. Which effect of the passive-interface command on R1 is true?

    • It prevents interface Fa0/0 from sending updates.*
    • Interface Fa 0/0 operates in RIPv1 mode.
    • It removes the 172.16.0.0 network from all updates on all interfaces on R1.
    • It removes the 172.17.0.0 network from all updates on all interfaces on R1.
    Show (Hide) Explanation/Reference
    With most routing protocols, the passive-interface command restricts outgoing advertisements only.
    But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different.

    III.133. Which component of a routing table entry represents the subnet mask?

    • Routing protocol code
    • Prefix
    • metric
    • Network mask*
    Show (Hide) Explanation/Reference
    IP Routing Table Entry Types
    An entry in the IP routing table contains the following information in the order presented:
    Network ID. The network ID or destination corresponding to the route. The network ID can be class- based, subnet, or supernet network ID, or an IP address for a host route.
    Network Mask. The mask that is used to match a destination IP address to the network ID.
    Next Hop. The IP address of the next hop.
    Interface. An indication of which network interface is used to forward the IP packet.
    Metric. A number used to indicate the cost of the route so the best route among possible multiple routes to the same destination can be selected. A common use of the metric is to indicate the number  of hops (routers crossed) to the network ID.
    Routing table entries can be used to store the following types of routes:
    Directly Attached Network IDs. Routes for network IDs that are directly attached. For directly attached networks, the Next Hop field can be blank or contain the IP address of the interface on that network. Remote Network IDs. Routes for network IDs that are not directly attached but are available across other routers. For remote networks, the Next Hop field is the IP address of a local router in between the forwarding node and the remote network.
    Host Routes. A route to a specific IP address. Host routes allow routing to occur on a per-IP address ba- sis. For host routes, the network ID is the IP address of the specified host and the network mask is 255.255.255.255.
    Default Route. The default route is designed to be used when a more specific network ID or host route  is not found. The default route network ID is 0.0.0.0 with the network mask of 0.0.0.0. 

    Section IV: WAN Technologies

    IV.1. Which three statements about DWDM are true? (Choose three)

    • It allows a single strand of fiber to support bidirectional communications
    • It is used for long-distance and submarine cable systems
    • It can multiplex up to 256 channels on a single fiber*
    • It supports both the SDH and SONET standards*
    • Each channel can carry up to a 1-Gbps signal*
    • It supports simplex communications over multiple strands of fiber

    IV.2. Which WAN topology is most appropriate for a centrally located server farm with several satellite branches?

    • star
    • hub and spoke*
    • point-to-point
    • full mesh
    Show (Hide) Explanation/Reference
    Star is the most popular topology for Ethernet topology but hub and spoke is the most appropriate WAN topology.

    In a Hub-and-spoke network topology, one physical site act as Hub (Example, Main Office or Head Quarter), while other physical sites act as spokes. Spoke sites are connected to each other via Hub site. In Hub-and-spoke topology, the network communication between two spokes always travel through the hub (except when using DMVPN Phase II or Phase III where spokes can communicate with each other directly). The networking device at Hub site is often much more powerful than the ones at spoke sites.

    Hub and spoke is an ideal topology when most of the resources lie at the Hub site and the branch sites only need to access to the Hub.

    Note: Although some books may say Hub-and-spoke and Star topologies are the same but in fact they have difference. When talking about Hub-and-spoke we often think about the communication between Hub site and Spoke sites. When talking about Star we think about the communication between end devices.

    IV.3. Which value must a device send as its username when using CHAP to authenticate with a remote peer site id:17604704 over a PPP link?

    • the username defined by the administrator
    • the local hostname*
    • the automatically-generated username
    • the hostname of the remote device

    IV.4. Which technology supports multiple dynamic secure connections over an unsecure transport network?

    • Point-to-point
    • DMVPN*
    • VPN
    • site-to-site VPN

    IV.5. DRAG DROP. Drag the frame relay acronym on the left to match its definition on the right. (Not all acronyms are used.)Select and Place:
    Correct Answer:

    IV.6. Which feature can you implement to reserve bandwidth for VoIP calls across the call path?

    • PQ
    • CBWFQ
    • round robin
    • RSVP*
    Show (Hide) Explanation/Reference
    The Resource Reservation Protocol (RSVP) protocol allows applications to reserve bandwidth for their data flows. It is used by a host, on the behalf of an application data flow, to request a specific amount of bandwidth from the network. RSVP is also used by the routers to forward bandwidth reservation requests.

    IV.7. Which Layer 2 protocol encapsulation type supports synchronous and asynchronous circuis and has built-in security mechanisms?

    • HDLC
    • PPP*
    • X.25
    • Frame Relay
    Show (Hide) Explanation/Reference
    PPP supports both synchronous (like analog phone lines) and asynchronous circuits (such as ISDN or digital links). With synchronous circuits we need to use clock rate.

    Note: Serial links can be synchronous or asynchronous. Asynchronous connections used to be only available on low-speed (<2MB) serial interfaces, but now, there are the new HWICs (High-Speed WAN Interface Cards) which also support asynchronous mode. To learn more about them please visit http://www.cisco.com/en/US/prod/collateral/modules/ps5949/ps6182/prod_qas0900aecd80274424.html.

    IV.8. During which phase of PPPoE is PPP authentication performed?

    • the PPP Session phase*
    • Phase 2
    • the Active Discovery phase
    • the Authentication phase
    • Phase 1
    Show (Hide) Explanation/Reference
    PPPoE provides a standard method of employing the authentication methods of the Point-to-Point Protocol (PPP) over an Ethernet network. When used by ISPs, PPPoE allows authenticated assignment of IP addresses. In this type of implementation, the PPPoE client and server are interconnected by Layer 2 bridging protocols running over a DSL or other broadband connection.

    PPPoE is composed of two main phases:
    Active Discovery Phase: In this phase, the PPPoE client locates a PPPoE server, called an access concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established.
    PPP Session Phase: In this phase, PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.

    Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-pppoe.html

    IV.9. Which three circumstances can cause a GRE tunnel to be in an up/down state? (Choose three.)

    • The tunnel interface IP address is misconfigured.
    • The tunnel interface is down.*
    • A valid route to the destination address is missing from the routing table.*
    • The tunnel address is routed through the tunnel itself.*
    • The ISP is blocking the traffic.
    • An ACL is blocking the outbound traffic.

    IV.10. Which two statements about using leased lines for your WAN infrastructure are true? (Choose two.)

    • Leased lines provide inexpensive WAN access.
    • Leased lines with sufficient bandwidth can avoid latency between endpoints.*
    • Leased lines require little installation and maintenance expertise.*
    • Leased lines provide highly flexible bandwidth scaling.
    • Multiple leased lines can share a router interface.
    • Leased lines support up to T1 link speeds.
    Show (Hide) Explanation/Reference
    The advantages of leased lines include:

    + Simplicity: Point-to-point communication links require minimal expertise to install and maintain.

    + Quality: Point-to-point communication links usually offer high service quality, if they have adequate bandwidth. The dedicated capacity removes latency or jitter between the endpoints.

    + Availability: Constant availability is essential for some applications, such as e-commerce. Point-to-point communication links provide permanent, dedicated capacity, which is required for VoIP or Video over IP.

    The disadvantages of leased lines include:

    + Cost: Point-to-point links are generally the most expensive type of WAN access. The cost of leased line solutions can become significant when they are used to connect many sites over increasing distances. In addition, each endpoint requires an interface on the router, which increases equipment costs.

    + Limited flexibility: WAN traffic is often variable, and leased lines have a fixed capacity, so that the bandwidth of the line seldom matches the need exactly (therefore answer D is not correct). Any change to the leased line generally requires a site visit by ISP personnel to adjust capacity.

    (Reference: Connecting Networks Companion Guide Book published by Cisco Networking Academy – Page 54)

    IV.11. Which option describes a benefit of a point-to-point leased line ?

    • Low cost
    • Full-mesh capability
    • Flexibillity of design
    • Simply of configuration*
    Show (Hide) Explanation/Reference
    Point-to-point leased line is the most expensive interconnection between two ends as the line is dedicated to a single user, the user should still pay for all available bandwidth, including those unused. -> A is not correct.

    With the cost of point-to-point leased line, the full-mesh capability is only achieved when your company has very very strong budget to pay all the bills. To create a full-mesh topology for n sites, we need n*(n-1)/2 leased line connections. For example if we have 6 sites then we need 6*5/2 = 15 leased line connections -> It is nearly impossible for a normal company to achieve full-mesh topology -> B is not correct.

    Flexibility is not an advantage of leased line connection -> C is not correct.

    Point-to-point leased line simplifies the configuration as the circuit is available on a permanent basis and does not require a connection to be set up before traffic is passed. It does not require to define a permanent virtual circuit (PVC) in the configuration either -> D is correct.

    IV.12. What are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links?(Choose three.)

    • reduced cost.*
    • better throughput.
    • broadband incompatibility.
    • increased security.*
    • scalability.*
    • reduced latency.

    IV.13. Which command is used to enable CHAP authentication whit PAP as the fallback method on a serial
    interface?

    • (config-if)#authentication ppp chap fallback ppp
    • (config-if)#authentication ppp chap pap
    • (config-if)#ppp authentication chap pap*
    • (config-if)#ppp authentication chap fallback ppp
    Show (Hide) Explanation/Reference
    The command “ppp authentication chap pap” command indicates the CHAP authentication is used first. If it fails or is rejected by other side then uses PAP instead. If you want to use PAP first (then CHAP) you can use the “ppp authentication pap chap” command.

    IV.14. Which two authentication methods are compatible with MLPPP on a serial interface? (Choose two.)

    • LEAP
    • CHAP*
    • PAP*
    • PEAP
    • TACACS+
    Show (Hide) Explanation/Reference
    The Multilink PPP feature provides load balancing functionality over multiple WAN links while providing multivendor interoperability and support for packet fragmentation, proper sequencing, and load calculation on both inbound and outbound traffic.

    Multilink PPP combines multiple physical links into a logical bundle called a Multilink PPP bundle. A Multilink PPP bundle is a single, virtual interface that connects to the peer system. Having a single interface (Multilink PPP bundle interface) provides a single point to apply hierarchical queueing, shaping, and policing to traffic flows. Individual links in a bundle do not perform any hierarchical queueing. None of the links have any knowledge about the traffic on parallel links.

    Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/wan_mlp/configuration/xe-3s/wan-mlp-xe-3s-book/wan_cfg_mlppp_conn_xe.html

    MLPPP supports two authentication protocols: Password Authentication protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP)

    IV.15. Which WAN topology provides a direct connection from each site to all other sites on the network?

    • single-homed
    • full mesh*
    • point-to-point
    • hub-and-spoke
    Show (Hide) Explanation/Reference
    Full-mesh is a network topology in which there is a direct link between all pairs of nodes. Below is an example of full-mesh topology.

    IV.16. Two routers named Atlanta and Brevard are connected by their serial interfaces as illustrated, but there is no connectivity between them. The Atlanta router is known to have a correct configuration.
    Given the partial configurations, identify the problem on the Brevard router that is causing the lack of connectivity.

    • transmission unit size too large
    • no loopback set
    • an incorrect subnet mask
    • incompatible encapsulation at each end
    • an incorrect IP address*
    • incompatible bandwidth between routers

    IV.17. A network administrator needs to configure a serial link between the main office and a remote location. The router at the remote office is a non-Cisco router. How should the network administrator configure the serial interface of the main office router to make the connection?

    • Main(config)# interface serial 0/0
      Main(config-if)# ip address 172.16.1.1 255.255.255.252
      Main(config-if)# no shut
    • Main(config)# interface serial 0/0
      Main(config-if)# ip address 172.16.1.1 255.255.255.252
      Main(config-if)# encapsulation ppp
      Main(config-if)# no shut *
    • Main(config)# interface serial 0/0
      Main(config-if)# ip address 172.16.1.1 255.255.255.252
      Main(config-if)# encapsulation frame-relay
      Main(config-if)# authentication chap
      Main(config-if)# no shut
    • Main(config)# interface serial 0/0
      Main(config-if)#ip address 172.16.1.1 255.255.255.252
      Main(config-if)#encapsulation ietf
      Main(config-if)# no shut

    IV.18. Refer to the exhibit. The Bigtime router is unable to authenticate to the Littletime router. What is the cause of the problem?

    • The usernames are incorrectly configured on the two routers.
    • The passwords do not match on the two routers.*
    • CHAP authentication cannot be used on a serial interface.
    • The routers cannot be connected from interface S0/0 to interface S0/0.
    • With CHAP authentication, one router must authenticate to another router. The routers cannot be configured to authenticate to each other.
    Show (Hide) Explanation/Reference
    Both routers must use the same password for CHAP to authentication.

    IV.19. Which of the following describes the roles of devices in a WAN? (Choose three.)

    • A CSU/DSU terminates a digital local loop.*
    • A modem terminates a digital local loop.
    • A CSU/DSU terminates an analog local loop.
    • A modem terminates an analog local loop.*
    • A router is commonly considered a DTE device.*
    • A router is commonly considered a DCE device.
    Show (Hide) Explanation/Reference
    The idea behind a WAN is to be able to connect two DTE networks together through a DCE network. The network’s DCE device (includes CSU/DSU) provides clocking to the DTE-connected interface (the router’s serial interface).

    A modem modulates outgoing digital signals from a computer or other digital device to analog signals for a conventional copper twisted pair telephone line and demodulates the incoming analog signal and converts it to a digital signal for the digital device. A CSU/DSU is used between two digital lines -> A & D are correct but B & C are not correct.

    For more explanation of answer D, in telephony the local loop (also referred to as a subscriber line) is the physical link or circuit that connects from the demarcation point of the customer premises to the edge of the carrier or telecommunications service provider’s network. Therefore a modem terminates an analog local loop is correct.

    IV.20. Which part of the PPPoE server configuration contains the information used to assign an IP address to a PPPoE client?

    • virtual-template interface*
    • DHCP
    • dialer interface
    • AAA authentication
    Show (Hide) Explanation/Reference
    The picture below shows all configuration needed for PPPoE:

    There is no Dialer interface on the PPPoE Server so answer “Dialer interface” is not correct. The most suitable answer is “Virtual Template” interface as it contains the pool which is used to assign IP address to the PPPoE Client. But this question is weird because according to the CCNAv3 syllabus, candidates only need to grasp the PPPoE on client-side, not sure why this question asked about PPPoE on Server side. For more information about PPPoE, please read our PPPoE tutorial.

    IV.21. Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)

    • CHAP uses a two-way handshake.
    • CHAP uses a three-way handshake.*
    • CHAP authentication periodically occurs after link establishment.*
    • CHAP authentication passwords are sent in plaintext.
    • CHAP authentication is performed only upon link establishment.
    • CHAP has no protection from playback attacks.

    IV.22. Which technology you will choose to connect multiple sites with secure connections?

    • Point-to-point
    • DMVPN*
    • MPLS
    • Remote access

    IV.23. Which two statements about MPLS are true? (Choose two)

    • It provides automatic authentication
    • It can carry multiple protocols, including IPv4 and IPv6*
    • It encapsulates all traffic in an IPv4 header
    • It uses labels to separate and foward customer traffic*
    • It tags customer traffic using 802.1q
    Show (Hide) Explanation/Reference
    MPLS supports IPv4, IPv6, IPX, AppleTalk at the network layer. MPLS supports Ethernet, Token Ring, FDDI, ATM, FR, PPP at the link layer.

    MPLS uses label switching to forward packets over Ethernet. Labels are assigned to packets based on groupings or forwarding equivalence classes (FECs). The label is added between the Layer 2 and the Layer 3 header.

    IV.24. Which function does traffic shaping perform?

    • It buffers and queues excess packets*
    • It buffers traffic without queuing it
    • It queues traffic without buffering it
    • It drops packets to control the output rate
    Show (Hide) Explanation/Reference
    The following diagram illustrates the key difference between traffic policing and traffic shaping. Traffic policing propagates bursts. When the traffic rate reaches the configured maximum rate (or committed information rate), excess traffic is dropped (or remarked). The result is an output rate that appears as a saw-tooth with crests and troughs. In contrast to policing, traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time. The result of traffic shaping is a smoothed packet output rate.

    IV.25. When you deploy multilink PPP on your network, where must you configure the group IP Address on each device?

    • In the global config
    • Under serial interface
    • Under the routing protocol
    • Under the multilink interface*
    Show (Hide) Explanation/Reference
    Suppose R1 has two Serial interfaces which are directly connected to R2. This is how to configure multilink on R1:

    R1(config-if)# interface Serial 0/0 
    R1(config-if)# encapsulation ppp 
    R1(config-if)# ppp multilink 
    R1(config-if)# ppp multilink group 1 
    R1(config-if)# no shutdown
    
    R1(config-if)# interface Serial 0/1 
    R1(config-if)# encapsulation ppp 
    R1(config-if)# ppp multilink 
    R1(config-if)# ppp multilink group 1 
    R1(config-if)# no shutdown
    
    R1(config)# interface multilink 1 
    R1(config-if)# ip address 192.168.42.1 255.255.255.252 
    R1(config-if)# ppp multilink 
    R1(config-if)# ppp multilink group 1

    Therefore we must configure IP address under multilink interface, not physical member interfaces.

    IV.26. Refer to the exhibit.Assuming that the entire network topology is shown, what is the operational status of the interfaces of R2 as indicated by the command output shown?

    • One interface has a problem.
    • Two interfaces have problems.
    • The interfaces are functioning correctly.*
    • The operational status of the interfaces cannot be determined from the output shown.

    IV.27. Which option describes the purpose of traffic policing?

    • It prioritizes routing protocol traffic.
    • It remarks traffic that is below the CIR
    • It drops traffic that exceeds the CIR.*
    • It queues and then transmits traffic that exceeds the CIR.
    Show (Hide) Explanation/Reference
    The following diagram illustrates the key difference between traffic policing and traffic shaping. Traffic policing propagates bursts. When the traffic rate reaches the configured maximum rate (or committed information rate), excess traffic is dropped (or remarked). The result is an output rate that appears as a saw-tooth with crests and troughs. In contrast to policing, traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time. The result of traffic shaping is a smoothed packet output rate.

    Note: Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the routing device.

    IV.28. Which PPP subprotocol negotiates authentication options?

    • NCP
    • LCP*
    • ISDN
    • DLCI
    • SLIP

    IV.29. Refer to the topology below and answer the following question.

    Why is the Branch2 network 10.1 0.20.0/24 unable to communicate with the Server farm1 network 10.10.10.0/24 over the GRE tunnel?

    • The GRE tunnel destination is not configured on the R2 router
    • The GRE tunnel destination is not configured on the Branch2 router
    • The static route points to the tunnel0 interface that is misconfigured on the Branch2 router*
    • The static route points to the tunnel0 interface that is misconfigured on the R2 router.
    Show (Hide) Explanation/Reference

    The Branch2 network is communicating to the Server farm, which is connected to R2, via GRE Tunnel so we should check the GRE tunnel first to see if it is in “up/up” state with the “show ip interface brief” command on the two routers.

    On Branch2:

    We see interfaces Tunnel0 at two ends are “up/up” which are good so we should check for the routing part on two routers with the “show running-config” command and pay attention to the static routing of each router. On Branch2 we see:

    The destination IP address for this static route is not correct. It should be 192.168.24.1 (Tunnel0’s IP address of R2), not 192.168.24.10 -> Answer C is correct.
    Note: You can use the “show ip route” command to check the routing configuration on each router but if the destination is not reachable (for example: we configure “ip route 10.10.10.0 255.255.255.0 192.168.24.10” on Branch2, but if 192.168.24.10 is unknown then Branch2 router will not display this routing entry in its routing table.
    Note: The IP address or configuration may be different in the exam.

    IV.30. Refer to the topology below and answer the following question.

    Why has the Branch3 router lost connectivity with R1? Use only show commands to troubleshoot because usage of the debug command is restricted on the Branch3 and R1 routers?

    • A PPP chap hostname mismatch is noticed between Branch3 and R1*
    • A PPP chap password mismatch is noticed between Branch3 and R1
    • PPP encapsulation is not configured on Branch3
    • The PPP chap hostname and PPP chap password commands are missing on the Branch3 router
    Show (Hide) Explanation/Reference

    First we should check Branch3 (and R1) with the “show ip interface brief” command to find any Layer1/Layer2 issue.

    We see interfaces connecting between them are in “up/down” states which indicates a Layer 2 issue so we should check the configuration of these interfaces carefully witch the “show running-config” command and pay attention to these interfaces.

    and on Branch3:

    We learn from above config is R1 is using CHAP to authenticate Branch3 router (via the “ppp authentication chap” command on R1). Branch3 router is sending CHAP hostname “Branch_3” and CHAP password “Branch3_Secret!” to R1 to be authenticated. Therefore, we should check if R1 has already been configured with such username and password or not with the “show running-config” command on R1:

    On R1 we see the configured username is “Branch3”, not “Branch_3” so the usernames here are mismatchedand this is the problem -> Answer A is correct.

    IV.31. Which statement about the router configurations is correct?

    • The PPP PAP is authentication configured between Branch2 and R1
    • Tunnel keepalives are not configured for the tunnel0 interface on Branch2 and R2
    • The Branch 2 LAN network 192.168.11 0/24 is not advertised into the EIGRP network
    • The Branch3 LAN network 192.168.11 0/24 is not advertised into the EIGRP network*
    • PPP CHAP authentication is configured between Branch1 and R1
    Show (Hide) Explanation/Reference

    In this question we have to check each option to see if it is correct. When we check Branch3 router we notice that “network 192.168.10.0” command is missing under “router eigrp 100” – > Answer D is correct.

    IV.32. Refer to the topology below and answer the following question.

    Why did Branch1 router lose WAN connectivity with R1 router?

    • A. The IP address is misconfigured on PPP multilink interface on the Branch1 router*
    • B. The PPP multilink group is misconfigured on the Branch1 serial interfaces
    • C. The PPP multilink group is misconfigured on the R1 serial interfaces
    • D. The Branch1 serial interfaces are placed in a shutdown condition
    Show (Hide) Explanation/Reference

    This question clearly stated there is a WAN connectivity issue between R1 and Branch1 so we should check both of them with the “show ip interface brief” command. On R1:On Branch1:

    We can see that although the Multilink1 interfaces are in “up/up” state but they are not in the same subnet. According to the IP address scheme shown on the topology we can deduce the Multilink interface on Branch1 has been misconfigured, it should be 192.168.14.2 instead.

    IV.33. DRAG DROP. Drag and drop the QoS features from the left onto the correct descriptions on the right.Select and Place:
    Correct Answer:

    IV.34. While troubleshooting a GRE tunnel interface issue, show interface command output displays tunnel status up, but line protocol is down. Which reason for this problem is the most likely?

