Cisco Certified Network Associate - GRATIS EXAM

Cisco Certified Network Associate

Number: 640-802Passing Score: 825Time Limit: 90 minFile Version: 1000.0

http://www.gratisexam.com/

640-802 Cisco Certified Network Associate (CCNA)Version 100.0

byNapoleon I

Sections1. Basic Questions2. TCP/IP (Including OSI Model, IOS, Telnet, DHCP)3. Cisco IOS basic (incl. show cmnds, loading process)4. Cisco IOS adv. (incl. file mngmnt, CDP, global cmnds)5. VLSM & IPv46. IP Routing (incl. Static, default; RIPv1-2)7. IP Routing (EIGRP & OSPF)8. Switching (STP/RSTP; 802.1q; Ethernet; Port-security)9. Switching (VLAN & VTP)10.VTP SIM Question11.Access List (ACL, VPN & Security Devices)12.ACL Simulation 113.Network Address Translations (NAT)14.WAN (HDLC, PPP, Frame Relay & Etc.)15.Hotspot Topology Based Questions16.Hotspot Topology Based Questions 217.Wireless18. IPv6

Exam A

QUESTION 1For which type of connection should a straight-through cable be used?

A. switch to switchB. switch to hubC. switch to routerD. hub to hubE. router to PC

Correct Answer: CSection: Basic QuestionsExplanation

Explanation/Reference:

QUESTION 2Which type of cable is used to connect the COM port of a host to the COM port of a router or switch?

A. crossoverB. straight-throughC. rolledD. shielded twisted-pair



QUESTION 3What is the first 24 bits in a MAC address called?

A. NICB. BIAC. OUID. VAI


Explanation/Reference:This question is to examine the MAC address structure. The MAC address is expressed as a 48-bithexadecimal number. The first 24-bit number is to identify the vendor/manufacturer, also called OUI. The latter24-bit is assigned by the vendor

QUESTION 4In an Ethernet network, under what two scenarios can devices transmit? (Choose two.)

A. when they receive a special token

B. when there is a carrierC. when they detect no other devices are sendingD. when the medium is idleE. when the server grants access

Correct Answer: CDSection: Basic QuestionsExplanation


QUESTION 5Which two benefits are provided by using a hierarchical addressing network addressing scheme? (Choosetwo.)

A. reduces routing table entriesB. auto-negotiation of media ratesC. efficient utilization of MAC addressesD. dedicated communications between devicesE. ease of management and troubleshooting

Correct Answer: AESection: Basic QuestionsExplanation



QUESTION 6When a host transmits data across a network to another host, which process does the data go through?

A. standardizationB. conversionC. encapsulationD. synchronization



QUESTION 7Which two Ethernet fiber-optic modes support distances of greater than 550 meters?

A. 1000BASE-CX

B. 100BASE-FXC. 1000BASE-LXD. 1000BASE-SXE. 1000BASE-ZX

Correct Answer: CESection: Basic QuestionsExplanation


QUESTION 8Refer to the exhibit:

What type of connection would be supported by the cable diagram shown?

A. PC to routerB. PC to switchC. server to routerD. router to router

Correct Answer: BSection: Basic QuestionsExplanation



What type of connection would be supported by the cable diagram shown?

A. PC to routerB. PC to switchC. server to switchD. switch to router

Correct Answer: ASection: Basic QuestionsExplanation


QUESTION 10Which two topologies are using the correct type of twisted-pair cables? (Choose two.)

A.

B.

C.

D.

E.

Correct Answer: DESection: Basic QuestionsExplanation


QUESTION 11What are some of the advantages of using a router to segment the network? (Choose two.)

A. Filtering can occur based on Layer 3 information.B. Broadcasts are eliminated.C. Routers generally cost less than switches.

D. Broadcasts are not forwarded across the router.E. Adding a router to the network decreases latency.

Correct Answer: ADSection: Basic QuestionsExplanation

Explanation/Reference:The router will never forward the broadcast packet, each interface of the router is a separate broadcast domain.The router has two primary advantages: 1.By default, the router will never forward broadcasts.

QUESTION 12Which of the following statements describe the network shown in the graphic? (Choose two.)

A. There are two broadcast domains in the network.B. There are four broadcast domains in the network.C. There are six broadcast domains in the network.D. There are four collision domains in the network.E. There are five collision domains in the network.F. There are seven collision domains in the network.

Correct Answer: AFSection: Basic QuestionsExplanation



The two connected ports on the switch are not turning orange or green. What would be the most effective stepsto troubleshoot this physical layer problem? (Choose three.)

A. Ensure that the Ethernet encapsulations match on the interconnected router and switch ports.B. Ensure that cables A and B are straight-through cables.C. Ensure cable A is plugged into a trunk port.D. Ensure the switch has power.E. Reboot all of the devices.F. Reseat all cables.

Correct Answer: BDFSection: Basic QuestionsExplanation


QUESTION 14For what two purposes does the Ethernet protocol use physical addresses? (Choose two.)

A. to uniquely identify devices at Layer 2B. to allow communication with devices on a different networkC. to differentiate a Layer 2 frame from a Layer 3 packetD. to establish a priority system to determine which device gets to transmit firstE. to allow communication between different devices on the same networkF. to allow detection of a remote device when its physical address is unknown

Correct Answer: AESection: Basic QuestionsExplanation


In computing, a physical address, also real address, or binary address, is the memory address that iselectronically (in the form of binary number) presented on the computer address bus circuitry in order to enablethe data bus to access a particular storage cell of main memory. In a computer with virtual memory, the term

physical address is used mostly to differentiate from a virtual address. In particular, in computers utilizingmemory management unit (MMU) to translate memory addresses, the virtual and physical address refer toaddress before and after MMU translation, respectively.

QUESTION 15A network interface port has collision detection and carrier sensing enabled on a shared twisted pair network.From this statement, what is known about the network interface port?

A. This is a 10Mb/s switch port.B. This is a 100Mbs switch port.C. This is an Ethernet port operating at half duplex.D. This is an Ethernet port operating at full duplex.E. This is a port on a network interface card in a PC.




A network administrator attempts to ping Host2 from Host1 and receives the result that are shown. What is apossible problem?

A. The link between Host1 and Switch1 is down.B. TCP/IP is not functioning on Host1.C. The link between Router1 and Router2 is down.D. The default gateway on Host1 is incorrect.E. Interface Fa0/0 on Router1 is shudown.F. The link between Switch1 and Router1 is down.




A technician is troubleshooting a host connectivity problem. The host is unable to ping a server connected toSwitch_A. Based on the results of the testing, what could be the problem?

A. The host NIC is not functioning.B. A local physical layer problem exists.C. A remote physical layer problem exists.D. TCP/IP has not been correctly installed on the host.

Correct Answer: BSection: Basic QuestionsExplanation

Explanation/Reference:The configuration is correct. The output of the ping command indicates that the fault lies on theF0/0 port orbetween the host and the router.


Two buildings on the San Jose campus of a small company must be connected to use Ethernet with abandwidth of at least 100 Mbps. The company is concerned about possible problems from voltage potentialdifference between the two buildings. Which media type should be used for the connection?

A. UTP cableB. STP cableC. Coaxial cableD. Fiber optic cable

Correct Answer: DSection: Basic QuestionsExplanation


QUESTION 19Which command can be used from a PC to verfy the connectivity between host that connect through path.?

A. tracert addressB. ping addressC. arp addressD. traceroute address




A network engineer is troubleshooting an internet connectivity problem on the computer. What causing theproblem?

A. wrong DNS serverB. wrong default gatewayC. incorrect IP addressD. incorrect subnet mask



QUESTION 21Refer to the exhibt.

Host A has tested connectivity to a remote network. What is the default gateway for host A?

A. 172.16.182.1B. 192.168.1.1C. 10.16.176.1D. 192.168.1.6



QUESTION 22What is CSMA/CD?

A. It is a deterministic mechanism that allows the orderly transmission of frames.B. It is a way that priority is determined for data transmission based on MAC address.C. It is a set of rules that determines path selection in an Ethernet network.D. It is a set of rules that allows the best-effort transmission of frames in a LAN environment.

Correct Answer: D

Section: Basic QuestionsExplanation


QUESTION 23What kind of cable should be used to establish a trunked link between two Catalyst 2950 switches?

A. a straight-through cableB. an EIA/TIA-232 serial cableC. an auxiliary cableD. a modem cableE. a cross-over cable

Correct Answer: ESection: Basic QuestionsExplanation

Explanation/Reference:Cross-over cable is used to connect two switches.


What kind of cable should be used to make each connection that s identified by the numbers shown?

A. 1 - Ethernet straight-through cable2 - Ethernet crossover cable3 - Serial cable4 - Ethernet straight-through cable

B. 1 - Ethernet rollover cable2 - Ethernet crossover cable3 - Serial cable4 - Null modem cable

C. 1 - Ethernet straight-through cable2 - Ethernet crossover cable3 - Serial cable4 - Rollover cable

D. 1 - Ethernet crossover cable2 - Ethernet straight-through cable3 - Fiber Optic cable4 - Rollover cable

E. 1 - Ethernet straight-through cable2 - Ethernet straight-through cable3 - Serial cable4 - Rollover cable



QUESTION 25What is a global command?

A. a command that is available in every release of IOS, regardless of the version or deployment statusB. a command that can be entered in any configuration modeC. a command that is universal in application and supports all protocolsD. a command that is implemented in all foreign and domestic IOS versionsE. a command that is set once and affects the entire router



QUESTION 26How many broadcast domains are shown in the graphic assuming only the default VLAN is configured on theswitches?

A. oneB. twoC. sixD. twelve

Correct Answer: A



QUESTION 27Refer to the exhibit. Complete this network diagram by dragging the correct devicename of description name or description to the corr ect location. Not all the names ordescriptions will be used.

Select and Place:

Correct Answer:



QUESTION 28

Select and Place:

Correct Answer:



QUESTION 29

Select and Place:

Correct Answer:



QUESTION 30

Select and Place:

Correct Answer:




Both switches are using a default configuration. Which two destination addresses will host 4 use to send data to

host 1? (Choose two.)

A. the IP address of host 1B. the IP address of host 4C. the MAC address of host 1D. the MAC address of host 4E. the MAC address of the Fa0/0 interface of the R1 routerF. the MAC address of the Fa0/1 interface of the R1 router

Correct Answer: AFSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 32What are two characteristics of Telnet? (Choose two.)

A. It sends data in clear text format.B. It is no longer supported on Cisco network devices.C. It is more secure than SSH.D. It requires an enterprise license in order to be implemented.E. It requires that the destination device be configured to support Telnet connections.

Correct Answer: AESection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 33A host is attempting to send data to another host on a different network. What is the first action that the sendinghost will take?

A. Drop the data.B. Send the data frames to the default gateway.C. Create an ARP request to get a MAC address for the receiving host.D. Send a TCP SYN and wait for the SYN ACK with the IP address of the receiving host.

Correct Answer: BSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


Before sending data, the sending host checks if the destination host is inside or outside the local network. If it isoutside the local network, the data will be sent to the default gateway.

The answer “Create an ARP request to get a MAC address for Host B.” is NOT correct, the host will know if thedestination is not on the local network and will send to MAC address of its default gateway setting, it will notARP for MAC address of remote destination.

QUESTION 34Which of the following correctly describe steps in the OSI data encapsulation process? (Choose two.)

A. The transport layer divides a data stream into segments and may add reliability and flow control information.B. The data link layer adds physical source and destination addresses and an FCS to the segment.C. Packets are created when the network layer encapsulates a frame with source and destination host

addresses and protocol-related control information.D. Packets are created when the network layer adds Layer 3 addresses and control information to a segment.E. The presentation layer translates bits into voltages for transmission across the physical link.

Correct Answer: ADSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 35Which layer of the OSI reference model uses the hardware address of a device to ensure message delivery tothe proper host on a LAN?

A. physicalB. data linkC. networkD. transport



QUESTION 36Which layer of the OSI reference model uses flow control, sequencing, and acknowledgements to ensure thatreliable networking occurs?

A. data linkB. networkC. transportD. presentationE. physical

Correct Answer: CSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 37A network admin wants to know every hop the packets take when he accesses cisco.com. Which command isthe most appropriate to use?

A. path cisco.com

B. debug cisco.comC. trace cisco.comD. traceroute cisco.com

Correct Answer: DSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 38Where does routing occur within the DoD TCP/IP reference model?

A. applicationB. internetC. networkD. transport



QUESTION 39Which network protocol does DNS use?

A. FTPB. TFTPC. TCPD. UDPE. SCP



QUESTION 40When two hosts are trying to communicate across a network, how does the host originating the communicationdetermine the hardware address of the host that it wants to "talk" to?

A. RARP requestB. Show Network Address requestC. Proxy ARP requestD. ARP requestE. Show Hardware Address request



QUESTION 41An administrator attempts a traceroute but receives a "Destination Unreadable" message. Which protocol isresponsible for that message?

A. RARPB. RUDPC. ICMPD. SNMP



QUESTION 42Which layer in the OSI reference model is responsible for determining the availability of the receiving programand checking to see if enough resources exist for that communication?

A. transportB. networkC. presentationD. sessionE. application

Correct Answer: ESection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 43Data transfer is slow between the source and destination. The Quality of Service requested by the transportlayer in the OSI reference model is not being maintained. To fix this issue, at which layer should thetroubleshooting process begin?

A. presentationB. sessionC. transportD. networkE. physical



QUESTION 44Which protocols are found in the network layer of the OSI reference model and are responsible for pathdetermination and traffic switching?

A. LANB. routingC. WAND. network




An administrator pings the default gateway at 10.10.10.1 and sees the output as shown. At which OSI layer isthe problem?

A. data link layerB. application layerC. access layerD. session layerE. network layer



The command ping uses ICMP protocol, which is a network layer protocol used to propagate control messagebetween host and router. The command ping is often used to verify the network connectivity, so it works at thenetwork layer.


After HostA pings HostB, which entry will be in the ARP cache of HostA to support this transmission?

A.

B.

C.

D.

E.

F.

Correct Answer: A

Section: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


When a host needs to reach a device on another subnet, the ARP cache entry will be that of the FastEthernetaddress of the local router (default gateway) for the physical MAC address. The destination IP address will notchange, and will be that of the remote host (HostB).

QUESTION 47An inbound access list has been configured on a serial interface to deny packet entry for TCP and UDP ports21, 23 and 25. What types of packets will be permitted by this ACL? (Choose three.)

A. FTPB. TelnetC. SMTPD. DNSE. HTTPF. POP3

Correct Answer: DEFSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 48Which of the following are types of flow control? (Choose three.)

A. bufferingB. cut-throughC. windowingD. congestion avoidanceE. load balancing

Correct Answer: ACDSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 49Which destination addresses will be used by Host A to send data to Host C? (Choose two.)

A. the IP address of Switch 1B. the MAC address of Switch 1C. the IP address of Host CD. the MAC address of Host CE. the IP address of the router's E0 interfaceF. the MAC address of the router's E0 interface

Correct Answer: CFSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 50Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following aretrue? (Choose two.)

A. Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.B. Router C will use ICMP to inform Router B that Host 2 cannot be reached.C. Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached.D. Router C will send a Destination Unreachable message type.E. Router C will send a Router Selection message type.F. Router C will send a Source Quench message type.

Correct Answer: AD




Which destination addresses will Host A use to send data to Host B? (Choose two.)

A. the IP address of Switch1B. the IP address of Router1 Fa0/0C. the IP address of HostBD. the MAC address of Switch1E. the MAC address of Router1 Fa0/0F. the MAC address of HostB

Correct Answer: CESection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 52A network administrator issues the ping 192.168.2.5 command and successfully tests connectivity to a host thathas been newly connected to the network. Which protocols were used during the test? (Choose two.)

A. ARPB. CDPC. DHCPD. DNSE. ICMP

Correct Answer: AESection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)

Explanation



Host A pings Host B. What source MAC address and source IP address are contained in the frame as theframe leaves R2 destined for host B?

A. abcd.abcd.a001B. abcd.abcd.b002C. abcd.abcd.c003D. 10.2.0.15E. 10.0.64.1F. 10.0.128.15

Correct Answer: BDSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation



SW1 and SW2 have default configurations. What will happen if host 1 sends a broadcast?

A. Hosts 2, 3, and 4 will receive the broadcast.B. Hosts 1, 2, 3, and 4 will receive the broadcast.C. Fa0/0 interface of R1 will receive the broadcast / Host 2 and the Fa0/0 interface of R1 will receive the

broadcast.D. Hosts 1, 2 and the Fa0/0 interface of R1 will receive the broadcast.E. Hosts 1, 2, 3, 4 and interface Fa0/0 of R1 will receive the broadcast.F. Hosts 2, 3, 4, and interfaces Fa0/0 and Fa0/1 of R1 will receive the broadcast.



QUESTION 55As a frame leaves a Layer 3 device, the Layer 2 encapsulation information is changed from what it was when itentered the device. For what two reasons can this happen? (Choose two.)

A. The data is moving from 10BASE-TX to 100BASE-TX.B. The WAN encapsulation type has changed.C. The data format has changed from analog to digital.D. The source and destination hosts are in the same subnet.E. The source and destination MAC addresses have changed.

Correct Answer: BESection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation



In the communication between host 1 and host 2 over the point-to-point WAN, which protocol or technology isrepresented by dashed line A?

A. IPB. T1C. PPPD. IEEE 802.3

Correct Answer: ASection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation



The switch in the graphic has a default configuration and the MAC table is fully populated. In addition, thisnetwork is operating properly. The graphic represents selected header information in a frame leaving host A.What can be concluded from this information?

A. The MAC address of host A is FFFF.FFFF.FFFF.B. The router will forward the packet in this frame to the Internet.

C. The switch will only forward this frame to the attached router interface.D. All devices in this LAN except host A will pass the packet to Layer 3.



QUESTION 58Which protocol should be used to establish a secure terminal connection to a remote network device? Selectthe best response.

A. ARPB. SSHC. TelnetD. WEPE. SNMPv1F. SNMPv2



QUESTION 59An administrator issues the command ping 127.0.0.1 from the command line prompt on a PC. If a reply isreceived, what does this confirm?

A. The PC has connectivity with a local host.B. The PC has connectivity with a Layer 3 device.C. The PC has a default gateway correctly configuredD. The PC has connectivity up to Layer 5 of the OSI modelE. The PC has the TCP/IP protocol stack correctly installed.



QUESTION 60What is the purpose using the traceroute command?

A. to map all the devices on a network.B. to display the current TCP/IP configuration values.C. to see how a device MAC address is mapped to its IP address.D. to see the path a packet will take when traveling to a specified destination.E. to display the MTU values for each router in a specified network path from source to a destination.



QUESTION 61Which statement is correct regarding the operation of DHCP?

A. A DHCP client uses a ping to detect address conflicts.B. A DHCP server uses a gratuitous ARP to detect DHCP clients.C. A DHCP client uses a gratuitous ARP to detect a DHCP server.D. If an address conflict is detected, the address is removed from the pool and an administrator must resolve

the conflict.E. If an address conflict is detected, the address removed from the pool for an amount of time configurable by

the administrator.F. If an address conflict is detected, the address is removed from the pool and will not be reused until server is

rebooted.



An address conflict occurs when two hosts use the same IP address. During address assignment, DHCPchecks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from thepool. The address will not be assigned until the administrator resolves the conflict.

(Reference: http://www.cisco.com/en/US/docs/ios/12_1/iproute/configuration/guide/1cddhcp.html)

QUESTION 62Acknowldgement, Sequencing, and Flow control are characteristics of which OSI layer?

A. Layer 2B. Layer 3C. Layer 4D. Layer 5E. Layer 6F. Layer 7



QUESTION 63A network administrator is verifying the configuration of a newly installed host by establishing an FTPconnection to a remote server. What is the highest layer of the protocol stack that the nework administrator isusing for this operation?

A. application

B. presentationC. sessionD. transportE. internetF. data link



QUESTION 64A TCP/IP Transfer is diagrammed in the exhibit.

A window size of three has been negotiated for this transfer. Which message will be returned from the receiverto the sender as part of this TCP/IP transfer?

A. Send ACK 1-3B. Send ACK 3C. Send ACK 4D. Send ACK 4-6E. Send ACK 6F. Send ACK 7



QUESTION 65A receiving host computes the checksum on a frame and determines that the frame is damaged.The frame isthen discarded.At which OSI layer did this happen?

A. sessionB. networkC. physicalD. data link

E. transport



QUESTION 66Which of the following protocols uses both TCP and UDP ports?

A. SMTPB. TelnetC. FTPD. DNS



QUESTION 67DNS servers provide what service?

A. They run a spell check on host names to ensure accurate routingB. They convert domain names into IP addressC. Given an IP address,they determine the name of the host that is soughtD. They map individual hosts to their specific IP addresses



QUESTION 68Regarding the extended ping command; which of the statements below are true? (Choose two)

A. With the extended ping command you can specify the TCP and UDP port to be pinged.B. With the extended ping command you can specify the timeout value.C. The extended ping command is supported from user EXEC mode.D. The extended ping command is available from privileged EXEC mode.

Correct Answer: BDSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation


QUESTION 69When you use the ping command to send ICMP messages across a network, what's the most common

request/reply pair you'll see?

A. Echo request and Echo replyB. ICMP hold and ICMP sendC. Echo off and Echo onD. ICMP request and ICMP reply




A technician is testing connection problems in the internetwork. What is the problem indicated by the outputfrom HostA?

