Section V: Infrastructure Services

Share Tweet Share Pin it

Time limit: 0

Quiz-summary

0 of 76 questions completed

Questions:

Information

Section V: Infrastructure Services - Test Online

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading...

You must sign in or sign up to start the quiz.

You have to finish following quiz, to start this quiz:

Results

0 of 76 questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 points, (0)

Average score
Your score

Categories

Not categorized 0%

Answered
Review

Question 1 of 76

1. Question
1 points
Which command can you enter to display duplicate IP addresses that the DHCP server assigns?
- show ip dhcp conflict 10.0.2.12
- show ip dhcp database 10.0.2.12
- show ip dhcp server statistics
- show ip dhcp binding 10.0.2.12
Correct

Incorrect

Hint
The command “show ip dhcp conflict” is used to display address conflicts found by a Cisco IOS DHCP Server when addresses are offered to the client. An example of the output of this command is shown below:
Question 2 of 76

2. Question
1 points
Which cloud service is typically used to provide DNS and DHCP services to an enterprise?
- IaaS
- DaaS
- SaaS
- PaaS
Correct

Incorrect
Question 3 of 76

3. Question
1 points
Which command can you enter in global configuration mode to create a DHCP address pool?
- ip dhcp pool DHCP_pool
- ip dhcp conflict logging
- service dhcp
- ip dhcp excluded-address 10.0.2.1 10.0.2.49
Correct

Incorrect
Question 4 of 76

4. Question
1 points
Which value indicates the distance from the NTP authoritative time source?
- stratum
- layer
- location
- priority
Correct

Incorrect
Question 5 of 76

5. Question
1 points
Afer you apply the given configuration to a router, the DHCP clients behind the device cannot communicate with hosts outside of their subnet. Which action is most likely to correct the problem?
```
ip dhcp pool test 
 network 192.168.10.0/27
 domain name cisco.com
 dns-server 172.16.1.1 172.16.2.1
 netbios-name-server 172.16.1.10 172.16.2.10
```
- Configure the dns server on the same subnet as the clients
- Activate the dhcp pool
- Correct the subnet mask
- configure the default gateway
Correct

Incorrect

Hint
In the DHCP pool we need to configure a default gateway (via the “default-route …” command) for the DHCP clients to communicate with outside subnets.
Question 6 of 76

6. Question
1 points
Which statement about DHCP snooping is true?
- it blocks traffic from DHCP servers on untrusted interfaces.
- it can be configured on switches and routers.
- it allows packets from untrusted ports if their source MAC address is found in the binding table.
- it uses DHCPDiscover packets to identify DHCP servers.
Correct

Incorrect
Question 7 of 76

7. Question
1 points
Which two options are benefits of DHCP snooping? (Choose two.)
- It simplifies the process of adding DHCP servers to the network.
- It prevents the deployment of rogue DHCP servers.
- It prevents DHCP reservations.
- It tracks the location of hosts in the network.
- It prevents static reservations.
Correct

Incorrect
Question 8 of 76

8. Question
1 points
Which command can you enter to configure the switch as an authoritative NTP server with a site id: 13999902?
- Switch(config)#ntp master 3
- Switch(config)#ntp peer 193.168.2.2
- Switch(config)#ntp server 193.168.2.2
- Switch(config)#ntp source 193.168.2.2
Correct

Incorrect

Hint
An Authoritative NTP Server can distribute time even when it is not synchronized to an existing time server. To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum] command.
Question 9 of 76

9. Question
1 points
Where does a switch maintain DHCP snooping information ?
- in the MAC address table
- in the CAM table
- in the DHCP binding database
- in the VLAN database
Correct

Incorrect
Question 10 of 76

10. Question
1 points
How does NAT overloading provide one-to-many address translation?
- It uses a pool of addresses
- It converts IPV4 addresses to unused IPv6 Addresses
- assigns a unique TCP/UDP port to each session
- It uses virtual MAC Address and Virtual IP Addresses
Correct

Incorrect

Hint
By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.
Question 11 of 76

11. Question
1 points
Which HSRP feature was new in HSRPv2?
- VLAN group numbers that are greater than 255
- Virtual MAC addresses
- tracking
- preemption
Correct

Incorrect

Hint
Both HSRP version 1 & version 2 support preempt command -> Answer D is not correct. In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095 -> A is correct.
Question 12 of 76

12. Question
1 points
Which keyword enables an HSRP router to take the active role immediately what it comes online?
- preempt
- priority
- version
- IP address
Correct

Incorrect
Question 13 of 76

13. Question
1 points
When troubleshooting client DNS issues, which two tasks must you perform? (Choose two.)
- Ping a public website IP address.
- Ping the DNS server.
- Determine whether the hardware address is correct.
- Determine whether a DHCP address has been assigned.
- Determine whether the name servers have been configured.
Correct

Incorrect
Question 14 of 76

14. Question
1 points
What are the two minimum required components of a DHCP binding? (Choose two.)
- an IP address
- an ip-helper statement
- an exclusion list
- a DHCP pool
- a hardware address
Correct

Incorrect
Question 15 of 76

15. Question
1 points
Which command can you enter to troubleshoot the failure of address assignment?
- sh ip dhcp database
- sh ip dhcp pool
- sh ip dhcp import
- sh ip dhcp server statistics
Correct