    • The next hop server is misconfigured.
    • The route to the tunnel destination address is through the tunnel itself.*
    • The tunnel was just reset.
    • The interface has been administratively shut down.

    IV.35. Which command can you enter to determine whether serial interface 0/2/0 has been configured using HDLC encapsulation?

    • router#show platform
    • router#show interfaces Serial 0/2/0*
    • router#show ip interface s0/2/0
    • router#show ip interface brief
    Show (Hide) Explanation/Reference
    Output from real deviceRouter2901#sh int g0/0
    GigabitEthernet0/0 is up, line protocol is up Hardware is CN Gigabit Ethernet, address is c471.fe99.9999 (bia c471.fe99.9999)
    Description: Lan
    Internet address is 10.1.1.1/25
    MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full Duplex, 1Gbps, media type is RJ45
    output flow-control is unsupported, input flow-control is unsupported
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of “show interface” counters never
    Input queue: 0/75/61/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 39000 bits/sec, 30 packets/sec
    5 minute output rate 73000 bits/sec, 37 packets/sec
    41068530 packets input, 3905407112 bytes, 0 no buffer
    Received 8678853 broadcasts (0 IP multicasts)
    0 runts, 0 giants, 45 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog, 79853 multicast, 0 pause input
    39267208 packets output, 2262399504 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    79926 unknown protocol drops
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier, 0 pause output
    0 output buffer failures, 0 output buffers swapped out
    Router2901#
    Router2901 ip int g0/0
    GigabitEthernet0/0 is up, line protocol is up
    Internet address is 10.1.1.1/25
    Broadcast address is 255.255.255.255
    Address determined by non-volatile memory
    MTU is 1500 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Secondary address 192.168.1.7/24
    Multicast reserved groups joined: 224.0.0.10
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Local Proxy ARP is disabled
    Security level is default
    Split horizon is enabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is disabled
    IP Flow switching is disabled
    IP CEF switching is enabled
    IP CEF switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast, CEF
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Policy routing is disabled
    Network address translation is enabled, interface in domain inside
    BGP Policy Mapping is disabled
    Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, CAR, MCI Check
    Output features: NAT Inside, Common Flow Table, Stateful Inspection, NAT ALG proxy, CAR
    Post encapsulation features: CAR
    IPv4 WCCP Redirect outbound is disabled
    IPv4 WCCP Redirect inbound is disabled
    IPv4 WCCP Redirect exclude is disabled
    Router2901#

    IV.36. Refer to the exhibit. In the Frame Relay network, which IP addresses would be assigned to the interfaces with point-to- point PVCs?

    Correct Answer: C

    Show (Hide) Explanation/Reference

    With point to point PVC, each connection needs to be in a separate subnet. The R2-R1 connection (DLCI 16to 99) would have each router within the same subnet. Similarly, the R3-R1 connection would also be in the same subnet, but it must be in a different one than the R2-R1 connection.

    IV.37. Refer to the exhibit. What is the reason that the interface status is “administratively down, line protocol down”?

    • A. There is no encapsulation type configured.
    • B. There is a mismatch in encapsulation types.
    • C. The interface is not receiving any keepalives.
    • D. The interface has been configured with the shutdown command.*
    • E. The interface needs to be configured as a DTE device.
    • F. The wrong type of cable is connected to the interface.
    Show (Hide) Explanation/Reference
    Interface can be enabled or disabled with shutdown/no shutdown command. If you interface is down, it will display administratively down status. You can bring up an interface having administratively down interface using no shutdown command.

    IV.38. The output of the show frame-relay pvc command shows “PVC STATUS = INACTIVE”. What does this mean?

    • The PVC is configured correctly and is operating normally, but no data packets have been detected for more than five minutes.
    • The PVC is configured correctly, is operating normally, and is no longer actively seeking the address of the remote router.
    • The PVC is configured correctly, is operating normally, and is waiting for interesting traffic to trigger a call to the remote router.
    • The PVC is configured correctly on the local switch, but there is a problem on the remote end of the PVC.*
    • The PVC is not configured on the local switch.
    Show (Hide) Explanation/Reference
    The PVC STATUS displays the status of the PVC. The DCE device creates and sends the report to the DTE devices. There are 4 statuses:
    + ACTIVE: the PVC is operational and can transmit data + INACTIVE: the connection from the local router to the switch is working, but the connection to the remote router is not available + DELETED: the PVC is not present and no LMI information is being received from the Frame Relay switch
    + STATIC: the Local Management Interface (LMI) mechanism on the interface is disabled (by using the “no keepalive” command). This status is rarely seen so it is ignored in some books.

    IV.39. Which command is used to enable CHAP authentication, with PAP as the fallback method, on a serial interface?

    • Router(config-if)# ppp authentication chap fallback ppp
    • Router(config-if)# ppp authentication chap pap*
    • Router(config-if)# authentication ppp chap fallback ppp
    • Router(config-if)# authentication ppp chap pap
    Show (Hide) Explanation/Reference
    This command tells the router to first use CHAP and then go to PAP if CHAP isn’t available.

    IV.40. Which protocol is an open standard protocol framework that is commonly used in VPNs, to provide secure end-to-end communications?

    • RSA
    • L2TP
    • IPsec*
    • PPTP
    Show (Hide) Explanation/Reference
    IPSec is a framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers at the IP layer. IPSec can be used to protect one or more data flows between IPSec peers.

    IV.41. The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command?

    • This command should be executed from the global configuration mode.
    • The IP address 10.121.16.8 is the local router port used to forward data.
    • 102 is the remote DLCI that will receive the information.
    • This command is required for all Frame Relay configurations.
    • The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC.*
    Show (Hide) Explanation/Reference
    Broadcast is added to the configurations of the frame relay, so the PVC supports broadcast, allowing therouting protocol updates that use the broadcast update mechanism to be forwarded across itself.

    IV.42. Which two options are valid WAN connectivity methods? (Choose two.)

    • PPP*
    • WAP
    • DSL*
    • L2TPv3
    • Ethernet
    Show (Hide) Explanation/Reference
    The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP was originally emerged as an encapsulation protocol for transporting IP traffic between two peers. It is a data link layer protocol used for WAN connections. DSL is also considered a WAN connection, as it can be used to connect networks, typically when used with VPN technology

    IV.43. Which encapsulation type is a Frame Relay encapsulation type that is supported by Cisco routers?

    • IETF*
    • ANSI Annex D
    • Q9333-A Annex A
    • HDLC
    Show (Hide) Explanation/Reference
    Cisco supports two Frame Relay encapsulation types: the Cisco encapsulation and the IETF Frame Relay encapsulation, which is in conformance with RFC 1490 and RFC 2427. The former is often used to connect two Cisco routers while the latter is used to connect a Cisco router to a non-Cisco router. You can test with your Cisco router when typing the command Router(config- if)# encapsulation frame-relay ? on a WAN link. Below is the output of this command (notice Cisco is the default encapsulation so it is not listed here, just press Enter to use it).

    Note: Three LMI options are supported by Cisco routers are ansi, Cisco, and Q933a. They represent the ANSI Annex D, Cisco, and ITU Q933-A (Annex A) LMI types, respectively. HDLC is a WAN protocol same as Frame-Relay and PPP so it is not a Frame Relay encapsulation type.

    IV.44. RouterA is unable to reach RouterB. Both routers are running IOS version 12.0. After reviewing the command output and graphic, what is the most likely cause of the problem?

    • incorrect bandwidth configuration
    • incorrect LMI configuration
    • incorrect map statement*
    • incorrect IP address
    Show (Hide) Explanation/Reference
    First we have to say this is an unclear question and it is wrong. The “frame-relay map ip” statement is correct thus none of the four answers above is correct. But we guess there is a typo in the output. Maybe the “ip address 172.16.100.2 255.255.0.0 command should be “ip address 172.16.100.1 255.255.0.0.

    IV.45. Refer to the exhibit. What is the meaning of the term dynamic as displayed in the output of the show framerelay map command shown?

    • The Serial0/0 interface is passing traffic.
    • The DLCI 100 was dynamically allocated by the router.
    • The Serial0/0 interface acquired the IP address of 172.16.3.1 from a DHCP server.
    • The DLCI 100 will be dynamically changed as required to adapt to changes in the Frame Relay cloud.
    • The mapping between DLCI 100 and the end station IP address 172.16.3.1 was learned through Inverse.*
    Show (Hide) Explanation/Reference
    Inverse Address Resolution Protocol (Inverse ARP) was developed to provide a mechanism for dynamic DLCI to Layer 3 address maps. Inverse ARP works much the same way Address Resolution Protocol (ARP) works on a LAN. However, with ARP, the device knows the Layer 3 IP address and needs to know the remote data link MAC address. With Inverse ARP, the router knows the Layer 2 address which is the DLCI, but needs to know the remote Layer 3 IP address. When using dynamic address mapping, Inverse ARP requests a nexthop protocol address for each active PVC. Once the requesting router receives an Inverse ARP response, itupdates its DLCI-to-Layer 3 address mapping table. Dynamic address mapping is enabled by default for all protocols enabled on a physical interface. If the Frame Relay environment supports LMI autosensing and Inverse ARP, dynamic address mapping takes place automatically. Therefore, no static address mapping is required.

    IV.46. Which two statistics appear in show frame-relay map output? (Choose two.)

    • the number of BECN packets that are received by the router
    • the value of the local DLCI*
    • the number of FECN packets that are received by the router
    • the status of the PVC that is configured on the router*
    • the IP address of the local router
    Show (Hide) Explanation/Reference
    Sample “show frame-relay map” output: R1#sh frame mapSerial0/0 (up): ip 10.4.4.1 dlci 401(0x191,0x6410), dynamic,broadcast, status defined, activeSerial0/0 (up): ip 10.4.4.3 dlci 403(0x193,0x6430), dynamic,broadcast,, status defined, activeSerial0/0 (up): ip 10.4.4.4 dlci 401(0x191,0x6410), static,CISCO, status defined, active

    IV.47. Users have been complaining that their Frame Relay connection to the corporate site is very slow. The network administrator suspects that the link is overloaded. Based on the partial output of the Router# show frame relay pvc command shown in the graphic, which output value indicates to the local router that traffic sent to the corporate site is experiencing congestion?

    • DLCI = 100
    • last time PVC status changed 00:25:40
    • in BECN packets 192*
    • in FECN packets 147
    • in DE packets 0
    Show (Hide) Explanation/Reference
    If device A is sending data to device B across a Frame Relay infrastructure and one of the intermediate Frame Relay switches encounters congestion, congestion being full buffers, over- subscribed port, overloaded resources, etc, it will set the BECN bit on packets being returned to the sending device and the FECN bit on the packets being sent to the receiving device.

    IV.48. Which command allows you to verify the encapsulation type (CISCO or IETF) for a Frame Relay link?

    • show frame-relay lmi
    • show frame-relay map*
    • show frame-relay pvc
    • show interfaces serial
    Show (Hide) Explanation/Reference
    When connecting Cisco devices with non-Cisco devices, you must use IETF4 encapsulation on both devices.
    Check the encapsulation type on the Cisco device with the show frame-relay map exec command.

    IV.49. It has become necessary to configure an existing serial interface to accept a second Frame Relay virtual circuit. Which of the following procedures are required to accomplish this task? (Choose three.)

    • Remove the IP address from the physical interface.*
    • Encapsulate the physical interface with multipoint PPP.
    • Create the virtual interfaces with the interface command.*
    • Configure each subinterface with its own IP address.*
    • Disable split horizon to prevent routing loops between the subinterface networks.
    • Configure static Frame Relay map entries for each subinterface network.
    Show (Hide) Explanation/Reference
    For multiple PVC’s on a single interface, you must use subinterfaces, with each subinterface configured for each PVC. Each subinterface will then have its own IP address, and no IP address will be assigned to the main interface.

    IV.50. What occurs on a Frame Relay network when the CIR is exceeded?

    • All TCP traffic is marked discard eligible.
    • All UDP traffic is marked discard eligible and a BECN is sent.
    • All TCP traffic is marked discard eligible and a BECN is sent.
    • All traffic exceeding the CIR is marked discard eligible.*
    Show (Hide) Explanation/Reference
    Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the Frame Relay switch. Frames that are sent in excess of the CIR are marked as discard eligible (DE) which means they can be dropped if the congestion occurs within the Frame Relay network. Note: In the Frame Relay frame format, there is a bit called Discard eligible (DE) bit that is used to identify frames that are first to be dropped when the CIR is exceeded.

    IV.51. Refer to the exhibit. Which statement describes DLCI 17?

    • DLCI 17 describes the ISDN circuit between R2 and R3.
    • DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1.
    • DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3.*
    • DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider.
    Show (Hide) Explanation/Reference
    DLCI-Data Link Connection Identifier Bits: The DLCI serves to identify the virtual connection so that the receiving end knows which information connection a frame belongs to. Note that this DLCI has only local significance. Frame Relay is strictly a Layer 2 protocol suite.

    IV.52. What is the result of issuing the frame-relay map ip 192.168.1.2 202 broadcast command?

    • defines the destination IP address that is used in all broadcast packets on DCLI 202
    • defines the source IP address that is used in all broadcast packets on DCLI 202
    • defines the DLCI on which packets from the 192.168.1.2 IP address are received
    • defines the DLCI that is used for all packets that are sent to the 192.168.1.2 IP address*
    Show (Hide) Explanation/Reference
    This command identifies the DLCI that should be used for all packets destined to the 192.168.1.2 address. In this case, DLCI 202 should be used.

    IV.53. What are two characteristics of Frame Relay point-to-point subinterfaces? (Choose two.)

    • They create split-horizon issues.
    • They require a unique subnet within a routing domain.*
    • They emulate leased lines.*
    • They are ideal for full-mesh topologies.
    • They require the use of NBMA options when using OSPF.
    Show (Hide) Explanation/Reference
    Subinterfaces are used for point to point frame relay connections, emulating virtual point to point leased lines. Each subinterface requires a unique IP address/subnet. Remember, you can not assign multiple interfaces in a router that belong to the same IP subnet.

    IV.54. What command is used to verify the DLCI destination address in a Frame Relay static configuration?

    • show frame-relay pvc
    • show frame-relay lmi
    • show frame-relay map*
    • show frame relay end-to-end
    Show (Hide) Explanation/Reference
    Sample “show frame-relay map” output: R1#sh frame mapSerial0/0 (up): ip 10.4.4.1 dlci 401(0x191,0x6410), dynamic,broadcast,, status defined, activeSerial0/0 (up): ip 10.4.4.3 dlci 403(0x193,0x6430), dynamic,broadcast,, status defined, activeSerial0/0 (up): ip 10.4.4.4 dlci 401(0x191,0x6410), static,CISCO, status defined,

    IV.55. What is the purpose of Inverse ARP?

    • to map a known IP address to a MAC address
    • to map a known DLCI to a MAC address
    • to map a known MAC address to an IP address
    • to map a known DLCI to an IP address*
    • to map a known IP address to a SPID
    • to map a known SPID to a MAC address
    Show (Hide) Explanation/Reference
    Dynamic address mapping relies on the Frame Relay Inverse Address Resolution Protocol (Inverse ARP), defined by RFC 1293, to resolve a next hop network protocol (IP) address to a local DLCI value. The Frame Relay router sends out Inverse ARP requests on its Frame Relay PVC to discover the protocol address of the remote device connected to the Frame Relay network. The responses to the Inverse ARP requests are used to populate an address-to-DLCI mapping table on the Frame Relay router or access server. The router builds and maintains this address-to- DLCI mapping table, which contains all resolved Inverse ARP requests, including both dynamic and static mapping entries.

    IV.56. All WAN links inside the ABC University network use PPP with CHAP for authentication security. Which command will display the CHAP authentication process as it occur between two routers in the network?

    • show chap authentication
    • show interface serial0
    • debug ppp authentication*
    • debug chap authentication
    • show ppp authentication chap

    IV.57. A default Frame Relay WAN is classified as what type of physical network?

    • point-to-point
    • broadcast multi-access
    • nonbroadcast multi-access*
    • nonbroadcast multipoint
    • broadcast point-to-multipoint

    IV.58. Which of the following are key characteristics of PPP? (Choose three.)

    • can be used over analog circuits*
    • maps Layer 2 to Layer 3 address
    • encapsulates several routed protocols*
    • supports IP only
    • provides error correction*

    IV.59. How should a router that is being used in a Frame Relay network be configured to avoid split horizon issues from preventing routing updates?

    • Configure a separate sub-interface for each PVC with a unique DLCI and subnet assigned to the subinterface*
    • Configure each Frame Relay circuit as a point-to-point line to support multicast and broadcast traffic
    • Configure many sub-interfaces on the same subnet
    • Configure a single sub-interface to establish multiple PVC connections to multiple remote router interfaces

    IV.60. The Frame Relay network in the diagram is not functioning properly. What is the cause of the problem?

    • The Gallant router has the wrong LMI type configured
    • Inverse ARP is providing the wrong PVC information to the Gallant router
    • The S3 interface of the Steele router has been configured with the frame-relay encapsulation ietf command
    • The frame-relay map statement in the Attalla router for the PVC to Steele is not correct*
    • The IP address on the serial interface of the Attalla router is configured incorrectly

    IV.61. Refer to the exhibit. The network administrator is in a campus building distant from Building B. WANRouter is hosting a newly installed WAN link on interface S0/0. The new link is not functioning and the administrator needs to determine if the correct cable has been attached to the S0/0 interface. How can the administrator accurately verify the correct cable type on S0/0 in the most efficient manner?

    • Telnet to WANRouter and execute the command show interfaces S0/0
    • Telnet to WANRouter and execute the command show processes S0/0
    • Telnet to WANRouter and execute the command show running-configuration
    • Telnet to WANRouter and execute the command show controller S0/0*
    • Physically examine the cable between WANRouter S0/0 and the DCE.
    • Establish a console session on WANRouter and execute the command show interfaces S0/0

    IV.62. Refer to the exhibit. A network technician is unable to ping from R1 to R2. What will help correct the problem?

    • Ensure that the serial cable is correctly plugged in to the interfaces.*
    • Apply the clock rate 56000 configuration command to the serial0/1 interface of R1.
    • Configure the serial0/1 interfaces on R1 and R2 with the no shutdown command.
    • Change the address of the serial0/1 interface of R1 to 192.1.1.4.
    • Change the subnet masks of both interfaces to 255.255.255.240.

    IV.63. Refer to the exhibit. Which two statements are true of the interface configuration? (Choose two.)

    • The encapsulation in use on this interface is PPP.*
    • The default serial line encapsulation is in use on this interface.
    • The address mask of this interface is 255.255.255.0.*
    • This interface is connected to a LAN.
    • The interface is not ready to forward packets.

    IV.64. An administrator issues the show ip interface s0/0 command and the output displays that interface Serial0/0 is up, line protocol is up. What does “line protocol is up” specifically indicate about the interface?

    • The cable is attached properly.
    • CDP has discovered the connected device.
    • Keepalives are being received on the interface.*
    • A carrier detect signal has been received from the connected device.
    • IP is correctly configured on the interface.

    IV.65. Refer to the exhibit. Which two statements are true based the output of the show frame-relay lmi command issued on the Branch router? (Choose two.)

    • LMI messages are being sent on DLCI 1023.
    • The LMI exchange between the router and Frame Relay switch is functioning properly.
    • LMI messages are being sent on DLCI 0.*
    • The Frame Relay switch is not responding to LMI requests from the router.*
    • The router is providing a clock signal on Serial0/0 on the circuit to the Frame Relay switch.
    • Interface Serial0/0 is not configured to encapsulate Frame Relay.

    IV.66. What are three characteristics of satellite Internet connections? (Choose three)

    • A. Their upload speed is about 10 percent of their download speed.*
    • B. They are frequently used by rural users without access to other high-speed connections.*
    • C. They are usually at least 10 times faster than analog modem connections.*
    • D. They are usually faster than cable and DSL connections.
    • E. They require a WiMax tower within 30 miles of the user location.
    • F. They use radio waves to communicate with cellular phone towers.
    Show (Hide) Explanation/Reference
    Many rural areas do not have cable Internet access and their only choice to connect to the Internet is via satellite. Satellite internet leverages the hundreds of satellites in orbit around the Earth to send and receive data over the Internet. Of course the speed of this type of connection is much slower than DSL and cable connections. But with new technologies, satellite connections may achieve data speed up to 50 Mbps -> B is correct, D is not correct.In general, the speeds of popular types of Internet connections are like this: DSL/cable > satellite Internet > dial-up (analog modem).Satellite Internet uses satellite for Internet connection -> E is not correct

    Satellites use radio waves to communicate with the customer’s gateway, also known as a ground station (like a customer’s satellite dish), but not with cellular phone towers -> F is not correct.

    For your information, satellite Internet uses high frequency signals, which range from 18.3 gigahertz to 31 gigahertz (Ka band).

    Answer A C are two options left and they are acceptable answers. Although in practical they may vary a lot.

    IV.67. Which two pieces of information are provided by the show controllers serial 0 command? (Choose two.)

    • the type of cable that is connected to the interface.*
    • The uptime of the interface
    • the status of the physical layer of the interface*
    • the full configuration of the interface
    • the interface‟s duplex settings
    Show (Hide) Explanation/Reference
    Below is an example of the output of this command:The “show controllers serial …” command tells us about the type of the cable (in the case V.35 DTE cable) and the status of the physical layer of the interface. In above output we learn that there is an cable attached on S0/0 interface. If no cable is found we will see the line “No DTE cable” instead.

    IV.68. Which type of topology is required by DMVPN?

    • ring
    • full mesh
    • hub-and-spoke*
    • partial mesh
    Show (Hide) Explanation/Reference
    The topology of DMVPN is always hub-and-spoke as all Spokes are required to connect to the Hub router directly.

    IV.69. Which statement about MPLS is true?

    • It operates in Layer 1.
    • It operates between Layer 2 and Layer 3.*
    • It operates in Layer 3.
    • It operates in Layer 2.
    Show (Hide) Explanation/Reference
    MPLS belongs to the family of packet-switched networks. MPLS operates at a layer that is generally considered to lie between traditional definitions of OSI Layer 2 (data link layer) and Layer 3 (network layer), and thus is often referred to as a layer 2.5 protocol.

    IV.70. What destination Layer 2 address will be used in the frame header containing a packet for host 172.30.4.4?

    • 704
    • 196
    • 702*
    • 344
    Show (Hide) Explanation/Reference
    The output of the above show command displays that the local DLCI number corresponding to the subinterface of s1/0 whose IP address is 172.30.0.4 is 702.

    IV.71. A static map to the S-AMER location is required. Which command should be used to create this map?