A. The routing on Router2 is not functioning properly.B. An access list is applied to an interface of Router3.C. The Fa0/24 interface of Switch1 is down.D. The gateway address of HostA is incorrect or not configured.



QUESTION 71At which OSI layer is a logical path created between two host systems?

A. sessionB. transportC. networkD. data linkE. physical



QUESTION 72Which of the following are associated with the application layer of the OSI model? (Choose two.)

A. pingB. TelnetC. FTPD. TCPE. IP

Correct Answer: BCSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation



Host A needs to send data to Host B. Which Layer 2 and Layer 3 destination addresses will be used to send thedata from Host A to Host B?

A. 192.168.60.5 and 0011.43da.2c98

B. 192.168.60.5 and 0007.0e56.ab2eC. 192.168.24.1 and 0007.0e56.ab2eD. 192.168.24.2 and 0007.0e84.acef




What is the correct addressing for a frame and packet received by Host B from Host A?

A. Destination MAC: 0011.43da.2c98Source MAC: 0070.0e8f.088aDestination IP: 192.168.60.5Source IP: 192.168.24.5

B. Destination MAC: 0011.43da.2c98Source MAC: 00b0.d0ef.5f6aDestination IP: 192.168.60.5Source IP: 192.168.24.5

C. Destination MAC: 0011.43da.2c98Source MAC: 0070.0e8f.088aDestination IP: 192.168.60.5Source IP: 192.168.60.1

D. Destination MAC: 0011.43da.2c98Source MAC: 0070.0e97.af4eDestination IP: 192.168.60.5Source IP: 192.168.60.2



QUESTION 75Refer to the graphic:

Host A is communicating with the server. What will be the destination MAC address of the frames sent by HostA to the server?

A. the MAC address of router interface e0B. the MAC address of router interface e1C. the MAC address of the server network interfaceD. the MAC address of the network interface of Host A



QUESTION 76How does a DHCP server dynamically assign IP address to host?

A. Addresses are allocated after a negotiation between the server and the host to determine the length of theagreement.

B. Addresses are assigned for a fixed period of time. At the end of period, a new quest for an address must bemade, and another address is then assigned.

C. Addresses are leased to host. A host will usually keep the same address by periodically contacting theDHCP sever to renew the lease.

D. Addresses are permanently assigned so that the host uses the same address at all times.



QUESTION 77Which two tasks does the Dynamic Host Configuration Protocol perform? (Choose two)

A. Set the IP gateway to be used by the network.B. Perform host discovery used DHCPDISCOVER message.C. Configure IP address parameters from DHCP server to a host.

D. Provide an easy management of layer 3 devices.E. Monitor IP performance using the DHCP server.F. Assign and renew IP address from the default pool.

Correct Answer: CFSection: TCP/IP (Including OSI Model, IOS, Telnet, DHCP)Explanation



The partial frame shown in the exhibit displays select header information as it arrives at the destination host.Which graphic represents the correct header information in the responding frame returned to the remote host?

A.

B.

C.

D.

E.


Explanation/Reference:On the basis of the layer3 information of the datagram header provided in the subject, remote devices anddestination devices are in the same network segment. So, when remote devices reply to this data, the sourceand the destination address of layer2 information will transfer order, so do the layer3 and layer4 information.


The partial frame in the graphic represents select header information within a frame arriving at a destinationhost. What can be determined from this information?

A. The source host is a Telnet server.B. This frame contains the first segment in a Telnet session.C. The local host has received 42,335 bytes from the remote host as a part of this conversation.D. The Layer 2 address of the source host is 192.168.14.2.



From the chart above, source and destination MAC address, source and destination IP address, dialog portnumber, and so on. telnet port number is 23 . so this is a frame information concerning TELNET.


Which rule does the DHCP server use when there is an IP address conflict?

A. The address is removed from the pool until the conflict is resolved.B. The address remains in the pool until the conflict is resolved.C. Only the IP detected by Gratuitous ARP is removed from the pool.D. Only the IP detected byPing is removed from the pool.E. The IP will be shown, even after the conflict is resolved.



QUESTION 81Match the items on the left with appropriate OSI layer on the right. (Not all options are used.)

Select and Place:

Correct Answer:

PC-A is sending packets to the FTP server. Consider the packets as they leave RAinterface Fa0/0 forwards RB. Drag the correct frame and packet address to theirplaces in the table.

Select and Place:

Correct Answer:




What could be possible causes for the "Serial0/0 is down" interface status? (Choose two.)

A. A Layer 1 problem exists.B. The bandwidth is set too low.C. A protocol mismatch exists.D. An incorrect cable is being used.E. There is an incorrect IP address on the Serial 0/0 interface.

Correct Answer: ADSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 84Before installing a new upgraded version of the IOS, what should be checked on the router and whichcommand should be used to gather this information? (Choose two.)

A. the amount of available ROMB. the amount of available flash and RAM memoryC. the version of the bootstrap software present on the routerD. show version

E. show processes

F. show running-config

Correct Answer: BDSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 85Which line from the output of the show ip interface command indicates a layer 1 problem?

A. Serial0/1 is up, line protocol is downB. Serial0/1 is down, line protocol is downC. Serial0/1 is up, line protocol is upD. Serial0/1 is administratively down, line protocol is down

Correct Answer: BSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 86When you are logged into a switch, which prompt indicates that you are in privileged mode?

A. %

B. @

C. >

D. $

E. #

Correct Answer: ESection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 87Which command shows system hardware and software version information?

A. show configuration

B. show environment

C. show inventory

D. show platform

E. show version



QUESTION 88Which command would correctly configure a serial port on a router with the last usable host address in the192.216.32.32/29 subnet?

A. Router(config-if)# ip address 192.216.32.38 255.255.255.240

B. Router(config-if)# ip address 192.216.32.39 255.255.255.224

C. Router(config-if)# ip address 192.216.32.63 255.255.255.248

D. Router(config-if)# ip address 192.216.32.39 255.255.255.248

E. Router(config-if)# ip address 192.216.32.63 255.255.255.248

F. Router(config-if)# ip address 192.216.32.38 255.255.255.248

Correct Answer: FSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 89Which command is used to copy the configuration from RAM into NVRAM?

A. copy running-config startup-config

B. copy startup-config: running-config:

C. copy running config startup config

D. copy startup config running config

E. write terminal

Correct Answer: ASection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 90Which command is used to load a configuration from a TFTP server and merge the configuration into RAM?

A. copy running-config: TFTP:

B. copy TFTP: running-config

C. copy TFTP: startup-config

D. copy startup-config: TFTP:



QUESTION 91A system administrator types the command to change the hostname of a router. Where on the Cisco IFS is thatchange stored?

A. NVRAMB. RAMC. FLASHD. ROME. PCMCIA




If number 2 is selected from the setup script, what happens when the user runs setup from a privilegedprompt?

A. Setup is additive and any changes will be added to the config script.B. Setup effectively starts the configuration over as if the router was booted for the first time.C. Setup will not run if an enable secret password exists on the router.D. Setup will not run, because it is only viable when no configuration exists on the router.




What can be determined about the router from the console output?

A. No configuration file was found in NVRAM.B. No configuration file was found in flash.C. No configuration file was found in the PCMCIA card.D. Configuration file is normal and will load in 15 seconds.




What can be determined from the output?

A. 192.168.1.2 is local to the router.B. 192.168.3.1 is local to the router.C. 192.168.1.2 will age out in less than 1 minute.D. 192.168.3.1 has aged out and is marked for deletion.



QUESTION 95Which router IOS commands can be used to troubleshoot LAN connectivity problems? (Choose three.)

A. pingB. tracert

C. ipconfigD. show ip routeE. winipcfgF. show interfaces

Correct Answer: ADFSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 96What functions do routers perform in a network? (Choose two.)

A. packet switchingB. access layer securityC. path selectionD. VLAN membership assignmentE. bridging between LAN segmentsF. microsegmentation of broadcast domains

Correct Answer: ACSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 97Refer to the partial command output shown:

Which two statements are correct regarding the router hardware? (Choose two.)

A. Total RAM size is 32 KB.B. Total RAM size is 16384 KB (16 MB).C. Total RAM size is 65536 KB (64 MB).D. Flash size is 32 KB.E. Flash size is 16384 KB (16 MB).F. Flash size is 65536 KB (64 MB).

Correct Answer: CESection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 98How does using the service password encryption command on a router provide additional security?

A. by encrypting all passwords passing through the routerB. by encrypting passwords in the plain text configuration fileC. by requiring entry of encrypted passwords for access to the deviceD. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchangesE. by automatically suggesting encrypted passwords for use in configuring the router




Host in network 192.168.2.0 are unable to reach hosts in network 192.168.3.0. Based on the output fromRouterA, what are two possible reasons for the failure? (Choose two.)

A. The cable that is connected to S0/0 on RouterA is faulty.B. Interface S0/0 on RouterB is administratively down.C. Interface S0/0 on RouterA is configured with an incorrect subnet mask.D. The IP address that is configured on S0/0 of RouterB, is not in the correct subnet.E. Interface S0/0 on RouterA is not receiving a clock signal.F. The encapsulation that is configured on S0/0 of RotuerB does not match the encapsulation that is

configured on S0/0 of RouterA.

Correct Answer: EFSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 100Refer to the diagram:

What is the largest configuration file that can be stored on this router?

A. 191K bytesB. 16384K bytesC. 31369K bytesD. 114688K bytes



QUESTION 101A network administrator needs to allow only one Telnet connection to a router. For anyone viewing theconfguration and issuing the show run command, the password for Telnet access should be encrypted. Whichset of commands will accomplish this task?

A. service password-encryptionaccess-list 1 permit 192.168.1.0 0.0.0.255line vty 0 4loginpassword ciscoaccess-class 1

B. enable password secret

line vty 0loginpassword cisco

C. service password-encryptionline vty 1loginpassword cisco

D. service password-encryptionline vty 0 4loginpassword cisco

Correct Answer: CSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation



What is the meaning of the output MTU 1500 bytes?

A. The maximum number of bytes that can traverse this interface per second is 1500.B. The minimum segment size that can traverse this interface is 1500 bytes.C. The minimum segment size that can traverse this interface is 1500 bytes.D. The minimum packet size that can traverse this interface is 1500 bytes.E. The maximum packet size that can traverse this interface is 1500 bytes.F. The maximum frame size that can traverse this interface is 1500 bytes.




A network administrator configures a new router and enters the copy startup-config running-config on therouter. The network administrator powers down the router and sets it up at a remote location. When the routerstarts, it enter the system configuration dialog as shown. What is the caust of the problem?

A. The network administrator faled to save the configuration.B. The configuration register is set to 0x2100.C. The boot system flash command is missing from the configuration.D. The configuraiton register is set to 0x2102.E. The router is configured with the boot system startup command.



QUESTION 104Which command can you use to determine the Cisco IOS feature set on a Cisco router?

A. show versionB. dir flash:|include iosC. show environmentD. show diagE. show inventory



QUESTION 105A Cisco router is booting and has just completed the POST process. It is now ready to find and load an IOSimage. What function does the router perform next?

A. It checks the configuration registerB. It attempts to boot from a TFTP serverC. It loads the first image file in flash memoryD. It inspects the configuration file in NVRAM for boot instructions



QUESTION 106The network administrator normally establishes a Telnet session with the switch from host A. Theadministrator's attempt to establish a connect via Telnet to the switch from host B fails, but pings from host B toother two hosts are successful. What is the issue for this problem?

A. Host B and the switch need to be in the same subnet.B. The switch needs and appropriate default gateway assigned.C. The switch interface connected to the router is down.D. Host B need to be assigned an IP address in vlan 1.



QUESTION 107Which command can be executed on a router to verify the layer 3 path to a host?

A. traceroute addressB. tracert addressC. ssh addressD. telnet address



QUESTION 108Which command shows your active Telnet connections?

A. show sessionsB. show cdp neighbors

C. show usersD. show queue



QUESTION 109There are no boot system commands in a router configuration in NVRAM. What is the fallback sequence thatrouter will use to find an IOS during reload?

A. Flash, TFTP server, ROMB. Flash, NVRAM, ROMC. ROM, NVRAM, TFTP serverD. NVRAM, TFTP server, ROME. TFTP server, Flash, NVRAM



QUESTION 110When upgrading the IOS image, the network administrator receives the exhibited error message. What couldbe the cause of this error?

A. The new IOS image is too large for the router flash memory.B. The TFTP server is unreachable from the router.C. The new IOS image is not correct for this router platform.D. The IOS image on the TFTP server is corrupt.E. There is not enough disk space on the TFTP server for the IOS image.



QUESTION 111

Refer to the exhibit:

The technician wants to upload a new IOS in the router while keeping the existing IOS. What is the maximumsize of an IOS file that could be loaded if the original IOS is also kept in flash?

A. 3MBB. 5MBC. 7MBD. 4MB

Correct Answer: DSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 112Exhibit #show flash:

Refer to the graphic. A network associate is planning to copy a new IOS image into the router. This new imagerequires 8 MB of flash memory and 32 MB of RAM. How will the IOS proceed with the copy process?

A. The new IOS will be copied into flash memory and the current image will remain.B. IOS will issue an error message because flash memory is not large enough to hold the new image.C. The current IOS image must be manually erased before IOS will allow the new image to be copied.D. During the copy process, the current IOS image will be erased.



QUESTION 113This graphic shows the results of an attempt to open a Telnet connection to router ACCESS1 from routerRemote27. Which of the following command sequences will correct this problem?

A. ACCESS1(config)# line console 0ACCESS1(config-line)# password cisco

B. Remote27(config)# line console 0Remote27(config-line)# loginRemote27(config-line)# password cisco

C. ACCESS1(config)# line vty 0 4ACCESS1(config-line)# loginACCESS1(config-line)# password cisco

D. Remote27(config)# line vty 0 4Remote27(config-line)# loginRemote27(config-line)# password cisco

E. ACCESS1(config)# enable password ciscoF. Remote27(config)# enable password cisco

Correct Answer: CSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation



After the power-on self test (POST), the system LED of a Cisco 2950 switch turns amber. What is the status ofthe switch?

A. The switch has a problem with the internal power supply and needs an external power supply to be

attached.B. The switch has experienced an internal problem but data can still be forwarded at a slower rate.C. The POST was successful.D. POST failed and there is a problem that prevents the operating system of the switch from being loaded.

Correct Answer: DSection: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 115Refer to the exhibit.

Which user-mode password has just been set?

A. TelnetB. AuxiliaryC. SSHD. Console


Explanation/Reference:Explanation:

QUESTION 116A network administrator has installed a new router in the Lisbon office and is unable to backup the IOS imageof the new router to a TFTP server located in the Gibraltar office. Given the network diagram, identify thesource of the problem.

A. incorrect default gateway of the TFTP serverB. incorrect subnet mask of the TFTP serverC. incorrect IP address of the TFTP serverD. incorrect IP address on E0 of the Gibraltar routerE. incorrect subnet mask on the Lisbon router




Users on WS1 and WS2 are unable to reach the SR1 and SR2 servers to gain the files needed. A ping from

the workstations WS1 and WS2 to the gateway address 192.168.2.1 is successful. Which IOS commandshould the IT administrator issue on RTA to troubleshoot the problem?

A. show ip routeB. configure terminalC. show startup-configD. show ip interface FastEthernet0/0


Explanation/Reference:show ip route command displays the routing table which provides the information about networks the router hasroutes.


Assuming that the router is configured with the default settings, what type of router interface is this?

A. Synchronous SerialB. Gigabit EthernetC. EthernetD. Asynchronous SerialE. Fast Ethernet



From BW 100,000 Kbit,Encapsulation ARPA in the command line, we know that the interface is a 100MEthernet interface.

QUESTION 119

Select and Place:

Correct Answer:

Section: Cisco IOS basic (incl. show cmnds, loading process)Explanation


QUESTION 120Drag the items to the proper locations.

Select and Place:

Correct Answer:



QUESTION 121As a CCNA candidate, you are required to have a firm understanding of the OSI model. At which layers of theOSI model do Wide Area Networks operate? Please drag the items to the proper locations.

Select and Place:

Correct Answer:



QUESTION 122

Select and Place:

Correct Answer:



QUESTION 123The left describes boot sequence, while the right describes the orders. Drag the items on the left to the properlocations.

Select and Place:

Correct Answer:



QUESTION 124Which two locations can be configured as a source for the IOS image in the boot system command? (Choosetwo.)

A. RAMB. NVRAMC. flash memoryD. HTTP serverE. TFTP serverF. Telnet server

Correct Answer: CESection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation


QUESTION 125What are two reasons a network administrator would use CDP? (Choose two.)

A. to verify the type of cable interconnecting two devicesB. to determine the status of network services on a remote deviceC. to obtain VLAN information from directly connected switchesD. to verify Layer 2 connectivity between two devices when Layer 3 failsE. to obtain the IP address of a connected device in order to telnet to the device

F. to determine the status of the routing protocols between directly connected routers

Correct Answer: DESection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation


QUESTION 126A network administrator changes the configuration register to 0x2142 and reboots the router. What are tworesults of making this change? (Choose two.)

A. The IOS image will be ignored.B. The router will prompt to enter initial configuration mode.C. The router will boot to ROM.D. Any configuration entries in NVRAM will be ignored.E. The configuration in flash memory will be booted.

Correct Answer: BDSection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation


QUESTION 127QoS policies are applied on the switches of a LAN. Which type of command will show the effects of the policy inreal time?

A. show commandB. debug commandC. configuration commandD. rommon command

Correct Answer: BSection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation


QUESTION 128Which command is used to debug a ping command?

A. debug icmp

B. debug ip icmp

C. debug tcp

D. debug packet



QUESTION 129Which command displays CPU utilization?

A. show protocols

B. show process

C. show system

D. show version



QUESTION 130Which command reveals the last method used to powercycle a router?

A. show reload

B. show boot

C. show running-config

D. show version

Correct Answer: DSection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation



You are connected to the router as user Mike. Which command allows you to see output from the OSPF debugcommand?

A. terminal monitor

B. show debugging

C. show sessions

D. show ip ospf interface

Correct Answer: ASection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)

Explanation


QUESTION 132The switches shown in the diagram, Core and Core2, are both Catalyst 2950s. The addressing scheme foreach company site is as follows:

Router Ethernet port - 1st usable address

Core - 2nd usable address

Core2 - 3rd usable address

For this network, which of the following commands must be configured on Core2 to allow it to be managedremotely from any subnet on the network? (Choose three.)

A. Core2(config)# interface f0/0Core2(config-if)# ip address 192.168.1.10 255.255.255.248

B. Core2(config)# interface vlan 1Core2(config-if)# ip address 192.168.1.11 255.255.255.248

C. Core2(config)# line con 0Core2(config-line)# password cisco

D. Core2(config)# line vty 0 4Core2(config-line)# password cisco

E. Core2(config)# ip default-gateway 192.168.1.9

F. Core2(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.8

Correct Answer: BDESection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation


QUESTION 133What should be done prior to backing up an IOS image to a TFTP server? (Choose three.)

A. Make sure that the server can be reached across the network.B. Check that authentication for TFTP access to the server is set.C. Assure that the network server has adequate space for the IOS image.D. Verify file naming and path requirements.E. Make sure that the server can store binary files.F. Adjust the TCP window size to speed up the transfer.

Correct Answer: ACD

Section: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation


QUESTION 134What is the purpose using the traceroute command?

A. to map all the devices on a network.B. to display the current TCP/IP configuration values.C. to see how a device MAC address is mapped to its IP address.D. to see the path a packet will take when traveling to a specified destination.E. to display the MTU values for each router in a specified network path from source to a destination.




The two exhibit devices are the only Cisco devices on the network. The serial network between the two deviceshas a mask of 255.255.255.252. Given the output that is shown, what three statements are true of thesedevices? (Choose three.)

A. The Manchester serial address is 10.1.1.1B. The Manchester serial address is 10.1.1.2C. The London router is a Cisco 2610.D. The Manchester router is a Cisco 2610.E. The CDP information was received on port Serial0/0 of the Manchester router.F. The CDP information was sent by port Serial0/0 of the London Router.

Correct Answer: ACESection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)

Explanation



A router boots to the prompt shown in the exhibit. What does this signify, and how should the networkadministrator respond?

A. This prompt signifies that the configuration file was not found in NVRAM. The network administrator shouldfollow the prompts to enter a basic configuration.

B. The prompt signifies that the configuration file was not found in flash memory. The network administratorshould use TFTP to transfer a configuration file to the router.

C. The prompt signifies that the IOS image in flash memory is invalid or corrupted. The network administratorshould use TFTP to transfer an IOS image to the router.

D. The prompt signifies that the router could not authenticate the user. The network administrator shouldmodify the IOS image and reboot the router.

Correct Answer: CSection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation



Why is flash memory erased prior to upgrading the IOS image from the TFTP server?

A. The router cannot verify that the Cisco IOS image currently in flash is validB. Flash memory on Cisco routers can contain only a single IOS image.C. Erasing current flash content is requested during the copy dialog.D. In order for the router to use the new image as the default, it must be the only IOS image in flash.

Correct Answer: CSection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation



For what two reasons has the router loaded its IOS image from the location that is shown? (Choose two.)