Incorrect
Hint
The command “show ip dhcp pool” is used to display information about the DHCP address pools. There are some information we can use to check the failure of address assignment. For example we can see how many IP addresses have been leased for a specific pool. If some IP addresses have been assigned from a pool but a client of that pool has not received the assignment then maybe the issue belongs to the client itself. R1#show ip dhcp pool
```
R1#show ip dhcp pool
Pool SERVER :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0 
 Total addresses                : 1
 Leased addresses               : 1
 Pending event                  : none
 0 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 172.16.200.100       172.16.200.100   - 172.16.200.100    1
```
Question 16 of 76

16. Question
1 points
What are two requirements for an HSRP group? (Choose two.)
- exactly one active router
- one or more standby routers
- one or more backup virtual routers
- exactly one standby active router
- exactly one backup virtual router
Correct

Incorrect

Hint
From this paragraph: “A set of routers that run HSRP works in concert to present the illusion of a single default gateway router to the hosts on the LAN. This set of routers is known as an HSRP group or standby group. A single router that is elected from the group is responsible for the forwarding of the packets that hosts send to the virtual router. This router is known as the active router. Another router is elected as the standby router. If the active router fails, the standby assumes the packet forwarding duties. Although an arbitrary number of routers may run HSRP, only the active router forwards the packets that are sent to the virtual router IP address. In order to minimize network traffic, only the active and the standby routers send periodic HSRP messages after the protocol has completed the election process. Additional routers in the HSRP group remain in the Listen state. If the active router fails, the standby router takes over as the active router. If the standby router fails or becomes the active router, another router is elected as the standby router.” Reference: https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#anc6 -> There is exactly one active router and one standby router in an HSRP group. Answer A is surely a correct but other answers are not correct. Answers C, D and E are wrong terminologies so they are surely not correct. Therefore answer B is a best choice left (although it is not totally correct).
Question 17 of 76

17. Question
1 points
Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Protocol?
- VRRP
- GLBP
- TFTP
- DHCP
Correct

Incorrect

Hint
Virtual Router Redundancy Protocol (VRRP) is one of the First Hop Redundancy Protocols that is supported by Cisco. Unlike HSRP and GLBP (which are Cisco proprietary protocols), VRRP is an industry standard protocol.
Question 18 of 76

18. Question
1 points
Which protocol is the Cisco proprietary implementation of FHRP?
- HSRP
- VRRP
- GLBP
- CARP
Correct

Incorrect
Question 19 of 76

19. Question
1 points
What are two benefits of using NAT? (Choose two.)
- NAT protects network security because private networks are not advertised.
- NAT accelerates the routing process because no modifications are made on the packets.
- Dynamic NAT facilitates connections from the outside of the network.
- NAT facilitates end-to-end communication when IPsec is enable.
- NAT eliminates the need to re-address all host that require external access.
- NAT conserves addresses through host MAC-level multiplexing.
Correct

Incorrect

Hint
By not reveal the internal IP addresses, NAT adds some security to the inside network -> A is correct. NAT has to modify the source IP addresses in the packets -> B is not correct. Connection from the outside to a network through “NAT” is more difficult than a normal network because IP addresses of inside hosts are hidden -> C is not correct. In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> D is not correct. By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-address the inside hosts -> E is correct. NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowing many private IP addresses to use the same public IP address to go to the Internet -> F is not correct.
Question 20 of 76

20. Question
1 points
Which statement is correct regarding the operation of DHCP?
- A DHCP client uses a ping to detect address conflicts.
- A DHCP server uses a gratuitous ARP to detect DHCP clients.
- A DHCP client uses a gratuitous ARP to detect a DHCP server.
- If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.
- If an address conflict is detected, the address is removed from the pool for an amount of time configurable by the administrator.
- If an address conflict is detected, the address is removed from the pool and will not be reused until the server is rebooted.
Correct

Incorrect

Hint
An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict. (Reference: http://www.cisco.com/en/US/docs/ios/12_1/iproute/configuration/guide/1cddhcp.html)
Question 21 of 76

21. Question
1 points
Which value to use in HSRP protocol election process?
- interface
- virtual IP address
- priority
- router ID
Correct

Incorrect
Hint
HSRP election is based on a priority value (0 to 255) that is configured on each router in the group. By default, the priority is 100. The router with the highest priority value (255 is highest) becomes the active router for the group. If all router priorities are equal or set to the default value, the router with the highest IP address on the HSRP interface becomes the active router. Below is an example of assigning HSRP priority of 200 to R1:
```
R1(config-if)# standby 1 priority 200
```
Question 22 of 76

22. Question
1 points
Which of the following is needed to be enable back the role of active in HSRP?
- preempt
- priority
- other options
Correct

Incorrect
Hint
The “preempt” command enables the HSRP router with the highest priority to immediately become the active router. For example if we have a new router joining an HSRP of 1 and we want this router becomes the active router immediately (provided it had the highest HSRP priority) then we will need this additional command:
```
New_Router(config-if)#standby 1 preempt
```
Question 23 of 76