    • frame-relay map ip 172.30.0.3 704 broadcast
    • frame-relay map ip 172.30.0.3 196 broadcast*
    • frame-relay map ip 172.30.0.3 702 broadcast
    • frame-relay map ip 172.30.0.3 344 broadcast
    Show (Hide) Explanation/Reference
    Based on the output of the command “show frame-relay map”, we know that DLCI mapped to the router SAMER is 196. (.3 In the above network topology, the complete Layer 3 IP address is 172.30.0.3)

    IV.72. Which connection uses the default encapsulation for serial interfaces on Cisco routers?

    • The serial connection to the MidEast branch office.*
    • The serial connection to the DeepSouth branch office.
    • The serial connection to the NorthCentral branch office.
    • The serial connection to the Multinational Core.
    Show (Hide) Explanation/Reference
    On the basis of the configuration on Dubai provided in the exhibit, we know that the encapsulation types of different interfaces are as follows:
    Serial 1/0 : encapsulation frame-relay
    Serial 1/2 and Serial 1/3 : both interfaces are encapsulated PPP
    Serial 1/1: There is no related encapsulation information displayed, so its default encapsulation type is HDLC .
    Based on the network topology provided in the exhibit, the interface Serial 1/1 is connected to the router
    MidEast of the branch office, so the encapsulation type of the router MidEast is by default.
    The default encapsulation on a serial interface is HDLC. The original HDLC encapsulation was defined by the International Organization for Standards (ISO), those same folks who developed the OSI model. The ISO version of HDLC had one shortcoming, however; it had no options to support multiple
    Layer 3 routed protocols. As a result, most vendors have created their own form of HDLC. Cisco is no exception because it has its own proprietary form of HDLC to support various Layer 3 protocols such as IPX, IP, and AppleTalk.
    The Serial connection to the Dub branch office using the default encapsulation type. You can change using:
    * encapsulation command on interface

    IV.73. If required, what password should be on the router in the MidEast branch office to allow a connection to be established with the Dubai router?

    • No password is required*
    • En8ble
    • SCr8
    • T1net
    • C0nsole
    Show (Hide) Explanation/Reference
    In the diagram, DeepSouth is connected to Dubai’s S1/2 interface and is configured as follows:
    Interface Serial1/2
    IP address 192.168.0.5 255.255.255.252
    Encapsulalation PPP ; Encapsulation for this interface is PPP
    Check out the following Cisco Link:
    http://www.cisco.com/en/US/tech/tk713/tk507/
    technologies_configuration_example09186a0080094333.shtml#configuringausernamedifferentfromtherouters name
    Here is a snipit of an example:
    If Router 1 initiates a call to Router 2, Router 2 would challenge Router 1, but Router 1 would not challenge Router 2. This occurs because the ppp authentication chap callin command is configured on Router 1. This is an example of a unidirectional authentication. In this setup, the ppp chap hostname alias-r1 command is configured on Router 1. Router 1 uses “alias-r1” as its hostname for CHAP authentication instead of “r1.” The Router 2 dialer map name should match Router 1’s ppp chap hostname; otherwise, two B channels are established, one for each direction.

    IV.74. Which two authentic methods are compatible with MLPPP on a serial Interface? (Choose two.)

    • PEAP
    • CHAP*
    • TACACS+
    • PAP*
    • LEAP

    IV.75. Which value must the device send as its username when using CHAP to authenticate with the remote peer site id:17604704 over a PPP link?

    • The automatically generated user name
    • The local host name*
    • The user name defined by the administrator
    • The host name of the remote device.
    Show (Hide) Explanation/Reference
    http://www.cisco.com/c/en/us/support/docs/wan point-to-point-protocol-ppp/10241-ppp-callin-hostname.html

    IV.76. Which two benefits of implementing a full-mesh WAN topology are true?(Choose two)

    • increased latency
    • redundancy*
    • improved scalability
    • reliability*
    • reduced itter

    IV.77. DRAG DROP. Drag and drop the PPPoE message types from the left into the sequence in which PPPoE messages are sent on the right.Select and Place:
    Correct Answer:

    IV.78. Which type of interface can negotiate an IP address for a PPPoE client?

    • Ethernet
    • dialer*
    • serial
    • Frame Relay
    Show (Hide) Explanation/Reference
    In the Dialer interface, we can use the “ip address negotiated” command to ask for an IP address from the PPPoE Server.

    IV.79. What does traffic shaping do to reduce congestion in a network?

    • buffers and queues packets.*
    • buffers without queuing packets.
    • queqes without buffering packets.
    • drops packets.
    Show (Hide) Explanation/Reference
    The following diagram illustrates the key difference between traffic policing and traffic shaping. Traffic policing propagates bursts. When the traffic rate reaches the configured maximum rate (or committed information rate), excess traffic is dropped (or remarked). The result is an output rate that appears as a saw-tooth with crests and troughs. In contrast to policing, traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time. The result of traffic shaping is a smoothed packet output rate.Note: Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the routing device.

    IV.80. Refer to the exhibit. Which WAN protocol is being used?

    • ATM
    • HDLC
    • Frame Relay*
    • PPP
    Show (Hide) Explanation/Reference

    This question is to examine the show int command.
    According to the information provided in the exhibit, we can know that the data link protocol used in this network is the Frame Relay protocol.
    “LMI enq sent…”

    IV.81. Which option is the primary purpose of traffic shaping?

    • providing best-effort service
    • enabling policy-based routing
    • enabling dynamic flow identification
    • limiting bandwidth usage*

    Section V: Infrastructure Services

    V.1. Which command can you enter to display duplicate IP addresses that the DHCP server assigns?

    • show ip dhcp conflict 10.0.2.12*
    • show ip dhcp database 10.0.2.12
    • show ip dhcp server statistics
    • show ip dhcp binding 10.0.2.12
    Show (Hide) Explanation/Reference
    The command “show ip dhcp conflict” is used to display address conflicts found by a Cisco IOS DHCP Server when addresses are offered to the client. An example of the output of this command is shown below:

    V.2. Which cloud service is typically used to provide DNS and DHCP services to an enterprise?

    • IaaS
    • DaaS
    • SaaS*
    • PaaS

    V.3. Which command can you enter in global configuration mode to create a DHCP address pool?

    • ip dhcp pool DHCP_pool*
    • ip dhcp conflict logging
    • service dhcp
    • ip dhcp excluded-address 10.0.2.1 10.0.2.49

    V.4. Which value indicates the distance from the NTP authoritative time source?

    • stratum*
    • layer
    • location
    • priority

    V.5. Afer you apply the given configuration to a router, the DHCP clients behind the device cannot communicate with hosts outside of their subnet. Which action is most likely to correct the problem?

    ip dhcp pool test 
     network 192.168.10.0/27
     domain name cisco.com
     dns-server 172.16.1.1 172.16.2.1
     netbios-name-server 172.16.1.10 172.16.2.10
    • Configure the dns server on the same subnet as the clients
    • Activate the dhcp pool
    • Correct the subnet mask
    • configure the default gateway*
    Show (Hide) Explanation/Reference
    In the DHCP pool we need to configure a default gateway (via the “default-route …” command) for the DHCP clients to communicate with outside subnets.

    V.6. Which statement about DHCP snooping is true?

    • it blocks traffic from DHCP servers on untrusted interfaces.*
    • it can be configured on switches and routers.
    • it allows packets from untrusted ports if their source MAC address is found in the binding table.
    • it uses DHCPDiscover packets to identify DHCP servers.

    V.7. Which two options are benefits of DHCP snooping? (Choose two.)

    • A. It simplifies the process of adding DHCP servers to the network.
    • B. It prevents the deployment of rogue DHCP servers.*
    • C. It prevents DHCP reservations.
    • D. It tracks the location of hosts in the network.*
    • E. It prevents static reservations.

    V.8. Which command can you enter to configure the switch as an authoritative NTP server with a site id: 13999902?

    • Switch(config)#ntp master 3 *
    • Switch(config)#ntp peer 193.168.2.2
    • Switch(config)#ntp server 193.168.2.2
    • Switch(config)#ntp source 193.168.2.2
    Show (Hide) Explanation/Reference
    An Authoritative NTP Server can distribute time even when it is not synchronized to an existing time server. To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum] command.

    V.9. Where does a switch maintain DHCP snooping information ?

    • in the MAC address table
    • in the CAM table
    • in the DHCP binding database*
    • in the VLAN database

    V.10. How does NAT overloading provide one-to-many address translation?

    • It uses a pool of addresses
    • It converts IPV4 addresses to unused IPv6 Addresses
    • assigns a unique TCP/UDP port to each session*
    • It uses virtual MAC Address and Virtual IP Addresses
    Show (Hide) Explanation/Reference
    By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.

    V.11. Which HSRP feature was new in HSRPv2?

    • VLAN group numbers that are greater than 255*
    • Virtual MAC addresses
    • tracking
    • preemption
    Show (Hide) Explanation/Reference
    Both HSRP version 1 & version 2 support preempt command -> Answer D is not correct.

    In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095 -> A is correct.

    V.12. Which keyword enables an HSRP router to take the active role immediately what it comes online?

    • preempt*
    • priority
    • version
    • IP address

    V.13. When troubleshooting client DNS issues, which two tasks must you perform? (Choose two.)

    • Ping a public website IP address.
    • Ping the DNS server.*
    • Determine whether the hardware address is correct.
    • Determine whether a DHCP address has been assigned.
    • Determine whether the name servers have been configured.*

    V.14. What are the two minimum required components of a DHCP binding? (Choose two.)

    • an IP address*
    • an ip-helper statement
    • an exclusion list
    • a DHCP pool
    • a hardware address*

    V.15. Which command can you enter to troubleshoot the failure of address assignment?

    • sh ip dhcp database
    • sh ip dhcp pool*
    • sh ip dhcp import
    • sh ip dhcp server statistics
    Show (Hide) Explanation/Reference
    The command “show ip dhcp pool” is used to display information about the DHCP address pools. There are some information we can use to check the failure of address assignment. For example we can see how many IP addresses have been leased for a specific pool. If some IP addresses have been assigned from a pool but a client of that pool has not received the assignment then maybe the issue belongs to the client itself.

    R1#show ip dhcp pool
    Pool SERVER :
     Utilization mark (high/low)    : 100 / 0
     Subnet size (first/next)       : 0 / 0 
     Total addresses                : 1
     Leased addresses               : 1
     Pending event                  : none
     0 subnet is currently in the pool :
     Current index        IP address range                    Leased addresses
     172.16.200.100       172.16.200.100   - 172.16.200.100    1

    V.16. What are two requirements for an HSRP group? (Choose two.)

    • exactly one active router*
    • one or more standby routers*
    • one or more backup virtual routers
    • exactly one standby active router
    • exactly one backup virtual router
    Show (Hide) Explanation/Reference
    From this paragraph:

    “A set of routers that run HSRP works in concert to present the illusion of a single default gateway router to the hosts on the LAN. This set of routers is known as an HSRP group or standby group. A single router that is elected from the group is responsible for the forwarding of the packets that hosts send to the virtual router. This router is known as the active router. Another router is elected as the standby router. If the active router fails, the standby assumes the packet forwarding duties. Although an arbitrary number of routers may run HSRP, only the active router forwards the packets that are sent to the virtual router IP address.

    In order to minimize network traffic, only the active and the standby routers send periodic HSRP messages after the protocol has completed the election process. Additional routers in the HSRP group remain in the Listen state. If the active router fails, the standby router takes over as the active router. If the standby router fails or becomes the active router, another router is elected as the standby router.”

    Reference: https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#anc6

    -> There is exactly one active router and one standby router in an HSRP group. Answer A is surely a correct but other answers are not correct. Answers C, D and E are wrong terminologies so they are surely not correct. Therefore answer B is a best choice left (although it is not totally correct).

    V.17. Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Protocol?

    • VRRP*
    • GLBP
    • TFTP
    • DHCP
    Show (Hide) Explanation/Reference
    Virtual Router Redundancy Protocol (VRRP) is one of the First Hop Redundancy Protocols that is supported by Cisco. Unlike HSRP and GLBP (which are Cisco proprietary protocols), VRRP is an industry standard protocol.

    V.18. Which protocol is the Cisco proprietary implementation of FHRP?

    • HSRP*
    • VRRP
    • GLBP
    • CARP

    V.19. What are two benefits of using NAT? (Choose two.)

    • A. NAT protects network security because private networks are not advertised.*
    • B. NAT accelerates the routing process because no modifications are made on the packets.
    • C. Dynamic NAT facilitates connections from the outside of the network.
    • D. NAT facilitates end-to-end communication when IPsec is enable.
    • E. NAT eliminates the need to re-address all host that require external access.*
    • F. NAT conserves addresses through host MAC-level multiplexing.
    Show (Hide) Explanation/Reference
    By not reveal the internal IP addresses, NAT adds some security to the inside network -> A is correct.

    NAT has to modify the source IP addresses in the packets -> B is not correct.

    Connection from the outside to a network through “NAT” is more difficult than a normal network because IP addresses of inside hosts are hidden -> C is not correct.

    In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> D is not correct.

    By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-address the inside hosts -> E is correct.

    NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowing many private IP addresses to use the same public IP address to go to the Internet -> F is not correct.

    V.20. Which statement is correct regarding the operation of DHCP?

    • A DHCP client uses a ping to detect address conflicts.
    • A DHCP server uses a gratuitous ARP to detect DHCP clients.
    • A DHCP client uses a gratuitous ARP to detect a DHCP server.
    • If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.*
    • If an address conflict is detected, the address is removed from the pool for an amount of time configurable by the administrator.
    • If an address conflict is detected, the address is removed from the pool and will not be reused until the server is rebooted.
    Show (Hide) Explanation/Reference
    An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict.

    (Reference: http://www.cisco.com/en/US/docs/ios/12_1/iproute/configuration/guide/1cddhcp.html)

    V.21. Which value to use in HSRP protocol election process?

    • interface
    • virtual IP address
    • priority*
    • router ID
    Show (Hide) Explanation/Reference
    HSRP election is based on a priority value (0 to 255) that is configured on each router in the group. By default, the priority is 100. The router with the highest priority value (255 is highest) becomes the active router for the group. If all router priorities are equal or set to the default value, the router with the highest IP address on the HSRP interface becomes the active router. Below is an example of assigning HSRP priority of 200 to R1:

    R1(config-if)# standby 1 priority 200

    V.22. Which of the following is needed to be enable back the role of active in HSRP?

    • preempt*
    • priority
    • other options
    Show (Hide) Explanation/Reference
    The “preempt” command enables the HSRP router with the highest priority to immediately become the active router. For example if we have a new router joining an HSRP of 1 and we want this router becomes the active router immediately (provided it had the highest HSRP priority) then we will need this additional command:

    New_Router(config-if)#standby 1 preempt

    V.23. What is new in HSRPv2?

    • prempt
    • a greater number in hsrp group field*
    • other

    V.24. Which command is used to build DHCP pool?

    • ip dhcp pool DHCP*
    • ip dhcp conflict
    • ip dhcp-server pool DHCP
    • ip dhcp-client pool DHCP
    Show (Hide) Explanation/Reference
    The following example shows how to configure a DHCP Server on a Cisco router:

    Configuration Description
    Router(config)#ip dhcp pool CLIENTS Create a DHCP Pool named CLIENTS
    Router(dhcp-config)#network 10.1.1.0 /24 Specifies the subnet and mask of the DHCP address pool
    Router(dhcp-config)#default-router 10.1.1.1 Set the default gateway of the DHCP Clients
    Router(dhcp-config)#dns-server 10.1.1.1 Configure a Domain Name Server (DNS)
    Router(dhcp-config)#domain-name 9tut.com Configure a domain-name
    Router(dhcp-config)#lease 0 12 Duration of the lease (the time during which a client computer can use an assigned IP address). The syntax is “lease{days[hours] [minutes] | infinite}”. In this case the lease is 12 hours. The default is a one-day lease.
    Before the lease expires, the client typically needs to renew its address lease assignment with the server
    Router(dhcp-config)#exit
    Router(config)# ip dhcp excluded-address 10.1.1.1 10.1.1.10 The IP range that a DHCP Server should not assign to DHCP Clients. Notice this command is configured under global configuration mode

    Note: We checked with both Cisco IOS v12.4 and v15.4 but found no “ip dhcp-server pool” command:

    Therefore the answer “ip dhcp-server pool …” is not correct.

    V.25. What is the two benefits of DHCP snooping? (Choose two)

    • static reservation
    • DHCP reservation
    • prevent DHCP rouge server*
    • prevent untrusted host and servers to connect*
    Show (Hide) Explanation/Reference
    Quick review of DHCP Spoofing and DHCP snooping:

    DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.

    The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.

    DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.

    Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down -> Answer D is correct.

    The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients. Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes -> C is correct.

    V.26. Which command is used to configure a switch as an authoritative NTP server?

    • Switch(config)#ntp master 3*
    • Switch(config)#ntp peer IP
    • Switch(config)#ntp server IP
    • Switch(config)#ntp source IP
    Show (Hide) Explanation/Reference
    An Authoritative NTP Server can distribute time even when it is not synchronized to an existing time server. To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum] command.

    V.27. Which configuration command can you apply to a HSRP router so that its local interface becomes active if all other routers in the group fail?

    • no additional configuration is required*
    • standby 1 track Ethernet
    • standby 1 preempt
    • standby 1 priority 250
    Show (Hide) Explanation/Reference
    When all other routers in the group fail, the local router will not receive any HSRP Hello messages so it will become “active”. Notice that in this case the “preempt” command is not necessary. The “preempt” command is only useful when the local router receives a HSRP Hello message from the active HSRP router with a lower priority (then the local router will decide to take over the active role).

    V.28. How to see dhcp conflict?

    • show ip dhcp pool
    • show dhcp database
    • show ip dhcp conflict*
    • Other Option.
    Show (Hide) Explanation/Reference

    V.29. Where does the configuration reside when a helper address is configured to support DHCP?

    • on the switch trunk interface.
    • on the router closest to the client.*
    • on the router closest to the server.
    • on every router along the path.

    V.30. What is the danger of the permit any entry in a NAT access list?

    • It can lead to overloaded resources on the router.*
    • It can cause too many addresses to be assigned to the same interface.
    • It can disable the overload command.
    • It prevents the correct translation of IP addresses on the inside network.
    Show (Hide) Explanation/Reference
    Using permit any can result in NAT consuming too many router resources, which can cause network problems. You should only limit the NAT access list to a specific range of IP addresses.

    V.31. How does a DHCP server dynamically assign IP addresses to hosts?

    • Addresses are permanently assigned so that the host uses the same address at all times.
    • Addresses are assigned for a fixed period of time.
    • Addresses are leased to hosts. A host will usually keep the same address by periodically contacting the DHCP server to renew the lease.*
    • Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
    Show (Hide) Explanation/Reference
    The DHCP lifecycle consists of the following:
    Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.

    V.32. Which command can you enter to determine the addresses that have been assigned on a DHCP Server?

    • Show ip DHCP database.
    • Show ip DHCP pool.
    • Show ip DHCP binding.*
    • Show ip DHCP server statistic.
    Show (Hide) Explanation/Reference
    http://www.aubrett.com/InformationTechnology/RoutingandSwitching/Cisco/CiscoRouters/
    DHCPBindings.aspx
    “Router#show ip dhcp binding
    Bindings from all pools not associated with VRF:
    IP address Client-ID/ Lease expiration Type
    10.16.173.0 24d9.2141.0ddd Jan 12 2013 03:42 AM Automatic”

    V.33. Which two command can you enter to display the current time sources statistics on devices? (Choose TWO)

    • Show ntp associations.*
    • Show clock details.
    • Show clock.
    • Show time.
    • Show ntp status.*
    Show (Hide) Explanation/Reference
    Maybe the “current time sources” here mention about the status of the clock source. In the below output, the “show ntp associations” command reveals the IP address of the clock source (which is 209.65.200.226), the stratum (st) of this reference clock…

    R1#show ntp associations
          address         ref clock     st  when  poll reach  delay  offset    disp
    *~10.1.2.1         209.65.200.226    9   509    64  200    32.2   15.44  16000.
     * master (synced), # master (unsynced), + selected, - candidate, ~ configured

    Below is the output of the “show ntp status” command. From this output we learn that R1 has a stratum of 10 and it is getting clock from 10.1.2.1.

    R1#show ntp status
    Clock is synchronized, stratum 10, reference is 10.1.2.1
    nominal freq is 250.0000 Hz, actual freq is 249.9987 Hz, precision is 2**18
    reference time is D5E492E9.98ACB4CF (13:00:25.596 CST Wed Sep 18 2013)
    clock offset is 15.4356 msec, root delay is 52.17 msec
    root dispersion is 67.61 msec, peer dispersion is 28.12 msec

    For more information about these two commands, please read at: http://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/116161-trouble-ntp-00.html

    In fact this question is unclear, but other answers are surely not correct.

    V.34. What is the default lease time for a DHCP binding?

    • 24 hours*
    • 12 hours
    • 48 hours
    • 36 hours
    Show (Hide) Explanation/Reference
    By default, each IP address assigned by a DHCP Server comes with a one- day lease, which is the amount of time that the address is valid. To change the lease value for an IP address, use the following command in DHCP pool configuration mode:

    V.35. Which NAT type is used to translate a single inside address to a single outside address?

    • dynamic NAT
    • NAT overload
    • PAT
    • static NAT*
    Show (Hide) Explanation/Reference
    There are two types of NAT translation: dynamic and static.

    Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network

    Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address.

    In this question we only want to translate a single inside address to a single outside address so static NAT should be used.

    V.36. What is the effect of the overload keyword in a static NAT translation configuration?

    • It enables port address translation.*
    • It enables the use of a secondary pool of IP addresses when the first pool is depleted
    • It enables the inside interface to receive traffic.
    • It enables the outside interface to forward traffic.
    Show (Hide) Explanation/Reference
    http://www.firewall.cx/networking-topics/network-address-translation-nat/233-nat-overload-part-1.html

    V.37. Which statement about the inside interface configuration in a NAT deployment is true?

    • It is defined globally
    • It identifies the location of source addresses for outgoing packets to be translated using access or route maps.*
    • It must be configured if static NAT is used
    • It identifies the public IP address that traffic will use to reach the internet.
    Show (Hide) Explanation/Reference
    When we specify a NAT “inside” interface (via the “ip nat inside” command under interface mode), we are specifying the source IP addresses. Later in the “ip nat” command under global configuration mode, we will specify the access or route map for these source addresses.

    For example the command:

    Router(config)# ip nat inside source list 1 pool PoolforNAT

    after the keyword “source” we need to specify one of the three keywords:

    + list: specify access list describing local addresses (but this command does not require an “inside” interface to be configured)
    + route-map: specify route-map
    + static: specify static local -> global mapping

    V.38. Which NTP type designates a router without an external reference clock as an authoritative time source?

    • server
    • peer
    • master*
    • client

    V.39. Which NTP command configures the local devices as an NTP reference clock source?