A. Router1 has specific boot system commands that instruct it to load IOS from a TFTP server.B. Router1 is acting as a TFTP server for other routers.C. Router1 cannot locate a valid IOS image in flash memory.D. Router1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server.E. Cisco routers will first attempt to load an image from TFTP for management purposes.

Correct Answer: ACSection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation


QUESTION 139Which two privileged mode Cisco IOS commands can be used to determine a Cisco router chassis serialnumber? (Choose two)

A. show inventoryB. show flash:filesys

C. dir flash:|include chassisD. show diagE. show controllers

Correct Answer: ADSection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation


QUESTION 140Which command helps a network administrator to manage memory by displaying flash memory and NVRAMutilization?

A. show secureB. show file systemsC. show flashD. show version




What is the effect of the configuration that is shown?

A. It tells the router or switch to try establish an SSH connection first and if that fail to use telnet.B. It configures a cisco network device to use the SSH protocol on incoming communications via the virtual

terminal ports.C. It allows seven failed login attempts before the VTY lines are temporarily shutdown.D. It configures the virtual terminal lines with the password 030752180500.E. It configures SSH globally for all logins.



QUESTION 142Which commands is necessary to permit SSH and Telnet access to a Catalyst?

A. transport type allB. transport output allC. transport preferred allD. transport input all




A network technician is troubleshooting a connectivity problem on R2. The technician enters the show cdpneighbors command at the R2 console. If the network is composed only of Cisco devices, for which devicesshould entries be displayed?

A. R1B. SW-B and R1C. SW-B, R1, and SW-CD. R3, SW-B, R1, and SW-CE. SW-A, R3, SW-B, R1, and SW-CF. Host A, SW-A, R3, SW-B, R1, and SW-C


Explanation/Reference:CDP only gathers information about directly connected neighbor’s information.

QUESTION 144Drag each definition on the left to the matching te rm on the right

Select and Place:

Correct Answer:

Section: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation



The networks connected to router R2 have been summarized as a 192.168.176.0/21 route and sent to R1.Which two packet destination addresses will R1 forward to R2? (Choose two.)

A. 192.168.194.160B. 192.168.183.41C. 192.168.159.2D. 192.168.183.255E. 192.168.179.4F. 192.168.184.45

Correct Answer: BESection: VLSM & IPv4Explanation



Which three statements correctly describe Network Device A? (Choose three.)

A. With a network wide mask of 255.255.255.128, each interface does not require an IP address.B. With a network wide mask of 255.255.255.128, each interface does require an IP address on a unique IP

subnet.C. With a network wide mask of 255.255.255.0, must be a Layer 2 device for the PCs to communicate with

each other.D. With a network wide mask of 255.255.255.0, must be a Layer 3 device for the PCs to communicate with

each other.E. With a network wide mask of 255.255.254.0, each interface does not require an IP address.

Correct Answer: BDESection: VLSM & IPv4Explanation


QUESTION 147What is the principal reason to use a private IP address on an internal network?

A. Subnet strategy for private companies.B. Manage and scale the growth of the internal network.C. Conserve public IP addresses so that we do not run out of them.D. Allow access reserved to the devices.

Correct Answer: CSection: VLSM & IPv4Explanation


QUESTION 148Which IP address can be assigned to an Internet interface?

A. 10.180.48.224B. 9.255.255.10C. 192.168.20.223D. 172.16.200.18

Correct Answer: BSection: VLSM & IPv4Explanation


QUESTION 149What will happen if a private IP address is assigned to a public interface connected to an ISP?

A. Addresses in a private range will be not routed on the Internet backbone.B. Only the ISP router will have the capability to access the public network.C. The NAT process will be used to translate this address in a valid IP address.D. Several automated methods will be necessary on the private network.

E. A conflict of IP addresses happens, because other public routers can use the same range.

Correct Answer: ASection: VLSM & IPv4Explanation


QUESTION 150When is it necessary to use a public IP address on a routing interface?

A. Connect a router on a local network.B. Connect a router to another router.C. Allow distribution of routes between networks.D. Translate a private IP address.E. Connect a network to the Internet.

Correct Answer: ESection: VLSM & IPv4Explanation



Which VLSM mask will allow for the appropriate number of host addresses for Network A?

A. /25B. /26C. /27D. /28




Which subnet mask will place all hosts on Network B in the same subnet with the least amount of wastedaddresses?

A. 255.255.255.0B. 255.255.254.0C. 255.255.252.0D. 255.255.248.0




Which mask is correct to use for the WAN link between the routers that will provide connectivity while wastingthe least amount of addresses?

A. /23B. /24C. /25D. /30

Correct Answer: DSection: VLSM & IPv4Explanation



What is the most appropriate summarization for these routes?

A. 10.0.0.0 /21B. 10.0.0.0 /22C. 10.0.0.0 /23D. 10.0.0.0 /24



QUESTION 155On the network 131.1.123.0/27, what is the last IP address that can be assigned to a host?

A. 131.1.123.30B. 131.1.123.31C. 131.1.123.32D. 131.1.123.33



QUESTION 156The ip subnet zero command is not configured on a router. What would be the IP address of Ethernet0/0 usingthe first available address from the sixth subnet of the network 192.168.8.0/29?

A. 192.168.8.25B. 192.168.8.41C. 192.168.8.49D. 192.168.8.113



QUESTION 157For the network 192.0.2.0/23, which option is a valid IP address that can be assigned to a host?

A. 192.0.2.0B. 192.0.2.255C. 192.0.3.255D. 192.0.4.0



QUESTION 158How many addresses for hosts will the network 124.12.4.0/22 provide?

A. 510B. 1022C. 1024D. 2048



QUESTION 159The network default gateway applying to a host by DHCP is 192.168.5.33/28. Which option is the valid IPaddress of this host?

A. 192.168.5.55B. 192.168.5.47C. 192.168.5.40D. 192.168.5.32E. 192.168.5.14



QUESTION 160Which two addresses can be assigned to a host with a subnet mask of 255.255.254.0? (Choose Two.)

A. 113.10.4.0B. 186.54.3.0C. 175.33.3.255D. 26.35.2.255E. 17.35.36.0

Correct Answer: BD

Section: VLSM & IPv4Explanation


QUESTION 161The network administrator has asked you to check the status of the workstation's IP stack by pinging theloopback address. Which address would you ping to perform this task?

A. 10.1.1.1B. 127.0.0.1C. 192.168.0.1D. 239.1.1.1



QUESTION 162Workstation A has been assigned an IP address of 192.0.2.24/28. Workstation B has been assigned an IPaddress of 192.0.2.100/28. The two workstations are connected with a straight-through cable. Attempts to pingbetween the hosts are unsuccessful. What two things can be done to allow communications between thehosts? (Choose Two.)

A. Replace the straight-through cable with a crossover cable.B. Change the subnet mask of the hosts to /25.C. Change the subnet mask of the hosts to /26.D. Change the address of Workstation A to 192.0.2.15.E. Change the address of Workstation B to 192.0.2.111.

Correct Answer: ABSection: VLSM & IPv4Explanation



According to the routing table, where will the router send a packet destined for 10.1.5.65?

A. 10.1.1.2B. 10.1.2.2C. 10.1.3.3D. 10.1.4.4




Which value will be configured for Default Gateway of the Local Area Connection?

A. 10.0.0.0B. 10.0.0.254C. 192.223.129.0D. 192.223.129.254




The user at Workstation B reports that Server A cannot be reached. What is preventing Workstation B fromreaching Server A?

A. The IP address for Server A is a broadcast address.B. The IP address for Workstation B is a subnet address.C. The gateway for Workstation B is not on the same subnet.D. The gateway for Server A is not on the same subnet.



QUESTION 166Which of the following host addresses are members of networks that can be routed across the public Internet?(Choose Three.)

A. 10.172.13.65B. 172.16.223.125C. 172.64.12.29D. 192.168.23.252E. 198.234.12.95F. 212.193.48.254

Correct Answer: CEFSection: VLSM & IPv4Explanation


QUESTION 167

Given a subnet mask of 255.255.255.224, which of the following addresses can be assigned to network hosts?(Choose Three.)

A. 15.234.118.63B. 92.11.178.93C. 134.178.18.56D. 192.168.16.87E. 201.45.116.159F. 217.63.12.192

Correct Answer: BCDSection: VLSM & IPv4Explanation


QUESTION 168A national retail chain needs to design an IP addressing scheme to support a nationwide network. Thecompany needs a minimum of 300 sub-networks and a maximum of 50 host addresses per subnet. Workingwith only one Class B address, which of the following subnet masks will support an appropriate addressingscheme? (Choose Two.)

A. 255.255.255.0B. 255.255.255.128C. 255.255.252.0D. 255.255.255.224E. 255.255.255.192F. 255.255.248.0

Correct Answer: BESection: VLSM & IPv4Explanation


QUESTION 169Given the address 192.168.20.19/28, which of the following are valid host addresses on this subnet? (Choosetwo.)

A. 192.168.20.29B. 192.168.20.16C. 192.168.20.17D. 192.168.20.31E. 192.168.20.0

Correct Answer: ACSection: VLSM & IPv4Explanation


QUESTION 170

Which of the following IP addresses fall into the CIDR block of 115.64.4.0/22? (Choose three.)

A. 115.64.8.32B. 115.64.7.64C. 115.64.6.255D. 115.64.3.255E. 115.64.5.128F. 115.64.12.128

Correct Answer: BCESection: VLSM & IPv4Explanation


QUESTION 171The Ethernet networks connected to router R1 in the graphic have been summarized for router R2 as192.1.144.0/20. Which of the following packet destination addresses will R2 forward to R1, according to thissummary? (Choose two.)

A. 192.1.159.2B. 192.1.160.11C. 192.1.138.41D. 192.1.151.254E. 192.1.143.145F. 192.1.1.144

Correct Answer: ADSection: VLSM & IPv4Explanation


QUESTION 172Which of the following describe private IP addresses? (Choose two.)

A. addresses chosen by a company to communicate with the InternetB. addresses that cannot be routed through the public InternetC. addresses that can be routed through the public InternetD. a scheme to conserve public addressesE. addresses licensed to enterprises or ISPs by an Internet registry organization

Correct Answer: BDSection: VLSM & IPv4Explanation


QUESTION 173The network 172.25.0.0 has been divided into eight equal subnets. Which of the following IP addresses can beassigned to hosts in the third subnet if the ip subnet-zero command is configured on the router? (ChooseThree.)

A. 172.25.78.243B. 172.25.98.16C. 172.25.72.0D. 172.25.94.255E. 172.25.96.17F. 172.25.100.16

Correct Answer: ACDSection: VLSM & IPv4Explanation



All of the routers in the network are configured with the ip subnet-zero command. Which network addressesshould be used for Link A and Network A? (Choose two.)

A. Network A - 172.16.3.48/26B. Network A - 172.16.3.128/25C. Network A - 172.16.3.192/26D. Link A - 172.16.3.0/30E. Link A - 172.16.3.40/30F. Link A - 172.16.3.112/30

Correct Answer: BDSection: VLSM & IPv4Explanation


QUESTION 175Which two subnetworks would be included in the summarized address of 172.31.80.0 /20? (Choose two.)

A. 172.31.17.4 /30B. 172.31.51.16 /30C. 172.31.64.0 /18D. 172.31.80.0 /22E. 172.31.92.0 /22F. 172.31.192.0 /18

Correct Answer: DESection: VLSM & IPv4Explanation


QUESTION 176Which three IP addresses can be assigned to hosts if the subnet mask is /27 and subnet zero is usable?(Choose three.)

A. 10.15.32.17B. 17.15.66.128C. 66.55.128.1D. 135.1.64.34E. 129.33.192.192F. 192.168.5.63

Correct Answer: ACDSection: VLSM & IPv4Explanation


QUESTION 177Which of the following IP addresses can be assigned to the host devices? (Choose two.)

A. 205.7.8.32/27B. 191.168.10.2/23C. 127.0.0.1D. 224.0.0.10E. 203.123.45.47/28F. 10.10.0.0/13

Correct Answer: BFSection: VLSM & IPv4

Explanation



A network technician is asked to design a small network with redundancy. The exhibit represents this designwith all hosts configured in the same VLAN. What conclusions can be made about this design?

A. The design will function as intendedB. Spanning-tree will need to be used.C. The router will not accept the addressing scheme.D. The connection between switches should be a trunk.E. The router interfaces must be encapsulated with the 802.1Q protocol.



QUESTION 179How many subnets can be gained by subnetting 172.17.32.0/23 into a /27 mask, and how many usable hostaddresses will there be per subnet?

A. 8 subnets, 31 hostsB. 8 subnets, 32 hostsC. 16 subnets, 30 hostsD. 16 subnets, 32 hostsE. A Class B address can't be subnetted into the fourth octet.




In this VLSM addressing scheme, what summary address would be sent from router A?

A. 172.16.0.0 /16B. 172.16.0.0 /20C. 172.16.0.0 /24D. 172.32.0.0 /16E. 172.32.0.0 /17F. 172.64.0.0 /16




Which is the most efficient summarization that R1 can use to advertise its networks to R2?

A. 172.1.4.0/22B. 172.1.0.0/21

C. 172.1.0.0/22D. 172.1.4.0/25



QUESTION 182You are working in a data center environment and are assigned the address range 10.188.31.0/23. You areasked to develop an IP addressing plan to allow the maximum number of subnets with as many as 30 hostseach. Which IP address range meets these requirements?

A. 10.188.31.0/27B. 10.188.31.0/26C. 10.188.31.0/29D. 10.188.31.0/28E. 10.188.31.0/25



QUESTION 183Given an IP address 172.16.28.252 with a subnet mask of 255.255.240.0, what is the correct network addres?

A. 172.16.16.0B. 172.16.24.0C. 172.16.0.0D. 172.16.28.0




The Lakside Company has the internetwork in the exhibit. The administrator would like to reduce the size ofrouting table on the Central router. Which partial routing table entry in the Central router represents a routesummary that represents the VLANs in Phoenix but no additional subnets?

A. 10.0.0.0/22 is subnetted,1 subnetsD 10.4.0.0[90/20514560] via 10.2.0.2,6w0d,serial0/1

B. 10.0.0.0/28 is subnetted,1 subnetsD 10.2.0.0[90/20514560] via 10.2.0.2,6w0d,serial0/1

C. 10.0.0.0/22 is subnetted,1 subnetsD 10.0.0.0[90/20514560] via 10.2.0.2,6w0d,serial0/1

D. 10.0.0.0/30 is subnetted,1 subnetsD 10.2.2.0[90/20514560] via 10.2.0.2,6w0d,serial0/1

E. 10.0.0.0/28 is subnetted,1 subnetsD 10.4.4.0[90/20514560] via 10.2.0.2,6w0d,serial0/1

F. 10.0.0.0/30 is subnetted,1 subnetsD 10.4.4.4[90/20514560] via 10.2.0.2,6w0d,serial0/1



QUESTION 185which address range efficiently summarizes the routing table of the addresses for router main?

A. 172.16.0.0/18B. 172.16.0.0/16C. 172.16.0.0/20D. 172.16.0.0/21




A new subnet with 60 hosts has been added to the network.Which subnet address should this network use toprovide enough usable addresses while wasting the fewest addresses?

A. 192.168.1.56/27B. 192.168.1.64/26C. 192.168.1.64/27D. 192.168.1.56/26



QUESTION 187The network technician is planning to use the 255.255.255.224 subent mask on the network.which three validIP addresses can the technician use for the hosts? (Choose Three)

A. 172.22.243.127B. 172.22.243.191C. 172.22.243.190D. 10.16.33.98E. 10.17.64.34F. 192.168.1.160

Correct Answer: CDESection: VLSM & IPv4Explanation


QUESTION 188In the implementation of VLSM techniques on a network using a single Class C IP address, which subnet maskis the most efficient for point-to-point serial links?

A. 255.255.255.240B. 255.255.255.254C. 255.255.255.252D. 255.255.255.0E. 255.255.255.248




HostA cannot ping HostB. Assuming routing is properly configured. What could be the cause of this problem?

A. HostA is not on the same subnet as its default gatewayB. The address of SwitchA is a subnet addressC. The Fa0/0 interface on RouterA is on a subnet that cannot be usedD. The serial interfaces of the routers are not on the same subnetE. The Fa0/0 interface on RouterB is using a broadcast address



QUESTION 190Which wild card mask will enable a network administrator to permit access to the Internet for only hosts that areassigned an address in the range of 192.168.8.0 through 192.168.15.255?

A. 0.0.0.0B. 0.0.0.255C. 0.0.255.255D. 0.0.7.255E. 0.0.3.255



QUESTION 191The network administrator is asked to configure 113 point-to-point links. Which IP addressing scheme bestdefines the address range and subnet mask that meet the requirement and waste the fewest subnet and hostaddresses?

A. 10.10.0.0/18 subnetted with mask 255.255.255.252B. 10.10.0.0/25 subnetted with mask 255.255.255.252C. 10.10.0.0/24 subnetted with mask 255.255.255.252D. 10.10.0.0/23 subnetted with mask 255.255.255.252E. 10.10.0.0/16 subnetted with mask 255.255.255.252



QUESTION 192The company internetwork is subnetted using 29 bits. Which wildcard mask should be used to configure anextended access list to permit or deny access to an entire subnetwork?

A. 255.255.255.224B. 255.255.255.248C. 0.0.0.224D. 0.0.0.8E. 0.0.0.7F. 0.0.0.3


Explanation/Reference:29 bits subnet is 8bits + 8bits + 8bits + 5bits255.255.255.(5bits)11111000 = 128+64+32+16+8+0+0+0= 248Subnet is 255.255.255.248Simple method to calculate the Wildcard mask from known subnet is toReverse 1’s into 0’s and 0’s into 1’s from the binary representation of subnet.For above example (248 = 11111000 subnet)11111000 (subnet) = 00000111 (wildcard mask) last octet.= 7 (wildcard mask) for last octet.Converting the remaining first 3 octets of subnet into wildcard mask using above methodResulted wildcard mask is 0.0.0.7

QUESTION 193If an Ethernet port on a router was assigned an IP address of 172.1.1.1/20, what is the maximum number ofhosts allowed on this subnet?

A. 4094B. 1024C. 8190D. 2046E. 4096




Which address and mask combination a summary of the routes learned by EIGRP?

A. 192.168.25.0 255.255.255.240B. 192.168.25.16 255.255.255.252C. 192.168.25.0 255.255.255.252D. 192.168.25.28 255.255.255.240E. 192.168.25.16 255.255.255.240F. 192.168.25.28 255.255.255.240



QUESTION 195A network administrator receives an error message while trying to configure the Ethernet interface of a routerwith IP address 10.24.24.24/29. Which statement explains the reason for it?

A. The address is a broadcast addressB. The Ehernet interface is faultyC. VLSM-capable routing protocols must be enable first on the router.D. This address is a network address.



QUESTION 196HostA pings interface S0/0 on Router3, what will be the TTL value for that ping before it enter Router3?

A. 253B. 252C. 255D. 254



QUESTION 197When variable length subnet masking is used, what does the term route aggregation describe?

A. calculating the total number of available host addresses in the ASB. combining routes to multiple networks into one supernetC. reducing the number of unusable addresses by creating many subnets from one supernetD. reclaiming unused address space by changing the subnet size

Correct Answer: BSection: VLSM & IPv4

Explanation


Route aggregration is an effort to route smaller prefixes via an aggregated larger prefix (supernetting). Theadvantage is obvious: Many /24 networks, for example, could be aggregated to larger networks like /23, /22 oreven bigger prefixes.

QUESTION 198

Select and Place:

Correct Answer:



QUESTION 199

Select and Place:

Correct Answer:



QUESTION 200

Select and Place:

Correct Answer:



QUESTION 201Which two statements are true about the command ip route 172.16.3.0 255.255.255.0 192.168.2.4? (Choosetwo.)

A. It establishes a static route to the 172.16.3.0 network.B. It establishes a static route to the 192.168.2.0 network.C. It configures the router to send any traffic for an unknown destination to the 172.16.3.0 network.D. It configures the router to send any traffic for an unknown destination out the interface with the address

192.168.2.4.E. It uses the default administrative distance.F. It is a route that would be used last if other routes to the same destination exist.

Correct Answer: AESection: IP Routing (incl. Static, default; RIPv1-2 )Explanation



Subnet 10.1.3.0/24 is unknown to router RTB. Which router command will prevent router RTB from dropping apacket destined for the 10.1.3.0/24 network if a default route is configured?

A. IP classlessB. IP default-networkC. Network 10.1.1.0D. Network 10.1.1.0 0.0.0.255 area 0

Correct Answer: ASection: IP Routing (incl. Static, default; RIPv1-2 )Explanation



Assume that the routing protocol referenced in each choice below is configured with its default settings and thegiven routing protocol is running on all the routers. Which two conditional statements accurately state the paththat will be chosen between networks 10.1.0.0 and 10.3.2.0 for the routing protocol mentioned? (Choose two.)

A. If OSPF is the routing protocol, the path will be from R1 to R3 to R4 to R5.B. If OSPF is the routing protocol, the path will be from R1 to R2 to R5.C. If OSPF is the routing protocol, the path will be from R1 to R5.D. If RIPv2 is the routing protocol, the path will be from R1 to R3 to R4 to R5.E. If RIPv2 is the routing protocol, the path will be from R1 to R5.




The Branch router displays knowledge of a route to network 172.16.0.0/16. The actual network number atheadquarters is 172.16.1.0/24. Why does the network number appear as it does in the routing table?