23. Question
1 points
What is new in HSRPv2?
- prempt
- a greater number in hsrp group field
- other
Correct

Incorrect
Question 24 of 76

24. Question
1 points
Which command is used to build DHCP pool?
- ip dhcp pool DHCP
- ip dhcp conflict
- ip dhcp-server pool DHCP
- ip dhcp-client pool DHCP
Correct

Incorrect

Hint
The following example shows how to configure a DHCP Server on a Cisco router: Note: We checked with both Cisco IOS v12.4 and v15.4 but found no “ip dhcp-server pool” command: Therefore the answer “ip dhcp-server pool …” is not correct.
Question 25 of 76

25. Question
1 points
What is the two benefits of DHCP snooping? (Choose two)
- static reservation
- DHCP reservation
- prevent DHCP rouge server
- prevent untrusted host and servers to connect
Correct

Incorrect

Hint
Quick review of DHCP Spoofing and DHCP snooping: DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”. The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response. DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted. Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down -> Answer D is correct. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients. Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes -> C is correct.
Question 26 of 76

26. Question
1 points
Which command is used to configure a switch as an authoritative NTP server?
- Switch(config)#ntp master 3
- Switch(config)#ntp peer IP
- Switch(config)#ntp server IP
- Switch(config)#ntp source IP
Correct

Incorrect

Hint
An Authoritative NTP Server can distribute time even when it is not synchronized to an existing time server. To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum] command.
Question 27 of 76

27. Question
1 points
Which configuration command can you apply to a HSRP router so that its local interface becomes active if all other routers in the group fail?
- no additional configuration is required
- standby 1 track Ethernet
- standby 1 preempt
- standby 1 priority 250
Correct

Incorrect

Hint
When all other routers in the group fail, the local router will not receive any HSRP Hello messages so it will become “active”. Notice that in this case the “preempt” command is not necessary. The “preempt” command is only useful when the local router receives a HSRP Hello message from the active HSRP router with a lower priority (then the local router will decide to take over the active role).
Question 28 of 76

28. Question
1 points
How to see dhcp conflict?
- show ip dhcp pool
- show dhcp database
- show ip dhcp conflict
- Other Option.
Correct

Incorrect

Hint
Question 29 of 76

29. Question
1 points
Where does the configuration reside when a helper address is configured to support DHCP?
- on the switch trunk interface.
- on the router closest to the client.
- on the router closest to the server.
- on every router along the path.
Correct

Incorrect
Question 30 of 76

30. Question
1 points
What is the danger of the permit any entry in a NAT access list?
- It can lead to overloaded resources on the router.
- It can cause too many addresses to be assigned to the same interface.
- It can disable the overload command.
- It prevents the correct translation of IP addresses on the inside network.
Correct

Incorrect

Hint
Using permit any can result in NAT consuming too many router resources, which can cause network problems. You should only limit the NAT access list to a specific range of IP addresses.
Question 31 of 76

31. Question
1 points
How does a DHCP server dynamically assign IP addresses to hosts?
- Addresses are permanently assigned so that the host uses the same address at all times.
- Addresses are assigned for a fixed period of time.
- Addresses are leased to hosts. A host will usually keep the same address by periodically contacting the DHCP server to renew the lease.
- Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
Correct

Incorrect

Hint
The DHCP lifecycle consists of the following: Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.
Question 32 of 76

32. Question
1 points
Which command can you enter to determine the addresses that have been assigned on a DHCP Server?
- Show ip DHCP database.
- Show ip DHCP pool.
- Show ip DHCP binding.
- Show ip DHCP server statistic.
Correct

Incorrect

Hint
http://www.aubrett.com/InformationTechnology/RoutingandSwitching/Cisco/CiscoRouters/ DHCPBindings.aspx “Router#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type 10.16.173.0 24d9.2141.0ddd Jan 12 2013 03:42 AM Automatic”
Question 33 of 76

33. Question
1 points
Which two command can you enter to display the current time sources statistics on devices? (Choose TWO)
- Show ntp associations.
- Show clock details.
- Show clock.
- Show time.
- Show ntp status.
Correct

Incorrect
Hint
Maybe the “current time sources” here mention about the status of the clock source. In the below output, the “show ntp associations” command reveals the IP address of the clock source (which is 209.65.200.226), the stratum (st) of this reference clock…
```
R1#show ntp associations
      address         ref clock     st  when  poll reach  delay  offset    disp
*~10.1.2.1         209.65.200.226    9   509    64  200    32.2   15.44  16000.
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
```
Below is the output of the “show ntp status” command. From this output we learn that R1 has a stratum of 10 and it is getting clock from 10.1.2.1.
```
R1#show ntp status
Clock is synchronized, stratum 10, reference is 10.1.2.1
nominal freq is 250.0000 Hz, actual freq is 249.9987 Hz, precision is 2**18
reference time is D5E492E9.98ACB4CF (13:00:25.596 CST Wed Sep 18 2013)
clock offset is 15.4356 msec, root delay is 52.17 msec
root dispersion is 67.61 msec, peer dispersion is 28.12 msec
```
For more information about these two commands, please read at: http://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/116161-trouble-ntp-00.html In fact this question is unclear, but other answers are surely not correct.
Question 34 of 76

34. Question
1 points
What is the default lease time for a DHCP binding?
- 24 hours
- 12 hours
- 48 hours
- 36 hours
Correct