    • NTP Peer
    • NTP Broadcast
    • NTP Master*
    • NTP Server
    Show (Hide) Explanation/Reference
    From a Cisco perspective, getting the clock from an Internet time source and/or from a local timing device both require the same command (ntp server). To have a specific network device consider itself as a reference clock source, another command is used (ntp master)

    For example, the command

    Router(config)#ntp server 192.168.1.1

    configures the local device to use a remote NTP clock source from 192.168.1.1 while the command:

    Router(config)#ntp master 1

    configures the local device as a NTP reference clock source with stratum of 1.

    Reference: http://www.pearsonitcertification.com/articles/article.aspx?p=2141272

    V.40. If you want multiple hosts on a network, where do you configure the setting?

    • in the IP protocol*
    • in the multicast interface
    • in the serial interface
    • in the global configuration

    V.41. Refer to the exhibit.

     

    Which rule does the DHCP server use when there is an IP address conflict?

    • The address is removed from the pool until the conflict is resolved.*
    • The address remains in the pool until the conflict is resolved.
    • Only the IP detected by Gratuitous ARP is removed from the pool.
    • Only the IP detected by Ping is removed from the pool.
    • The IP will be shown, even after the conflict is resolved.
    Show (Hide) Explanation/Reference
    Explanation:
    An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP  checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from  the pool. The address will not be assigned until the administrator resolves the conflict.

    V.42. Which configuration can be used with PAT to allow multiple inside address to be translated to a single outside address ?

    • Dynamic Routing
    • DNS
    • Preempt
    • overload*

    V.43. Which command can you enter to create a NAT pool of 6 addresses?

    • Router(config)#ip nat pool test 175.17.12.69 175.17.12.74 prefix-length 24*
    • Router(config)#ip nat pool test 175.17.12.69 175.17.13.74 prefix-length 16
    • Router(config)#ip nat pool test 175.17.12.66 175.17.12.72 prefix-length 8
    • Router(config)#ip nat pool test 175.17.12.69 175.17.12.76 prefix-length 8
    Show (Hide) Explanation/Reference
    The syntax to create a NAT pool is:

    Router(config)#ip nat pool pool_name start_ip end_ip { netmask netmask | prefix-length prefix-length }

    Therefore answer A is surely correct. Answer B is not correct as it creates many addresses (from 12.69 to 12.255 then to 13.74).

    Answer C and D are not correct as we cannot use prefix-length of 8 (/8) for a class B subnet.

    V.44. While troubleshooting a DCHP client that is behaving erratically, you discover that the client has been assigned the same IP address as a printer that is a static IP address. Which option is the best way to resolve the problem?

    • Configurea static route to the client.
    • Assign the client the same IP address as the router.
    • Move the client to another IP subnet
    • Move the printer to another IP subnet.
    • Reserve the printer IP address.*
    Show (Hide) Explanation/Reference
    In this case the printer is statically assigned an IP address so we have to make sure DHCP server does not assign the same IP address to another device. We can configure the DHCP server with the command “ip dhcp excluded-address <ip-address>” (suppose it is a Cisco device).

    V.45. Which three commands are required to enable NTP authentication on a Cisco router? (Choose three)

    • ntp peer
    • ntp max-associations
    • ntp authenticate*
    • ntp trusted-key*
    • ntp authentication-key*
    • ntp refclock
    Show (Hide) Explanation/Reference
    + The “ntp authenticate” command is used to enable the NTP authentication feature (NTP authentication is disabled by default).

    + The “ntp trusted-key” command specifies one or more keys that a time source must provide in its NTP packets in order for the device to synchronize to it. This command provides protection against accidentally synchronizing the device to a time source that is not trusted.

    + The “ntp authentication-key” defines the authentication keys. The device does not synchronize to a time source unless the source has one of these authentication keys and the key number is specified by the “ntp trusted-key number” command.

    V.46. DRAG DROP. Drag and drop the DHCP client states from the left into the standard order in which the client passes through
    them on the right.
    Select and Place:Correct Answer:

    V.47. After you configure the ip dns spoofing command globally on a device, under which two conditions is DNS spoofing enabled on the device? (Choose two.)

    • The DNS server queue limit id disabled
    • The ip host command is disabled
    • All configured IP name server addresses are removed*
    • The ip dns spoofing command is disabled on the local interface
    • The no ip domain lookup command is configured*
    Show (Hide) Explanation/Reference
    DNS spoofing is designed to allow a router to act as a proxy DNS server and “spoof” replies to any DNS queries using either the configured IP address in the ip dns spoofing ip-address command or the IP address of the incoming interface for the query. This feature is useful for devices where the interface toward the Internet service provider (ISP) is not up. Once the interface to the ISP is up, the router forwards DNS queries to the real DNS servers. This feature turns on DNS spoofing and is functional if any of the following conditions are true: The no ip domain lookup command is configured. IP name server addresses are not configured. There are no valid interfaces or routes for sending to the configured name server addresses.

    V.48. DRAG DROP. Drag and drop the DNS lookup commands from the left onto the correct effects on the right.

    Select and Place:

    Correct Answer:

    V.49. DRAG DROP. Drag and drop the protocols from the left onto the correct IP traffic types on the right.

    Select and Place:

    Correct Answer:

    V.50. Which task must you perform to enable an IOS device to use DNS services?

    • configure a relay agent information reforwarding policy
    • configure manual bindings*
    • configure the relay agent information option
    • configure a name server

    V.51. Which technology allows a large number of private IP address to be represented by a smaller number of public IP addresses?

    • NTP
    • RFC 1918
    • PBR
    • NAT*

    V.52. Which two types of NAT addresses are used in a Cisco NAT device? (Choose two.)

    • inside local*
    • inside global*
    • inside private
    • outside private
    • external global
    • external local
    Show (Hide) Explanation/Reference
    NAT use four types of addresses:

    * Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.

    * Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.

    * Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.

    * Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.

    V.53. Which statement describes the process of dynamically assigning IP addresses by the DHCP server?

    • Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
    • Addresses are permanently assigned so that the hosts use the same address at all times.
    • Addresses are assigned for a fixed period of time, at the end of the period, a new request for an address must be made.
    • Addresses are leased to hosts, which periodically contact the DHCP server to renew the lease.*
    Show (Hide) Explanation/Reference
    The DHCP lifecycle consists of the following:
    Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.

    V.54. Refer to the exhibit. What statement is true of the configuration for this network?

    • The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.
    • Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown.
    • The number 1 referred to in the ip nat inside source command references access-list number 1.
    • ExternalRouter must be configured with static routes to networks 172.16.1.0/24 and 172.16.2.0/24.*
    Show (Hide) Explanation/Reference
    The “list 1 refers to the access-list number 1.

    V.55. When a DHCP server is configured, which two IP addresses should never be assignable to hosts? (Choose two.)

    • network or subnetwork IP address*
    • broadcast address on the network*
    • IP address leased to the LAN
    • IP address used by the interfaces
    • manually assigned address to the clients
    • designated IP address to the DHCP server
    Show (Hide) Explanation/Reference
    Network or subnetwork IP address (for example 11.0.0.0/8 or 13.1.0.0/16) and broadcast address (for example 23.2.1.255/24) should never be assignable to hosts. When try to assign these addresses to hosts, you will receive an error message saying that they can’t be assignable.

    V.56. Which two statements about static NAT translations are true? (Choose two.)

    • They allow connections to be initiated from the outside.*
    • They require no inside or outside interface markings because addresses are statically defined.
    • They are always present in the NAT table.*
    • They can be configured with access lists, to allow two or more connections to be initiated from the outside.
    Show (Hide) Explanation/Reference
    Static NAT is to map a single outside IP address to a single inside IP address. This is typically done to allow incoming connections from the outside (Internet) to the inside. Since these are static, they are always present in the NAT table even if they are not actively in use

    V.57. In a GLBP network, who is responsible for the arp request?

    • AVF
    • AVG*
    • Active router
    • Standby Router

    V.58. In GLBP, which router will respond to client ARP requests?

    • The active virtual gateway will reply with one of four possible virtual MAC addresses.*
    • All GLBP member routers will reply in round-robin fashion.
    • The active virtual gateway will reply with its own hardware MAC address.
    • The GLBP member routers will reply with one of four possible burned in hardware addresses.
    Show (Hide) Explanation/Reference
    One disadvantage of HSRP and VRRP is that only one router is in use, other routers must wait for the primary to fail because they can be used. However, Gateway Load Balancing Protocol (GLBP) can use of up to four routers simultaneously. In GLBP, there is still only one virtual IP address but each router has a different virtual MAC address. First a GLBP group must elect an Active Virtual Gateway (AVG). The AVG is responsible for replying ARP requests from hosts/clients. It replies with different virtual MAC addresses that correspond to different routers (known as Active Virtual Forwarders – AVFs) so that clients can send traffic to different routers in that GLBP group (load sharing).

    V.59. Which statement describes VRRP object tracking?

    • It monitors traffic flow and link utilization.
    • It ensures the best VRRP router is the virtual router master for the group.*
    • It causes traffic to dynamically move to higher bandwidth links.
    • It thwarts man-in-the-middle attacks.
    Show (Hide) Explanation/Reference
    Object tracking is the process of tracking the state of a configured object and uses that state to determine the priority of the VRRP router in a VRRP group

    V.60. What are three benefits of GLBP? (Choose three.)

    • GLBP supports up to eight virtual forwarders per GLBP group.
    • GLBP supports clear text and MD5 password authentication between GLBP group members.*
    • GLBP is an open source standardized protocol that can be used with multiple vendors.
    • GLBP supports up to 1024 virtual routers.*
    • GLBP can load share traffic across a maximum of four routers.*
    • GLBP elects two AVGs and two standby AVGs for redundancy.

    V.61. Which three statements about HSRP operation are true? (Choose three.)?

    • The virtual IP address and virtual MAC address are active on the HSRP Master router.*
    • The HSRP default timers are a 3 second hello interval and a 10 second dead interval.*
    • HSRP supports only clear-text authentication
    • The HSRP virtual IP address must be on a different subnet than the routers’ interfaces on the same LAN.
    • The HSRP virtual IP address must be the same as one of the router’s interface addresses on the LAN.
    • HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing.*
    Show (Hide) Explanation/Reference
    http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic5
    “The active router sources hello packets from its configured IP address and the HSRP virtual MAC address. The standby router sources hellos from its configured IP address and the burned-in MAC address (BIA).”
    http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic14
    “By default, these timers are set to 3 and 10 seconds, respectively…” http://www.cisco.com/c/en/us/support/docs/switches catalyst-6000-series-switches/29545-168.html#q1
    Load Sharing with HSRP
    http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13781-7.html#conf
    “…has a 256 unique HSRP group ID limit.”
    “…the allowed group ID range (0-255). … MSFC2A (Supervisor Engine 32) can use any number of group IDs from that range.

    V.62. Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Protocol?

    • VRRP*
    • GLBP
    • TFTP
    • DHCP
    Show (Hide) Explanation/Reference
    Virtual Router Redundancy Protocol (VRRP) is one of the First Hop Redundancy Protocols that is supported by Cisco. Unlike HSRP and GLBP (which are Cisco proprietary protocols), VRRP is an industry standard protocol.

    V.63. Which NAT function can map multiple inside addresses to a single outside address?

    • PAT*
    • SFTP
    • RARP
    • ARP
    • TFTP
    Show (Hide) Explanation/Reference
    By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.

    V.64. Which three options are the HSRP states for a router? (Choose three)

    • initialize
    • learn*
    • secondary
    • listen*
    • speak*
    • primary
    Show (Hide) Explanation/Reference
    HSRP consists of 6 states:

    State Description
    Initial This is the beginning state. It indicates HSRP is not running. It happens when the configuration changes or the interface is first turned on
    Learn The router has not determined the virtual IP address and has not yet seen an authenticated hello message from the active router. In this state, the router still waits to hear from the active router.
    Listen The router knows both IP and MAC address of the virtual router but it is not the active or standby router. For example, if there are 3 routers in HSRP group, the router which is not in active or standby state will remain in listen state.
    Speak The router sends periodic HSRP hellos and participates in the election of the active or standby router.
    Standby In this state, the router monitors hellos from the active router and it will take the active state when the current active router fails (no packets heard from active router)
    Active The router forwards packets that are sent to the HSRP group. The router also sends periodic hello messages

    Please notice that not all routers in a HSRP group go through all states above. In a HSRP group, only one router reaches active state and one router reaches standby state. Other routers will stop at listen state.

    V.65. Which NTP command configures the local device as an NTP reference clock source?

    • ntp peer
    • ntp broadcast
    • ntp master*
    • ntp server

    V.66. Which technology supports the stateless assignment of IPv6 addresses? (Choose two.)

    • DNS
    • DHCPv6*
    • DHCP
    • autoconfiguration*
    Show (Hide) Explanation/Reference
    DHCPv6 Technology Overview
    IPv6 Internet Address Assignment Overview
    IPv6 has been developed with Internet Address assignment dynamics in mind. Being aware that IPv6 Internet addresses are 128 bits in length and written in hexadecimals makes automation of address- assignment an important aspect within network design. These attributes make it inconvenient for a user to manually assign IPv6 addresses, as the format is not naturally intuitive to the human eye. To facilitate address assignment with little or no human intervention, several methods and technologies have been developed to automate the process of address and configuration parameter assignment to IPv6 hosts. The various IPv6 address assignment methods are as follows:

    1. Manual Assignment
    An IPv6 address can be statically configured by a human operator. However, manual assignment is quite
    open to errors and operational overhead due to the 128 bit length and hexadecimal attributes of the addresses, although for router interfaces and static network elements and resources this can be an appropriate solution.
    2. Stateless Address Autoconfiguration (RFC2462)
    Stateless Address Autoconfiguration (SLAAC) is one of the most convenient methods to assign Internet
    addresses to IPv6 nodes. This method does not require any human intervention at all from an IPv6 user. If one wants to use IPv6 SLAAC on an IPv6 node, it is important that this IPv6 node is connected to a network with at least one IPv6 router connected. This router is configured by the network administrator and sends out Router Advertisement announcements onto the link. These announcements can allow the on-link connected IPv6 nodes to configure themselves with IPv6 address and routing parameters, as specified in RFC2462, without further human intervention.
    3. Stateful DHCPv6
    The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) has been standardized by the IETF through
    RFC3315. DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to “IPv6 Stateless Address Autoconfiguration” (RFC 2462), and can be used separately, or in addition to the stateless autoconfiguration to obtain configuration parameters.
    4. DHCPv6-PD
    DHCPv6 Prefix Delegation (DHCPv6-PD) is an extension to DHCPv6, and is specified in RFC3633. Classical
    DHCPv6 is typically focused upon parameter assignment from a DHCPv6 server to an IPv6 host running a DHCPv6 protocol stack. A practical example would be the stateful address assignment of “2001:db8::1” from a DHCPv6 server to a DHCPv6 client. DHCPv6-PD however is aimed at assigning complete subnets and other network and interface parameters from a DHCPv6-PD server to a DHCPv6-PD client. This means that instead of a single address assignment, DHCPv6-PD will assign a set of IPv6 “subnets”. An example could be the assignment of “2001:db8::/60” from a DHCPv6-PD server to a DHCPv6-PD client. This will allow the DHCPv6-PD client (often a CPE device) to segment the received address IPv6 address space, and assign it dynamically to its IPv6 enabled interfaces.
    5. Stateless DHCPv6
    Stateless DHCPv6 is a combination of “stateless Address Autoconfiguration” and “Dynamic Host Configuration Protocol for IPv6” and is specified by RFC3736. When using stateless-DHCPv6, a device will use Stateless Address Auto-Configuration (SLAAC) to assign one or more IPv6 addresses to an interface, while it utilizes DHCPv6 to receive “additional parameters” which may not be available through SLAAC. For example, additional parameters could include information such as DNS or NTP server addresses, and are provided in a stateless manner by DHCPv6. Using stateless DHCPv6 means that the DHCPv6 server does not need to keep track of any state of assigned IPv6 addresses, and there is no need for state refreshment as result. On network media supporting a large number of hosts associated to a single DHCPv6 server, this could mean a significant reduction in DHCPv6 messages due to the reduced need for address state refreshments. From Cisco IOS 12.4(15)T onwards the client can also receive timing information, in addition to the “additional parameters” through DHCPv6. This timing information provides an indication to a host when it should refresh its DHCPv6 configuration data. This behavior (RFC4242) is particularly useful in unstable environments where changes are likely to occur.

    V.67. DRAG DROP. Order the DHCP message types as they would occur between a DHCP client and a DHCP server.Select and Place:
    Correct Answer:

    V.68. Which command can you enter to troubleshoot the failure of address assignment?

    • sh ip dhcp database
    • sh ip dhcp pool*
    • sh ip dhcp import
    • sh ip dhcp server statistics
    Show (Hide) Explanation/Reference
    The command “show ip dhcp pool” is used to display information about the DHCP address pools. There are some information we can use to check the failure of address assignment. For example we can see how many IP addresses have been leased for a specific pool. If some IP addresses have been assigned from a pool but a client of that pool has not received the assignment then maybe the issue belongs to the client itself.

    R1#show ip dhcp pool
    Pool SERVER :
     Utilization mark (high/low)    : 100 / 0
     Subnet size (first/next)       : 0 / 0 
     Total addresses                : 1
     Leased addresses               : 1
     Pending event                  : none
     0 subnet is currently in the pool :
     Current index        IP address range                    Leased addresses
     172.16.200.100       172.16.200.100   - 172.16.200.100    1

    V.69. Which command can you enter to verify that a router is synced with a configures time source?

    • show ntp authenticate
    • ntp associations
    • ntp server time
    • ntp authenticate
    • show ntp associations*
    Show (Hide) Explanation/Reference
    In the below output, the “show ntp associations” command reveals the IP address of the clock source (which is 209.65.200.226), the stratum (st) of this reference clock and if a router is synced with the configured time source (in this case R1 is synchronized with 10.1.2.1, presented by a “*”).

    R1#show ntp associations
          address         ref clock     st  when  poll reach  delay  offset    disp
    *~10.1.2.1         209.65.200.226    9   509    64  200    32.2   15.44  16000.
     * master (synced), # master (unsynced), + selected, - candidate, ~ configured

    V.70. Which statement about QoS default behavior is true?

    • Ports are untrusted by default.
    • VoIP traffic is passed without being tagged.
    • Video traffic is passed with a well-known DSCP value of 46.
    • Packets are classified internally with an environment.
    • Packets that arrive with a tag are untagged at the edge of an administrative domain.*
    Show (Hide) Explanation/Reference

    Frames received from users in the administratively-defined VLANs are classified or tagged for transmission to other devices. Based on rules that you define, a unique identifier (the tag) is inserted in each frame header before it is forwarded. The tag is examined and understood by each device before any broadcasts or transmissions to other switches, routers, or end stations. When the frame reaches the last switch or router, the tag is removed before the frame is sent to the target end station. VLANs that are assigned on trunk or access ports without identification or a tag are called native or untagged frames. For IEEE 802.1Q frames with tag information, the priority value from the header frame is used. For native frames, the default priority of the input port is used. Each port on the switch has a single receive queue buffer (the ingress port) for incoming traffic. When an untagged frame arrives, it is assigned the value of the port as its port default priority. You assign this value by using the CLI or CMS. A tagged frame continues to use its assigned CoS value when it passes through the ingress port.

    V.71. What is the authoritative source for an address lookup?

    • a recursive DNS search*
    • the operating system cache
    • the ISP local cache
    • the browser cache

    V.72. Which configuration command can you apply to a HSRP router so that its local interface becomes active if all other routers in the group fail?

    • Router(config)#standby 1 priority 250
    • No additional configuration is required*
    • Router(config)#standby 1 preempt
    • Router(config)#standby 1 track Ethernet

    V.73. Which option is the benefit of implementing an intelligent DNS for a cloud computing solution?

    • It reduces the need for a backup data center.
    • It can redirect user requests to locations that are using fewer network resources.*
    • It enables the ISP to maintain DNS records automatically.
    • It eliminates the need for a GSS.

    V.74. Which value is used to determine the active router in an HSRP default configuration?

    • Router loopback address
    • Router IP address*
    • Router priority
    • Router tracking number

    V.75. What is a valid HSRP virtual MAC address?

    • 007.3313.9734
    • 0000.0C07.AC15*
    • 0007.B400.AE01
    • 0000.5E00.01A3
    Show (Hide) Explanation/Reference
    With HSRP, two or more devices support a virtual router with a fictitious MAC address and unique IP address. There are two version of HSRP.

    + With HSRP version 1, the virtual router’s MAC address is 0000.0c07.ACxx , in which xx is the HSRP group. Therefore C is correct.
    + With HSRP version 2, the virtual MAC address is 0000.0C9F.Fxxx, in which xxx is the HSRP group.

    Note: Another case is HSRP for IPv6, in which the MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF.

    (Good resource for HSRP: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html)

    V.75. Requirement to configure DHCP binding ( 2 options)

    • DHCP pool
    • ip address*
    • Hardware address*
    • other option
    Show (Hide) Explanation/Reference
    An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server. Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hoststhat are found in the DHCP database.

    All DHCP clients send a client identifier (DHCP option 61) in the DHCP packet. To configure manual bindings, you must enter the client-identifier DHCP pool configuration command with the appropriate hexadecimal values identifying the DHCP client. For example:

    ip dhcp pool SERVER
    host 172.16.200.100 255.255.255.0
    client-identifier 01aa.bbcc.0003.00
    default-router 172.16.200.1 
    !

    Therefore two requirements for DHCP binding is the IP address and the hardware address (MAC address) of the client. Notice that in the above example “aabb.cc00.0300” is the MAC address of the client while prefix “01” represents the Ethernet media type.

    Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfdhcp.html

    In fact the “DHCP pool” option is also correct but two above choices are better.

    Section VI: Infrastructure Security

    VI.1. Which statement about RADIUS security is true?

    • It supports EAP authentication for connecting to wireless networks.*
    • It provides encrypted multiprotocol support.
    • Device-administration packets are encrypted in their entirety.
    • It ensures that user activity is fully anonymous.

    VI.2. Which command can you enter to block HTTPS traffic from the whole class A private network range to a host?

    • R1(config)#access-list 105 deny tcp 10.1.0.0 0.0.255.255 40.0.0.2 0.0.0.0 eq 443
    • R1(config)#access-list 105 deny tcp 10.1.0.0 0.0.255.255 40.0.0.2 0.0.0.0 eq 53
    • R1(config)#access-list 105 deny tcp 10.0.0.0 0.255.255.255 40.0.0.2 0.0.0.0 eq 53
    • R1(config)#access-list 105 deny tcp 10.0.0.0 0.255.255.255 40.0.0.2 0.0.0.0 eq 443*

    VI.3. Which two options are valid numbers for a standard access list? (Choose two.)