A. The routing protocol on the Branch router has been misconfigured.B. The Branch router has a static route configured for the 172.16.0.0/16 network.C. The Branch router is configured to summarize to classful boundaries.D. The routing protocol on the HQ router is using automatic route summarization.E. The routing protocol that is forwarding this route only sends classful updates.

Correct Answer: DSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation



Which three statements are true about how router JAX will choose a path to the 10.1.3.0/24 network whendifferent routing protocols are configured? (Choose three.)

A. By default, if RIPv2 is the routing protocol, only the path JAX-ORL will be installed into the routing table.B. The equal cost paths JAX-CHI-ORL and JAX- NY-ORL will be installed in the routing table if RIPv2 is the

routing protocol.C. When EIGRP is the routing protocol, only the path JAX-ORL will be installed in the routing table by default.D. When EIGRP is the routing protocol, the equal cost paths JAX-CHI-ORL, and JAX-NY-ORL will be installed

in the routing table by default.E. With EIGRP and OSPF both running on the network with their default configurations, the EIGRP paths will

be installed in the routing table.F. The OSPF paths will be installed in the routing table, if EIGRP and OSPF are both running on the network

with their default configurations.

Correct Answer: ADESection: IP Routing (incl. Static, default; RIPv1-2 )Explanation



RIPv2 is in use on the network with no standard policy in place for summarization. A packet arrives atCentralRouter with a destination IP address of 208.149.23.91. Given the output that is shown, how willCentralRouter process that packet?

A. It will hold the packet for 22 seconds.B. It will forward the packet to 190.171.23.10.C. It will forward the packet to 192.168.33.1.D. It will forward the packet to 190.171.23.12.E. It will discard the packet because there is no matching route.F. It will hold the packet for 21 seconds.

Correct Answer: CSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation

Explanation/Reference:When the packet with the target address 208.149.23.91 reaches CentralRouter, CentralRouter searches itsrouting table but cannot find the routing entry mapping 208.149.23.91, so the default route is used:

S 0.0.0.0/0 [1/0] via 192.168.33.1

The packet is forwarded by CentralRouter to 192.168.33.1.

QUESTION 207Refer to the exhibit

The network administrator must establish a route by which London workstations can forward traffic to theManchester workstations. What is the simplest way to accomplish this?

A. Configure a dynamic routing protocol on London to advertise all routes to Manchester.B. Configure a dynamic routing protocol on London to advertise summarized routes to Manchester.C. Configure a dynamic routing protocol on Manchester to advertise a default route to the London router.D. Configure a static default route on London with a next hop of 10.1.1.1.E. Configure a static route on London to direct all traffic destined for 172.16.0.0/22 to 10.1.1.2.F. Configure Manchester to advertise a static default route to London.

Correct Answer: ESection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


QUESTION 208Refer to the output of the corporate router routing table shown in the graphic:

The corporate router receives an IP packet with a source IP address of 192.168.214.20 and a destinationaddress of 192.168.22.3. What will the router do with this packet?

A. It will encapsulate the packet as Frame Relay and forward it out interface Serial 0/0.117.B. It will discard the packet and send an ICMP Destination Unreachable message out interface FastEthernet

0/0.C. It will forward the packet out interface Serial 0/1 and send an ICMP Echo Reply message out interface serial

0/0.102.D. It will change the IP packet to an ARP frame and forward it out FastEthernet 0/0.

Correct Answer: BSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


QUESTION 209Refer to the topology and command output within the exhibit:

When hosts on the 172.16.5.0 network attempt to ping the remote server at 192.168.145.27, the message"Reply from 192.168.145.27:TTL expired in transit" is returned. What is the cause of this problem?

A. No static route is configured on the SOHO router to the 192.168.145.0 network.B. No static route is configured on the ISP router to the 192.168.145.0 network.C. A routing protocol must be configured to send packets between SOHO and ISP.D. A routing loop has occurred.



QUESTION 210Which of the following commands will configure a default route to any destination network not found in therouting table?

A. Router(config)# ip default-route 0.0.0.0 255.255.255.255 s0B. Router(config)# ip route 0.0.0.0 255.255.255.255 s0C. Router(config)# ip default-route 0.0.0.0 s0D. Router(config)# ip route 0.0.0.0 0.0.0.0 s0E. Router(config)# ip route any any e0



QUESTION 211Users on the 172.17.22.0 network cannot reach the server located on the 172.31.5.0 network. The networkadministrator connected to router Coffee via the console port, issued the show ip route command, Based on theoutput of the show ip route command and the topology shown in the graphic, what is the cause of the failure?

A. The network has not fully converged.B. IP routing is not enabled.C. A static route is configured incorrectly.D. The FastEthernet interface on Coffee is disabled.

E. The neighbor relationship table is not correctly updated.F. The routing table on Coffee has not updated .



QUESTION 212Which command is used to configure a default route?

A. ip route 172.16.1.0 255.255.255.0 0.0.0.0

B. ip route 172.16.1.0 255.255.255.0 172.16.2.1

C. ip route 0.0.0.0 255.255.255.0 172.16.2.1

D. ip route 0.0.0.0 0.0.0.0 172.16.2.1



QUESTION 213If IP routing is enabled, which two commands set the gateway of last resort to the default gateway? (Choosetwo.)

A. ip default-gateway 0.0.0.0

B. ip route 172.16.2.1 0.0.0.0 0.0.0.0

C. ip default-network 0.0.0.0

D. ip default-route 0.0.0.0 0.0.0.0 172.16.2.1

E. ip route 0.0.0.0 0.0.0.0 172.16.2.1

Correct Answer: CESection: IP Routing (incl. Static, default; RIPv1-2 )Explanation



Communication with the Internet is vital to all networks belonging to the corporation. On which of the fourrouters shown in the graphic should a default route be configured, assuming that a routing protocol is beingused to distribute the default route?

A. AB. BC. CD. ISP



QUESTION 215What must be set correctly when configuring a serial interface so that higher-level protocols calculate the bestroute?

A. bandwidthB. delayC. loadD. reliability



QUESTION 216What are two characteristics of RIPv2? (Choose two.)

A. classful routing protocol

B. variable-length subnet masksC. broadcast addressingD. manual route summarizationE. uses SPF algorithm to compute path

Correct Answer: BDSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


QUESTION 217What two things will a router do when running a distance vector routing protocol? (Choose two.)

A. Send periodic updates regardless of topology changes.B. Send entire routing table to all routers in the routing domain.C. Use the shortest-path algorithm to the determine best path.D. Update the routing table based on updates from their neighbors.E. Maintain the topology of the entire network in its database.

Correct Answer: ADSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation



Which (config-router) command will allow the network represented on the interface to be advertised by RIP?

A. redistribute ethernet0

B. network ethernet0

C. redistribute 10.12.0.0

D. network 10.12.0.0



QUESTION 219

Refer to the exhibit:

What information can be gathered from the output?

A. One router is running RIPv1.B. RIP neighbor is 224.0.0.9.C. The network contains a loop.D. Network 10.10.1.0 is reachable.



QUESTION 220Use the output from the router shown in the graphic above to determine which of the following are correct.(Choose two.)

A. Router John uses a link-state routing protocol.B. Router John will receive routing updates on the Serial0/0 interface.C. Router John will receive routing updates on the Serial0/1 interface.D. Router John will send routing updates out the Serial0/0 interface.E. Router John will send routing updates out the FastEthernet0/0 interface.F. Router John will send routing updates out the Serial0/1 interface.

Correct Answer: BDSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


QUESTION 221Which series of commands will configure router R1 for LAN-to-LAN communication with router R2? Theenterprise network address is 192.1.1.0/24 and the routing protocol in use is RIPv2. (Choose three.)

A. R1(config)# interface ethernet 0R1(config-if)# ip address 192.1.1.129 255.255.255.192R1(config-if)# no shutdown

B. R1(config)# interface ethernet 0R1(config-if)# ip address 192.1.1.97 255.255.255.192R1(config-if)# no shutdown

C. R1(config)# interface serial 0R1(config-if)# ip address 192.1.1.4 255.255.255.252R1(config-if)# clock rate 56000

D. R1(config)# interface serial 0R1(config-if)# ip address 192.1.1.6 255.255.255.252R1(config-if)# no shutdown

E. R1(config)# router ripR1(config-router)# network 192.1.1.4R1(config-router)# network 192.1.1.128

F. R1(config)# router ripR1(config-router)# version 2R1(config-router)# network 192.1.1.0

Correct Answer: ADFSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


QUESTION 222Which routing protocols can be used within the enterprise network shown in the diagram? (Choose three.)

A. RIP v1B. RIP v2C. IGRPD. OSPFE. BGPF. EIGRP

Correct Answer: BDFSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


RIPv1 & IGRP can not be used in this network because they do not support Variable Length Subnet Masking(VLSM) -> A and C are not correct.

BGP is a complicated routing protocol between different network (usually very big) or different AutonomousSystem. For example BGP can be used between two Internet Service Providers (ISP). The above network is

very small in an enterprise so BGP is not a suitable choice -> E is not correct.

RIPv2 supports VLSM and can be used in networks which have less than 15 routers -> B is correct.

OSPF and EIGRP can be always used in most of enterprise networks -> D F are correct.

(But notice that EIGRP is a Cisco-proprietary routing protocol so it can be used in Cisco routers only)

QUESTION 223Which routing protocols will support the following IP addressing scheme? (Choose three.)

Network 1 - 192.168.10.0 /26

Network 2 - 192.168.10.64 /27

Network 3 - 192.168.10.96 /27

Network 4 - 192.168.10.128 /30

Network 5 - 192.168.10.132 /30

A. RIP version 1B. RIP version 2C. IGRPD. EIGRPE. OSPF

Correct Answer: BDESection: IP Routing (incl. Static, default; RIPv1-2 )Explanation



Host 1 cannot receive packets from Host 2. Assuming that RIP v1 is the routing protocol in use, what is wrongwith the IP configuration information shown? (Choose two.)

A. The fa0/1 interface of router R2 has been assigned a broadcast address.B. The fa0/1 network on router R2 overlaps with the LAN attached to R1.C. Host 2 has been assigned the incorrect subnet mask.D. Host 1 has been configured with the 255.255.248.0 subnet mask.E. Host 2 on router R2 is on a different subnet than its gateway.

Correct Answer: BCSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


The fa0/1 interface of R2 is assigned an IP address of 10.1.40.255/20. It seems to be a broadcast address butit is not. If we calculate the range of this network we will understand why:

Network 10.1.40.255/20Increment: 16 (/20 = 1111 1111.1111 1111.1111 0000.0000 0000)Network address: 10.1.32.0Broadcast address: 10.1.47.255-> 10.1.40.255/20 is an usable host address -> A is not correct.

The IP address of host 1 (10.1.32.48) belongs to the range of interface fa0/1 on R2 as shown above -> B iscorrect.

In the topology above, all subnet masks are /20 (255.255.240.0) excepting the subnet mask of Host 2(255.255.252.0), so Host 2 subnet mask is incorrect. -> C is correct

The subnet mask of Host 1 is 255.255.240.0, not 255.255.248.0 -> D is not correct.

Host 2 is not on a different subnet than its gateway even if the subnet mask 255.255.252.0 is used. Let’sanalyze the range of Host 2 network:

Network 10.1.40.96/22Increment: 4Network address: 10.1.40.0Broadcast address: 10.1.43.255

Its gateway (10.1.40.255) is still belongs to this range -> E is not correct.

Note: In this question, C is the best suitable answer after eliminating A, D, E answers. But in fact Host 2 canping its gateway because they are on the same subnet.


Host A is to send data to Host B. How will Router1 handle the data frame received from Host A? (Choosethree.)

A. Router1 will strip off the source MAC address and replace it with the MAC address on the forwardingFastEthernet interface.

B. Router1 will strip off the source IP address and replace it with the IP address on the forwardingFastEthernet interface.

C. Router1 will strip off the destination MAC address and replace it with the MAC address of Host B.D. Router1 will strip off the destination IP address and replace it with the IP address of Host B.E. Router1 will forward the data frame out interface FastEthernet0/1.F. Router1 will forward the data frame out interface FastEthernet0/2.

Correct Answer: ACFSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


While transferring data through many different networks, the source and destination IP addresses are notchanged. Only the source and destination MAC addresses are changed. So in this case, Host A will use the IPaddress of Host B and the MAC address of Fa0/0 interface to send data. When the router receives this data, itreplaces the source MAC address with it own Fa0/2 interface’s MAC address and replaces the destination MACaddress with Host B’s MAC address before sending to Host B -> A, C and F are correct.

QUESTION 226What can be determined from the line of show ip route output shown in the exhibit? (Choose two.)

A. The next routing update can be expected in 35 seconds.B. The IP address 10.10.10.6 is configured on S0/1.C. The IP address 10.10.10.8 is configured on S0/1.D. This route is using the default administrative distance.

E. The 10.10.10.8 network is two hops away from this router.

Correct Answer: DESection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


QUESTION 227What is an appropriate use of a default route?

A. to provide routing to a local web serverB. to provide routing from an ISP to a stub networkC. to provide routing that will override the configured dynamic routing protocolD. to provide routing to a destination that is not specified in the routing table and which is outside the local

network




Two routers have just been configured by a new technician. All interfaces are up. However, the routers are notsharing their routing tables. What is the problem?

A. Split horizon is preventing Router2 from receiving routing information from Router1.B. Router1 is configured for RIP version 2 and Router2 is configured for RIP version 1.C. Router1 has an ACL that is blocking RIP version 2.D. There is a physical connectivity problem between Router1 and Router2.E. Router1 is using authentication and Router2 is not.



QUESTION 229A medium-sized company has a Class C IP address. It has two Cisco routers and one non-Cisco router. All

three routers are using RIP version 1. The company network is using the block of 198.133.219.0/24. Thecompany has decided it would be a good idea to split the network into three smaller subnets and create theoption of conserving addresses with VLSM. What is the best course of action if the company wants to have 40hosts in each of the three subnets?

A. Convert all the routers to EIGRP and use 198.133.219.32/27, 198.133.219.64/27, and 198.133.219.92/27 asthe new subnetworks.

B. Maintain the use of RIP version 1 and use 198.133.219.32/27, 198.133.219.64/27, and 133.219.92/27 asthe new subnetworks.

C. Convert all the routers to EIGRP and use 198.133.219.64/26, 198.133.219.128/26, and 133.219.192/26 asthe new subnetworks.

D. Convert all the routers to RIP version 2 and use 198.133.219.64/26, 198.133.219.128/26, and133.219.192/26 as the new subnetworks.

E. Convert all the routers to OSPF and use 198.133.219.16/28, 198.133.219.32/28, and 198.133.219.48/28 asthe new subnetworks.

F. Convert all the routers to static routes and use 198.133.219.16/28, 198.133.219.32/28, and198.133.219.48/28 as the new subnetworks.



QUESTION 230What is the default routing update period for RIPv2?

A. 15 secondsB. 30 secondsC. 180 secondsD. 240 seconds




S0/0 on R1 is configured as a multipoint interface to communicate with R2 and R3 in the hub-and-spoke FrameRelay topology. While testing this configuration, a technician notes that pings are successfully from hosts on the172.16.1.0/24 network to hosts on both the 172.16.2.0/25 and 172.16.0.2.128/25 networks. However, pingsbetween hosts on the 172.16.2.0/25 and 172.16.2.128/25 network are not successful. What could explain thisconnectivity problem?

A. The ip subnet-zero command has been issued on the R1 router.B. The RIPv2 dynamic routing protocol cannot be used across a Frame Relay network.C. Split horizon is preventing R2 from learning about the R3 networks and R3 from learning about R2

networks.D. The 172.16.2.0/25 and 172.16.2.128/25 networks are overlapping networks that can be seen by R1, but not

between R2 and R3.E. The 172.16.3.0/29 network used on the Frame Relay links is creating a discontiguous network between the

R2 and R3 router subnetworks.




After a RIP route is marked invalid on Router_1, how much time will elapse before that route is removed fromthe routing table?

A. 30 secondsB. 60 secondsC. 90 secondsD. 180 secondsE. 240 seconds




A network associate has configured the internetwork that is shown in the exhibit, but has failed to configurerouting properly. Which configuration will allow the hosts on the Branch LAN to access resources on the HQLAN with the least impact on router processing and WAN bandwidth?

A. HQ(config)# ip route 192.168.1.0 255.255.255.0 192.168.2.5Branch(config)# ip route 172.16.25.0 255.255.255.0 192.168.2.6

B. HQ(config)# router ripHQ(config-router)# network 192.168.2.0HQ(config-router)# network 172.16.0.0Branch(config)# router ripBranch(config-router)# network 192.168.1.0Branch(config-router)# network 192.168.2.0

C. HQ(config)# router eigrp 56HQ(config-router)# network 192.168.2.4HQ(config-router)# network 172.16.25.0Branch(config)# router eigrp 56Branch(config-router)# network 192.168.1.0Branch(config-router)# network 192.168.2.4

D. HQ(config)# router ospf 1HQ(config-router)# network 192.168.2.4 0.0.0.3 area 0HQ(config-router)# network 172.16.25.0 0.0.0.255 area 0Branch(config)# router ospf 1Branch(config-router)# network 192.168.1.0 0.0.0.255 area 0



By configuring static route, we can minimize the router processing and WAN bandwidth.

QUESTION 234S0/0 on R1 is configured as a multipoint interface to communicate with R2 and R3 in the hub-and-spoke FrameRelay topology shown in the exhibit. Originally, static routes were configured between these routers tosuccessfully route traffic between the attached networks. What will need to be done in order to use RIPv2 inplace of the static routes?

A. Configure the no ip subnet-zero command on R1, R2, and R3.B. Dynamic routing protocols such as RIPv2 cannot be used across Frame Relay networks.C. Configure the S0/0 interface on R1 as two subinterfaces and configure point-to-point links to R2 and R3.D. Change the 172.16.2.0/25 and 172.16.2.128/25 subnetworks so that at least two bits are borrowed from the

last octet.E. Change the network address configuration to eliminate the discontiguous 172.16.2.0/25 and

172.16.2.128/25 subnetwork.




The network administrator requires easy configuration options and minimal routing protocol traffic.Which twooptions provide adequate routing table information for traffic that passes between the two routers and satisfythe requests of the network administrator? (Choose Two)

A. a dynamic routing procotol on InternetRouter to advertise summarized routers to CentralRouter.B. a dynamic routing procotol on CentralRouter to advertise summarized routers to InternetRouter.C. a static route on InternetRouter to direct traffic that is destined for 172.16.0.0/16 to CentralRouter.D. a dynamic routing procotol on InternetRouter to advertise all routes to CentralRouer.E. a dynamic routing procotol on CentralRouer to advertise all routes to InternetRouterF. a static,default route on CentralRouter that directs traffic to InternetRouter.

Correct Answer: CFSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


QUESTION 236Which two statements describe the advantages to the use of RIP over the use of OSPF? (Choose two)

A. RIP requires less time to convergeB. RIP uses less bandwidthC. RIP is less complex to configureD. RIP demands fewer router resourcesE. RIP has a more accurate metric

Correct Answer: CDSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


QUESTION 237A router receives information about network 192.168.10.0/24 from multiple sources. What will the routerconsider the most reliable information about the path to that network?

A. an OSPF update for network 192.168.0.0/16B. a static router to network 192.168.10.0/24C. a static router to network 192.168.10.0/24 with a local serial interface configured as the next hopD. a RIP update for network 192.168.10.0/24E. a directly connected interface with an address of 192.168.10.254/24F. a default route with a next hop address of 192.168.10.1

Correct Answer: ESection: IP Routing (incl. Static, default; RIPv1-2 )Explanation



Based on the exhibited routing table, how will packets from a host within the 192.168.10.192/26 LAN beforwarded to 192.168.10.1?

A. The router will forward packets from R3 to R2 to R1B. The router will forward packets from R3 to R1C. The router will forward packets from R3 to R1 to R2D. The router will forward packets from R3 to R2 to R1 AND from R3 to R1

Correct Answer: D

Section: IP Routing (incl. Static, default; RIPv1-2 )Explanation


From the routing table we learn that network 192.168.10.0/30 is learned via 2 equal-cost paths (192.168.10.9&192.168.10.5) -> traffic to this network will be load-balancing.


Explain how the routes in the table are being affected by the status change on interface Ethernet0.

A. The router is poisoning the routes and multicasting the new path costs via interface Ethernet1.B. The router is receiving updates about unreachable networks from router that are connected to interface

Ethernet1.C. The router is poisoning the routes and broadcasting the new path costs via interface Ethernet1.D. The router is requesting updates for these networks from routers that are connected to interface Etherne1.



Poison reverse: When path information becomes invalid, routers will not immediately remove them from therouting table, but use 16, an inaccessible metric value, to broadcast it out.Although thisincreases the size of therouting table, but is helpful for the elimination of routing cycle, it can immediately remove any loop betweenadjacent routers.

The purpose of route poisoning is to avoid problems caused by inconsistent updates and to prevent networkloops. According to exhibit, the interfaces went to the down state so the affectedroutes were poisoned and removed and an update to the multicast IP address of 224.0.0.9 was sent oninterface Ethernet1.

QUESTION 240

What is the most likely reason for the dispartly between the actual network numbers at the branches and theroutes in the routing table on Gateway-Router?