Incorrect

Hint
By default, each IP address assigned by a DHCP Server comes with a one- day lease, which is the amount of time that the address is valid. To change the lease value for an IP address, use the following command in DHCP pool configuration mode:
Question 35 of 76

35. Question
1 points
Which NAT type is used to translate a single inside address to a single outside address?
- dynamic NAT
- NAT overload
- PAT
- static NAT
Correct

Incorrect

Hint
There are two types of NAT translation: dynamic and static. Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address. In this question we only want to translate a single inside address to a single outside address so static NAT should be used.
Question 36 of 76

36. Question
1 points
What is the effect of the overload keyword in a static NAT translation configuration?
- It enables port address translation.
- It enables the use of a secondary pool of IP addresses when the first pool is depleted
- It enables the inside interface to receive traffic.
- It enables the outside interface to forward traffic.
Correct

Incorrect

Hint
http://www.firewall.cx/networking-topics/network-address-translation-nat/233-nat-overload-part-1.html
Question 37 of 76

37. Question
1 points
Which statement about the inside interface configuration in a NAT deployment is true?
- It is defined globally
- It identifies the location of source addresses for outgoing packets to be translated using access or route maps.
- It must be configured if static NAT is used
- It identifies the public IP address that traffic will use to reach the internet.
Correct

Incorrect

Hint
When we specify a NAT “inside” interface (via the “ip nat inside” command under interface mode), we are specifying the source IP addresses. Later in the “ip nat” command under global configuration mode, we will specify the access or route map for these source addresses. For example the command: Router(config)# ip nat inside source list 1 pool PoolforNAT after the keyword “source” we need to specify one of the three keywords: + list: specify access list describing local addresses (but this command does not require an “inside” interface to be configured) + route-map: specify route-map + static: specify static local -> global mapping
Question 38 of 76

38. Question
1 points
Which NTP type designates a router without an external reference clock as an authoritative time source?
- server
- peer
- master
- client
Correct

Incorrect
Question 39 of 76

39. Question
1 points
Which NTP command configures the local devices as an NTP reference clock source?
- NTP Peer
- NTP Broadcast
- NTP Master
- NTP Server
Correct

Incorrect

Hint
From a Cisco perspective, getting the clock from an Internet time source and/or from a local timing device both require the same command (ntp server). To have a specific network device consider itself as a reference clock source, another command is used (ntp master) For example, the command Router(config)#ntp server 192.168.1.1 configures the local device to use a remote NTP clock source from 192.168.1.1 while the command: Router(config)#ntp master 1 configures the local device as a NTP reference clock source with stratum of 1. Reference: http://www.pearsonitcertification.com/articles/article.aspx?p=2141272
Question 40 of 76

40. Question
1 points
If you want multiple hosts on a network, where do you configure the setting?
- in the IP protocol
- in the multicast interface
- in the serial interface
- in the global configuration
Correct

Incorrect
Question 41 of 76

41. Question
1 points
Refer to the exhibit. Which rule does the DHCP server use when there is an IP address conflict?
- The address is removed from the pool until the conflict is resolved.
- The address remains in the pool until the conflict is resolved.
- Only the IP detected by Gratuitous ARP is removed from the pool.
- Only the IP detected by Ping is removed from the pool.
- The IP will be shown, even after the conflict is resolved.
Correct

Incorrect

Hint
An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict.
Question 42 of 76

42. Question
1 points
Which configuration can be used with PAT to allow multiple inside address to be translated to a single outside address ?
- Dynamic Routing
- DNS
- Preempt
- overload
Correct

Incorrect
Question 43 of 76

43. Question
1 points
Which command can you enter to create a NAT pool of 6 addresses?
- Router(config)#ip nat pool test 175.17.12.69 175.17.12.74 prefix-length 24
- Router(config)#ip nat pool test 175.17.12.69 175.17.13.74 prefix-length 16
- Router(config)#ip nat pool test 175.17.12.66 175.17.12.72 prefix-length 8
- Router(config)#ip nat pool test 175.17.12.69 175.17.12.76 prefix-length 8
Correct

Incorrect

Hint
The syntax to create a NAT pool is: Router(config)#ip nat pool pool_name start_ip end_ip { netmask netmask | prefix-length prefix-length } Therefore answer A is surely correct. Answer B is not correct as it creates many addresses (from 12.69 to 12.255 then to 13.74). Answer C and D are not correct as we cannot use prefix-length of 8 (/8) for a class B subnet.
Question 44 of 76

44. Question
1 points
While troubleshooting a DCHP client that is behaving erratically, you discover that the client has been assigned the same IP address as a printer that is a static IP address. Which option is the best way to resolve the problem?
- Configurea static route to the client.
- Assign the client the same IP address as the router.
- Move the client to another IP subnet
- Move the printer to another IP subnet.
- Reserve the printer IP address.
Correct

Incorrect

Hint
In this case the printer is statically assigned an IP address so we have to make sure DHCP server does not assign the same IP address to another device. We can configure the DHCP server with the command “ip dhcp excluded-address ” (suppose it is a Cisco device).
Question 45 of 76

45. Question
1 points
Which three commands are required to enable NTP authentication on a Cisco router? (Choose three)
- ntp peer
- ntp max-associations
- ntp authenticate
- ntp trusted-key
- ntp authentication-key
- ntp refclock
Correct