    • A. 50*
    • B. 150
    • C. 1250
    • D. 1550*
    • E. 2050

    VI.4. Which utility can you use to identify the cause of a traffic-flow blockage between the two devices in a network?

    • ACL path analysis tool in APIC-EM*
    • I WAN application
    • ACL analysis tool in APIC-EM
    • APIC-EM automation scheduler
    Show (Hide) Explanation/Reference
    The ACL Path Analysis tool in APIC-EM can help to identify where the traffic was blocked in the transmission.

    Icon means “there are ACLs that permit the traffic applied on the interface”.

    Icon  means “traffic may or may not be blocked. For example, if your traffic matches a deny access control entry (ACE), traffic is denied. However, if your traffic matches any other ACEs, it is permitted. You can get this type of results if you leave out the protocol, source port, or destination port when defining a path trace”.

    Icon  means “there is an ACL on the device or interface that is blocking the traffic on the path”.

    Icon  means “there are no ACLs applied on the interface”.

    Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-5-x/path_trace/user-guide/b_Cisco_Path_Trace_User_Guide_1_5_0_x/b_Cisco_Path_Trace_User_Guide_1_5_0_x_chapter_0111.html

    VI.5. Which set of commands is recommended to prevent the use of a hub in the access layer?

    • switch(config-if)#switchport mode trunk
      switch(config-if)#switchport port-security maximum 1
    • switch(config-if)#switchport mode trunk
      switch(config-if)#switchport port-security mac-address 1
    • switch(config-if)#switchport mode access
      switch(config-if)#switchport port-security maximum 1*
    • switch(config-if)#switchport mode access
      switch(config-if)#switchport port-security mac-address 1
    Show (Hide) Explanation/Reference
    Port security is only used on access port (Which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts Which are allowed to connect to this port -> C is correct.

    Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.

    VI.6. Which two options are primary responsibilities of the APlC-EM controller? (Choose two.)

    • lt automates network actions between different device types.*
    • lt provides robust asset management.
    • lt tracks license usage and Cisco lOS versions.
    • lt automates network actions between legacy equipment.
    • lt makes network functions programmable.*
    Show (Hide) Explanation/Reference

    http://www.cisco.com/c/en/us/products/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/index.html

    Automate network configuration and setup
    Deploy network devices faster
    Automate device deployment and provisioning across the enterprise.

    Provide a programmable network
    Enable developers to create new applications that use the network to fuel business growth.

    VI.7. Which utility can you use to identify redundant or shadow rules?

    • The ACL trace tool in Cisco APIC-EM.
    • The ACL analysis tool in Cisco APIC-EM.*
    • The Cisco APIC-EM automation scheduler.
    • The Cisco IWAN application.
    Show (Hide) Explanation/Reference
    Cisco APIC-EM supports the following policy analysis features:

    + Inspection, interrogation, and analysis of network access control policies.
    + Ability to trace application specific paths between end devices to quickly identify ACLs in use and problem areas.
    Enables ACL change management with easy identification of conflicts and shadows -> Maybe B is the most suitable answer.

    Reference: http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-2-x/config-guide/b_apic-em_config_guide_v_1-2-x/b_apic-em_config_guide_v_1-2-x_chapter_01000.pdf

    The ACL trace tool can only help us to identify Which ACL on Which router is blocking or allowing traffic. It cannot help identify redundant/shadow rules.

    Note:

    Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) is a Cisco Software Defined Networking (SDN) controller, Which uses open APIs for policy-based management and security through a single controller, abstracting the network and making network services simpler. APIC-EM provides centralized automation of policy-based application profiles.

    Reference: CCNA Routing and Switching Complete Study Guide

    Cisco Intelligent WAN (IWAN) application simplifies the provisioning of IWAN network profiles with simple business policies. The IWAN application defines business-level preferences by application or groups of applications in terms of the preferred path for hybrid WAN links. Doing so improves the application experience over any connection and saves telecom costs by leveraging cheaper WAN links.

    Shadow rules are the rules that are never matched (usually because of the first rules). For example two access-list statements:

    access-list 100 permit ip any any
    access-list 100 deny tcp host A host B

    Then the second access-list statement would never be matched because all traffic have been already allowed by the first statement. In this case we call statement 1 shadows statement 2.

    VI.8. What will be the result if the following configuration commands are implemented on a Cisco switch?

    Switch(config-if)# switchport port-security
    Switch(config-if)# switchport port-security mac-address sticky

    • A dynamically learned MAC address is saved in the startup-configuration file.
    • A dynamically learned MAC address is saved in the running-configuration file.*
    • A dynamically learned MAC address is saved in the VLAN database.
    • Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
    • Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.

    VI.9. Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.

    2950Switch(config-if)# switchport port-security
    2950Switch(config-if)# switchport port-security mac-address sticky
    2950Switch(config-if)# switchport port-security maximum 1

    The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)

    • The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
    • Only host A will be allowed to transmit frames on fa0/1.*
    • This frame will be discarded when it is received by 2950Switch.
    • All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.*
    • Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
    • Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.

    Show (Hide) Explanation/Reference
    The first command 2950Switch(config-if)#switchport port-security is to enable the port-security in a switch port.

    In the second command 2950Switch(config-if)#switchport port-security mac-address sticky, we need to know the full syntax of this command is switchport port-security mac-address sticky [MAC]. The STICKY keyword is used to make the MAC address appear in the running configuration and you can save it for later use. If you do not specify any MAC addresses after the STICKY keyword, the switch will dynamically learn the attached MAC Address and place it into your running-configuration. In this case, the switch will dynamically learn the MAC address 0000.00aa.aaaa of host A and add this MAC address to the running configuration.

    In the last command 2950Switch(config-if)#switchport port-security maximum 1 you limited the number of secure MAC addresses to one and dynamically assigned it (because no MAC address is mentioned, the switch will get the MAC address of the attached MAC address to interface fa0/1), the workstation attached to that port is assured the full bandwidth of the port.Therefore only host A will be allowed to transmit frames on fa0/1 -> B is correct.

    After you have set the maximum number of secure MAC addresses for interface fa0/1, the secure addresses are included in the “Secure MAC Address” table (this table is similar to the Mac Address Table but you can only view it with the show port-security address command). So in this question, although you don’t see the MAC address of host A listed in the MAC Address Table but frames with a destination of 0000.00aa.aaaa will be forwarded out of fa0/1 interface -> D is correct.

    VI.10. Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands. Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)

    • Port security needs to be globally enabled.
    • Port security needs to be enabled on the interface.*
    • Port security needs to be configured to shut down the interface in the event of a violation.
    • Port security needs to be configured to allow only one learned MAC address.*
    • Port security interface counters need to be cleared before using the show command.
    • The port security configuration needs to be saved to NVRAM before it can become active.
    Show (Hide) Explanation/Reference
    As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command:

    SwitchA(config-if)#switchport port-security

    -> B is correct.

    Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.

    VI.11. What to do when the router password was forgotten?

    • use default password cisco to reset
    • access router physically
    • use ssl/vpn
    • Type confreg 0x2142 at the rommon 1*
    Show (Hide) Explanation/Reference
    To reset the password we can type “confreg 0x2142” under rommon mode to set the configuration register to 2142 in hexadecimal (the prefix 0x means hexadecimal (base 16)). With this setting when that router reboots, it bypasses the startup-config.

    VI.12. A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the internet. Which ACL can be used?

    • reflexive
    • extended
    • standard
    • dynamic*
    Show (Hide) Explanation/Reference
    We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524.shtml

    VI.13. What should be part of a comprehensive network security plan?

    • Allow users to develop their own approach to network security
    • Physically secure network equipment from potential access by unauthorized individuals*
    • Encourage users to use personal information in their passwords to minimize the likelihood of passwords being forgotten
    • Delay deployment of software patches and updates until their effect on end-user equipment is well known and widely reported
    • Minimize network overhead by deactivating automatic antivirus client updates
    Show (Hide) Explanation/Reference
    All other answers are not recommended for a network security plan so only B is the correct answer.

    VI.14. Which password types are encrypted?

    • SSH
    • Telnet
    • enable secret*
    • enable password
    Show (Hide) Explanation/Reference
    The “enable secret” password is always encrypted (independent of the “service password-encryption” command) using MD5 hash algorithm.

    Note: The “enable password” does not encrypt the password and can be view in clear text in the running-config. In order to encrypt the “enable password”, use the “service password-encryption” command. In general, don’t use enable password, use enable secret instead.

    VI.15. Which statement about ACLs is true?

    • An ACL have must at least one permit action, else it just blocks all traffic.*
    • ACLs go bottom-up through the entries looking for a match
    • An ACL has a an implicit permit at the end of ACL.
    • ACLs will check the packet against all entries looking for a match.

    VI.16. Which three options are benefits of using TACACS+ on a device? (Choose three)

    • A. It ensures that user activity is untraceable.
    • B. It provides a secure accounting facility on the device.
    • C. device-administration packets are encrypted in their entirely.*
    • D. It allows the user to remotely access devices from other vendors.
    • E. It allows the users to be authenticated against a remote server.*
    • F. It supports access-level authorization for commands.*
    Show (Hide) Explanation/Reference
    TACACS+ (and RADIUS) allow users to be authenticated against a remote server -> E is correct.

    TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header -> C is correct.

    TACACS+ supports access-level authorization for commands. That means you can use commands to assign privilege levels on the router -> F is correct.

    Note:

    By default, there are three privilege levels on the router.
    + privilege level 1 = non-privileged (prompt is router>), the default level for logging in
    + privilege level 15 = privileged (prompt is router#), the level after going into enable mode
    + privilege level 0 = seldom used, but includes 5 commands: disable, enable, exit, help, and logout

    VI.17. How to verify SSH connections was secured?

    • A. ssh -v 1 -l admin IP
    • B. ssh -v 2 -l admin IP*
    • C. ssh -l admin IP
    • D. ssh -v -l admin IP

    VI.18. Which cisco platform can verify ACLs?

    • Cisco Prime Infrastructure
    • Cisco Wireless LAN Controller
    • Cisco APIC-EM*
    • Cisco IOS-XE
    Show (Hide) Explanation/Reference
    The APIC-EM Path Trace ACL Analysis Tool can display the ACLs that are using (by downloading the configurations after a specific period of time and shows them when we do a path trace). Therefore it helps verify the ACLs more easily.

    VI.18. Which major component of the network virtualization architecture isolate users according to policy?

    • policy enforcement
    • network access control*
    • network services virtualization
    • path isolation
    Show (Hide) Explanation/Reference
    Network virtualization architecture has three main components:

    Network access control and segmentation of classes of users: Users are authenticated and either allowed or denied into a logical partition. Users are segmented into employees, contractors and consultants, and guests, with respective access to IT assets. This component identifies users who are authorized to access the network and then places them into the appropriate logical partition.

    + Path isolation: Network isolation is preserved across the entire enterprise: from the edge to the campus to the WAN and back again. This component maintains traffic partitioned over a routed infrastructure and transports traffic over and between isolated partitions. The function of mapping isolated paths to VLANs and to virtual services is also performed in component.

    + Network Services virtualization: This component provides access to shared or dedicated network services such as security, quality of service (QoS), and address management (Dynamic Host Configuration Protocol [DHCP] and Domain Name System [DNS]). It also applies policy per partition and isolates application environments, if required.

    Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11-531522.pdf

    VI.20. Which two statements about firewalls are true?

    • They can be used with an intrusion prevention system.*
    • They can limit unauthorized user access to protect data.*
    • Each wireless access point requires its own firewall.
    • They must be placed only at locations where the private network connects to the internet.
    • They can prevent attacks from the internet only.

    VI.21. Which three options are types of Layer 2 network attack? (Choose three)

    • Spoofing attacks*
    • Vlan Hopping*
    • botnet attacks
    • DDOS attacks
    • ARP Attacks*
    • Brute force attacks
    Show (Hide) Explanation/Reference

    (DHCP) Spoofing attack is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.

    The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.

    VLAN Hopping: By altering the VLAN ID on packets encapsulated for trunking, an attacking device can send or receive packets on various VLANs, bypassing Layer 3 security measures. VLAN hopping can be accomplished by switch spoofing or double tagging.

    1) Switch spoofing:

    The attacker can connect an unauthorized Cisco switch to a Company switch port. The unauthorized switch can send DTP frames and form a trunk with the Company Switch. If the attacker can establish a trunk link to the Company switch, it receives traffic to all VLANs through the trunk because all VLANs are allowed on a trunk by default.

    (Instead of using a Cisco Switch, the attacker can use a software to create and send DTP frames).

    2) Double-Tagging:

    In this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the native VLAN of the trunk port (VLAN 10 in this case), and the second matches the VLAN of a host it wants to attack (VLAN 20).

    When the packet from the attacker reaches Switch A, Switch A only sees the first VLAN 10 and it matches with its native VLAN 10 so this VLAN tag is removed. Switch A forwards the frame out all links with the same native VLAN 10. Switch B receives the frame with an tag of VLAN 20 so it removes this tag and forwards out to the Victim computer.

    Note: This attack only works if the trunk (between two switches) has the same native VLAN as the attacker.

    ARP attack (like ARP poisoning/spoofing) is a type of attack in Which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. This is an attack based on ARP Which is at Layer 2.

    VI.22. By default, how many MAC addresses are permitted to be learned on a switch port with port security enabled?

    • 8
    • 2
    • 1*
    • 0
    Show (Hide) Explanation/Reference
    By default, port security limits the MAC address that can connect to a switch port to one. If the maximum number of MAC addresses is reached, when another MAC address attempting to access the port a security violation occurs.

    VI.23. Which option is the default switch port port-security violation mode?

    • shutdown*
    • protect
    • shutdown vlan
    • restrict
    Show (Hide) Explanation/Reference
    Shutdown is the default switch port port-security violation mode. When in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and re-enabling the switchport.

    VI.24. Which three features are represented by the letter A in AAA authentication? (Choose three)

    • A. authorization*
    • B. accounting*
    • C. authentication*
    • D. accountability
    • E. accessibility
    • F. authority

    VI.25. What is a possible reason why a host is able to ping a web server but it is not able to do an HTTP request?

    • A. ACL blocking port 23
    • B. ACL blocking All ports
    • C. ACL blocking port 80*
    • D. ACL blocking port 443
    • E. None of the above

    VI.26. Which item represents the standard IP ACL?

    • Access-list 110 permit any any
    • Access-list 50 deny 192.168.1.1 0.0.0.255*
    • Access list 101 deny tvp any host 192.168.1.1
    • Access-list 2500 deny tcp any host 192.168.1.1 eq 22
    Show (Hide) Explanation/Reference
    The range of standard ACL is 1-99, 1300-1999 so 50 is a valid number for standard ACL.

    VI.27. Which statement about recovering a password on a Cisco router is true?

    • The default reset password is cisco
    • It requires a secure SSl/VPN connection
    • A factory resset is required if you forget the password
    • It requires physical access to the router*
    Show (Hide) Explanation/Reference
    Other choices are surely incorrect so only “physical access” answer is the correct one. In order to recover a password on a Cisco router, the first thing you have to do is either switch off or shut down the router. For more information about this process, please read http://www.cisco.com/c/en/us/support/docs/routers/2800-series-integrated-services-routers/112033-c2900-password-recovery-00.html

    VI.28. Where information about untrusted hosts are stored?

    • CAM table
    • Trunk table
    • MAC table
    • binding database*
    Show (Hide) Explanation/Reference
    The DHCP snooping binding database is also referred to as the DHCP snooping binding table. The DHCP snooping feature dynamically builds and maintains the database using information extracted from intercepted DHCP messages. The database contains an entry for each untrusted host with a leased IP address if the host is associated with a VLAN that has DHCP snooping enabled. The database does not contain entries for hosts connected through trusted interfaces.

    Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html

    VI.29. Which two statements about TACACS+ are true? (Choose two.)

    • lt can run on a UNlX server.*
    • lt authenticates against the user database on the local device.
    • lt is more secure than AAA authentication.
    • lt is enabled on Cisco routers by default.
    • lt uses a managed database.*
    Show (Hide) Explanation/Reference

    http://tacacs.net/docs/TACACS_Advantages.pdf

    Many IT departments choose to use AAA (Authentication, Authorization and Accounting) protocols RADIUS or TACACS+ to address these issues.

    http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/13865-tacplus.pdf

    This document describes how to configure a Cisco router for authentication with the TACACS+ that runs on
    UNIX. TACACS+ does not offer as many features as the commercially available Cisco Secure ACS for
    Windows or Cisco Secure ACS UNIX.
    TACACS+ software previously provided by Cisco Systems has been discontinued and is no longer supported
    by Cisco Systems.

    VI.30. Which two passwords must be supplied in order to connect by Telnet to a properly secured Cisco switch and make changes to the device configuration? (Choose two.)

    • tty password
    • enable secret password*
    • vty password*
    • aux password
    • console password
    • username password

    VI.31. In order to comply with new auditing standards, a security administrator must be able to correlate system security alert logs directly with the employee who triggers the alert. Which of the following should the security administrator implement in order to meet this requirement?

    • Access control lists on file servers
    • Elimination of shared accounts
    • Group-based privileges for accounts
    • Periodic user account access reviews*

    VI.32. Which action can change the order of entries in a named access-list?

    • removing an entry
    • opening the access-list in notepad
    • adding an entry
    • resequencing*
    Show (Hide) Explanation/Reference
    You can check the named access-list with the “show ip access-list” (or “show access-list”) command:

    R1#show ip access-list
    Standard IP access list nat_traffic
        10 permit 10.1.0.0, wildcard bits 0.0.255.255
        15 permit 10.2.0.0, wildcard bits 0.0.255.255
        20 permit 10.3.0.0, wildcard bits 0.0.255.255

    We can resequence a named access-list with the command: “ip access-list resequence access-list-name starting-sequence-number increment“. For example:

    R1(config)#ip access-list nat_traffic 100 10

    Then we can check this access-list again:

    R1#show ip access-list
    Standard IP access list nat_traffic
        100 permit 10.1.0.0, wildcard bits 0.0.255.255
        110 permit 10.2.0.0, wildcard bits 0.0.255.255
        120 permit 10.3.0.0, wildcard bits 0.0.255.255

    We can see the starting sequence number is now 100 and the increment is 10. But notice that resequencing an access-list cannot change the order of entries inside it but it is the best choice in this question. Adding or removing a n entry does not change the order of entries. Maybe we should understand this question “how to renumber the entries in a named access-list”.

    VI.33. What is the effect of using the service password-encryption command?

    • only passwords configured after the command has been entered will be encrypted.
    • Only the enable password will be encrypted.
    • Only the enable secret password will be encrypted
    • It will encrypt the secret password and remove the enable secret password from the configuration.
    • It will encrypt all current and future passwords.*

    VI.34. Refer to the exhibit. Which user-mode password has just been set?

    • Telnet*
    • Auxiliary
    • SSH
    • Console
    Show (Hide) Explanation/Reference
    When you connect to a switch/router via Telnet, you first need to provide Telnet password first. Then to access Privileged mode (Switch#) you need to provide secret password after typing “enable” before making any changes.

    VI.35. What is a difference between TACACS+ and RADIUS in AAA?

    • Only TACACS+ allows for separate authentication.*
    • Only RADIUS encrypts the entire access-request packet.
    • Only RADIUS uses TCP
    • Only TACACS+ couples authentication and authorization.
    Show (Hide) Explanation/Reference
    TACACS+ is an AAA protocol developed by Cisco. TACACS+ separates the authentication, authorization, and accounting steps. This architecture allows for separate authentication solutions while still using TACACS+ for authorization and accounting. For example, it is possible to use the Kerberos Protocol for authentication and TACACS+ for authorization and accounting. After an AAA client passes authentication through a Kerberos server, the AAA client requests authorization information from a TACACS+ server without the necessity to re-authenticate the AAA client by using the TACACS+ authentication mechanism.

    Authentication and authorization are not separated in a RADIUS transaction. When the authentication request is sent to a AAA server, the AAA client expects to have the authorization result sent back in reply.

    Reference: http://www.cisco.com/c/dam/en/us/products/collateral/security/secure-access-control-server-windows/prod_white_paper0900aecd80737943.pdf

    VI.36. Which port security violation mode allows traffic from valid mac address to pass but block traffic from invalid mac address?

    • protect*
    • shutdown
    • shutdown vlan
    • restrict
    Show (Hide) Explanation/Reference
    In fact both “protect” and “restrict” mode allows traffic from passing with a valid MAC address so this question is not good. This is a quote from Cisco for these two modes:

    protect: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.

    restrict: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.

    Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.pdf

    Therefore the only difference between these two modes is “restrict” mode causes the SecurityViolation counter to increment (only useful for statistics).

    VI.37. Which command can you enter in a network switch configuration so that learned mac addresses are saved in configuration as they connect?

    • Switch(config-if)#Switch port-security
    • Switch(config-if)#Switch port-security Mac-address stcky*
    • Switch(config-if)#Switch port-security maximum 10
    • Switch(config-if)#Switch mode access
    Show (Hide) Explanation/Reference
    The full command should be “switchport port-security mac-address sticky” but we can abbreviate in Cisco command.

    VI.38. Which major component of the Cisco network virtualization architecture isolates users according to policy?

    • A. network services virtualization
    • B. policy enforcement
    • C. access control*
    • D. path isolation

    VI.39. DRAG DROP. Drag the security features on the left to the specific security risks they help protect against on the right. (Not all options are used.)

    Select and Place:

    Correct Answer:

    VI.40. On Which combinations are standard access lists based?

    • A. destination address and wildcard mask
    • B. destination address and subnet mask
    • C. source address and subnet mask
    • D. source address and wildcard mask*
    Show (Hide) Explanation/Reference

    Standard ACL’s only examine the source IP address/mask to determine if a match is made. Extended ACL’s
    examine the source and destination address, as well as port information.

    VI.41. Which statement about access lists that are applied to an interface is true?

    • A. You can place as many access lists as you want on any interface.
    • B. You can apply only one access list on any interface.
    • C. You can configure one access list, per direction, per Layer 3 protocol.*
    • D. You can apply multiple access lists with the same protocol or in different directions.
    Show (Hide) Explanation/Reference
    We can have only 1 access list per protocol, per direction and per interface. It means:
    + We cannot have 2 inbound access lists on an interface + We can have 1 inbound and 1 outbound access
    list on an interface

    VI.42. A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two.)