A. Branch-Router2 is configured to send both RIPv1 and RIPv2 updates.B. Gateway-Router is configured to only receive RIPv2 updates.C. Gateway-router is configured to receive only RIPv1 updates.D. Branch-Router1 is configured to only send RIPv1 updates



QUESTION 241Which two statements are characteristics of a distance vector routing protocol? (Choose two)

A. RIP is an example of distance vector routing protocols.B. Updates are periodic and include the entire routing table.C. Routing updates are sent only after topology changesD. The protocol can be useful in hub-and-spoke and hierarchical networks.E. Convergence is usually faster than with link state protocolsF. Each router has its own view of the topology

Correct Answer: ABSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


QUESTION 242Which of the following are true regarding the debug output shown in the graphic? (Choose Two)

A. This router was configured with the commands:RtrA(config)#router ripRtrA(config-router)#version 2RtrA(config-router)#network 172.16.0.0RtrA(config-router)#network 10.0.0.0

B. This router was configured with the commands:RtrA(config)#router ripRtrA(config-router)#network 172.16.0.0RtrA(config-router)#network 10.0.0.0

C. Network 10.0.0.0 will be displayed in the routing table.D. Network 192.168.168.0 will be displayed in the routing table.E. This router was configured with the commands:

RtrA(config)#router ripRtrA(config-router)#network 192.168.1.0RtrA(config-router)#network 10.0.0.0RtrA(config-router)#network 192.168.168.0

F. split-horizon was disabled on this router.

Correct Answer: BCSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


QUESTION 243Which parameter can be tuned to affect the selection of a static route as a backup when a dynamic protocol isalso being used?

A. link bandwidthB. hop countC. link costD. administrative distance

E. link delay



QUESTION 244Which statement is true, as relates to classful or classless routing?

A. RIPV1 and OSPF are classless routing protocols.B. Classful routing protocols send the subnet mask in routing updates.C. Automatic summarization at classful boundaries can cause problems on discontigous networks.D. EIGRP and OSPF are classful routing protocols and summarize routes by default.



QUESTION 245The speed of all serial links is E1 and the speed of the all other links is 100Mb/s. A static route will beestablished on the Manchester router to direct traffic toward to the internet over the most direct path available.What configuration of the Manchester router will establish a route toward to the internet for traffic fromworkstation on the Manchester LAN?

A. ip route 0.0.0.0 255.255.255.0 172.16.100.2

B. ip route 0.0.0.0 255.255.255.252 128.107.1.1C. ip route 0.0.0.0 0.0.0.0 128.107.1.1D. ip route 0.0.0.0 0.0.0.0 172.16.100.1E. ip route 0.0.0.0 255.255.255.255 172.16.100.2F. ip route 0.0.0.0 0.0.0.0 172.16.100.2

Correct Answer: FSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


Maybe “the most direct path available” here means via R2 because it is directly connected with the Internetwhile the London path needs to go through R1. So we need a command to send traffic to R2 and the correctcommand is “ip route 0.0.0.0 0.0.0.0 172.16.100.2″.

QUESTION 246Which two are advantages of static routing when compared to dynamic routing? (Choose two)

A. Security increases because only the network administrator may change the routing tables.B. Configuration complexity decreases as network size increases.C. Routing updates are automatically sent to neighbors.D. Route summarization iscompued automatically by the router.E. Routing traffic load is reduced when used in stub network linksF. An efficient algorithm is used to build routing tables,using automatic updates.G. Routing tables adapt automatically to topology changes.



QUESTION 247You work as a network technician in a Company. Please study the exhibit carefully.

The router console screen is rapidly displaying line after line of output similar to what is shown in the exhibit.The help desk has called to say that users are reporting a slowdown in the network. What will solve thisproblem while not interrupting network operation?

A. Press the CTRL+C keys.B. Save the configuration and reboot the router.

C. Enter the no debug all command.D. Use the show processes command.



QUESTION 248Which of the following are true regarding the command output shown in the display? (Choose two.)

A. There are at least two routers participating in the RIP process.B. A ping to 10.0.15.2 will be successful.C. RtrA has three interfaces participating in the RIP process.D. A ping to 192.168.168.2 will be successful.

Correct Answer: ABSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation



What will Router1 do when it receives the data frame shown? (Choose three.)

A. Router1 will strip off the source MAC address and replace it with the MAC address 0000.0c36.6965.B. Router1 will strip off the source IP address and replace it with the IP address 192.168.40.1.C. Router1 will strip off the destination MAC address and replace it with the MAC address 0000.0c07.4320.D. Router1 will strip off the destination IP address and replace it with the IP address of 192.168.40.1.E. Router1 will forward the data packet out interface FastEthernet0/1.F. Router1 will forward the data packet out interface FastEthernet0/2.

Correct Answer: ACFSection: IP Routing (incl. Static, default; RIPv1-2 )Explanation


While transferring data through many different networks, the source and destination IP addresses are notchanged. Only the source and destination MAC addresses are changed. So in this case, Host A will use the IPaddress of Host B and the MAC address of Fa0/0 interface to send data. When the router receives this data, itreplaces the source MAC address with it own Fa0/2 interface’s MAC address and replaces the destination MACaddress with Host B’s MAC address before sending to Host B -> A, C and F are correct.


A packet with a source IP address of 192.168.2.4 and a destination IP address of 10.1.1.4 arrives at theHokesB router. What action does the router take?

A. forwards the received packet out the Serial0/0 interfaceB. forwards a packet containing an EIGRP advertisement out the Serial0/1 interfaceC. forwards a packet containing an ICMP message out the FastEthernet0/0 interfaceD. forwards a packet containing an ARP request out the FastEthernet0/1 interface


Explanation/Reference:Explanation:


Router A has interfaces with addresses 192.168.1.1 and 172.16.1.1.Router B,which is connected to router Aover a serial link, has interfaces with address 172.16.1.2 and 10.1.1.2. Which sequence of commands willconfigure RIPv2 on router B?

A.

B.

C.

D.



QUESTION 252The Ethernet 0 interface of a router was configured with address 10.64.0.1 255.224.0.0 while the Ethernet 1interface was configured with address 10.96.0.1/11. Which commands could be used to configure RIP version1 on this router to advertise both networks to neighboring routers? (Choose two.)

A. Router(config)# router ripRouter(config-router)# network 10.0.0.0 255.224.0.0

B. Router(config)# router ripRouter(config-router)# network 10.64.0.1 255.224.0.0Router(config-router)# network 10.96.0.1 255.224.0.0

C. Router(config)# router ripRouter(config-router)# network 10.0.0.0

D. Router(config)# router ripRouter(config-router)# network 10.64.0.0Router(config-router)# network 10.96.0.0




A static route to the 10.5.6.0/24 network is to be configured on the HFD router. Which commands willaccomplish this? (Choose two.)

A. HFD(config)# ip route 10.5.6.0 0.0.0.255 fa0/0B. HFD(config)# ip route 10.5.6.0 0.0.0.255 10.5.4.6C. HFD(config)# ip route 10.5.6.0 255.255.255.0 fa0/0D. HFD(config)# ip route 10.5.6.0 255.255.255.0 10.5.4.6E. HFD(config)# ip route 10.5.4.6 0.0.0.255 10.5.6.0F. HFD(config)# ip route 10.5.4.6 255.255.255.0 10.5.6.0



QUESTION 254Refer to the output of the two show commands in the exhibit:

If an administrator tries to ping host 10.1.8.5 from host 10.1.6.100, how will the ICMP packets be processed byRouter A?

A. The packets will be discarded.B. The packets will be routed out the S0/0 interface.C. The packets will be routed out the S0/1 interface.D. The packets will be routed out the Fa0/0 interface.



QUESTION 255Refer to the displayed graphic:

RtrB and RtrC are configured for RIPv1 and have complete connectivity. RtrA is added to the network. What isthe most appropriate RtrA configuration for full connectivity?

A. RtrA(config)# router rip

RtrA(config-router)# network 10.0.0.0RtrA(config-router)# network 172.16.0.0RtrA(config-router)# network 192.168.1.0

B. RtrA(config)# router ripRtrA(config-router)# network 10.0.0.0

C. RtrA(config)# router ripRtrA(config-router)# network 10.0.0.0RtrA(config-router)# network 172.16.0.0

D. RtrA(config)# router ripRtrA(config-router)# network 10.0.0.0RtrA(config-router)# network 192.168.1.0




Users on WS1 and WS2 are unable to reach the SR1 and SR2 servers to gain the files needed. A ping fromthe workstations WS1 and WS2 to the gateway address 192.168.2.1 is successful. Which IOS commandshould the IT administrator issue on RTA to troubleshoot the problem?

A. show ip route

B. configure terminal

C. show startup-config

D. show ip interface FastEthernet0/0



show ip route command displays the routing table which provides the information about networks the routerhas routes.

QUESTION 257

Select and Place:

Correct Answer:



QUESTION 258The left provides some routing protocols, while the right gives several Cisco default administrator distances.Drag the items on the right to the proper locations.

Select and Place:

Correct Answer:



QUESTION 259

Select and Place:

Correct Answer:



QUESTION 260

Select and Place:

Correct Answer:




Which two statements are true about the loopback address that is configured on RouterB? (Choose two.)

A. It ensures that data will be forwarded by RouterB.B. It provides stability for the OSPF process on RouterB.C. It specifies that the router ID for RouterB should be 10.0.0.1.D. It decreases the metric for routes that are advertised from RouterB.

E. It indicates that RouterB should be elected the DR for the LAN.

Correct Answer: BCSection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 262OSPF routing uses the concept of areas. What are the characteristics of OSPF areas? (Choose three.)

A. Each OSPF area requires a loopback interface to be configured.B. Areas may be assigned any number from 0 to 65535.C. Area 0 is called the backbone area.D. Hierarchical OSPF networks do not require multiple areas.E. Multiple OSPF areas must connect to area 0.F. Single area OSPF networks must be configured in area 1.

Correct Answer: BCESection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 263What information does a router running a link-state protocol use to build and maintain its topological database?(Choose two.)

A. hello packetsB. SAP messages sent by other routersC. LSAs from other routersD. beacons received on point-to-point linksE. routing tables received from other link-state routersF. TTL packets from designated routers

Correct Answer: ACSection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 264Which statements describe the routing protocol OSPF? (Choose three.)

A. It supports VLSM.B. It is used to route between autonomous systems.C. It confines network instability to one area of the network.D. It increases routing overhead on the network.E. It allows extensive control of routing updates.F. It is simpler to configure than RIPv2.

Correct Answer: ACESection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 265The internetwork infrastructure of company XYZ consists of a single OSPF area as shown in the graphic. Thereis concern that a lack of router resources is impeding internetwork performance. As part of examining therouter resources, the OSPF DRs need to be known. All the router OSPF priorities are at the default and therouter IDs are shown with each router. Which routers are likely to have been elected as DR? (Choose two.)

A. Corp-1B. Corp-2C. Corp-3D. Corp-4E. Branch-1F. Branch-2

Correct Answer: DFSection: IP Routing (EIGRP & OSPF)Explanation



R1 is unable to establish an OSPF neighbor relationship with R3. What are possible reasons for this problem?(Choose two.)

A. All of the routers need to be configured for backbone Area 1.B. R1 and R2 are the DR and BDR, so OSPF will not establish neighbor adjacency with R3.C. A static route has been configured from R1 to R3 and prevents the neighbor adjacency from being

established.D. The hello and dead interval timers are not set to the same values on R1 and R3.E. EIGRP is also configured on these routers with a lower administrative distance.F. R1 and R3 are configured in different areas.

Correct Answer: DFSection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 267Which statements are true about EIGRP successor routes? (Choose two.)

A. A successor route is used by EIGRP to forward traffic to a destination.B. Successor routes are saved in the topology table to be used if the primary route fails.C. Successor routes are flagged as "active" in the routing table.D. A successor route may be backed up by a feasible successor route.E. Successor routes are stored in the neighbor table following the discovery process.

Correct Answer: ADSection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 268Refer to the exhibit. A network associate has configured OSPF with the command:

City(config-router)# network 192.168.12.64 0.0.0.63 area 0

After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF.Which three of the interfaces shown in the exhibit will participate in OSPF according to this configurationstatement? (Choose three.)

A. FastEthernet0 /0B. FastEthernet0 /1C. Serial0/0D. Serial0/1.102E. Serial0/1.103F. Serial0/1.104

Correct Answer: BCDSection: IP Routing (EIGRP & OSPF)Explanation



Assume that all of the router interfaces are operational and configured correctly. How will router R2 be affectedby the configuration of R1 that is shown in the exhibit?

A. Router R2 will not form a neighbor relationship with R1.B. Router R2 will obtain a full routing table, including a default route, from R1.C. R2 will obtain OSPF updates from R1, but will not obtain a default route from R1.D. R2 will not have a route for the directly connected serial network, but all other directly connected networks

will be present, as well as the two networks connected to R1.

Correct Answer: BSection: IP Routing (EIGRP & OSPF)Explanation



From RouterA, a network administrator is able to ping the serial interface of RouterB but unable to ping any ofthe subnets attached to RouterB. Based on the partial outputs in the exhibit, what could be the problem?

A. EIGRP does not support VLSM.B. The EIGRP network statements are incorrectly configured.C. The IP addressing on the serial interface of RouterA is incorrect.D. The routing protocol has summarized on the classful boundary.E. EIGRP has been configured with an invalid autonomous system number.

Correct Answer: DSection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 271What are three characteristics of the OSPF routing protocol? (Choose three.)

A. It converges quickly.B. OSPF is a classful routing protocol.C. It uses cost to determine the best route.D. It uses the DUAL algorithm to determine the best route.E. OSPF routers send the complete routing table to all directly attached routers.F. OSPF routers discover neighbors before exchanging routing information.

Correct Answer: ACFSection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 272A router has learned three possible routes that could be used to reach a destination network. One route is fromEIGRP and has a composite metric of 20514560. Another route is from OSPF with a metric of 782. The last isfrom RIPv2 and has a metric of 4. Which route or routes will the router install in the routing table?

A. the OSPF routeB. the EIGRP routeC. the RIPv2 routeD. all three routesE. the OSPF and RIPv2 routes



QUESTION 273Which two statements are true regarding EIGRP? (Choose two.)

A. Passive routes are in the process of being calculated by DUAL.B. EIGRP supports VLSM, route summarization, and routing update authentication.C. EIGRP exchanges full routing table information with neighboring routers with every update.D. If the feasible successor has a higher advertised distance than the successor route, it becomes the primary

route.E. A query process is used to discover a replacement for a failed route if a feasible successor is not identified

from the current routing information.

Correct Answer: BESection: IP Routing (EIGRP & OSPF)Explanation



How many paths can the EIGRP routing process use to forward packets from HQ_Router to a neighbor router?

A. two equal-cost pathsB. two unequal-cost pathsC. three equal-cost pathsD. three unequal-cost pathsE. four equal-cost pathsF. four unequal-cost paths

Correct Answer: FSection: IP Routing (EIGRP & OSPF)Explanation


The “Maximum path: 4″ means EIGRP can use up to 4 equal-cost paths to forward packets from HQ_Router toa neighbor router. But here the variance is set to 3 which allows unequal-cost paths. Therefore in this caseEIGRP can use up to four unequal-cost paths.


When running OSPF, what would cause router A not to form an adjacency with router B?

A. The loopback addresses are on different subnets.B. The value of the dead timers on the router are different.C. Route summarization is enabled on both routers.D. The process indentifier on router A is different than the process identifier on router B.




The network is converged.After link-state advertisements are received from Router_A, what information willRouter_E contain in its routing table for the subnets 208.149.23.64 and 208.149.23.96?

A. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, FastEthernet0/0208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, FastEthernet0/0

B. 208.149.23.64[110/1] via 190.173.23.10, 00:00:00:07, Serial1/0208.149.23.96[110/3] via 190.173.23.10, 00:00:00:16, FastEthernet0/0

C. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, Serial1/0208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, Serial1/0208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, FastEthernet0/0

D. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, Serial1/0208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, Serial1/0

Correct Answer: ASection: IP Routing (EIGRP & OSPF)Explanation


Router_E learns two subnets subnets 208.149.23.64 and 208.149.23.96 via Router_A through FastEthernetinterface. The interface cost is calculated with the formula 108 / Bandwidth. For FastEthernet it is 108 / 100Mbps = 108 / 10,000,000,000 = 1. Therefore the cost is 12 (learned from Router_A) + 1 = 13 for both subnets -> B is not correct.

The cost through T1 link is much higher than through T3 link (T1 cost = 108 / 1.544 Mbps = 64; T3 cost = 108 /45 Mbps = 2) so surely OSPF will choose the path through T3 link -> Router_E will choose the path fromRouter_A through FastEthernet0/0, not Serial1/0 -> C & D are not correct.

In fact, we can quickly eliminate answers B, C and D because they contain at least one subnet learned fromSerial1/0 -> they are surely incorrect.


The company uses EIGRP as the routing protocol. What path will packets take from a host on192.168.10.192/26 network to a host on the LAN attached to router R1?

A. The path of the packets will be R3 to R2 to R1.B. The path of the packets will be R3 to R1 to R2.C. The path of the packets will be both R3 to R2 to R1 and R3 to R1.D. The path of the packets will be R3 to R1



Host on the LAN attached to router R1 belongs to 192.168.10.64/26 subnet. From the output of the routingtable of R3 we learn this network can be reach via 192.168.10.9, which is an IP address in 192.168.10.8/30network (the network between R1 & R3) -> packets destined for 192.168.10.64 will be routed from R3 -> R1 ->LAN on R1.


Given the output from the show ip eigrp topology command, which router is the feasible successor?

A.

B.

C.

D.



The AD of the feasible successor must be smaller than the FD of successor. From the output provided in theexhibit, we know that the FD of successor is 41152000.

In the option A, the AD is 41640000In the option B , the AD is 128256In the option C, the AD is 46354176In the option D, the AD is 46251776.

Through comparison, we know that only the AD in option B is smaller than FD, so B can be used as feasiblesuccessor.


When running EIGRP, What is required for RouterA to exchange routing updates with RouterC?

A. AS numbers must be changed to match on all the routers.B. Loopback interface must be configured so a DR is elected.C. The no auto-summary command is needed on Router A and Router C.

D. Router B needs to have two network statements, one for each connected network.



QUESTION 280IP address and routing for the network are configured as shown in the exhibit:

The network administrator issues the show ip eigrp neighbors command from Router1 and receives the outputshown below the topology. Which statement is true?

A. It is normal for Router1 to show one active neighbor at a time to prevent routing loops.B. Routing is not completely configured on Router3.C. The IP addresses are not configured properly on the Router1 and Router3 interfaces.D. The no auto-summary command configured on the routers prevents Router1 and Router2 from forming a

neighbor relationship.



From the output of Router1, we learn that Router1 has not established neighborship with R3 yet. Also from the“show running-config” on Router3 we notice that the “network 192.168.3.0″ statement is missing -> theconfiguration on Router3 is not complete.


Given the output for this command, if the router ID has not been manually set, what router ID will OSPF use forthis RouterD?

A. 10.1.1.2B. 10.154.154.1C. 172.16.5.1D. 192.168.5.3

Correct Answer: CSection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 282Which commands are required to to properly configure a router to run OSPF and to add network192.168.16.0/24 to OSPF area 0? (choose two)

A. Router(config)#router ospf 1B. Router(config)#router ospf 0C. Router(config)#router ospf area 0D. Router(config-router)#network 192.168.16.0 0.0.0.255 area 0E. Router(config-router)#network 192.168.16.0 0.0.0.255 0F. Router(config-router)#network 192.168.16.0 255.255.255.0 area 0

Correct Answer: ADSection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 283Which parameter or parameters are used to calculate OSPF cost in Cisco routers?

A. Bandwidth, Delay, and MTUB. BandwidthC. Bandwidth and MTUD. Bandwidth, MTU, Reliability, Delay, and Load




Why are two OSPF designated routers designated routers identified on Core-Router?

A. Core-Router is connected more than one multi-access networkB. The router at 208.149.23.130 is a secondary DR in case the primary fails.C. Two router IDs have the same OSPF priority and are therefore tied for DR electionD. The DR ecection is still underway and there are two contenders for the role.



QUESTION 285The EIGRP configuration in the Glencoe router uses a single network statement. From the output shown in thegraph would advertise these networks in EIGRP?

A. network 172.26.168.0 area 478B. network 172.26.0.0C. network 172.26.168.128 0.0.0.127D. network 172.26.168.128 area 478



QUESTION 286Which type of EIGRP route entry describes a feasible successor?

A. a primary route, stored in the routing tableB. a backup route, stored in the routing tableC. a backup route, stored in the topology tableD. a primary route, stored in the topology table

Correct Answer: CSection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 287What is the default maximum number of equal-cost paths that can be placed into the routing of a cisco OSPFrouter?

A. 16B. 2C. unlimitedD. 4



QUESTION 288Router 1 was just successfully rebooted. Identify the current OSPF router ID for Router 1.

A. 208.149.23.194B. 220.173.149.10C. 208.149.23.162D. 190.172.32.10



QUESTION 289Why do large OSPF networks use a hierarchical design? (Choose three)

A. to confine network instability to single areas of the network.B. to reduce the complexity of router configurationC. to speed up convergenceD. to lower costs by replacing routers with distribution layer switchesE. to decrease latency by increasing bandwidthF. to reduce routing overhead

Correct Answer: ACFSection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 290What is the default administrative distance of OSPF?