Incorrect

Hint
+ The “ntp authenticate” command is used to enable the NTP authentication feature (NTP authentication is disabled by default). + The “ntp trusted-key” command specifies one or more keys that a time source must provide in its NTP packets in order for the device to synchronize to it. This command provides protection against accidentally synchronizing the device to a time source that is not trusted. + The “ntp authentication-key” defines the authentication keys. The device does not synchronize to a time source unless the source has one of these authentication keys and the key number is specified by the “ntp trusted-key number” command.
Question 46 of 76

46. Question
1 points
After you configure the ip dns spoofing command globally on a device, under which two conditions is DNS spoofing enabled on the device? (Choose two.)
- The DNS server queue limit id disabled
- The ip host command is disabled
- All configured IP name server addresses are removed
- The ip dns spoofing command is disabled on the local interface
- The no ip domain lookup command is configured
Correct

Incorrect

Hint
DNS spoofing is designed to allow a router to act as a proxy DNS server and “spoof” replies to any DNS queries using either the configured IP address in the ip dns spoofing ip-address command or the IP address of the incoming interface for the query. This feature is useful for devices where the interface toward the Internet service provider (ISP) is not up. Once the interface to the ISP is up, the router forwards DNS queries to the real DNS servers. This feature turns on DNS spoofing and is functional if any of the following conditions are true: The no ip domain lookup command is configured. IP name server addresses are not configured. There are no valid interfaces or routes for sending to the configured name server addresses.
Question 47 of 76

47. Question
1 points
Which task must you perform to enable an IOS device to use DNS services?
- configure a relay agent information reforwarding policy
- configure manual bindings
- configure the relay agent information option
- configure a name server
Correct

Incorrect
Question 48 of 76

48. Question
1 points
Which technology allows a large number of private IP address to be represented by a smaller number of public IP addresses?
- NTP
- RFC 1918
- PBR
- NAT
Correct

Incorrect
Question 49 of 76

49. Question
1 points
Which two types of NAT addresses are used in a Cisco NAT device? (Choose two.)
- inside local
- inside global
- inside private
- outside private
- external global
- external local
Correct

Incorrect

Hint
NAT use four types of addresses: * Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address. * Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world. * Outside local address – The IP address of an outside host as it is known to the hosts on the inside network. * Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.
Question 50 of 76

50. Question
1 points
Which statement describes the process of dynamically assigning IP addresses by the DHCP server?
- Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
- Addresses are permanently assigned so that the hosts use the same address at all times.
- Addresses are assigned for a fixed period of time, at the end of the period, a new request for an address must be made.
- Addresses are leased to hosts, which periodically contact the DHCP server to renew the lease.
Correct

Incorrect

Hint
The DHCP lifecycle consists of the following: Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.
Question 51 of 76

51. Question
1 points
Refer to the exhibit. What statement is true of the configuration for this network?
- The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.
- Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown.
- The number 1 referred to in the ip nat inside source command references access-list number 1.
- ExternalRouter must be configured with static routes to networks 172.16.1.0/24 and 172.16.2.0/24.
Correct

Incorrect

Hint
The “list 1 refers to the access-list number 1.
Question 52 of 76

52. Question
1 points
When a DHCP server is configured, which two IP addresses should never be assignable to hosts? (Choose two.)
- network or subnetwork IP address
- broadcast address on the network
- IP address leased to the LAN
- IP address used by the interfaces
- manually assigned address to the clients
- designated IP address to the DHCP server
Correct

Incorrect

Hint
Network or subnetwork IP address (for example 11.0.0.0/8 or 13.1.0.0/16) and broadcast address (for example 23.2.1.255/24) should never be assignable to hosts. When try to assign these addresses to hosts, you will receive an error message saying that they can’t be assignable.
Question 53 of 76

53. Question
1 points
Which two statements about static NAT translations are true? (Choose two.)
- They allow connections to be initiated from the outside.*
- They require no inside or outside interface markings because addresses are statically defined.
- They are always present in the NAT table.
- They can be configured with access lists, to allow two or more connections to be initiated from the outside.
Correct

Incorrect

Hint
Static NAT is to map a single outside IP address to a single inside IP address. This is typically done to allow incoming connections from the outside (Internet) to the inside. Since these are static, they are always present in the NAT table even if they are not actively in use
Question 54 of 76

54. Question
1 points
In a GLBP network, who is responsible for the arp request?
- AVF
- AVG
- Active router
- Standby Router
Correct

Incorrect
Question 55 of 76

55. Question
1 points
In GLBP, which router will respond to client ARP requests?
- The active virtual gateway will reply with one of four possible virtual MAC addresses.
- All GLBP member routers will reply in round-robin fashion.
- The active virtual gateway will reply with its own hardware MAC address.
- The GLBP member routers will reply with one of four possible burned in hardware addresses.
Correct

Incorrect

Hint
One disadvantage of HSRP and VRRP is that only one router is in use, other routers must wait for the primary to fail because they can be used. However, Gateway Load Balancing Protocol (GLBP) can use of up to four routers simultaneously. In GLBP, there is still only one virtual IP address but each router has a different virtual MAC address. First a GLBP group must elect an Active Virtual Gateway (AVG). The AVG is responsible for replying ARP requests from hosts/clients. It replies with different virtual MAC addresses that correspond to different routers (known as Active Virtual Forwarders – AVFs) so that clients can send traffic to different routers in that GLBP group (load sharing).
Question 56 of 76