    • A. access-list 10 permit ip 192.168.146.0 0.0.1.255*
    • B. access-list 10 permit ip 192.168.147.0 0.0.255.255
    • C. access-list 10 permit ip 192.168.148.0 0.0.1.255*
    • D. access-list 10 permit ip 192.168.149.0 0.0.255.255
    • E. access-list 10 permit ip 192.168.146.0 0.0.0.255
    • F. access-list 10 permit ip 192.168.146.0 255.255.255.0
    Show (Hide) Explanation/Reference
    access-list 10 permit ip 192.168.146.0 0.0.1.255 will include the 192.168.146.0 and 192.168.147.0 subnets,
    while access-list 10 permit ip 192.168.148.0 0.0.1.255 will include

    VI.43. What can be done to secure the virtual terminal interfaces on a router? (Choose two.)

    • A. Administratively shut down the interface.
    • B. Physically secure the interface.
    • C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
    • D. Configure a virtual terminal password and login process.*
    • E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.*
    Show (Hide) Explanation/Reference
    It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces -> We cannot physically secure a virtual interface because it is “virtual” -> To apply an access list to a virtual terminal interface we must use the “access-class” command. The “access-group” command is only used to apply an access list to a physical interface -> C is not correct. The simplest way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login.

    VI.44. How does using the service password-encryption command on a router provide additional security?

    • A. by encrypting all passwords passing through the router
    • B. by encrypting passwords in the plain text configuration file*
    • C. by requiring entry of encrypted passwords for access to the device
    • D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
    • E. by automatically suggesting encrypted passwords for use in configuring the router
    Show (Hide) Explanation/Reference
    By using this command, all the (current and future) passwords are encrypted. This command is primarily
    useful for keeping unauthorized individuals from viewing your password in your configuration file.

    VI.A network administrator needs to allow only one Telnet connection to a router. For anyone viewing the configuration and issuing the show run command, the password for Telnet access should be encrypted. Which set of commands will accomplish this task?

    Correct Answer: A

    Show (Hide) Explanation/Reference
    Only one VTY connection is allowed Which is exactly what’s requested.
    Incorrect answer: command.
    line vty0 4
    would enable all 5 vty connections.

    VI.45. Refer to the exhibit. What is the effect of the configuration that is shown?

    • A. It configures SSH globally for all logins.
    • B. It tells the router or switch to try to establish an SSh connection first and if that fails to use Telnet.
    • C. It configures the virtual terminal lines with the password 030752180500.
    • D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual terminal ports.*
    • E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.
    Show (Hide) Explanation/Reference

    Secure Shell (SSH) is a protocol Which provides a secure remote access connection to network devices.
    Communication between the client and server is encrypted in both SSH version 1 and SSH version 2. If you want to prevent non-SSH connections, add the “transport input ssh” command under the lines to limit the router to SSH connections only. Straight (non-SSH) Telnets are refused.
    Reference: www.cisco.com/warp/public/707/ssh.shtml

    VI.46. Which command encrypts all plaintext passwords?

    • A. Router# service password-encryption
    • B. Router(config)# password-encryption
    • C. Router(config)# service password-encryption*
    • D. Router# password-encryption
    Show (Hide) Explanation/Reference
    The “service password-encryption” command allows you to encrypt all passwords on your router so they cannot be easily guessed from your running-config. This command uses a very weak encryption because the router has to be very quickly decode the passwords for its operation. It is meant to prevent someone from looking over your shoulder and seeing the password, that is all. This is configured in global configuration mode.

    VI.47. What will be the result if the following configuration commands are implemented on a Cisco switch?

    • A. A dynamically learned MAC address is saved in the startup-configuration file.
    • B. A dynamically learned MAC address is saved in the running-configuration file.*
    • C. A dynamically learned MAC address is saved in the VLAN database.
    • D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
    • E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.
    Show (Hide) Explanation/Reference
    In the interface configuration mode, the command switchport port-security mac-address sticky enables sticky learning. When entering this command, the interface converts all the dynamic secure MAC addresses to sticky secure MAC addresses.

    VI.48. Refer to exhibit. A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this failure?

    • A. A Level 5 password is not set.
    • B. An ACL is blocking Telnet access.
    • C. The vty password is missing.*
    • D. The console password is missing.
    Show (Hide) Explanation/Reference
    The login keyword has been set, but not password. This will result in the “password required, but none set”
    message to users trying to telnet to this router.

    VI.49. When you are troubleshooting an ACL issue on a router, Which command would you use to verify Which interfaces are affected by the ACL?

    • A. show ip access-lists
    • B. show access-listsC. show interface
    • D. show ip interface*
    • E. list ip interface
    Show (Hide) Explanation/Reference
    show ip access-lists does not show interfaces affected by an ACL.

    VI.50. Refer to the exhibit. An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?

    • A. no ip access-class 102 in
    • B. no ip access-class 102 out
    • C. no ip access-group 102 in
    • D. no ip access-group 102 out*
    • E. no ip access-list 102 in
    Show (Hide) Explanation/Reference
    Now let’s find out the range of the networks on serial link:
    For the network 192.168.1.62/27:
    Increment: 32
    Network address: 192.168.1.32
    Broadcast address: 192.168.1.63
    For the network 192.168.1.65/27:Increment: 32
    Network address: 192.168.1.64
    Broadcast address: 192.168.1.95
    -> These two IP addresses don’t belong to the same network and they can’t see each other

    VI.51. Refer to the exhibit. Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?

    • A. ACDB
    • B. BADC
    • C. DBAC
    • D. CDBA*
    Show (Hide) Explanation/Reference
    Routers go line by line through an access list until a match is found and then will not look any further, even if a more specific of better match is found later on in the access list. So, it it best to begin with the most specific entries first, in this cast the two hosts in line C and D. Then, include the subnet (B) and then finally the rest of the traffic (A).

    VI.52. What are two characteristics of SSH? (Choose two.)

    • A. most common remote-access method
    • B. unsecured
    • C. encrypted*
    • D. uses port 22*
    • E. operates at the transport layer

    VI.53. Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)

    • A. source ip address: 192.168.15.5; destination port: 21
    • B. source ip address:, 192.168.15.37 destination port: 21
    • C. source ip address:, 192.168.15.41 destination port: 21
    • D. source ip address:, 192.168.15.36 destination port: 23*
    • E. source ip address: 192.168.15.46; destination port: 23*
    • F. source ip address:, 192.168.15.49 destination port: 23

    VI.54. Refer to the graphic. It has been decided that Workstation 1 should be denied access to Server1. Which of the following commands are required to prevent only Workstation 1 from accessing Server1 while allowing all other traffic to flow normally? (Choose two.)

    Correct Answer: BC

    VI.55. An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect?

    • A. access-list 10 permit 172.29.16.0 0.0.0.255
    • B. access-list 10 permit 172.29.16.0 0.0.1.255
    • C. access-list 10 permit 172.29.16.0 0.0.3.255*
    • D. access-list 10 permit 172.29.16.0 0.0.15.255
    • E. access-list 10 permit 172.29.0.0 0.0.255.255

    VI.56. A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?

    • A. access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any*
    • B. access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
    • C. access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
    • D. access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any

    VI.57. As a network administrator, you have been instructed to prevent all traffic originating on the LAN from entering the R2 router. Which the following command would implement the access list on the interface of the R2 router?

    • A. access-list 101 in
    • B. access-list 101 out
    • C. ip access-group 101 in*
    • D. ip access-group 101 out

    VI.58. The access control list shown in the graphic has been applied to the Ethernet interface of router R1 using the ip access-group 101 in command. Which of the following Telnet sessions will be blocked by this ACL? (Choose two.)

    • A. from host A to host 5.1.1.10
    • B. from host A to host 5.1.3.10*
    • C. from host B to host 5.1.2.10
    • D. from host B to host 5.1.3.8*
    • E. from host C to host 5.1.3.10
    • F. from host F to host 5.1.1.10

    VI.59. The following access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29 LAN: access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any How will the above access lists affect traffic?

    • A. FTP traffic from 192.169.1.22 will be denied
    • B. No traffic, except for FTP traffic will be allowed to exit E0
    • C. FTP traffic from 192.169.1.9 to any host will be denied
    • D. All traffic exiting E0 will be denied*
    • E. All FTP traffic to network 192.169.1.9/29 will be denied

    VI.60. The following configuration line was added to router R1 Access-list 101 permit ip 10.25.30.0 0.0.0.255 any. What is the effect of this access list configuration?

    • A. permit all packets matching the first three octets of the source address to all destinations*
    • B. permit all packet matching the last octet of the destination address and accept all source addresses
    • C. permit all packet matching the host bits in the source address to all destinations
    • D. permit all packet from the third subnet of the network address to all destinations

    VI.61. This graphic shows the results of an attempt to open a Telnet connection to router ACCESS1 from router Remote27

    Which of the following command sequences will correct this problem?

    Correct Answer: C

    VI.62. What are two recommended ways of protecting network device configuration files from outside network security threats? (Choose two.)

      • A. Allow unrestricted access to the console or VTY ports.

    B. Use a firewall to restrict access from the outside to the network devices.

      • C. Always use Telnet to access the device command line because its data is automatically encrypted.

    D. Use SSH or another encrypted and authenticated transport to access device configurations.

      E. Prevent the loss of passwords by disabling password encryption.

    VI.63. Refer to the exhibit. What is the result of setting the no login command?

    Router#config t
    Router(config)#line vty 0 4 
    Router(config-line)#password c1sc0
    Router(config-line)#no login
    • A. Telnet access is denied.
    • B. Telnet access requires a new password at the first login.
    • C. Telnet access requires a new password.
    • D. no password is required for telnet access.*
    Show (Hide) Explanation/Reference
    This configuration will let someone telnet to that router without the password (so the line “password c1sco” is not necessary).

    VI.64. Which identification number is valid for an extended ACL?

    • A. 1
    • B. 64
    • C. 99
    • D. 100*
    • E. 299
    • F. 1099
    Show (Hide) Explanation/Reference
    Below is the range of standard and extended access list:

    Access list type Range
    Standard 1-99, 1300-1999
    Extended 100-199, 2000-2699

    In most cases we only need to remember 1-99 is dedicated for standard access lists while 100 to 199 is dedicated for extended access lists.

    VI.65. Which statement about named ACLs is true?

    • A. They support standard and extended ACLs.*
    • B. They are used to filter usernames and passwords for Telnet and SSH.
    • C. They are used to filter Layer 7 traffic.
    • D. They support standard ACLs only.
    • E. They are used to rate limit traffic destined to targeted networks.
    Show (Hide) Explanation/Reference
    Named Access Control Lists (ACLs) allows standard and extended ACLs to be given names instead of numbers. Unlike in numbered Access Control Lists (ACLs), we can edit Named Access Control Lists. Another benefit of using named access configuration mode is that you can add new statements to the access list, and insert them wherever you like. With the legacy syntax, you must delete the entire access list before reapplying it using the updated rules

    VI.66. Which two values are needed to run the APIC-EM ACL Analysis tool ?(choose two)

    • destination address*
    • destination port
    • periodic refresh intervlan
    • source address*
    • protocol
    • source port

    VI.67. Which command sets and automatically encrypts the privileged enable mode password?

    • A. enable password cisco
    • B. secret enable cisco
    • C. password enable cisco
    • D. enable secret cisco*

    VI.68. The enable secret command is used to secure access to Which CLI mode?

    • A. user EXEC mode
    • B. global configuration mode
    • C. privileged EXEC mode *
    • D. auxiliary setup mode

    VI.69. Which two statements about stateful firewalls in an enterprise network are true?

    • A. They can use information about previous packets to make decisions about future packets.*
    • B. They are most effective when placed in front of the router connected to the Internet.
    • C. they are more susceptible to DoS attacks than stateless firewalls.
    • D. they can track the number of active TCP connections.*
    • E. They can filter HTTP and HTTPS traffic in the inbound direction only.

    VI.70. Which type of access list compares source and destination IP addresses?

    • A. standard
    • B. extended*
    • C. reflexive
    • D. IP named

    VI.71. Which two descriptions of TACACS+ are true? (Choose two.)

    • A. It encrypts only the password.
    • B. It can authorize specific router commands.*
    • C. It separates authentication, authorization, and accounting functions.*
    • D. It uses UDP as its transport protocol.
    • E. It combines authentication and authorization.

    VI.72. Which condition indicates that service password-encryption is enabled?

    • The local username password is in clear text in the configuration.
    • The enable secret is in clear text in the configuration.
    • The local username password is encrypted in the configuration.*
    • The enable secret is encrypted in the configuration.
    Show (Hide) Explanation/Reference
    The service password-encryption command will encrypt all current and future passwords so any password existed in the configuration will be encrypted.

    VI.73. Which command can you use to test whether a switch supports secure connections and strong authentication?

    • Router#ssh –v 1 –l admin 10.1.1.1
    • Switch>ssh –v 1 –l admin 10.1.1.1
    • Switch#ssh –l admin 10.1.1.1
    • Router>ssh –v 2 –l admin10.1.1.1*

    VI.74. Which port security mode can assist with troubleshooting by keeping count of violations?

    • access.
    • protect.
    • restrict.*
    • shutdown.

    VI.75. DRAG DROP. An interface has been configured with the access list that is shown below. On the basis of that access list,drag each information packet on the left to the appropriate category on the right.

    Select and Place:

    Correct Answer:

    VI.76. Which range represents the standard access list?

    • 99*
    • 150
    • 299
    • 2000
    Show (Hide) Explanation/Reference
    Below is the range of standard and extended access list

    Access list type Range
    Standard 1-99, 1300-1999
    Extended 100-199, 2000-2699

    VI.77. Which of the following encrypts the traffic on a leased line?

    • telnet
    • ssh*
    • vtp
    • vpn
    • dmvpn
    Show (Hide) Explanation/Reference
    SSH, or secure shell, is a secure protocol that provides a built-in encryption mechanism for establishing a secured connection between two parties, authenticating each side to the other, and passing commands and output back and forth.

    Note: Virtual Private Networks (VPNs) are only secure if encrypted. The word “private” only means a given user’s virtual network is not shared with others. In reality a VPN still runs on a shared infrastructure and is not secured if not encrypted. VPNs are used over a connection you already have. That might be a leased line. It might be an ADSL connection. It could be a mobile network connection.

    Therefore answer “SSH” is still better than the answer “VPN”.

    VI.78. A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions?

    • Monitor mode*
    • High-Security mode
    • Low-impact mode
    • Closed mode
    Show (Hide) Explanation/Reference
    There are three authentication and authorization modes for 802.1x:

    + Monitor mode
    + Low impact mode
    + High security mode

    Monitor mode allows for the deployment of the authentication methods IEEE 802.1X without any effect to user or endpoint access to the network. Monitor mode is basically like placing a security camera at the door to monitor and record port access behavior.

    With AAA RADIUS accounting enabled, you can log authentication attempts and gain visibility into who and what is connecting to your network with an audit trail. You can discover the following:
    + Which endpoints such as PCs, printers, cameras, and so on, are connecting to your network
    + Where these endpoints connected
    + Whether they are 802.1X capable or not
    + Whether they have valid credentials
    + In the event of failed MAB attempts, whether the endpoints have known, valid MAC addresses

    Monitor mode is enabled using 802.1X with the open access and multiauth mode Cisco IOS Software features enabled, as follows:
    sw(config-if)#authentication open
    sw(config-if)#authentication host-mode multi-auth

    For more information about each mode, please read this article: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Phased_Deploy/Phased_Dep_Guide.html

    VI.79. What are two statements for SSH? (Choose two.)

    • A. use port 22*
    • B. unsecured
    • C. encrypted*
    • D. most common remote-access method
    • E. operate at transport

    VI.80. Which command shows your active Telnet connections?

    • show cdp neigbors
    • show session*
    • show users
    • show vty logins
    Show (Hide) Explanation/Reference
    The “show users” shows telnet/ssh connections to your router while “show sessions” shows telnet/ssh connections from your router (to other devices). The question asks about “your active Telnet connections”, meaning connections from your router

    VI.81. Which IPsec security protocol should be used when confidentiality is required?

    • MD5
    • PSK
    • AH
    • ESP*
    Show (Hide) Explanation/Reference
    IPsec is a pair of protocols, Encapsulating Security Payload (ESP) and Authentication Header (AH), Which provide security services for IP datagrams.

    ESP can provide the properties authentication, integrity, replay protection, and confidentiality of the data (it secures everything in the packet that follows the IP header).

    AH provides authentication, integrity, and replay protection (but not confidentiality) of the sender.

    VI.82. What are two characteristics of Telnet? (Choose two.)

    • A. It sends data in clear text format.*
    • B. It is no longer supported on Cisco network devices.
    • C. It is more secure than SSH.
    • D. It requires an enterprise license in order to be implemented.
    • E. It requires that the destination device be configured to support Telnet connections.*

    VI.83. Which protocol authenticates connected devices before allowing them to access the LAN?

    • A. 802.1d
    • B. 802.11
    • C. 802.1w
    • D. 802.1x*
    Show (Hide) Explanation/Reference

    802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN. The term ‘supplicant’ is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The authenticator is a network device, such as an Ethernet switch or wireless access point; and the authentication server is typically a host running software supporting the RADIUS and EAP protocols.

    The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity hasbeen validated and authorized. An analogy to this is providing a valid visa at the airport’s arrival immigration before being allowed to enter the country. With 802.1X port-based authentication, the supplicant provides credentials, such as user name/password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification. If the authentication server determines the credentials are valid, the supplicant (client device) is allowed to access resources located on the protected side of the network.

    VI.84. Refer to the exhibit. You have determined that computer A cannot ping computer B. Which reason for the problem is most likely true?

    • The computer B default gateway address is incorrect.
    • The computer B subnet mask is incorrect.
    • The computer A subnet mask is incorrect.
    • The computer A default gateway address is incorrect.*

    VI.85. Which IEEE mechanism is responsible for the authentication of devices when they attempt to connect to a local network?

    • 802.1x*
    • 802.11
    • 802.2x
    • 802.3x
    Show (Hide) Explanation/Reference
    IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN

    VI.86. Which two values must you specify to perform an ACL-based Path Trace using APIC-EM? (Choose two.)

    • A. source IP address*
    • B. destination port
    • C. destination IP address*
    • D. source interface
    • E. source port

    VI.87. Which two services can be provided by a wireless controller? (Choose two.)

    • A. Layer 3 routing between wired and wireless devices
    • B. providing authentication services to users*
    • C. mitigating threats from the Internet
    • D. issuing IP addresses to wired devices*
    • E. managing interference in a dense network

    VI.88. Which of the following privilege level is the most secured?

    • Level 0
    • Level 1
    • Level 15*
    • Level 16
    Show (Hide) Explanation/Reference
    By default, the Cisco IOS CLI has two privilege levels enabled, level 1 and level 15.

    + User EXEC mode (privilege level 1): provides the lowest EXEC mode user privileges and allows only user-level commands available at the Router> prompt.
    + Privileged EXEC mode (privilege level 15): includes all enable-level commands at the Router# prompt. Level 15 users can execute all commands and this is the most secured and powerful privilege level.

    However, there are actually 16 privilege levels available on the CLI, from 0 to 15 and you can assign users to any of those levels. Zero-level access allows only five commands -logout, enable, disable, help, and exit. User level (level 1) provides very limited read-only access to the router, and privileged level (level 15) provides complete control over the router.

    Section VII: Infrastructure Management

    VII.1. Which command is used to show the interface status of a router?

    • show interface status
    • show ip interface brief*
    • show ip route
    • show interface
    Show (Hide) Explanation/Reference
    The “show ip interface brief” command can be used to view a summary of the router interfaces. This command displays the IP address, interface status, and additional information. An example of the “show ip interface brief” command is shown below. We can see the interface status of E0/0 is “up/up”.

    VII.2. After you configure the Loopback0 interface, Which command can you enter to verify the status of the interface and determine whether fast switching is enabled?

    • Router#show ip interface loopback 0*
    • Router#show run
    • Router#show interface loopback 0
    • Router#show ip interface brief
    Show (Hide) Explanation/Reference
    Output from real device

    Router2901#sh int g0/0
    GigabitEthernet0/0 is up, line protocol is up
    Hardware is CN Gigabit Ethernet, address is c471.fe99.9999 (bia c471.fe99.9999)
    Description: Lan
    Internet address is 10.1.1.1/25
    MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full Duplex, 1Gbps, media type is RJ45
    output flow-control is unsupported, input flow-control is unsupported
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of “show interface” counters never
    Input queue: 0/75/61/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 39000 bits/sec, 30 packets/sec
    5 minute output rate 73000 bits/sec, 37 packets/sec
    41068530 packets input, 3905407112 bytes, 0 no buffer
    Received 8678853 broadcasts (0 IP multicasts)
    0 runts, 0 giants, 45 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog, 79853 multicast, 0 pause input
    39267208 packets output, 2262399504 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    79926 unknown protocol drops
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier, 0 pause output
    0 output buffer failures, 0 output buffers swapped out
    Router2901#
    Router2901 ip int g0/0
    GigabitEthernet0/0 is up, line protocol is up
    Internet address is 10.1.1.1/25
    Broadcast address is 255.255.255.255
    Address determined by non-volatile memory
    MTU is 1500 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Secondary address 192.168.1.7/24
    Multicast reserved groups joined: 224.0.0.10
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Local Proxy ARP is disabled
    Security level is default
    Split horizon is enabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is disabled
    IP Flow switching is disabled
    IP CEF switching is enabled
    IP CEF switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast, CEF
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Policy routing is disabled
    Network address translation is enabled, interface in domain inside
    BGP Policy Mapping is disabled
    Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, CAR, MCI Check
    Output features: NAT Inside, Common Flow Table, Stateful Inspection, NAT ALG proxy, CAR
    Post encapsulation features: CAR
    IPv4 WCCP Redirect outbound is disabled
    IPv4 WCCP Redirect inbound is disabled
    IPv4 WCCP Redirect exclude is disabled
    Router2901#

    VII.3. In Which CLI configuration mode can you configure the hostname of a device?

    • line mode
    • interface mode
    • global mode*
    • router mode

    VII.4. Which command can you use to set the hostname on a switch?

    • A. switch-mdf-c1(config)#hostname switch-mdf1*
    • B. switch-mdf-c1>hostname switch-mdf1
    • C. switch-mdf-c1#hostname switch-mdf1
    • D. switch-mdf-c1(config-if)#hostname switch-mdf1

    VII.5. Which logging command can enable administrators to correlate syslog messages with millisecond precision?

    • no logging console
    • logging buffered 4
    • no logging monitor
    • service timestamps log datetime mscec*
    • logging host 10.2.0.21
    Show (Hide) Explanation/Reference
    The “service timestamps log” command configures the system to apply a time stamp to logging messages. The time-stamp format for datetime is MMM DD HH:MM:SS, where MMM is the month, DD is the date, HH is the hour (in 24-hour notation), MM is the minute, and SS is the second. With the additional keyword msec, the system includes milliseconds in the time stamp, in the format HH:DD:MM:SS.mmm, where .mmm is milliseconds.