A. 120B. 100

C. 90D. 110



QUESTION 291Refer to the exhibit

Why does RouterA show multiple unequal cost paths to network 192.168.81.0/24?

A. Multiple floating static routes were configured to network 192.168.81.0 via interface Serial0.B. The EIGRP topology table displays all routes to a destination.C. The EIGRP topology table shows only backup routes to a destination.D. A variance was configured for EIGRP autonomous system 109.



QUESTION 292Why has the network shown in the exhibit failed to converge?

A. The no auto-summary command needs to be applied to the routers.B. The subnet masks for the network numbers have not been properly configured.C. The network numbers have not been properly configured on the routers.D. The autonomous system number has not been properly configured.E. The bandwidth values have not been properly configured on the serial interfaces.



QUESTION 293A network administrator is configuring the routers in the graphic for OSPF. The OSPF process has been startedand the networks have been configured for Area 0 as shown in the diagram. The network administrator hasseveral options for configuring RouterB to ensure that it will be preferred as the designated router (DR) for the172.16.1.0 /24 LAN segment. What configuration tasks could be used to establish this preference? (Choosethree)

A. Configure the priority value of the Fa0/0 interface of RouterB to a higher value than any other interface on

the Ethernet network.B. Change the router id of Router B by assigning the IP address 172.16.1.130/24 to the Fa0/0 interface of

RouterB.C. Configure a loopback interface on RouterB with an IP address higher than any IP address on the other

routers.D. Change the priority value of the Fa0/0 interface of RouterB to zero.E. Change the priority values of the Fa0/0 interfaces of RouterA and RouterC to zero.F. No further configuration is necessary.

Correct Answer: ACESection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 294Part of the OSPF network is shown below:

Configuration exhibit:

You work as a network technician, study the exhibits carefully. Assume that all router interfaces are operationaland correctly configured. In addition, assume that OSPF has been correctly configured on router R2. How willthe default route configured on R1 affect the operation of R2?

A. Any packet destined for a network that is not directly connected to router R2 will be dropped immediatelyB. Any packet destined for a network that is not directly connected to router R1 will be droppedC. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately

because of the lack of a gateway on R1D. The network directly connected to a router R2 will not be able to communicate with the 172.16.100.0,

172.16.100.28 and 172.16.100.64 subnetworks.E. Any packet destined for a network that is not referenced in the routing table of router R2 will be directed to

R1. R1 will then send that packet back to R2 and a routing loop will occur

Correct Answer: ESection: IP Routing (EIGRP & OSPF)Explanation


First, notice that the more-specific routes will always be favored over less-specific routes regardless of theadministrative distance set for a protocol. In this case, because we use OSPF for three networks (172.16.100.00.0.0.3, 172.16.100.64 0.0.0.63, 172.16.100.128 0.0.0.31) so the packets destined for these networks will notbe affected by the default route.

The default route configured on R1 “ip route 0.0.0.0 0.0.0.0 serial0/0″ will send any packet whose destinationnetwork is not referenced in the routing table of router R1 to R2, it doesn’t drop anything so answers A, B and Care not correct. D is not correct too because these routes are declared in R1 and the question says that “OSPFhas been correctly configured on router R2″, so network directly connected to router R2 can communicate withthose three subnetworks.

As said above, the default route configured on R1 will send any packet destined for a network that is notreferenced in its routing table to R2; R2 in turn sends it to R1 because it is the only way and a routing loop willoccur.


Which two statements describe the OSPF relationships between the routers? (Choose two.)

A. R3 is fully adjacent with R2 and is the DR for the 192.168.2.4 network.B. R3 is fully adjacent with R1 and is the DR for the 10.1.1.0 network.C. R3 is fully adjacent with R2 and is the BDR for the 10.1.1.0 network.D. R2 is fully adjacent with R1 and is the BDR for the 10.1.1.0 network.E. R3 is fully adjacent with routers R1 and R2F. R2 is the DR for networks 192.168.1.0 and 172.16.2.0.

Correct Answer: BESection: IP Routing (EIGRP & OSPF)

Explanation


QUESTION 296Based on the topology table that is shown in the exhibit and assuming that variance is not configured forEIGRP, which route or routes should appear in the routing table?

A. D 192.168.8.20 (2707456/2195456), Serial0/1B. D 192.168.2.0/24 [90/2707456] via 192.168.8.22, 00:27:50, Serial0/0

[90/3815424] via 192.168.8.18, 00:27:50, Serial0/2C. D 192.168.2.0/24 [90/3815424] via 192.168.8.18, 00:27:50, Serial0/2D. D 192.168.8.24/30 [90/2681856] via 192.168.8.22, 00:27:50, Serial0/0



The topology table for EIGRP lists all the routes and the total number of sucessors and feasiable successorsthe router knows about. What you're looking for is the:

"P 192.168.8.24/30, 1 successor, FD is 2681856"

This line is a route entry, it tells us:P = Passive, meaning the router is not looking for a new successor (this is what it should be)192.168.100.0/24 is the prefix1 successor = the number of best routes (if there are 2 it would say "2 successors")FD = the feasiable distance which is used to see if a newly learned route meets the feasiablity condition

Via 192.168.8.22 (2681856/2169856), Serial0/0Via 192.168.8.18 (4301824/2169856), Serial0/2

what we see here is the 2 possible routes. The first one has the lowest FD. Now the 2 numbers after the routeare the (Fesiable Distance/Advertised distance). In this case the 2 routes have the same advertised distance,but the FD is higher on the second route so it is not the best route. Serial0/0 indicates the exit interface.

A. D 192.168.8.20 (2707456/2195456), Serial0/1

wrong interface

B. D 192.168.2.0/24 [90/2707456] via 192.168.8.22, 00:27:50, Serial0/0[90/3815424] via 192.168.8.18, 00:27:50, Serial0/2topology table says 1 successor. also the metrics are different and variance is not being used

C. D 192.168.2.0/24 [90/3815424] via 192.168.8.18, 00:27:50, Serial0/2metric is greater than the other possible route

D. D 192.168.8.24/30 [90/2681856] via 192.168.8.22, 00:27:50, Serial0/0 the metric is lower than the other metric and it is the only route which is indicated by the topology table and it isthe correct interface so D it is

QUESTION 297What can be determined from the router output shown in the graphic?

A. The output shows that there are three default routes.B. The output came from a router that has four physical interfaces.C. The output came from router R2.D. EIGRP is in use in this network.E. 200.1.1.64 is a default route.




Why was RouterA not elected as the designated router?

A. The OSPF process ID of RouterA is lower than the process ID of the elected DR.B. RouterA has a lower OSPF priority value than the router elected as DR.C. The interface address of RouterA is a higher value than the interface address of the DRD. RouterA is not advertising the interface with address 221.130.149.10.



The routeA advertised can be known from the output of 'show ip protocols' provided in the exhibit

190.171.23.0 0.0.0.255 area 0190.171.32.0 0.0.0.255 area 0

Not advertising the interface of 221.130.149.10.In broadcast multi-access networks, the routers perform DR and BDR election, more often thannot, after beingenabled, the routers on the Ethernet will use Hello protocol to select DR and BDR,and the rest routers willattempt to establish neighbor relationships with DR and BDR. If aninterface is not advertised, it will notparticipate in the election.

QUESTION 299A network administrator is troubleshooting the OSPF configuration of routers R1 and R2. The routers cannotestablish an adjacency relationship on their common Ethernet link. The graphic shows the output of the show ipospf interface e0 command for routers R1 and R2. Based on the information in the graphic, what is the causeof this problem?

A. The OSPF area is not configured properly.B. The priority on R1 should be set higher.C. The cost on R1 should be set higher.D. The hello and dead timers are not configured properly.E. A backup designated router needs to be added to the network.F. The OSPF process ID numbers must match.


Explanation/Reference:Certain parameters within the OSPF hellos must match in order for two routers to become neighbors. Theyinclude:1 Hello/dead timers2 Area ID3 Authentication type and password4 Stub area flagHello and dead intervals are not same on both routers.

QUESTION 300On which types of network will OSPF elect a backup designated router?

A. point-to-point and multiaccessB. point-to-multipoint and multiaccessC. point-to-point and point-to-multipointD. nonbroadcast and broadcast multipointE. nonbroadcast and broadcast multiaccess

Correct Answer: ESection: IP Routing (EIGRP & OSPF)Explanation


QUESTION 301The above describes some features, while the below describes some routing protocols. Drag the above itemsto the proper locations.

Select and Place:

Correct Answer:

Section: IP Routing (EIGRP & OSPF)Explanation


QUESTION 302As a CCNA candidate, you need to know EIGRP very well. Which tables of EIGRP route information are held inRAM and maintained through the use of hello and update packets? Please choose two appropriate tables anddrag the items to the proper locations.

Select and Place:

Correct Answer:



QUESTION 303The above provides some descriptions, while the below provides some routing protocols. Drag the above itemsto the proper locations.

Select and Place:

Correct Answer:



QUESTION 304Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.)

A. amount of RAMB. bridge priorityC. IOS versionD. IP addressE. MAC addressF. speed of the links

Correct Answer: BESection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 305Switch ports operating in which two roles will forward traffic according to the IEEE 802.1w standard? (Choosetwo.)

A. alternateB. backupC. designatedD. disabledE. root

Correct Answer: CESection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 306Refer to the exhibit. This command is executed on 2960Switch:

2960Switch(config)# mac-address-table static 0000.00aa.aaaa vlan 10 interfacefa0/1

Which two of these statements correctly identify results of executing the command? (Choose two.)

A. Port security is implemented on the fa0/1 interface.B. MAC address 0000.00aa.aaaa does not need to be learned by this switch.C. Only MAC address 0000.00aa.aaaa can source frames on the fa0/1 segment.D. Frames with a Layer 2 source address of 0000.00aa.aaaa will be forwarded out fa0/1.E. MAC address 0000.00aa.aaaa will be listed in the MAC address table for interface fa0/1 only.




Which statement is true?

A. The Fa0/11 role confirms that SwitchA is the root bridge for VLAN 20.B. VLAN 20 is running the Per VLAN Spanning Tree Protocol.C. The MAC address of the root bridge is 0017.596d.1580.D. SwitchA is not the root bridge, because not all of the interface roles are designated.

Correct Answer: DSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 308Which two of these statements regarding RSTP are correct? (Choose two.)

A. RSTP cannot operate with PVST+.B. RSTP defines new port roles.C. RSTP defines no new port states.D. RSTP is a proprietary implementation of IEEE 802.1D STP.E. RSTP is compatible with the original IEEE 802.1D STP.




Each of these four switches has been configured with a hostname, as well as being configured to run RSTP.No other configuration changes have been made. Which three of these show the correct RSTP port roles forthe indicated switches and interfaces? (Choose three.)

A. SwitchA, Fa0/2, designatedB. SwitchA, Fa0/1, rootC. SwitchB, Gi0/2, rootD. SwitchB, Gi0/1, designatedE. SwitchC, Fa0/2, rootF. SwitchD, Gi0/2, root

Correct Answer: ABFSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation



A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A toaccess the switched network through port fa0/1. If any other device is detected, the port is to drop frames fromthis device. The administrator configured the interface and tested it with successful pings from PC_A toRouterA, and then observes the output from these two show commands. Which two of these changes arenecessary for SwitchA to meet the requirements? (Choose two.)

A. Port security needs to be globally enabled.B. Port security needs to be enabled on the interface.C. Port security needs to be configured to shut down the interface in the event of a violation.D. Port security needs to be configured to allow only one learned MAC address.E. Port security interface counters need to be cleared before using the show command.F. The port security configuration needs to be saved to NVRAM before it can become active.

Correct Answer: BDSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port securityfeature, we must enable it on that interface first with the command:

SwitchA(config-if)#switchport port-security-> B is correct.

Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to

reduce the maximum number to 1 -> D is correct.

QUESTION 311Which set of commands is recommended to prevent the use of a hub in the access layer?

A. switch(config-if)#switchport mode trunkswitch(config-if)#switchport port-security maximum 1

B. switch(config-if)#switchport mode trunkswitch(config-if)#switchport port-security mac-address 1

C. switch(config-if)#switchport mode accessswitch(config-if)#switchport port-security maximum 1

D. switch(config-if)#switchport mode accessswitch(config-if)#switchport port-security mac-address 1

Correct Answer: CSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 312Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of aBPDU?

A. BackboneFastB. UplinkFastC. Root GuardD. BPDU GuardE. BPDU Filter



QUESTION 313Which port state is introduced by Rapid-PVST?

A. learningB. listeningC. discardingD. forwarding



QUESTION 314Which two of these are used by bridges and switches to prevent loops in a layer 2 network? (Choose two.)

A. 802.1DB. VTPC. 802.1QD. STPE. SAP

Correct Answer: ADSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 315Which switch would STP choose to become the root bridge in the selection process?

A. 32768: 11-22-33-44-55-66B. 32768: 22-33-44-55-66-77C. 32769: 11-22-33-44-55-65D. 32769: 22-33-44-55-66-78

Correct Answer: ASection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 316A company implements video conferencing over IP on their Ethernet LAN. The users notice that the networkslows down, and the video either stutters or fails completely. What is the most likely reason for this?

A. minimum cell rate (MCR)B. quality of service (QoS)C. modulationD. packet switching exchange (PSE)E. reliable transport protocol (RTP)

Correct Answer: BSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 317A network administrator must configure 200 switch ports to accept traffic from only the currently attached hostdevices. What would be the most efficient way to configure MAC-level security on all these ports?

A. Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command.

B. Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command.

C. Use the switchport port-security MAC address sticky command on all the switch ports that have end devices

connected to them.D. Use show mac-address-table to determine the addresses that are associated with each port and then enter

the commands on each switch for MAC address port-security.



QUESTION 318An administrator would like to configure a switch over a virtual terminal connection from locations outside of thelocal LAN. Which of the following are required in order for the switch to be configured from a remote location?(Choose two.)

A. The switch must be configured with an IP address, subnet mask, and default gateway.B. The switch must be connected to a router over a VLAN trunk.C. The switch must be reachable through a port connected to its management VLAN.D. The switch console port must be connected to the Ethernet LAN.E. The switch management VLAN must be created and have a membership of at least one switch port.F. The switch must be fully configured as an SNMP agent.

Correct Answer: ACSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 319Which of the following are true regarding bridges and switches? (Choose two.)

A. Bridges are faster than switches because they have fewer ports.B. A switch is a multiport bridge.C. Bridges and switches learn MAC addresses by examining the source MAC address of each frame received.D. A bridge will forward a broadcast but a switch will not.E. Bridges and switches increase the size of a collision domain.

Correct Answer: BCSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 320Which of the following statements are true regarding bridges and switches? (Choose three)

A. Switches are primarily software based while bridges are hardware based.B. Both bridges and switches forward Layer 2 broadcasts.C. Bridges are frequently faster than switches.D. Switches have a higher number of ports than most bridges.E. Bridges define broadcast domains while switches define collision domains.

F. Both bridges and switches make forwarding decisions based on Layer 2 addresses.

Correct Answer: BDFSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 321A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch.The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the serveronline. What can the administrator do to ensure that only the MAC address of the server is allowed by switchport Fa0/1? (Choose two.)

A. Configure port Fa0/1 to accept connections only from the static IP address of the server.B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.C. Configure the MAC address of the server as a static entry associated with port Fa0/1.D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the

server IP address.E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.



QUESTION 322The network security policy requires that only one host be permitted to attach dynamically to each switchinterface. If that policy is violated, the interface should shut down. Which two commands must the networkadministrator configure on the 2950 Catalyst switch to meet this policy? (Choose two.)

A. Switch1(config-if)# switchport port-security maximum 1

B. Switch1(config)# mac-address-table secure

C. Switch1(config)# access-list 10 permit ip host

D. Switch1(config-if)# switchport port-security violation shutdown

E. Switch1(config-if)# ip access-group 10



QUESTION 323What are the possible trunking modes for a switch port? (Choose three.)

A. transparentB. autoC. onD. desirable

E. clientF. forwarding

Correct Answer: BCDSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 324Refer to the topology shown in the exhibit:

Which ports will be STP designated ports if all the links are operating at the same bandwidth? (Choose three.)

A. Switch A - Fa0/0B. Switch A - Fa0/1C. Switch B - Fa0/0D. Switch B - Fa0/1E. Switch C - Fa0/0F. Switch C - Fa0/1

Correct Answer: BCDSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 325A Catalyst 2950 needs to be reconfigured. What steps will ensure that the old configuration is erased? (Choosethree.)

A. Erase flash.B. Restart the switch.C. Delete the VLAN database.D. Erase the running configuration.E. Erase the startup configuration.F. Modify the configuration register.

Correct Answer: BCESection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)

Explanation


QUESTION 326The network administrator has discovered that the power supply has failed on a switch in the company LAN andthat the switch has stopped functioning. It has been replaced with a Cisco Catalyst 2950 series switch. Whatmust be done to ensure that this new switch becomes the root bridge on the network?

A. Lower the bridge priority number.B. Change the MAC address of the switch.C. Increase the VTP revision number for the domain.D. Lower the root path cost on the switch ports.E. Assign the switch an IP address with the lowest value.




Why has this switch not been elected the root bridge for VLAN1?

A. It has more than one interface that is connected to the root network segment.B. It is running RSTP while the elected root bridge is running 802.1d spanning tree.C. It has a higher MAC address than the elected root bridge.D. It has a higher bridge ID than the elected root bridge.

Correct Answer: DSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)

Explanation


QUESTION 328At the end of an RSTP election process, which port and on which Access Layer Switch will assume thediscarding role?

A. Switch3, port fa0/1B. Switch3, port fa0/12C. Switch4, port fa0/11D. Switch4, port fa0/2E. Switch3, port Gi0/1F. Switch3, port Gi0/2



QUESTION 329Select the action that results from executing these commands:

Switch(config-if)# switchport port-securitySwitch(config-if)# switchport port-security mac-address sticky

A. A dynamically learned MAC address is saved in the startup-configuration file.B. A dynamically learned MAC address is saved in the running-configuration file.C. A dynamically learned MAC address is saved in the VLAN database.D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address

are received.

E. Statically configured MAC addresses are saved in the running-configuration file if frames from that addressare received.



QUESTION 330Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.

2950Switch(config-if)# switchport port-security2950Switch(config-if)# switchport port-security mac-address sticky2950Switch(config-if)# switchport port-security maximum 1

The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame isreceived by 2950Switch? (Choose two.)

A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.B. Only host A will be allowed to transmit frames on fa0/1.C. This frame will be discarded when it is received by 2950Switch.D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded

out fa0/1.F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded

out fa0/1.



QUESTION 331Refer to the exhibit. Some 2950 series switches are connected to the conference area of the corporateheadquarters network. The switches provide two to three jacks per conference room to host laptop connectionsfor employees who visit the headquarters office. When large groups of employees come from other locations,the network administrator often finds that hubs have been connected to wall jacks in the conference areaalthough the ports on the access layer switches were not intended to support multiple workstations.

What action could the network administrator take to prevent access by multiple laptops through a single switchport and still leave the switch functional for its intended use?

A. Configure static entries in the switch MAC address table to include the range of addresses used by visitingemployees.

B. Configure an ACL to allow only a single MAC address to connect to the switch at one time.C. Use the mac-address-table 1 global configuration command to limit each port to one source MAC address.D. Implement Port Security on all interfaces and use the port-security maximum 1 command to limit port

access to a single MAC address.E. Implement Port Security on all interfaces and use the port-security mac-address sticky command to limit

access to a single MAC address.F. Implement Port Security at global configuration mode and use the port-security maximum 1 command to

allow each switch only one attached hub.




A network administrator wants Switch3 to be the root bridge. What could be done to ensure Switch3 will be theroot?

A. Configure the IP address on Switch3 to be higher than the IP addresses of Switch1 and Switch2.B. Configure the priority value on Switch3 to be higher than the priority values of Switch 1 and Switch2.C. Configure the BID on Switch3 to be lower than the BIDs of Switch1 and Switch2.D. Configure the MAC address on Switch3 to be higher than the Switch1 and Switch2 MAC addresses.E. Configure a loopback interface on Switch3 with an IP address lower than any IP address on Switch1 and

Switch2.




What switch proves the spanning-tree designated port role for the network segment that services the printers?

A. Switch1B. Switch2C. Switch3D. Switch4



QUESTION 334What is valid reason for a switch to deny port access to new devices when port security is enabled?

A. The denied MAC addresses have already been learned or confgured on another secure interface in thesame VLAN.

B. The denied MAC address are statically configured on the port.C. The minimum MAC threshold has been reached.D. The absolute aging times for the denied MAC addresses have expired.


Explanation/Reference:A security violation occurs in either of these situations:

* When the maximum number of secure MAC addresses is reached on a secure port and the source MACaddress of the ingress traffic is different from any of the identified secure MAC addresses, port security appliesthe configured violation mode.

* If traffic with a secure MAC address that is configured or learned on one secure port attempts to access

another secure port in the same VLAN, applies the configured violation mode.

From the second statement we can figure out A is the correct answer. But for your information we will discussother answers as well.

Answer B is not correct because we can’t configured which MAC address will be denied. We can only configurewhich MAC is allowed.

We can only configure the maximum MAC threshold, not the minimum threshold -> C is not correct.