56. Question
1 points
Which statement describes VRRP object tracking?
- It monitors traffic flow and link utilization.
- It ensures the best VRRP router is the virtual router master for the group.
- It causes traffic to dynamically move to higher bandwidth links.
- It thwarts man-in-the-middle attacks.
Correct

Incorrect

Hint
Object tracking is the process of tracking the state of a configured object and uses that state to determine the priority of the VRRP router in a VRRP group
Question 57 of 76

57. Question
1 points
What are three benefits of GLBP? (Choose three.)
- GLBP supports up to eight virtual forwarders per GLBP group.
- GLBP supports clear text and MD5 password authentication between GLBP group members.
- GLBP is an open source standardized protocol that can be used with multiple vendors.
- GLBP supports up to 1024 virtual routers.
- GLBP can load share traffic across a maximum of four routers.
- GLBP elects two AVGs and two standby AVGs for redundancy.
Correct

Incorrect
Question 58 of 76

58. Question
1 points
Which three statements about HSRP operation are true? (Choose three.)?
- The virtual IP address and virtual MAC address are active on the HSRP Master router.
- The HSRP default timers are a 3 second hello interval and a 10 second dead interval.
- HSRP supports only clear-text authentication
- The HSRP virtual IP address must be on a different subnet than the routers’ interfaces on the same LAN.
- The HSRP virtual IP address must be the same as one of the router’s interface addresses on the LAN.
- HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing.
Correct

Incorrect

Hint
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic5 “The active router sources hello packets from its configured IP address and the HSRP virtual MAC address. The standby router sources hellos from its configured IP address and the burned-in MAC address (BIA).” http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic14 “By default, these timers are set to 3 and 10 seconds, respectively…” http://www.cisco.com/c/en/us/support/docs/switches catalyst-6000-series-switches/29545-168.html#q1 Load Sharing with HSRP http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13781-7.html#conf “…has a 256 unique HSRP group ID limit.” “…the allowed group ID range (0-255). … MSFC2A (Supervisor Engine 32) can use any number of group IDs from that range.
Question 59 of 76

59. Question
1 points
Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Protocol?
- VRRP
- GLBP
- TFTP
- DHCP
Correct

Incorrect

Hint
Virtual Router Redundancy Protocol (VRRP) is one of the First Hop Redundancy Protocols that is supported by Cisco. Unlike HSRP and GLBP (which are Cisco proprietary protocols), VRRP is an industry standard protocol.
Question 60 of 76

60. Question
1 points
Which NAT function can map multiple inside addresses to a single outside address?
- PAT
- SFTP
- RARP
- ARP
- TFTP
Correct

Incorrect

Hint
By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.
Question 61 of 76

61. Question
1 points
Which three options are the HSRP states for a router? (Choose three)
- initialize
- learn
- secondary
- listen
- speak
- primary
Correct

Incorrect

Hint
HSRP consists of 6 states: Please notice that not all routers in a HSRP group go through all states above. In a HSRP group, only one router reaches active state and one router reaches standby state. Other routers will stop at listen state.
Question 62 of 76

62. Question
1 points
Which NTP command configures the local device as an NTP reference clock source?
- ntp peer
- ntp broadcast
- ntp master
- ntp server
Correct

Incorrect
Question 63 of 76

63. Question
1 points
Which technology supports the stateless assignment of IPv6 addresses? (Choose two.)
- DNS
- DHCPv6
- DHCP
- autoconfiguration
Correct