    VII.6. Which function of the IP SLAs ICMP jitter operation can you use to determine whether a VoIP issue is caused by excessive end-to-end time?

    • packet loss
    • jitter
    • successive packet loss
    • round-trip time latency*

    VII.7. Which two statements about northbound and southbound APIs are true? (Choose two.)

    • Only southbound APIs allow program control of the network.
    • Only northbound APIs allow program control of the network.*
    • Only southbound API interfaces use a Service Abstraction Layer.*
    • Only northbound API interfaces use a Service Abstraction Layer.
    • Both northbound and southbound API interfaces use a Service Abstraction Layer.
    • Both northbound and southbound APIs allow program control of the network.
    Show (Hide) Explanation/Reference
    A northbound interface is an interface that allows a particular component of a network to communicate with a higher-level component. Conversely, a southbound interface allows a particular network component to communicate with a lower-level component.

    The northbound APIs on an SDN controller enable applications and orchestration systems to program the network and request services from it.

    Southbound interfaces are implemented with a Service Abstraction Layer (SAL) Which speak to network devices using SNMP and CLI (Command Line Interface) of the elements that make up the network. The main functions of SAL are:
    + Expose device services and capabilities to apps
    + Determine how to fulfill requested service irrespective of the underlying protocol

    Note:
    + An API is a method for one application (program) to exchange data with another application.
    + Interface here refers to the “software interface”, not the physical interfaces.

    VII.8. While viewing the running configuration of a router, you observe the command logging trap warning. Which syslog messages will the router send?

    • A. levels 1-4
    • B. levels 0-4*
    • C. levels 0-5
    • D. warnings only
    • E. levels 1-5

    VII.9. Which statement about SNMPv2 is true?

    • Its privacy algorithms use MD5 encryption by default.
    • it requires passwords to be encrypyed.
    • Its authetication and privacy algorithms are enable without default values.*
    • It requires passwords at least eight characters en length.
    Show (Hide) Explanation/Reference
    Default values do not exist for authentication or privacy algorithms when you configure the SNMP commands. Also, no default passwords exist. The minimum length for a password is one character, although we recommend that you use at least eight characters for security. If you forget a password, you cannot recover it and must reconfigure the user. You can specify either a plain text password or a localized Message Digest 5 (MD5) digest.

    Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv2c.pdf

    VII.10. Which two statements about the extended traceroute command are true? (Choose two.)

    • A. It can validate the reply data.
    • B. It can be repeated automatically at a specified interval.
    • C. It can send packets from a specified interface or IP address.*
    • D. It can use a specified ToS.
    • E. It can use a specified TTL value.*

    VII.11. Refer to the exhibit. You have determined that computer A cannot ping computer B. Which reason for the problem is most likely true?

    • The computer B default gateway address is incorrect.
    • The computer B subnet mask is incorrect.
    • The computer A subnet mask is incorrect.
    • The computer A default gateway address is incorrect.*

    VII.12. If you configure syslog messages without specifying the logging trap level, Which log messages will the router send?

    • informational messages only
    • warning and error conditions only
    • normal but significant conditions only
    • error conditions only
    • all levels except debugging*
    Show (Hide) Explanation/Reference
    Syslog levels are listed below

    Level Keyword Description
    0 emergencies System is unusable
    1 alerts Immediate action is needed
    2 critical Critical conditions exist
    3 errors Error conditions exist
    4 warnings Warning conditions exist
    5 notification Normal, but significant, conditions exist
    6 informational Informational messages
    7 debugging Debugging messages

    The highest level is level 0 (emergencies). The lowest level is level 7. By default, the router will send informational messages (level 6). That means it will send all the syslog messages from level 0 to 6.

    VII.13. Which two statements about syslog logging are true?

    • Syslog logging is disabled by default
    • Messages are stored in the internal memory of device*
    • Messages can be erased when device reboots*
    • Messages are stored external to the device
    • The size of the log file is dependent on the resources of the device.
    Show (Hide) Explanation/Reference
    By default if we type “show logging” command we will see the Syslog logging has been enabled -> A is not correct.

    The syslog messages are stored in the internal buffer of the device. The buffer size is limited to few kilobytes. However, when the device reboots, these syslog messages are lost -> B is correct; C is correct; D is not correct.

    VII.14. What is the purpose of the POST operation on a router?

    • determine whether additional hardware has been added*
    • locate an IOS image for booting
    • enable a TFTP server
    • set the configuration register
    Show (Hide) Explanation/Reference
    In short, when powered on the router needs to do:

    1. Run POST to check hardware
    2. Search for a valid IOS (the Operating System of the router)
    3. Search for a configuration file (all the configurations applied to this router)

    VII.15. Which function does the IP SLAs ICMP Echo operation perform to assist with troubleshooting?

    • A. packet-loss detection*
    • B. congestion detection
    • C. hop-by-hop response time
    • D. one way jitter measurements

    VII.16. Which three commands can you use to set a router boot image? (Choose three.)

    • Router(config)# boot system flash c4500-p-mz.121-20.bin*
    • Router(config)# boot system tftp c7300-js-mz.122-33.SB8a.bin*
    • Router(config)#boot system rom c7301-advipservicesk9-mz.124-24.T4.bin*
    • Router> boot flash:c180x-adventerprisek9-mz-124-6T.bin
    • Router(config)#boot flash:c180x-adventerprisek9-mz-124-6T.bin
    • Router(config)#boot bootldr bootflash:c4500-jk9s-mz.122-23f.bin
    Show (Hide) Explanation/Reference
    The correct syntax of the “boot” command is “boot system” path. In Which the popular for path can be:
    + flash
    + rom
    + tftp
    + ftp
    + IP address (IP address of the server containing the system image file)

    Therefore answers A, B, C are correct.

    VII.17. A Cisco router is booting and has just completed the POST process. It is now ready to find and load an IOS image. What function does the router perform next?

    • It checks the configuration register.*
    • It attempts to boot from a TFTP server.
    • It loads the first image file in flash memory.
    • It inspects the configuration file in NVRAM for boot instructions.
    Show (Hide) Explanation/Reference
    When you turn the router on, it runs through the following boot process.

    The Power-On Self Test (POST) checks the router’s hardware. When the POST completes successfully, the System OK LED indicator comes on.
    The router checks the configuration register to identify where to load the IOS image from. A setting of 0×2102 means that the router will use information in the startup-config file to locate the IOS image. If the startup-config file is missing or does not specify a location, it will check the following locations for the IOS image:

    1. Flash (the default location)
    2. TFTP server
    3. ROM (used if no other source is found)

    The router loads the configuration file into RAM (Which configures the router). The router can load a configuration file from:

    + NVRAM (startup-configuration file)
    + TFTP server
    If a configuration file is not found, the router starts in setup mode.

    VII.18. If you are configuring syslog messages specifying `logging trap warning’, Which log messages will the router send?

    • 0-4*
    • 0-5
    • 0-2
    • 0-6
    • 0-1
    Show (Hide) Explanation/Reference
    0 emergencies System is unusable
    1 alerts Immediate action is needed
    2 critical Critical conditions exist
    3 errors Error conditions exist
    4 warnings Warning conditions exist
    5 notification Normal, but significant, conditions exist
    6 informational Informational messages
    7 debugging Debugging messages

    VII.19. Which function does the IP SLA ICMP ECHO operation perform to assist with troubleshooting?

    • A. packet-loss detection
    • B. congestion detection
    • C. hop-by-hop response time
    • D. one way jitter measurements

    VII.20. If you configure syslog messages without specifying the logging trap level, Which log messages will the router send?

    • 0-4
    • 0-5
    • 0-2
    • 0-6*
    • 0-1
    Show (Hide) Explanation/Reference
    Router(config)# logging trap level – Specifies the kind of messages, by severity level, to be sent to the syslog server. The default is informational (6) and lower ( 0 ­ 6). The possible values for level are as follows:
    Emergency: 0
    Alert: 1
    Critical: 2
    Error: 3
    Warning: 4
    Notice: 5
    Informational: 6
    Debug: 7

    VII.21. Which command can you execute to set the user inactivity timer to 10 seconds?

    • SW1(config-line)#exec-timeout 0 10*
    • SW1(config-line)#exec-timeout 10
    • SW1(config-line)#absolute-timeout 0 10
    • SW1(config-line)#absolute-timeout 10
    Show (Hide) Explanation/Reference
    The “exec-timeout” command is used to configure the inactive session timeout on the console port or the virtual terminal. The syntax of this command is:

    exec-timeout minutes [seconds]

    Therefore we need to use the “exec-timeout 0 10” command to set the user inactivity timer to 10 seconds.

    VII.22. How do you configure a hostname?

    • A. Router(config)#hostname R1*
    • B. Router#hostname R1
    • C. Router(config)#host name R1
    • D. Router>hostname R1

    VII.23. Which command is necessary to permit SSH or Telnet access to a cisco switch that is otherwise configured for these vty line protocols?

    • transport type all
    • transport output all
    • transport preferred all
    • transport input all*
    Show (Hide) Explanation/Reference
    The “transport input” command is used to define Which protocols to use to connect to a specific line (vty, console, aux…) of the router. The “transport input all” command will allow all protocols (including SSH and Telnet) to do this.

    VII.24. Which two Cisco IOS commands, used in troubleshooting, can enable debug output to a remote location? (Choose two)

    • no logging console
    • logging host ip-address*
    • terminal monitor*
    • show logging | redirect flashioutput.txt
    • snmp-server enable traps syslog
    Show (Hide) Explanation/Reference
    The “no logging console” turns off logging to the console connection (it is turned on by default) and it is often used if the console received large amount of logging output. But this command is not recommended in normal configuration -> A is not correct.

    The command “logging host ip-address” instructs the device to send syslog messages to an external syslog server -> B is correct.

    The “show logging | redirect flashioutput.txt” command will put the text file in the router flash memory because we did not specify a remote location (like tftp) -> D is not correct.

    The command “snmp-server enable traps syslog” instructs the device to send syslog messages to your network management server as SNMP traps instead of syslog packets. This command itself does not enable debug output to a remote location -> E is not correct.

    By default, Cisco IOS does not send log messages to a terminal session over IP, that is, telnet or SSH connections don’t get log messages. But notice that console connections on a serial cable do have logging enabled by default. The command “terminal monitor” helps logging messages appear on the your terminal. First we don’t think this is a correct answer but after reading the question again, we believe it is a suitable one as a Telnet/SSH session may be considered a “remote location” -> C is correct.

    VII.25. Which two options are features of the extended ping command? (Choose two.)

    • A. It can send a specific number of packets*
    • B. It can send packet from specified interface of IP address*
    • C. It can resolve the destination host name
    • D. It can ping multiple host at the same time
    • E. It can count the number of hops to the remote host.
    Show (Hide) Explanation/Reference
    There are many options to choose when using extended ping. Below shows the options that we can choose:

    In which:

    Repeat count [5]: Number of ping packets that are sent to the destination address. The default is 5 -> A is correct.
    Source address or interface: The interface or IP address of the router to use as a source address for the probes -> B is correct.

    For more information about extended ping, please read: http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13730-ext-ping-trace.html

    VII.26. What is the cause of the Syslog output messages?

    • The EIGRP neighbor on Fa0/1 went down due to a failed link.
    • The EIGRP neighbor connected to Fa0/1 is participating in a different EIGRP process, causing the adjacency to go down.
    • A shut command was executed on interface Fa0/1, causing the EIGRP adjacency to go down.*
    • Interface Fa0/1 has become error disabled, causing the EIGRP adjacency to go down.
    Show (Hide) Explanation/Reference
    From the second line of the output, we learned that Fa0/1 interface was shut down so we see the “changed state to administratively down”. The third and fourth line is the result of this action, Which cause Fa0/1 interface “changed state to down” and the EIGRP neighbor relationship with 10.10.11.2 was down.

    VII.27. Why is flash memory erased prior to upgrading the IOS image from the TFTP server?

    • The router cannot verify that the Cisco IOS image currently in flash is valid.
    • Flash memory on Cisco routers can contain only a single IOS image.
    • Erasing current flash content is requested during the copy dialog.*
    • In order for the router to use the new image as the default, it must be the only IOS image in flash.
    Show (Hide) Explanation/Reference
    During the copy process, the router asked “Erasing flash before copying? [confirm]” and the administrator confirmed (by pressing Enter) so the flash was deleted.

    Note: In this case, the flash has enough space to copy a new IOS without deleting the current one. The current IOS is deleted just because the administrator wants to do so. If the flash does not have enough space you will see an error message like this:

    %Error copying tftp://192.168.2.167/ c1600-k8sy-mz.l23-16a.bin (Not enough space on device)

    VII.28. In Which two situations should you use out-of-band management? 

    • when a network device fails to forward packets*
    • when you require ROMMON access*
    • when management applications need concurrent access to the device
    • when you require administrator access from multiple locations
    • when the control plane fails to respond

    VII.29. Which command can you enter to configure a local username with an encrypted password and EXEC mode user privileges?

    • Router(config)#username jdone privilege 1 password 7 08314D5D1A48*
    • Router(config)#username jdone privilege 1 password 7 PASSWORD1
    • Router(config)#username jdone privilege 15 password 0 08314D5D1A48
    • Router(config)#username jdone privilege 15 password 0 PASSWORD1
    Show (Hide) Explanation/Reference
    Usually we enter a command like this:

    username bill password westward

    And the system display this command as follows:

    username bill password 7 21398211

    The encrypted version of the password is 21398211. The password was encrypted by the Cisco-defined encryption algorithm, as indicated by the “7”.
    However, if you enter the following command: “username bill password 7 21398211”, the system determines that the password is already encrypted and performs no encryption. Instead, it displays the command exactly as you entered it.

    Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfpass.html#wp1001412

    VII.30. Which statement about the IP SLAs ICMP Echo operation is true?

    • The frequency of the operation .s specified in milliseconds.
    • It is used to identify the best source interface from Which to send traffic.
    • It is configured in enable mode.
    • It is used to determine the frequency of ICMP packets.*
    Show (Hide) Explanation/Reference
    The ICMP Echo operation measures end-to-end response time between a Cisco router and any devices using IP. Response time is computed by measuring the time taken between sending an ICMP Echo request message to the destination and receiving an ICMP Echo reply. Many customers use IP SLAs ICMP-based operations, in-house ping testing, or ping-based dedicated probes for response time measurements.

    Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_icmp_echo.html

    VII.31. What are three components that comprise the SNMP framework? (Choose three)

    • MIB*
    • manager*
    • supervisor
    • agent*
    • set
    • AES

    VII.32. Which command can be used from a PC to verify the connectivity between hosts that connect through a switch in the same LAN?

    • ping address*
    • tracert address
    • traceroute address
    • arp address
    Show (Hide) Explanation/Reference
    To check the connectivity between a host and a destination (through some networks) we can use both “tracert” and “ping” commands. But the difference between these two commands is the “tracert” command can display a list of near-side router interfaces in the path between the source and the destination. In this question the PC and the host are in the same VLAN so “tracert” command is not useful as there is no router to go through. Therefore the best answer in this case is “ping address”.

    Note: “traceroute” command has the same function of the “tracert” command but it is used on Cisco routers only, not on a PC.

    VII.33. What command instructs the device to timestamp Syslog debug messages in milliseconds?

    • service timestamps log datetime localtime
    • service timestamps debug datetime msec*
    • service timestamps debug datetime localtime
    • service timestamps log datetime msec
    Show (Hide) Explanation/Reference
    The “service timestamps debug” command configures the system to apply a time stamp to debugging messages. The time-stamp format for datetime is MMM DD HH:MM:SS, where MMM is the month, DD is the date, HH is the hour (in 24-hour notation), MM is the minute, and SS is the second. With the additional keyword msec, the system includes milliseconds in the time stamp, in the format HH:DD:MM:SS.mmm, where .mmm is milliseconds

    (Reference: http://www.cisco.com/c/en/us/td/docs/ios/fundamentals/command/reference/cf_book/cf_r1.html#wp1030116)

    VII.34. Which command can you enter on a switch to determine the current SNMP security model?

    • show snmp group*
    • show snmp pending
    • snmp-server contact
    • show snmp engineID
    Show (Hide) Explanation/Reference
    Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with the security level  determine the security mechanism applied when the SNMP message is processed.

    The command “show snmp group” displays the names of groups on the router and the security model, the status of the different views, and the storage type of each group. Below is an example of this command.

    Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_9snmp.html

    VII.35. Which statement about upgrading a cisco IOS device with TFTP server ?

    • the operation is performed in active mode
    • the operation is performed in unencrypted format
    • the operation is performed in passive mode
    • the cisco IOS device must be on the same LAN as the TFTP server*
    Show (Hide) Explanation/Reference
    Verify that the TFTP or RCP server has IP connectivity to the router. If you cannot successfully ping between the TFTP or RCP server and the router, do one of the following:
    – Configure a default gateway on the router.
    – Make sure that the server and the router each have an IP address in the same network or subnet.

    Reference: https://www.cisco.com/c/en/us/td/docs/routers/access/1900/software/configuration/guide/Software_Configuration/upgrade.html

    The first option implies the router can be in a different subnet from the TFTP server -> D is not correct.

    TFTP has no encryption process so answer B is correct.

    VII.36. Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose three.)

    • SNMPv3 enhanced SNMPv2 security features*
    • SNMPv3 added the Inform protocol message to SNMP.
    • SNMPv2 added the Inform protocol message to SNMP*
    • SNMPv3 added the GetBulk protocol messages to SNMP
    • SNMPv2 added the GetBulk protocol message to SNMP.*
    • SNMPv2 added the GetNext protocol message to SNMP.
    Show (Hide) Explanation/Reference
    SNMPv1/v2 can neither authenticate the source of a management message nor provide encryption. Without authentication, it is possible for nonauthorized users to exercise SNMP network management functions. It is also possible for nonauthorized users to eavesdrop on management information as it passes from managed systems to the management system. Because of these deficiencies, many SNMPv1/v2 implementations are limited to simply a read-only capability, reducing their utility to that of a network monitor; no network control applications can be supported. To correct the security deficiencies of SNMPv1/v2, SNMPv3 was issued as a set of Proposed Standards in January 1998. -> A is correct.

    (Reference: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-3/snmpv3.html)

    The two additional messages are added in SNMP2 (compared to SNMPv1)

    GetBulkRequest The GetBulkRequest message enables an SNMP manager to access large chunks of data. GetBulkRequest allows an agent to respond with as much information as will fit in the response PDU. Agents that cannot provide values for all variables in a list will send partial information. -> E is correct.

    InformRequest The InformRequest message allows NMS stations to share trap information. (Traps are issued by SNMP agents when a device change occurs.) InformRequest messages are generally used between NMS stations, not between NMS stations and agents. -> C is correct.

    Note: These two messages are carried over SNMPv3.

    VII.37. Which command do use we to see SNMP version

    • show snmp pending*
    • show snmp engineID
    • snmp-server something
    • http://bbs.hh010.com
    Show (Hide) Explanation/Reference
    The “show snmp pending” command displays the current set of pending SNMP requests. It also displays the SNMP version used.

    Router# show snmp pending
    req id: 47, dest: 171.69.58.33.161, V2C community: public, Expires in 5 secs
    req id: 49, dest: 171.69.58.33.161, V2C community: public, Expires in 6 secs
    req id: 51, dest: 171.69.58.33.161, V2C community: public, Expires in 6 secs
    req id: 53, dest: 171.69.58.33.161, V2C community: public, Expires in 8 secs

    Note:

    The “show snmp engineID” displays the identification of the local SNMP engine and all remote engines that have been configured on the router. The following example specifies 00000009020000000C025808 as the local engineID and 123456789ABCDEF000000000 as the remote engine ID, 171.69.37.61 as the IP address of the remote engine (copy of SNMP) and 162 as the port from Which the remote device is connected to the local device:

    Router# show snmp engineID
    Local SNMP engineID: 00000009020000000C025808
    Remote Engine ID           IP-addr          Port
    123456789ABCDEF000000000   171.69.37.61     162

    VII.38. Which feature can you use to restrict SNMP queries to a specific OID tree?

    • server group
    • a community
    • a view record*
    • an access group
    Show (Hide) Explanation/Reference
    You can assign views to community strings to limit Which MIB objects an SNMP manager can access. The syntax to create a view record is shown below:

    Router(config)# snmp-server view view-name oid-tree {included | excluded}

    Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.html

    VII.39. What authentication type is used by SNMPv2 ?

    • username and password
    • community strings*
    • HMAC-MD5
    • HMAC-SHA

    VII.40. Which two IP SLA operations can you use to measure the end-to-end response time for all IP traffic between a Cisco router and an end device ?(choose two)

    • A. ICMP path echo*
    • B. UDP echo
    • C. ICMP path jitter
    • D. UDP jitter
    • E. TCP connect
    • F. ICMP echo*
    Show (Hide) Explanation/Reference
    To measure end-to-end reponse time we have to use ICMP echo to continuously ping to a remote device. The difference between ICMP path echo and ICMP echo is the former can measure hop-by-hop response time on its whole path while the latter can only measure to a specific destination.

    VII.41. DRAG DROP. Drag and drop the extended traceroute options from the left onto the correct descriptions on the right.

    Select and Place:

    Correct Answer:

    VII.42. Refer to the exhibit. The technician wants to upload a new IOS in the router while keeping the existing IOS. What is the maximum size of an IOS file that could be loaded if the original IOS is also kept in flash?

    • A. 3 MB
    • B. 4 MB*
    • C. 5 MB
    • D. 7 MB
    • E. 8 MB
    Show (Hide) Explanation/Reference
    In this example, there are a total of 8 MB, but 3.8 are being used already, so another file as large as 4MB can be loaded in addition to the original file.

    VII.43. Before installing a new, upgraded version of the IOS, what should be checked on the router, and Which command should be used to gather this information? (Choose two.)

    • A. the amount of available ROM
    • B. the amount of available flash and RAM memory*
    • C. the version of the bootstrap software presents on the router
    • D. show version*
    • E. show processes
    • F. show running-config
    Show (Hide) Explanation/Reference
    When upgrading new version of the IOS we need to copy the IOS to the Flash so first we have to check if the Flash has enough memory or not. Also running the new IOS may require more RAM than the older one so we should check the available RAM too. We can check both with the “show version” command.

    VII.44. Which command reveals the last method used to powercycle a router?

    • A. show reload
    • B. show boot
    • C. show running-config
    • D. show version*
    Show (Hide) Explanation/Reference
    The “show version” command can be used to show the last method to powercycle (reset) a router.

    VII.45. Which command would you use on a Cisco router to verify the Layer 3 path to a host?