The aging times are only configured for allowed MAC addresses, not for denied MAC -> D is correct.For your information about aging time:

When the aging type is configured with the absolute keyword, all the dynamically learned secure addresses ageout when the aging time expires

This is how to configure the secure MAC address aging type on the port:

Router(config-if)# switchport port-security aging t ype absolute

and configure the aging time (aging time = 120 minutes)

Router(config-if)# switchport port-security aging t ime 120

When this command is used, all the dynamically learned secure addresses age out when the aging timeexpires

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html)


The output that is shown is generated at a switch. Which three of these statements are true? (Choose three.)

A. All ports will be in a state of discarding, learning or forwarding.B. Thiry VLANs have been configured on this switch.C. The bridge priority is lower than the default value for spanning tree.D. All interfaces that are shown are on shared media.

E. All designated ports are in a forwarding state.F. The switch must be the root bridge for all VLANs on this switch.

Correct Answer: ACESection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


From the output, we see that all ports are in Designated role (forwarding state) -> A and E are correct.

The command “show spanning-tree vlan 30″ only shows us information about VLAN 30. We don’t know howmany VLAN exists in this switch -> B is not correct.

The bridge priority of this switch is 24606 which is lower than the default value bridge priority 32768 -> C iscorrect.

All three interfaces on this switch have the connection type “p2p”, which means Point-to-point environment –not a shared media -> D is not correct.

The only thing we can specify is this switch is the root bridge for VLAN 3o but we can not guarantee it is alsothe root bridge for other VLANs -> F is not correct.


Give this output for SwitchC, what should the network administrator's next action be?

A. Check the trunk encapsulation mode for Switch3's fa0/1 port.B. Check the duplex mode for Switch3's fa0/1 port.C. Check the duplex mode for Switch1's fa0/2 port.D. Check the trunk encapsulation mode for Switch1's fa0/2 port.




Which of these statements correctly describes the state of the switch once the boot process has beencompleted?

A. As FastEthernet0/12 will be the last to come up, it will not be blocked by STP.B. Remote access management of this switch will not be possible without configuration change.C. More VLANs will need to be created for this switch.D. The switch will need a different IOS code in order to support VLANs and STP.



QUESTION 338Refer to the exibit:

Three Cisco 2950 switches are set to their default priority settings. During the spanning-tree process, whichswitch will be elected as the root bridge?

A. Switch3B. Switch4C. Switch2D. Switch1



QUESTION 339Which two commands can be used to verify a trunk link configuration status on a Cisco switch? (choose two)

A. show interfaces interface trunkB. show interfaces interface switchportC. show ip interface briefD. show interfaces interface vlan

Correct Answer: ABSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 340Which three statements accurately describe layer 2 Ethernet switches? (Choose three)

A. Microsegmentation decreases the number of collisions on the network.B. if a switch receives a frame for an unkown destination,it uses ARP to resolve the address.C. Spanning Tree Protocol allows switches to automatically share vlan information.D. In a properly functioning network with redundant switched paths,each swiched aegment will contain one root

bridge with all its ports in the forwarding state.All other switches in that broadcast domain will have only oneroot port.

E. Establishing vlans increases the number of broadcast domains.F. Switches that are configured with vlans make forwarding decisions based on both layer 2 and layer 3

address information.

Correct Answer: ADESection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 341Which two of these are characteristics of the 802.1Q protocol? (Choose two)

A. it is a layer 2 messaging protocol which maintains vlan configurations across network.B. it includes an 8-bit field which specifies the priority of a frame.C. it is used exclusively for tagging vlan frames and dose not address network reconvergence following

switched network topology changes.D. it modifies the 802.3 frame header,and thus requires that the FCS be recomputed.E. it is a trunking protocol capable of carring untagged frames.

Correct Answer: DESection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 342Which term describes a spanning-tree network that has all switch ports in either the blocking or forwardingstate?

A. redundantB. spannedC. provisionedD. converged



QUESTION 343Assuming the default switch configuration which vlan range can be added modified and removed on a ciscoswitch?

A. 2 through 1001B. 1 through 1001C. 1 through 1002D. 2 through 1005



QUESTION 344A network administrator needs to configure port security on a switch.which two statements are true? (Choosetwo)

A. The network administrator can apply port security to dynamic access portsB. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.C. The sticky learning feature allows the addition of dynamically learned addresses to the running

configuration.D. The network administrator can apply port security to EtherChannels.E. When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to

the maximum defined.



QUESTION 345Which IEEE standard protocol is initiated as a result of successful DTP completion in a switch overFastEthernet?

A. 802.3adB. 802.1wC. 802.1QD. 802.1d



QUESTION 346Which command enhances the 802.1D convergence time on ports that are connected to hosts?

A. spanning-tree backbonefastB. spanning-tree uplinkfastC. spanning-tree portfastD. spanning-tree cost512



QUESTION 347Computer 1 is consoles into switch A. Telnet connections and pings run from the command prompt on switch Afail. Which of the following could cause this problem?

A. switch A does not have a cdp entry for switch B or router JAXB. switch A does not have an IP addressC. port 1 on switch A should be an access port rather than a trunk portD. switch A is not directly connected to router JAXE. switch A does not have a default gateway assigned



QUESTION 348Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on aswitch? (Choose two)

A. SW1# show swithport port-security interface FastEthernet 0/12B. SW1# show swithport port-secure interface FastEthernet 0/12C. SW1# show port-security interface FastEthernet 0/12D. SW1# show running-config

Correct Answer: CDSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 349Why will a switch never learn a broadcast address?

A. Broadcast frames are never sent to swiches.B. Broadcast addresses use an incorrect format for the switching table.C. A broadcast address will never be the source address of a frame.D. Broadcasts only use network layer addressing.E. A broadcast frame is never forwarded by a switch.



QUESTION 350A technician has installed SwithchB and needs to configure it for remote access from the managementworkstation connected SwitchA. Which set of commands is required to accomplish this task?

A. SwitchB(config)#interface FastEthernet 0/1SwitchB(config)#ip address 192.168.8.252 255.255.255.0SwitchB(config)#no shutdown

B. SwitchB(config)#ip default-gateway 192.168.8.254SwitchB(config)#interface vlan 1SwitchB(config)#ip address 192.168.8.252 255.255.255.0SwitchB(config)#no shutdown

C. SwitchB(config)#interface vlan 1SwitchB(config)#ip address 192.168.8.252 255.255.255.0SwitchB(config)#ip default-gateway 192.168.8.254 255.255.255.0SwitchB(config)#no shutdown

D. SwitchB(config)#ip default-network 192.168.8.254SwitchB(config)#interface vlan 1SwitchB(config)#ip address 192.168.8.252 255.255.255.0SwitchB(config)#no shutdown



QUESTION 351Which three statements about RSTP are true?

A. RSTP significantly reduces topology reconverging time after link failure.B. RSTP expands the STP port roles by adding the alternate and backup roles.C. RSTP port states are blocking, discarding, learning and forwarding.D. RSTP also uses the STP proposal-agreement sequence.E. RSTP use the same timer-based process as STP on point-to-point links.F. RSTP provides a faster transition to the forwarding state on point-to-point links than STP does.

Correct Answer: ABFSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 352What value is primarily used to determine which port becomes the root port on each non-root switch in aspanning-tree topology?

A. lowest port MAC addressB. port priority number and MAC address.C. VTP revision numberD. highest port priority number.E. path cost

Correct Answer: ESection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 353Which two states are the port states when RSTP has converged? (Choose two)

A. blocking/descardingB. learningC. disabledD. forwardingE. listening



QUESTION 354Which command enables RSTP on a switch?

A. spanning-tree mode rapid-pvstB. spanning-tree uplinkfastC. spanning-tree backbonefastD. spanning-tree mode pvst



QUESTION 355What is one benefit of PVST+?

A. PVST+ reduces the CPU cycles for all the switches in the network.B. PVST+ automatically selects the root bridge location, to provide optimiziation.C. PVST+ allows the root switch location to be optimized per vlan.D. PVST+ supports Layer 3 load balancing without loops.



QUESTION 356At which layer of the OSI model is RSTP used to prevent loops?

A. data linkB. networkC. physicalD. transport



QUESTION 357When PVST+ in work on VLAN1 of the switch, what will affect on selection of one of switches in the VLAN asroot-bridge?

A. Lowest IP addressB. Highest MAC addressC. Lowest MAC addressD. Highest IP address



QUESTION 358Why would a network administrator configure port security on a switch?

A. to prevent unauthorized Telnet access to a switch portB. to limit the number of Layer 2 broadcasts on a particular switch portC. to prevent unauthorized hosts from accessing the LAND. to block unauthorized access to the switch management interfaces over common TCP portsE. to protect the IP and MAC address of the switch and associated ports



QUESTION 359A network administrator wants to control which user hosts can access the network based on their MACaddress. What will prevent workstations with unauthorized MAC addresses from connecting to the networkthrough a switch?

A. port securityB. RSTPC. STPD. BPDU



QUESTION 360You are a network administrator. In order to improve the security of your company's switching network, refer tothe following options. Which two methods are examples of implementing Layer 2 security on a Cisco switch?(Choose two.)

A. enable HTTP access to the switch for security troubleshootingB. disable trunk negotiation on the switchC. use only protected Telnet sessions to connect to the Cisco deviceD. configure a switch port host where appropriate



QUESTION 361A system administrator installed a new switch using a script to configure it. IP connectivity was tested using

pings to SwitchB. Later attempts to access NewSwitch using Telnet from SwitchA failed. Which statement istrue?

A. Executing password recovery is required.B. The virtual terminal lines are misconfigured.C. Use Telnet to connect to RouterA and then to NewSwitch to correct the error.D. Power cycle of NewSwitch will return it to a default configuration.



QUESTION 362In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN?

A. when a dual ring topology is in useB. in an improperly implemented redundant topologyC. after broken links are re-establishedD. when upper-layer protocols require high reliabilityE. during high traffic periods


Explanation/Reference:If we connect two switches via 2 or more links and do not enable STP on these switches then a loop (whichcreates multiple copies of the same unicast frame) will occur. It is an example of an improperly implementedredundant topology.


Which two statements are true of the interfaces on Switch1? (Choose two.)

A. Interface FastEthernet0/2 has been disabled.B. Multiple devices are connected directly to FastEthernet0/1.C. FastEthernet0/1 is configured as a trunk link.D. FastEthernet0/1 is connected to a host with multiple network interface cardsE. FastEthernet0/5 has statically assigned MAC addresses.F. A hub is connected directly to FastEthernet0/5.

Correct Answer: CFSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 364What is the purpose of Spanning Tree Protocol?

A. to prevent routing loopsB. to create a default routeC. to provide multiple gateways for hostsD. to maintain a loop-free Layer 2 network topology




Spanning Tree Protocol has created a loop-free logical topology in the network that is pictured. How many portshave been placed in the blocking mode?

A. three B. one C. none D. two




The network administrator has verified that a functioning cable connects Switch1 and Switch2. From the outputthat is shown, what two pieces of information can the administrator validly conclude? (Choose two.)

A. Interface fa0/1 on Switch1 is in a shutdown state.B. Using a source MAC address of 0009.11f3.8848, Switch2 is sending frames to Switch1.

C. There is likely to be an IP address issue on Switch1 fa0/1.D. The interface is functional at OSI Layer 1.E. The status of fa0/2 should be checked on Switch2.

Correct Answer: DESection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 367The exhibited network is stable and operating properly:

Assuming that default STP configurations are running on both switches, which port will be in blocking mode?

A. Port Fa0/2 on Switch1B. Port Fa0/1 on Switch2C. Port Fa0/1 on Switch1D. Port Fa0/2 on Switch2




The switches on a campus network have been interconnected as shown. All of the switches are runningSpanning Tree Protocol with its default settings. Unusual traffic patterns are observed and it is discovered thatSwitch9 is the root bridge. Which change will ensure that Switch1 will be selected as the root bridge instead ofSwitch9?

A. Lower the bridge priority on Switch1.B. Raise the bridge priority on Switch1.C. Lower the bridge priority on Switch9.D. Raise the bridge priority on Switch9.E. Disable spanning tree on Switch9.F. Physically replace Switch9 with Switch1 in the topology.




Switch-1 needs to send data to a host with a MAC address of 00b0.d056.efa4. What will Switch-1 do with thisdata?

A. Switch-1 will drop the data because it does not have an entry for that MAC address.B. Switch-1 will forward the data to its default gateway.

C. Switch-1 will flood the data out all of its ports except the port from which the data originated.D. Switch-1 will send an ARP request out all its ports except the port from which the data originated.



This question tests the operating principles of the Layer 2 switch. Check the MAC address table of Switch1 andfind that the MAC address of the host does not exist in the table. Switch1 will flood the data out all of its portsexcept the port from which the data originated to determine which port the host is located in.


Given the output shown from this Cisco Catalyst 2950, what is the most likely reason that interfaceFastEthernet 0/10 is not the root port for VLAN 2?

A. This switch has more than one interface connected to the root network segment in VLAN 2.B. This switch is running RSTP while the elected designated switch is running 802.1d Spanning Tree.C. This switch interface has a higher path cost to the root bridge than another in the topology.D. This switch has a lower bridge ID for VLAN 2 than the elected designated switch.




The network has been configured with STP disabled. HostA sends an ARP request for the IP address of a siteon the Internet. What will happen to this ARP request? (Choose two.)

A. Because the ARP request is a broadcast, SW-A will not forward the request.B. SW-A will convert the broadcast to a unicast and forward it to SW-D.C. The switches will propagate the broadcast, creating a broadcast storm.D. From a port on SW-A, HostA will receive an ARP reply containing the MAC address.E. From the Ethernet interface of RouterX, HostA will receive an ARP reply that contains the MAC address.F. The switches will propagate the broadcast until the TTL of the frame reduces to 0. Then the frame will be

discarded.




Which ports could safely be configured with PortFast? (Choose two.)

A. Switch1 - port Fa1/2B. Switch2 - port Fa1/2C. Switch1 - port Fa1/3

D. Switch2 - port Fa1/3E. Switch1 - port Fa1/1F. Switch2 - port Fa1/1

Correct Answer: CDSection: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation



When PC1 sends an ARP request for the MAC address of PC2, network performance slows dramatically, andthe switches detect an unusually high number of broadcast frames. What is the most likely cause of this?

A. The portfast feature is not enabled on all switch ports. B. The PCs are in two different VLANs. C. Spanning Tree Protocol is not running on the switches. D. PC2 is down and is not able to respond to the request. E. The VTP versions running on the two switches do not match.




Switch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C.What is the first thing the switch will do as regards populating the switching table?

A. Switch1 will add 192.168.23.4 to the switching table.B. Switch1 will add 192.168.23.12 to the switching table.C. Switch1 will add 000A.8A47.E612 to the switching table.D. Switch1 will add 000B.DB95.2EE9 to the switching table.



QUESTION 375

Select and Place:

Correct Answer:

Section: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation


QUESTION 376As a network administrator, you are required to configure the network security policy. And the policy requiresthat only one host be permitted to attach dynamically to each switch interface. If that policy is violated, theinterface should shut down. Which two commands must the network administrator configure on the 2950Catalyst switch to meet this policy? Please choose appropriate commands and drag the items to the properlocations.

Select and Place:

Correct Answer:

Section: Switching (STP/RSTP; 802.1q; Ethernet; Por t-security)Explanation



Which two statements are true about interVLAN routing in the topology that is shown in the exhibit? (Choose

two.)

A. Host E and host F use the same IP gateway address.B. Router1 and Switch2 should be connected via a crossover cable.C. Router1 will not play a role in communications between host A and host D.D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.F. The FastEthernet 0/0 interface on Router1 and Switch2 trunk ports must be configured using the same

encapsulation type.

Correct Answer: DFSection: Switching (VLAN & VTP)Explanation


QUESTION 378A network administrator is explaining VTP configuration to a new technician. What should the networkadministrator tell the new technician about VTP configuration? (Choose three.)

A. A switch in the VTP client mode cannot update its local VLAN database.B. A trunk link must be configured between the switches to forward VTP updates.C. A switch in the VTP server mode can update a switch in the VTP transparent mode.D. A switch in the VTP transparent mode will forward updates that it receives to other switches.E. A switch in the VTP server mode only updates switches in the VTP client mode that have a higher VTP

revision number.F. A switch in the VTP server mode will update switches in the VTP client mode regardless of the configured

VTP domain membership.

Correct Answer: ABDSection: Switching (VLAN & VTP)Explanation


QUESTION 379A company is installing IP phones. The phones and office computers connect to the same device. To ensuremaximum throughput for the phone data, the company needs to make sure that the phone traffic is on adifferent network from that of the office computer data traffic. What is the best network device to which todirectly connect the phones and computers, and what technology should be implemented on this device?(Choose two.)

A. hubB. routerC. switchD. STPE. subinterfacesF. VLAN

Correct Answer: CFSection: Switching (VLAN & VTP)Explanation


QUESTION 380What are two benefits of using VTP in a switching environment? (Choose two.)

A. It allows switches to read frame tags.B. It allows ports to be assigned to VLANs automatically.C. It maintains VLAN consistency across a switched network.D. It allows frames from multiple VLANs to use a single interface.E. It allows VLAN information to be automatically propagated throughout the switching environment.

Correct Answer: CESection: Switching (VLAN & VTP)Explanation


VTP minimizes the possible configuration inconsistencies that arise when changes are made. Theseinconsistencies can result in security violations, because VLANs can crossconnect when duplicate names areused. They also could become internally disconnected when they are mapped from one LAN type to another,for example, Ethernet to ATM LANE ELANs or FDDI 802.10 VLANs. VTP provides a mapping scheme thatenables seamless trunking within a network employing mixed-media technologies.


A network associate needs to configure the switches and router in the graphic so that the hosts in VLAN3 andVLAN4 can communicate with the enterprise server in VLAN2. Which two Ethernet segments would need to beconfigured as trunk links? (Choose two.)

A. AB. BC. CD. DE. EF. F

Correct Answer: CFSection: Switching (VLAN & VTP)

Explanation



A network administrator is adding two new hosts to SwitchA. Which three values could be used for theconfiguration of these hosts? (Choose three.)

A. host A IP address: 192.168.1.79B. host A IP address: 192.168.1.64C. host A default gateway: 192.168.1.78D. host B IP address: 192.168.1.128E. host B default gateway: 192.168.1.129F. host B IP address: 192.168.1.190

Correct Answer: ACFSection: Switching (VLAN & VTP)Explanation


QUESTION 383Which three statements are typical characteristics of VLAN arrangements? (Choose three.)

A. A new switch has no VLANs configured.B. Connectivity between VLANs requires a Layer 3 device.C. VLANs typically decrease the number of collision domains.D. Each VLAN uses a separate address space.E. A switch maintains a separate bridging table for each VLAN.F. VLANs cannot span multiple switches.

Correct Answer: BDESection: Switching (VLAN & VTP)Explanation


QUESTION 384Which three of these statements regarding 802.1Q trunking are correct? (Choose three.)

A. 802.1Q native VLAN frames are untagged by default.B. 802.1Q trunking ports can also be secure ports.C. 802.1Q trunks can use 10 Mb/s Ethernet interfaces.D. 802.1Q trunks require full-duplex, point-to-point connectivity.E. 802.1Q trunks should have native VLANs that are the same at both ends.

Correct Answer: ACESection: Switching (VLAN & VTP)Explanation


By default, 802.1Q trunk defined Native VLAN in order to forward unmarked frame. Switches can forward Layer2 frame from Native VLAN on unmarked trunks port. Receiver switches will transmit all unmarked packets toNative VLAN. Native VLAN is the default VLAN configuration of port. Note: for the 802.1Q trunk ports betweentwo devices, the same Native VLAN configuration is required on both sides of the link. If the Native VLAN in802.1Q trunk ports on same trunk link is properly configured, it could lead to layer 2 loops. The 802.1Q trunklink transmits VLAN information through Ethernet.

QUESTION 385By default, each port in a Cisco Catalyst switch is assigned to VLAN1. Which two recommendations are key toavoid unauthorized management access? (Choose two.)

A. Create an additional ACL to block the access to VLAN 1.B. Move the management VLAN to something other than default.C. Move all ports to another VLAN and deactivate the default VLAN.D. Limit the access in the switch using port security configuration.E. Use static VLAN in trunks and access ports to restrict connections.F. Shutdown all unused ports in the Catalyst switch.

Correct Answer: BFSection: Switching (VLAN & VTP)Explanation


QUESTION 386What is the name of the VTP mode of operation that enables a switch to forward only VTP advertisementswhile still permitting the editing of local VLAN information?

A. serverB. clientC. tunnelD. transparent

Correct Answer: D

Section: Switching (VLAN & VTP)Explanation


QUESTION 387Which two benefits are provided by creating VLANs? (Choose two.)

A. added securityB. dedicated bandwidthC. provides segmentationD. allows switches to route traffic between subinterfacesE. contains collisions

Correct Answer: ACSection: Switching (VLAN & VTP)Explanation


QUESTION 388Which two link protocols are used to carry multiple VLANs over a single link? (Choose two.)

A. VTPB. 802.1qC. IGPD. ISLE. 802.3u

Correct Answer: BDSection: Switching (VLAN & VTP)Explanation


QUESTION 389Which VTP mode is capable of creating only local VLANs and does not synchronize with other switches in theVTP domain?

A. clientB. dynamicC. serverD. staticE. transparent

Correct Answer: ESection: Switching (VLAN & VTP)Explanation


QUESTION 390A switch is configured with all ports assigned to vlan 2 with full duplex FastEthernet to segment existingdepartmental traffic. What is the effect of adding switch ports to a new VLAN on the switch?