Incorrect

Hint
DHCPv6 Technology Overview IPv6 Internet Address Assignment Overview IPv6 has been developed with Internet Address assignment dynamics in mind. Being aware that IPv6 Internet addresses are 128 bits in length and written in hexadecimals makes automation of address- assignment an important aspect within network design. These attributes make it inconvenient for a user to manually assign IPv6 addresses, as the format is not naturally intuitive to the human eye. To facilitate address assignment with little or no human intervention, several methods and technologies have been developed to automate the process of address and configuration parameter assignment to IPv6 hosts. The various IPv6 address assignment methods are as follows: 1. Manual Assignment An IPv6 address can be statically configured by a human operator. However, manual assignment is quite open to errors and operational overhead due to the 128 bit length and hexadecimal attributes of the addresses, although for router interfaces and static network elements and resources this can be an appropriate solution. 2. Stateless Address Autoconfiguration (RFC2462) Stateless Address Autoconfiguration (SLAAC) is one of the most convenient methods to assign Internet addresses to IPv6 nodes. This method does not require any human intervention at all from an IPv6 user. If one wants to use IPv6 SLAAC on an IPv6 node, it is important that this IPv6 node is connected to a network with at least one IPv6 router connected. This router is configured by the network administrator and sends out Router Advertisement announcements onto the link. These announcements can allow the on-link connected IPv6 nodes to configure themselves with IPv6 address and routing parameters, as specified in RFC2462, without further human intervention. 3. Stateful DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) has been standardized by the IETF through RFC3315. DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to “IPv6 Stateless Address Autoconfiguration” (RFC 2462), and can be used separately, or in addition to the stateless autoconfiguration to obtain configuration parameters. 4. DHCPv6-PD DHCPv6 Prefix Delegation (DHCPv6-PD) is an extension to DHCPv6, and is specified in RFC3633. Classical DHCPv6 is typically focused upon parameter assignment from a DHCPv6 server to an IPv6 host running a DHCPv6 protocol stack. A practical example would be the stateful address assignment of “2001:db8::1” from a DHCPv6 server to a DHCPv6 client. DHCPv6-PD however is aimed at assigning complete subnets and other network and interface parameters from a DHCPv6-PD server to a DHCPv6-PD client. This means that instead of a single address assignment, DHCPv6-PD will assign a set of IPv6 “subnets”. An example could be the assignment of “2001:db8::/60” from a DHCPv6-PD server to a DHCPv6-PD client. This will allow the DHCPv6-PD client (often a CPE device) to segment the received address IPv6 address space, and assign it dynamically to its IPv6 enabled interfaces. 5. Stateless DHCPv6 Stateless DHCPv6 is a combination of “stateless Address Autoconfiguration” and “Dynamic Host Configuration Protocol for IPv6” and is specified by RFC3736. When using stateless-DHCPv6, a device will use Stateless Address Auto-Configuration (SLAAC) to assign one or more IPv6 addresses to an interface, while it utilizes DHCPv6 to receive “additional parameters” which may not be available through SLAAC. For example, additional parameters could include information such as DNS or NTP server addresses, and are provided in a stateless manner by DHCPv6. Using stateless DHCPv6 means that the DHCPv6 server does not need to keep track of any state of assigned IPv6 addresses, and there is no need for state refreshment as result. On network media supporting a large number of hosts associated to a single DHCPv6 server, this could mean a significant reduction in DHCPv6 messages due to the reduced need for address state refreshments. From Cisco IOS 12.4(15)T onwards the client can also receive timing information, in addition to the “additional parameters” through DHCPv6. This timing information provides an indication to a host when it should refresh its DHCPv6 configuration data. This behavior (RFC4242) is particularly useful in unstable environments where changes are likely to occur.
Question 64 of 76

64. Question
1 points
Which command can you enter to troubleshoot the failure of address assignment?
- sh ip dhcp database
- sh ip dhcp pool
- sh ip dhcp import
- sh ip dhcp server statistics
Correct

Incorrect
Hint
The command “show ip dhcp pool” is used to display information about the DHCP address pools. There are some information we can use to check the failure of address assignment. For example we can see how many IP addresses have been leased for a specific pool. If some IP addresses have been assigned from a pool but a client of that pool has not received the assignment then maybe the issue belongs to the client itself.
```
R1#show ip dhcp pool
Pool SERVER :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0 
 Total addresses                : 1
 Leased addresses               : 1
 Pending event                  : none
 0 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 172.16.200.100       172.16.200.100   - 172.16.200.100    1
```
Question 65 of 76

65. Question
1 points
Which command can you enter to verify that a router is synced with a configures time source?
- show ntp authenticate
- ntp associations
- ntp server time
- ntp authenticate
- show ntp associations
Correct

Incorrect
Hint
In the below output, the “show ntp associations” command reveals the IP address of the clock source (which is 209.65.200.226), the stratum (st) of this reference clock and if a router is synced with the configured time source (in this case R1 is synchronized with 10.1.2.1, presented by a “*”).
```
R1#show ntp associations
      address         ref clock     st  when  poll reach  delay  offset    disp
*~10.1.2.1         209.65.200.226    9   509    64  200    32.2   15.44  16000.
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
```
Question 66 of 76

66. Question
1 points
Which statement about QoS default behavior is true?
- Ports are untrusted by default.
- VoIP traffic is passed without being tagged.
- Video traffic is passed with a well-known DSCP value of 46.
- Packets are classified internally with an environment.
- Packets that arrive with a tag are untagged at the edge of an administrative domain.
Correct

Incorrect

Hint
Frames received from users in the administratively-defined VLANs are classified or tagged for transmission to other devices. Based on rules that you define, a unique identifier (the tag) is inserted in each frame header before it is forwarded. The tag is examined and understood by each device before any broadcasts or transmissions to other switches, routers, or end stations. When the frame reaches the last switch or router, the tag is removed before the frame is sent to the target end station. VLANs that are assigned on trunk or access ports without identification or a tag are called native or untagged frames. For IEEE 802.1Q frames with tag information, the priority value from the header frame is used. For native frames, the default priority of the input port is used. Each port on the switch has a single receive queue buffer (the ingress port) for incoming traffic. When an untagged frame arrives, it is assigned the value of the port as its port default priority. You assign this value by using the CLI or CMS. A tagged frame continues to use its assigned CoS value when it passes through the ingress port.
Question 67 of 76

67. Question
1 points
What is the authoritative source for an address lookup?
- a recursive DNS search
- the operating system cache
- the ISP local cache
- the browser cache
Correct

Incorrect
Question 68 of 76

68. Question
1 points
Which configuration command can you apply to a HSRP router so that its local interface becomes active if all other routers in the group fail?
- Router(config)#standby 1 priority 250
- No additional configuration is required
- Router(config)#standby 1 preempt
- Router(config)#standby 1 track Ethernet
Correct