    • A. tracert address
    • B. traceroute address*
    • C. telnet address
    • D. ssh address
    Show (Hide) Explanation/Reference
    In computing, traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. The history of the route is recorded as the round-trip times of the packets received from each successive host (remote node) in the route (path); the sum of the mean times in each hop indicates the total time spent to establish the connection. Traceroute proceedsunless all (three) sent packets are lost more than twice, then the connection is lost and the route cannot be evaluated. Ping, on the other hand, only computes the final round-trip times from the destination point.

    VII.46. Refer to the exhibit. A network administrator configures a new router and enters the copy startup- config running-config command on the router. The network administrator powers down the router and sets it up at a remote location. When the router starts, it enters the system configuration dialog as shown. What is the cause of the problem?

    • A. The network administrator failed to save the configuration.*
    • B. The configuration register is set to 0x2100.
    • C. The boot system flash command is missing from the configuration.
    • D. The configuration register is set to 0x2102.
    • E. The router is configured with the boot system startup command.
    Show (Hide) Explanation/Reference
    The “System Configuration Dialog” appears only when no startup configuration file is found. The network administrator has made a mistake because the command “copy startup-config running- config” will copy the startup config (Which is empty) over the running config (Which is configured by the administrator). So everything configured was deleted. Note: We can tell the router to ignore the start-up configuration on the next reload by setting the register to 0?142. This will make the “System Configuration Dialog” appear at the next reload.

    VII.47. Which two locations can be configured as a source for the IOS image in the boot system command? (Choose two.)

    • A. RAM
    • B. NVRAM
    • C. flash memory*
    • D. HTTP server
    • E. TFTP server*
    • F. Telnet server
    Show (Hide) Explanation/Reference
    The following locations can be configured as a source for the IOS image:
    1. + Flash (the default location)
    2. + TFTP server3. + ROM (used if no other source is found)

    VII.48. Refer to the exhibit. For what two reasons has the router loaded its IOS image from the location that is shown? (Choose two.)

    • A. Router1 has specific boot system commands that instruct it to load IOS from a TFTP server.*
    • B. Router1 is acting as a TFTP server for other routers.
    • C. Router1 cannot locate a valid IOS image in flash memory.*
    • D. Router1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server.
    • E. Cisco routers will first attempt to load an image from TFTP for management purposes.
    Show (Hide) Explanation/Reference
    The loading sequence of CISCO IOS is as follows:
    Booting up the router and locating the Cisco IOS
    1. POST (power on self test)
    2. Bootstrap code executed
    3. Check Configuration Register value (NVRAM) Which can be modified using the config-register command
    0 = ROM Monitor mode
    1 = ROM IOS
    2 – 15 = startup-config in NVRAM
    4. Startup-config filE. Check for boot system commands (NVRAM) If boot system commands in startup-config
    a. Run boot system commands in order they appear in startup-config to locate the IOS b. [If boot system commands fail, use default fallback sequence to locate the IOS (Flash, TFTP, ROM)?] If no boot system commands in startup-config use the default fallback sequence in locating the IOS:
    a. Flash (sequential)
    b. TFTP server (netboot)
    c. ROM (partial IOS) or keep retrying TFTP depending upon router model
    5. If IOS is loaded, but there is no startup-config file, the router will use the default fallback sequence for locating the IOS and then it will enter setup mode or the setup dialogue.

    VII.49. Refer to the exhibit. What can be determined about the router from the console output?

    • A. No configuration file was found in NVRAM.*
    • B. No configuration file was found in flash.
    • C. No configuration file was found in the PCMCIA card.
    • D. Configuration file is normal and will load in 15 seconds.
    Show (Hide) Explanation/Reference
    When no startup configuration file is found in NVRAM, the System Configuration Dialog will appear to ask if
    we want to enter the initial configuration dialog or not.

    VII.50. What is a global command?

    • A. a command that is set once and affects the entire router*
    • B. a command that is implemented in all foreign and domestic IOS versions
    • C. a command that is universal in application and supports all protocols
    • D. a command that is available in every release of IOS, regardless of the version or deployment status
    • E. a command that can be entered in any configuration mode
    Show (Hide) Explanation/Reference
    When you enter global configuration mode and enter a command, it is applied to the running configuration file that is currently running in ram. The configuration of a global command affects the entire router. An example of a global command is one used for the hostname of the router.

    VII.51. What are three factors a network administrator must consider before implementing Netflow in the network?

    • A. CPU utilization*
    • B. where Netflow data will be sent*
    • C. number of devices exporting Netflow data*
    • D. port availability
    • E. SNMP version
    • F. WAN encapsulation

    VII.52. What SNMP message alerts the manager to a condition on the network?

    • trap*
    • get
    • response
    • capture

    VII.53. What are three reasons to collect Netflow data on a company network? (Choose three.)

    • A. To identify applications causing congestion.*
    • B. To authorize user network access.
    • C. To report and alert link up / down instances.
    • D. To diagnose slow network performance, bandwidth hogs, and bandwidth utilization.*
    • E. To detect suboptimal routing in the network.
    • F. To confirm the appropriate amount of bandwidth that has been allocated to each Class of Service.*

    VII.54. What Netflow component can be applied to an interface to track IPv4 traffic?

    • A. flow monitor*
    • B. flow record
    • C. flow sampler
    • D. flow exporter
    Show (Hide) Explanation/Reference

    Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, Which is configured for the flow monitor and stored in the flow monitor cache.
    For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible
    NetFlow flow monitor configuration mode:
    Router(config)# flow monitor FLOW-MONITOR-1
    Router(config-flow-monitor)#

    VII.55. Which command displays CPU utilization?

    • A. show protocols
    • B. show process*
    • C. show system
    • D. show version
    Show (Hide) Explanation/Reference
    The “show process” (in fact, the full command is “show processes”) command gives us lots of information about each process but in fact it is not easy to read. Below shows the output of this command (some next pages are omitted)

    A more friendly way to check the CPU utilization is the command “show processes cpu history”, in Which the total CPU usage on the router over a period of time: one minute, one hour, and 72 hours are clearly shown:

    + The Y-axis of the graph is the CPU utilization.+ The X-axis of the graph is the increment within the period displayed in the graph For example, from the last graph (last 72 hours) we learn that the highest CPU utilization within 72 hours is 37% about six hours ago.

    VII.56. Which router IOS commands can be used to troubleshoot LAN connectivity problems? (Choose three.)

    • A. ping*
    • B. tracert
    • C. ipconfig
    • D. show ip route*
    • E. winipcfg
    • F. show interfaces*
    Show (Hide) Explanation/Reference
    Ping, show ip route, and show interfaces are all valid troubleshooting IOS commands. Tracert, ipconfig, and
    winipcfg are PC commands, not IOS.

    VII.57. Syslog was configured with a level 3 trap. Which 4 types of logs would be generated (Choose four.)

    • A. Emergencies*
    • B. Alerts*
    • C. Critical*
    • D. Errors*
    • E. Warnings
    Show (Hide) Explanation/Reference

    The Message Logging is divided into 8 levels as listed below:
    Level Keyword Description
    0 emergencies System is unusable
    1 alerts Immediate action is needed
    2 critical Critical conditions exist
    3 errors Error conditions exist
    4 warnings Warning conditions exist
    5 notification Normal, but significant, conditions exist 6 informational Informational messages
    7 debugging Debugging messages
    The highest level is level 0 (emergencies). The lowest level is level 7. If you specify a level with the “logging console level” command, that level and all the higher levels will be displayed.
    For example, by using the “logging console warnings” command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed.

    VII.58. What are the benefit of using Netflow? (Choose three.)

    • A. Network, Application & User Monitoring*
    • B. Network Planning
    • C. Security Analysis*
    • D. Accounting/Billing*

    VII.59. Which protocol can cause overload on a CPU of a managed device?

    • A. Netflow
    • B. WCCP
    • C. IP SLA
    • D. SNMP*
    Show (Hide) Explanation/Reference

    Sometimes, messages like this might appear in the router console:
    %SNMP-3-CPUHOG: Processing [chars] of [chars]
    They mean that the SNMP agent on the device has taken too much time to process a request.
    You can determine the cause of high CPU use in a router by using the output of the show process cpu command.
    Note: A managed device is a part of the network that requires some form of monitoring and management (routers, switches, servers, workstations, printers…).

    VII.60. What are the three things that the Netflow uses to consider the traffic to be in a same flow? (Choose three.)

    • A. IP address*
    • B. Interface name
    • C. Port numbers*
    • D. L3 protocol type*
    • E. MAC address
    Show (Hide) Explanation/Reference

    What is an IP Flow?
    Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets. Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes.
    IP Packet attributes used by NetFlow:
    + IP source address
    + IP destination address
    + Source port
    + Destination port
    + Layer 3 protocol type
    + Class of Service
    + Router or switch interface

    VII.61. What is the alert message generated by SNMP agents called?

    • A. TRAP*
    • B. INFORM*
    • C. GET
    • D. SET
    Show (Hide) Explanation/Reference

    A TRAP is a SNMP message sent from one application to another (Which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they’re unacknowledged so you don’t actually know if the remote application received your oh-so-important message to it. SNMPv2 PDUs fixed this by introducing the notion of an INFORM, Which is nothing more than an acknowledged TRAP.

    VII.62. Which three features are added in SNMPv3 over SNMPv2? (Choose three.)

    • A. Message Integrity*
    • B. Compression
    • C. Authentication*
    • D. Encryption*
    • E. Error Detection

    VII.63. Which three statements about Syslog utilization are true? (Choose three.)

    • Utilizing Syslog improves network performance
    • The Syslog server automatically notifies the network administrator of network problems
    • A Syslog server provides the storage space necessary to store log files without using router disk space*
    • There are more Syslog messages available within Cisco IOS than there are comparable SNMP trap messages.*
    • Enabling Syslog on a router automatically enables NTP for accurate time stamping
    • A Syslog server helps in aggregation of logs and alerts.*

    VII.64. A network administrator enters the following command on a router:logging trap 3 . What are three message types that will be sent to the Syslog server?(choose three)

    • warning
    • informational
    • error*
    • emergency*
    • debug
    • critical*

    VII.65. What is the default Syslog facility level?

    • A. local4
    • B. local5
    • C. local6
    • D. local7*

    VII.66. What is the cause of the Syslog output messages?

    • The EIGRP neighbor on Fa0/1 went down due to a failed link.
    • The EIGRP neighbor connected to Fa0/1 is participating in a different EIGRP process, causing the adjacency to go down.
    • A shut command was executed on interface Fa0/1, causing the EIGRP adjacency to go down.*
    • Interface Fa0/1 has become error disabled, causing the EIGRP adjacency to go down.
    Show (Hide) Explanation/Reference
    From the second line of the output, we learned that Fa0/1 interface was shut down so we see the “changed state to administratively down”. The third and fourth line is the result of this action, Which cause Fa0/1 interface “changed state to down” and the EIGRP neighbor relationship with 10.10.11.2 was down.

    VII.67. What Cisco IOS feature can be enabled to pinpoint an application that is causing slow network performance?

    • A. SNMP
    • B. Netflow*
    • C. WCCP
    • D. IP SLA

    VII.68. What command visualizes the general NetFlow data on the command line?

    • A. show ip flow export
    • B. show ip flow top-talkers
    • C. show ip cache flow*
    • D. show mls sampling
    • E. show mls netflow ip
    Show (Hide) Explanation/Reference
    The “show ip cache flow” command displays a summary of the NetFlow

    VII.69. What are three values that must be the same within a sequence of packets for Netflow to consider them a network flow? (Choose three.)

    • A. source IP address*
    • B. source MAC address
    • C. egress interface
    • D. ingress interface*
    • E. destination IP address*
    • F. IP next-hop

    VII.70. Which three are the components of SNMP? (Choose three)

    • A. MIB*
    • B. SNMP Manager*
    • C. SysLog Server
    • D. SNMP Agent*
    • E. Set
    Show (Hide) Explanation/Reference

    SNMP is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network.
    The SNMP framework has three parts:
    + An SNMP manager
    + An SNMP agent
    + A Management Information Base (MIB)
    The SNMP manager is the system used to control and monitor the activities of network hosts using SNMP.
    The most common managing system is called a Network Management System (NMS). The term NMS can be applied to either a dedicated device used for network management, or the applications used on such a device.
    A variety of network management applications are available for use with SNMP. These features range from simple command-line applications to feature-rich graphical user interfaces (such as the CiscoWorks2000 line of products).
    The SNMP agent is the software component within the managed device that maintains the data for the device and reports these data, as needed, to managing systems. The agent and MIB reside on the routing device (router, access server, or switch). To enable the SNMP agent on a Cisco routing device, you must define the relationship between the manager and the agent.
    The Management Information Base (MIB) is a virtual information storage area for network management information, Which consists of collections of managed objects.

    VII.71. What are the Popular destinations for syslog messages to be saved?

    • A. Flash
    • B. The logging buffer .RAM*
    • C. The console terminal*
    • D. Other terminals
    • E. Syslog server*
    Show (Hide) Explanation/Reference

    By default, switches send the output from system messages and debug privileged EXEC commands to a logging process. The logging process controls the distribution of logging messages to various destinations, such as the logging buffer (on RAM), terminal lines (console terminal), or a UNIX syslog server, depending on your configuration. The process also sends messages to the console.
    Note: Syslog messages can be written to a file in Flash memory although it is not a popular place to use. We can configure this feature with the command logging file flash:filename.

    VII.72. What levels will be trapped if the administrator executes the command router(config)# logging trap 4? (Choose four.)

    • A. Emergency*
    • B. Notice
    • C. Alert*
    • D. Error*
    • E. Warning*
    Show (Hide) Explanation/Reference

    The Message Logging is divided into 8 levels as listed below:
    Level Keyword Description
    0 emergencies System is unusable
    1 alerts Immediate action is needed
    2 critical Critical conditions exist
    3 errors Error conditions exist
    4 warnings Warning conditions exist
    5 notification Normal, but significant, conditions exist 6 informational Informational messages 7 debugging
    Debugging messages
    If you specify a level with the “logging trap level” command, that level and all the higher levels will be logged.
    For example, by using the “logging trap 4 command, all the logging of emergencies, alerts, critical, errors,
    warnings will be logged.

    VII.73. When upgrading the IOS image, the network administrator receives the exhibited error message. What could be the cause of this error?

    • A. The new IOS image is too large for the router flash memory.
    • B. The TFTP server is unreachable from the router.*
    • C. The new IOS image is not correct for this router platform.
    • D. The IOS image on the TFTP server is corrupt.
    • E. There is not enough disk space on the TFTP server for the IOS image.

    VII.74. Refer to the exhibit. What could be possible causes for the “Serial0/0 is down” interface status? (Choose two.)

    • A. A Layer 1 problem exists.*
    • B. The bandwidth is set too low.
    • C. A protocol mismatch exists.
    • D. An incorrect cable is being used.*
    • E. There is an incorrect IP address on the Serial 0/0 interface.

    VII.75. Refer to the exhibit. What does the address 192.168.2.167 represent?

    • A. the TFTP server from Which the file startup-config is being transferred
    • B. the router from Which the file startup-config is being transferred
    • C. the TFTP server from Which the file router-confg is being transferred
    • D. the TFTP server to Which the file router-confg is being transferred*
    • E. the router to Which the file router-confg is being transferred
    • F. the router to Which the file startup-config is being transferred

    VII.76. How can an administrator determine if a router has been configured when it is first powered up?

    • A. A configured router prompts for a password.
    • B. A configured router goes to the privileged mode prompt.
    • C. An unconfigured router goes into the setup dialog.*
    • D. An unconfigured router goes to the enable mode prompt.

    VII.77. Which two commands can you enter to verify that a configured NetFlow data export is operational? (Choose two.)

    • A. show ip flow export*
    • B. show ip cache flow*
    • C. ip flow ingress
    • D. ip flow egress
    • E. interface ethernet 0/0
    • F. ip flow-export destination

    VII.78. What is the first step you perform to configure an SNMPv3 user?

    • A. Configure server traps.
    • B. Configure the server group.*
    • C. Configure the server host.
    • D. Configure the remote engine ID.
    Show (Hide) Explanation/Reference
    The first step we need to do when configuring an SNMPv3 user is to configure the server group to enable authentication for members of a specified named access list via the “snmp-server group” command. For example:

    Router(config)# snmp-server group MyGroup v3 auth access snmp_ac

    In this example, the SNMP server group MyGroup is configured to enable user authentication for members of the named access list snmp_acl.

    Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv3.html

    VII.79. A network administrator has configured access list 173 to prevent Telnet and ICMP traffic from reaching a server with the address of 192.168.13.26. Which commands can the administrator issue to verify that the access list is working properly? (Choose three.)

    • A. Router# ping 192.168.13.26*
    • B. Router# debug access-list 173
    • C. Router# show open ports 192.168.13.26
    • D. Router# show access-lists*
    • E. Router# show ip interface*

    VII.80. DRAG DROP. Drag and drop the descriptions of performing an initial device configuration from the left onto the correct features or components on the right.

    Select and Place:

    Correct Answer:

    VII.81. DRAG DROP. Drag and drop the descriptions of logging from the left onto the correct logging features or components on the right.

    Select and Place:

    Correct Answer:

    VII.82. DRAG DROP. You are performing the initial configuration on a new Cisco device. Drag the task from the left onto the required or optional category on the right.

    Select and Place:

    Correct Answer:

    Show (Hide) Explanation/Reference

    https://www.cisco.com/c/en/us/td/docs/routers/access/2900/hardware/installation/guide/
    Hardware_Installation_Guide/Configure.html#91811

    VII.83. DRAG DROP. Drag and drop the network programmability features from the left onto the correct description on the right.

    Select and Place:

    Correct Answer:

    VII.84. Which configuration register value can you set on a Cisco device so that it ignores the NVRAM when it boots?

    • 0x2124
    • 0x2120
    • 0x2142*
    • 0x2102
    Show (Hide) Explanation/Reference
    To reset the password we can type “confreg 0x2142” under rommon mode to set the configuration register to 2142 in hexadecimal (the prefix 0x means hexadecimal (base 16)). With this setting when that router reboots, it bypasses the startup-config.

    VII.85. Which version of SNMP first allowed user-based access?

    • A. SNMPv3 with RBAC
    • B. SNMPv3*
    • C. SNMPv1
    • D. SNMPv2
    Show (Hide) Explanation/Reference
    The user-based access control implemented by SNMPv3 is based on contexts and user names, rather than on IP addresses and community strings. It is a partial implementation of the view-based access control model (VACM).

    VII.86. Which two criteria must be met to support the ICMP echo IP SLA? (Choose two)

    • The destination device must support the echo protocol*
    • default gateway must be configured for the source and destination devices
    • The source device must be running Layer 2 services.
    • The source and destination devices must be Cisco devices
    • The source device must be a Cisco device but the destination device can be from any vendor*

    VII.87. Which two characteristics of an ICMP echo-based IP SLA are true? (Choose two)

    • It can use RSPAN to report network statistics to a designated remote port
    • It aggregates traffic statistics for reporting on a configurable basis
    • It requires a remote device to log and maintain collected data
    • It measures traffic to determine the reliability of a connection from a Cisco router to a designated end device*
    • It generates continuous traffic to monitor network performance*

    VII.88. Which two commands can you use to verify an IP SLA? (Choose two.)

    • A. show ip sla application*
    • B. show ip sla history
    • C. show ip sla configuration*
    • D. show ip sla reaction-configuration
    • E. show ip sla statistics

    VII.89. Which effect of the terminal monitor command is true?

    • A. It displays the configuration of the syslog server
    • B. It configures a syslog server
    • C. It configures the device to log messages to the console*
    • D. It puts the device into global configuration mode

    VII.90. Which command is configured on a switch to enable neighbor discovery in a multivendor environment?

    • A. lldp run*
    • B. lldp transmit
    • C. lldp receive
    • D. cdp run

    VII.91. Which API uses HTTP messages to transfer data to applications residing on different hosts?

    • A. OpenStack
    • B. REST*
    • C. OpenFlow
    • D. OpFlex

    VII.92. You are configuring an IP SLA ICMP Echo operation to troubleshoot a network connectivity issue. When do you enter an IP address to test the IP SLA?

    • A. when you define the ICMP Echo operation*
    • B. when you enable the ICMP Echo operation
    • C. when you verify the IP SLA operation
    • D. when you specify the test frequency

    Section VIII. New Questions

    VIII.1. What IP SLA ICMP Echo measures?

    • A. Packet loss
    • B. Congestion
    • C. Hop-by-hop “something”
    • D. End-to-end response time*
    • E. ?
    Show (Hide) Explanation/Reference
    The Internet Control Message Protocol (ICMP) Echo operation measures the end-to-end response time between two devices that use IPv4. The response time is computed by measuring the time taken between sending an ICMP Echo request message to the destination and receiving an ICMP Echo reply.

    An IP SLA can be used to performs network performance monitoring, including measure the latency, packet loss, jitter and response time in the network. The example below shows how to configure an IP SLA ICMP Echo (send an ICMP request to 192.168.1.254 every 300 second with a timeout of 500ms):

    Device(config)#ip sla 1
    
    Device(config-ip-sla)#icmp-echo 192.168.1.254
    Device(config-ip-sla-echo)#frequency 300 //send an ICMP
    Device(config-ip-sla-echo)#timeout 500
    Device(config-ip-sla-echo)#exit
    Device(config)#ip sla schedule 1 start-time now

    VIII.2. What are types of IPv6 static routes? (Choose Three )

    • Recursive routes*
    • Directly connected routes*
    • Fully specified routes*
    • Advertised routes
    • Virtual links
    • Redistributed routes
    Show (Hide) Explanation/Reference
    Directly connected routes: In directly attached static routes, only the output interface is specified. The destination is assumed to be directly attached to this interface, so the packet destination is used as the next-hop address. This example shows such a definition:

    ipv6 route 2001:DB8::/32 gigabitethernet1/0/0

    The example specifies that all destinations with address prefix 2001:DB8::/32 are directly reachable through interface GigabitEthernet1/0/0.

    Recursive Static Routes: In a recursive static route, only the next hop is specified. The output interface is derived from the next hop. This example shows such a definition:

    ipv6 route 2001:DB8::/32 2001:DB8:3000:1

    This example specifies that all destinations with address prefix 2001:DB8::/32 are reachable via the host with address 2001:DB8:3000:1.

    Fully Specified Static Routes: In a fully specified static route, both the output interface and the next hop are specified. This form of static route is used when the output interface is a multi-access one and it is necessary to explicitly identify the next hop. The next hop must be directly attached to the specified output interface. The following example shows a definition of a fully specified static route:

    ipv6 route 2001:DB8:/32 gigabitethernet1/0/0 2001:DB8:3000:1

    A fully specified route is valid (that is, a candidate for insertion into the IPv6 routing table) when the specified IPv6 interface is IPv6-enabled and up.

    Besides three of the static IPv routes, there is one more type of IPv6 static route, that is Floating Static Routes (static route with a higher administrative distance than the dynamic routing