Incorrect
Question 69 of 76

69. Question
1 points
Which option is the benefit of implementing an intelligent DNS for a cloud computing solution?
- It reduces the need for a backup data center.
- It can redirect user requests to locations that are using fewer network resources.
- It enables the ISP to maintain DNS records automatically.
- It eliminates the need for a GSS.
Correct

Incorrect
Question 70 of 76

70. Question
1 points
Which value is used to determine the active router in an HSRP default configuration?
- Router loopback address
- Router IP address
- Router priority
- Router tracking number
Correct

Incorrect
Question 71 of 76

71. Question
1 points
What is a valid HSRP virtual MAC address?
- 007.3313.9734
- 0000.0C07.AC15
- 0007.B400.AE01
- 0000.5E00.01A3
Correct

Incorrect

Hint
With HSRP, two or more devices support a virtual router with a fictitious MAC address and unique IP address. There are two version of HSRP. + With HSRP version 1, the virtual router’s MAC address is 0000.0c07.ACxx , in which xx is the HSRP group. Therefore C is correct. + With HSRP version 2, the virtual MAC address is 0000.0C9F.Fxxx, in which xxx is the HSRP group. Note: Another case is HSRP for IPv6, in which the MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF. (Good resource for HSRP: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html)
Question 72 of 76

72. Question
1 points
Requirement to configure DHCP binding ( 2 options)
- DHCP pool
- ip address
- Hardware address
- other option
Correct

Incorrect
Hint
An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server. Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hoststhat are found in the DHCP database. All DHCP clients send a client identifier (DHCP option 61) in the DHCP packet. To configure manual bindings, you must enter the client-identifier DHCP pool configuration command with the appropriate hexadecimal values identifying the DHCP client. For example:
```
ip dhcp pool SERVER
host 172.16.200.100 255.255.255.0
client-identifier 01aa.bbcc.0003.00
default-router 172.16.200.1 
!
```
Therefore two requirements for DHCP binding is the IP address and the hardware address (MAC address) of the client. Notice that in the above example “aabb.cc00.0300” is the MAC address of the client while prefix “01” represents the Ethernet media type. Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfdhcp.html In fact the “DHCP pool” option is also correct but two above choices are better.

Question 73 of 76

73. Question

1 points

DRAG DROP. Drag and drop the DHCP client states from the left into the standard order in which the client passes through them on the right. Select and Place: Section V: Infrastructure Services - Test Online 11

Section V: Infrastructure Services - Test Online 11

Sort elements

initializing
selecting
reqesting
bound
renewing
rebinding

first

second

third

fourth

fifth

sixth

Correct

Incorrect

Question 74 of 76

74. Question

1 points

DRAG DROP. Drag and drop the DNS lookup commands from the left onto the correct effects on the right. Select and Place: Section V: Infrastructure Services - Test Online 12

Section V: Infrastructure Services - Test Online 12

Sort elements

ip domain lookup source-interface
ip dns server
ip name-server
ip domain list
ip domain name
ip host

enables DNS lookup on an individual interface

enables the DNS server to provides lookup services

identifies a DNS server to provide lookup services

specifies a sequence of domain names

specifies the default domain to append to unqualified host names

statically maps an IP address to a hostname

Correct

Incorrect

Question 75 of 76

75. Question

1 points

DRAG DROP. Drag and drop the protocols from the left onto the correct IP traffic types on the right. Select and Place: Section V: Infrastructure Services - Test Online 13

Section V: Infrastructure Services - Test Online 13

Sort elements

HTTP
SMTP
Telnet
DHCP
SNMP
VoIP

TCP (1)

TCP (2)

TCP (3)

UDP (1)

UDP (2)

UDP (3)

Correct

Incorrect

Question 76 of 76

76. Question

1 points

DRAG DROP. Order the DHCP message types as they would occur between a DHCP client and a DHCP server. Select and Place: Section V: Infrastructure Services - Test Online 14

Section V: Infrastructure Services - Test Online 14

Sort elements

DHCPDISCOVER
DHCPOFFER
DHCPREQUEST
DHCPACK

Correct

Incorrect

← Previous Article

Section IV: WAN Technologies – Test Online

Section VI: Infrastructure Security – Test Online

Quiz-summary

Information

Results

Categories

1. Question

Hint

2. Question

3. Question

4. Question

5. Question

Hint

6. Question

7. Question

8. Question

Hint

9. Question

10. Question

Hint

11. Question

Hint

12. Question

13. Question

14. Question

15. Question

Hint

16. Question

Hint

17. Question

Hint

18. Question

19. Question

Hint

20. Question

Hint

21. Question

Hint

22. Question

Hint

23. Question

24. Question

Hint

25. Question

Hint

26. Question

Hint

27. Question

Hint

28. Question

Hint

29. Question

30. Question

Hint

31. Question

Hint

32. Question

Hint

33. Question

Hint

34. Question

Hint

35. Question

Hint

36. Question

Hint

37. Question

Hint

38. Question

39. Question

Hint

40. Question

41. Question

Hint

42. Question

43. Question

Hint

44. Question

Hint

45. Question

Hint

46. Question