A. More collision domains will be created.B. IP address utilization will be more efficient.C. More bandwidth will be required than was needed previously.D. An additional broadcast domain will be created.

Correct Answer: DSection: Switching (VLAN & VTP)Explanation


QUESTION 391Which two statements about the use of VLANs to segment a network are true? (Choose two.)

A. VLANs increase the size of collision domains.B. VLANs allow logical grouping of users by function.C. VLANs simplify switch administration.D. VLANs enhance network security.



QUESTION 392On corporate network, hosts on the same VLAN can communicate with each other, but they are unable tocommunicate with hosts on different VLANs. What is needed to allow communication between the VLANs?

A. a router with subinterfaces configured on the physical interface that is connected to the switchB. a router with an IP address on the physical interface connected to the switchC. a switch with an access link that is configured between the switchesD. a switch with a trunk link that is configured between the switches

Correct Answer: ASection: Switching (VLAN & VTP)Explanation


QUESTION 393Which two statements describe the Cisco implementation of VLANs? (Choose two.)

A. VLAN 1 is the default Ethernet VLAN.B. CDP advertisements are only sent on VLAN 1002.C. By default, the management VLAN is VLAN 1005.D. By default, the switch IP address is in VLAN 1005.E. VLAN 1002 through 1005 are automatically created and cannot be deleted.

Correct Answer: AESection: Switching (VLAN & VTP)Explanation


QUESTION 394What are three advantages of VLANs? (Choose three.)

A. VLANs establish broadcast domains in switched networks.B. VLANs utilize packet filtering to enhance network security.C. VLANs provide a method of conserving IP addresses in large networks.D. VLANs provide a low-latency internetworking alternative to routed networks.E. VLANs allow access to network services based on department, not physical location.F. VLANs can greatly simplify adding, moving, or changing hosts on the network.

Correct Answer: AEFSection: Switching (VLAN & VTP)Explanation


QUESTION 395Which of the following are benefits of VLANs? (Choose three.)

A. They increase the size of collision domains.B. They allow logical grouping of users by function.C. They can enhance network security.D. They increase the size of broadcast domains while decreasing the number of collision domains.E. They increase the number of broadcast domains while decreasing the size of the broadcast domains.F. They simplify switch administration.

Correct Answer: BCESection: Switching (VLAN & VTP)Explanation


QUESTION 396An administrator is unsuccessful in adding VLAN 50 to a switch. While troubleshooting the problem, theadministrator views the output of the show vtp status command, which is displayed in the graphic. Whatcommands must be issued on this switch to add VLAN 50 to the database? (Choose two.)

A. Switch(config-if)# switchport access vlan 50

B. Switch(vlan)# vtp server

C. Switch(config)# config-revision 20

D. Switch(config)# vlan 50 name Tech

E. Switch(vlan)# vlan 50

F. Switch(vlan)# switchport trunk vlan 50

Correct Answer: BESection: Switching (VLAN & VTP)Explanation



All hosts have connectivity with one another. Which statements describe the addressing scheme that is in usein the network? (Choose three.)

A. The subnet mask in use is 255.255.255.192.B. The subnet mask in use is 255.255.255.128.C. The IP address 172.16.1.25 can be assigned to hosts in VLAN1D. The IP address 172.16.1.205 can be assigned to hosts in VLAN1E. The LAN interface of the router is configured with one IP address.F. The LAN interface of the router is configured with multiple IP addresses.

Correct Answer: BCFSection: Switching (VLAN & VTP)Explanation



Which three statements describe the router port configuration and the switch port configuration as shown in thetopology? (Choose three.)

A. The Router1 WAN port is configured as a trunking port.B. The Router1 port connected to Switch1 is configured using subinterfaces.C. The Router1 port connected to Switch1 is configured as 10 Mbps.D. The Switch1 port connected to Router1 is configured as a trunking port.E. The Switch1 port connected to Host B is configured as an access port.F. The Switch1 port connected to Hub1 is configured as full duplex.

Correct Answer: BDESection: Switching (VLAN & VTP)Explanation



The network shown in the diagram is experiencing connectivity problems. Which of the following will correct theproblems? (Choose two.)

A. Configure the gateway on Host A as 10.1.1.1.B. Configure the gateway on Host B as 10.1.2.254.C. Configure the IP address of Host A as 10.1.2.2.D. Configure the IP address of Host B as 10.1.2.2.E. Configure the masks on both hosts to be 255.255.255.224.F. Configure the masks on both hosts to be 255.255.255.240.



QUESTION 400A network associate is trying to understand the operation of the FLD Corporation by studying the network in theexhibit. The associate knows that the server in VLAN 4 provides the necessary resources to support the userhosts in the other VLANs. The associate needs to determine which interfaces are access ports. Whichinterfaces are access ports? (Choose three.)

A. Switch1 - Fa 0/2B. Switch1 - Fa 0/9C. Switch2 - Fa 0/3D. Switch2 - Fa 0/4E. Switch2 - Fa 0/8F. Router - Fa 1/0

Correct Answer: ACDSection: Switching (VLAN & VTP)Explanation


QUESTION 401What are three valid reasons to assign ports to VLANs on a switch? (Choose three.)

A. to make VTP easier to implementB. to isolate broadcast trafficC. to increase the size of the collision domainD. to allow more devices to connect to the networkE. to logically group hosts according to functionF. to increase network security

Correct Answer: BEFSection: Switching (VLAN & VTP)Explanation


QUESTION 402Which statements describe two of the benefits of VLAN Trunking Protocol? (Choose two.)

A. VTP allows routing between VLANs.B. VTP allows a single switch port to carry information to more than one VLAN.C. VTP allows physically redundant links while preventing switching loops.D. VTP simplifies switch administration by allowing switches to automatically share VLAN configuration

information.E. VTP helps to limit configuration errors by keeping VLAN naming consistent across the VTP domain.F. VTP enhances security by preventing unauthorized hosts from connecting to the VTP domain.

Correct Answer: DESection: Switching (VLAN & VTP)Explanation


QUESTION 403What are two results of entering the Switch(config)# vtp mode client command on a Catalyst switch?(Choose two.)

A. The switch will ignore VTP summary advertisements.B. The switch will forward VTP summary advertisements.C. The switch will process VTP summary advertisements.D. The switch will originate VTP summary advertisements.E. The switch will create, modify and delete VLANs for the entire VTP domain.

Correct Answer: BCSection: Switching (VLAN & VTP)Explanation



What commands must be configured on the 2950 switch and the router to allow communication between host 1and host 2? (Choose two.)

A. Router(config)# interface fastethernet 0/0Router(config-if)# ip address 192.168.1.1 255.255.255.0Router(config-if)# no shut down

B. Router(config)# interface fastethernet 0/0Router(config-if)# no shut downRouter(config)# interface fastethernet 0/0.1Router(config-subif)# encapsulation dot1q 10Router(config-subif)# ip address 192.168.10.1 255.255.255.0Router(config-subif)# interface fastethernet 0/0.2Router(config-subif)# encapsulation dot1q 20Router(config-subif)# ip address 192.168.20.1 255.255.255.0

C. Router(config)# router eigrp 100Router(config-router)# network 192.168.10.0Router(config-router)# network 192.168.20.0

D. Switch1(config)# vlan databaseSwitch1(config-vlan)# vtp domain XYZSwitch1(config-vlan)# vtp server

E. Switch1(config)# interface fastethernet 0/1Switch1(config-if)# switchport mode trunk

F. Switch1(config)# interface vlan 1Switch1(config-if)# ip default-gateway 192.168.1.1

Correct Answer: BESection: Switching (VLAN & VTP)Explanation



Switch port FastEthernet 0/24 on AlSwitch1 will be used to create an IEEE 802.1Q-complaint trunk to anotherswitch. Based on the output shown, What is the reason the trunk does not form, even thought the propercabling has been attached?

A. VLANs have not been created yet.B. An IP address must be configured for the port.C. The port is currently configured for access mode.D. The correct encapsulation type has not been configured.E. The no shutdown command has not been entered for the port.

Correct Answer: CSection: Switching (VLAN & VTP)Explanation


QUESTION 406Which statement is correct about the internetwork shown in the diagram?

A. Switch2 is the root bridge.B. Spanning Tree is not running.C. HostD and Server1 are in the same subnet.D. No collision can occur in traffic between Host B and Host C.E. If Fa0/0 is down on Router1, HostA cannot access Server1.F. If Fa0/1 is down on Switch3, HostC cannot access Server 2.




An organization connect two locations, supporting two VLANs, through two switches as shown. Inter-VLANscommunicated is not required. The network is working properly and there is fully connectivity. The organizationneeds to add additional VLANs, so it has been decided to implement VTP. Both switches are configured asVTP servers in the same VTP domain. VLANs added to Switch1 are not learned by Switch2. Based on this

information and partial configuration is the exhibit, what is the problem?

A. Switch2 should be configured as a VTP client.B. VTP is Cisco proprietory and requires a different trunking encapsulationC. A router is required to route VTP advertisements between the swtiches.D. STP has blocked on of the links between the switches, limiting connectivity.E. The links between the switches are access links.




The network manager is evaluating the efficiency of the current network design. RIPv2 is enabled on all Layer 3devices in the network. What network devices participate in passing traffic from the PC at 10.10.1.7 to FileServer at 10.20.1.6 in the older that they will forward traffic from source to destination?

A. Switch1, Switch2B. Switch1, Switch2, Switch2, Switch2C. Switch1, Router1, Switch1, Switch2D. Switch1, Router1, Router2, Switch2



The PC and File Server are in different VLANs so surely traffic from PC to File Server must go through Router1but which path will the packet go next, through Router 2 or Switch1? Well, it is a hard question to answer.

As many comments said “the connection between R1 and Switch is Blue, so that means its under Vlan 10, and

R2 to Switch 2 is red. The two routers do not have subinterfaces and are not running router on a stick basing onthe color of the links” so D should be the correct answer.

Just for your information, I keep this explanation (which supports answer C) but in the exam you should chooseD as your answer!

I haven’t had tested it yet but I guess that because there is a VLAN 20 on Switch 1 so Router1 will try to sendthat packet back to Switch1. If the link between Switch1 and Switch2 is a trunk link then the returned packet willalso be sent to this link. Switch 2 receives that packet and it sends to the File Server at VLAN20. So the pathwill be Switch1 -> Router1 -> Switch1 -> Switch2.

There are some debates about this question but if the routers are properly configured then the packets can gofrom Switch1 -> Router1 -> Router2 -> Switch2 (D answer) so D can be a correct answer.

QUESTION 409Refer to the topology and router output shown in the exhibit:

A technician is troubleshooting host connectivity issues on the switches. The hosts in VLANs 10 and 15 onSw11 are unable to communicate with hosts in the same VLANs on Sw12. Hosts in the Admin VLAN are ableto communicate. The port-to-VLAN assignments are identical on the two switches. What could be the problem?

A. The Fa0/1 port is not operational on one of the switches.B. The Link connecting the switches has not been configured as a trunk.C. At lease one port needs to be configured in VLAN 1 for VLANs 10 and 15 to be able to communicate.D. Port FastEthernet 0/1 needs to be configured as an access link on both switches.E. A router is required for hosts on Sw11 in VLANs 10 and 15 to communicate with hosts in the same VLAN on

Sw12.

Correct Answer: BSection: Switching (VLAN & VTP)Explanation



All switch ports are assigned to the correct VLANs, but none of the hosts connected to SwitchA cancommunicate with hosts in the same VLAN connected to SwitchB. Based on the output shown, what is the mostlikely problem?

A. The access link needs to be configured in multiple VLANs.B. The link between the switches is configured in the wrong VLAN.C. The link between the switches needs to be configured as a trunk.D. VTP is not configured to carry VLAN information between the switches.E. Switch IP addresses must be configured in order for traffic to be forwarded between the switches.




A network administrator needs to add a new VLAN, named VLAN3, to the network shown. Unfortunately, thereis not another FastEthernet interface on R1 to connect to the new VLAN3. Which approach is the most costeffective solution for this problem?

A. Purchase a new FastEthernet module and install it on R1B. Replace R1 with a new router that has at least three FastEthernet interfaces.C. Configure a second switch to support VLAN3 with a VLAN trunk between SW1 and the new switch.D. Configure a single VLAN trunk between R1 and SW1 and configure subinterface on R1 interface for each

VLAN.E. Connect another router to a serial interface of R1. Use a FastEthernet interface on the new router for

VLAN3.




How should the FastEthernet0/1 port on the 2950 model switches that are shown in the exhibit be configured toallow connectivity between all devices?

A. The ports only need to be connected by a crossover cable.B. SwitchX(config)# interface FastEthernet 0/1

SwitchX(config-if)# switchport mode trunk

C. SwitchX(config)# interface FastEthernet 0/1SwitchX(config-if)# switchport mode accessSwitchX(config-if)# switchport access vlan 1

D. SwitchX(config)# interface FastEthernet 0/1SwitchX(config-if)# switchport mode trunkSwitchX(config-if)# switchport trunk vlan 1SwitchX(config-if)# switchport trunk vlan 10SwitchX(config-if)# switchport trunk vlan 20




After SwitchB was added to the network, VLAN connectivity problems started to occur. What caused this

problem?

A. Both switches are in sever mode in the same domainB. The revision number of SwitchB was higher than the revision number of SwitchAC. SwitchA was not rebooted prior to adding SwitchB to the network.D. V2-mode is not enabled.E. VTP pruning is not activated, so the new paths in the network have not been recalculated.




Which of these statements correctly describes the state of the switch once the boot process has beencompleted?

A. Only the default VLANs are configured on SwitchA.B. SwitchA does not have a VTP domain name configured.C. VTP pruning needs to be enabled on SwitchA.D. SwitchC needs to have the VTP domain name configured.E. SwitchB is in transparent mode.




The network administrator has discorvered that the VLAN configuration of SwitchC is not synchronized with therest of the switched network. Why is SwitchC not receiving VTP updates?

Exhibit:

A. SwitchB is not relaying VTP advertisements to SwitchC.B. SwitchC has fewer existing VLANs than does SwitchA.C. SwitchA supports a greater number of VLANs than does SwitchC.D. SwitchC has revision number higher than that being advertisedE. SwitchC should be operating in VTP server mode to recevie VTP updates.F. SwitchB should be operating in VTP server or client mode to relay VTP updates.




The show vtp status command is executed at a switch that is generating the exhibit output. Which statementis true for this switch?

A. The switch forwards its VLAN database to other switches in the ICND VTP domain.B. The configuration revision number increments each time the VLAN database is updated.C. The switch forwards VTP updates that are sent by other switches in the ICND domain.D. The VLAN database is updated when VTP information is received from other switches.



QUESTION 417Which three elements must be used when you configure a router interface for vlan trunking? (Choose three)

A. one IP network or subnetwork for each subinterfaceB. subinterface numbering that matches vlan tagesC. subinterface encapsulation identifiers that match vlan tagsD. a management domain for each subinterfaceE. one physical interface for each subinterfaceF. one subinterface per vlan

Correct Answer: ACFSection: Switching (VLAN & VTP)Explanation


QUESTION 418Which statement about vlan operation on Cisco Catalyst switches is true?

A. when a packet is received from an 802.1Q trunk,the vlan id can be determined from the source MACaddress table.

B. unkown unicast frames are retransmitted only to the ports that belong to the same vlanC. ports between switches should be configured in access mode so that vlans can span across the portsD. broadcast and multicast frames are retransmitted to ports that are configured on different vlan.



QUESTION 419Assuming the default switch configuration, which approach should you use to configure the extended vlanrange (1006 through 4094) on a Cisco Catalyst 3750 series switch?

A. Configure the switch to be in VTP client mode.B. Configure the switch to be in VTP domaint mode.C. Configure the switch to be in VTP transparent mode.

D. Configure the switch to be in VTPv2.



QUESTION 420What are two characteristics of a switch that is configured as a VTP client? (Choose two)

A. If a switch that is configured to operate in client mode cannot access a VTP server, then the switch revertsto transparent mode.

B. The local vlan configuration is updated only when an update that has a higher configuration revision numberis received.

C. Vtp advertisements are not forwarded to neighboring switches that are configured in vtp transparent mode.D. When switches in vtp client mode are rebooted, they send a vtp advertisement request to the vtp servers.E. Vtp client is the default vtp modeF. On switches that are configured to operate in client mode, vlans can be created, deleted or renamed locally.



QUESTION 421What are three benefits of implementing vlans? (Choose three)

A. A more efficient use of bandwidth can be achieved allowing many physical groups to use the same networkinfrastructure

B. Broadcast storms can be mitigated by decreasing the number of broadcast domains,thus increasing theirsize.

C. A higher level of network security can be reached by separating sensitive data traffic from other networktraffic.

D. Port-based vlans increase switch-port use efficient,thanks to 802.1Q trunksE. A more efficient use of bandwidth can be achieved allowing many logical networks to use the same network

infrastructure.F. Broadcast storms can be mitigated by increasing the number of broadcast domains,thus reducing their size.G. VLANs make it easier for IT staff to configure new logical groups,because the vlans all belong to the same

broadcast domain.

Correct Answer: CEFSection: Switching (VLAN & VTP)Explanation


QUESTION 422A switch has been configured with two VLANs and is connected to a router with a trunk for Inter-VLAN routing.OSPF has been configured on the router, as the routing protocol for the network. Which statement about thisnetwork is true?

A. For the two VLANs to communicate, a network statement for the trunk interface needs to be added to theOSPF configuration.

B. For the two VLANs to communicate, a network statement for each subinterface needs to be added to theOSPF configuration.

C. Direct Inter-VLAN communication does not require OSPF.D. OSPF cannot be used if router-on-a-stick is configured on the router.



QUESTION 423Which protocol provides a method of sharing VLAN configuration information between two Cisco switch?

A. VTPB. 802.1QC. RSTPD. STP



QUESTION 424VLAN 3 is not yet configured on your switch. What happens if you set the switchport access vlan 3commmand interface configuration mode?

A. The command is accepted and the respective VLAN is added to vlan dat.B. The command is rejected.C. The command is accepted and you must configure the VLAN manually.D. The port turns amber.



QUESTION 425What is the function of the command switchport trunk native vlan 999 on a trunk port?

A. It designates VLAN 999 for untagged traffic.B. It blocks VLAN 999 traffic from passing on the trunk.C. It creates a VLAN 999 interface.D. It designates VLAN 999 as the default for all unkown tagged traffic.

Correct Answer: ASection: Switching (VLAN & VTP)

Explanation


QUESTION 426A router has two FastEthernet interfaces and needs to connect to four vlans in the local network. How can youaccomplish this task, using the fewest physical interfaces and without decreasing network performance?

A. Add two more FastEthernet interfaces.B. Add a second router to handle the vlan traffic.C. Use a hub to connect the four vlans with a FastEthernet interface on router.D. Implement a router-on-a-stick configuration.




How many broadcast domains are configured on switch2?

A. 5B. 20C. 4D. 1



QUESTION 428A switch is configured as a vtp sever with a domain name of CCNA. Which Cisco IOS privileged modecommand, followed by reloading of the swith, will reset the VTP management domain name of the switch to aNULL value?

A. #vtp domain unset

B. #delete vlan.dat

C. #no vtp domain

D. #vtp domain null



QUESTION 429Assuming default setting, how can you erase the VTP database of VLANs on a CISCO IOS switch running inVTP server mode?

A. Enable VTP pruningB. From privileged mode, erase the startup configuration file, then reload.C. From privileged mode, erase the vlan dat file, then reload.D. Cycle the switch power.



QUESTION 430

A frame from VLAN1 of switch S1 is sent to switch S2 where the frame received on VLAN2. What causes thisbehavior?

A. trunk mode mismatchesB. vlans that do not correspond to a unique IP subnetC. native vlan mismatchesD. allowing only vlan 2 on the destination.



QUESTION 431A company has a small network, consisting of a single switch and a single router. The switch has beenconfigured with two VLANs, and route-on-a-stick is being configured on the router for Inter-VLAN routing. Atrunk is configured to connect the switch to the router. What is the minimum number of router subinterfaces thatare required for all the VLANs to communicate?

A. oneB. threeC. twoD. zero



QUESTION 432What is the purpose of the command shown below?

vtp password Fl0r1da

A. It is the password required when promoting a switch from VTP client mode to VTP server mode.B. It is used to access the VTP server to make changes to the VTP configuration.C. It is used to prevent a switch newly added to the network from sending incorrect VLAN information to the

other switches in the domain.D. It is used to validate the sources of VTP advertisements sent between switches.E. It allows two VTP servers to exist in the same domain, each configured with different passwords.




The network administrator has created a new VLAN on Switch1 and added host C and host D. Theadministrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/24 to bemembers of the new VLAN. However, after the network administrator completed the configuration, host A couldcommunicate with host B, but host A could not communicate with host C or host D. Which commands arerequired to resolve this problem?

A. Router(config)# interface fastethernet 0/1.3Router(config-if)# encapsulation dot1q 3Router(config-if)# ip address 192.168.3.1 255.255.255.0

B. Router(config)# router ripRouter(config-router)# network 192.168.1.0Router(config-router)# network 192.168.2.0Router(config-router)# network 192.168.3.0

C. Switch1# vlan databaseSwitch1(vlan)# vtp v2-mode

Switch1(vlan)# vtp domain ciscoSwitch1(vlan)# vtp server

D. Switch1(config)# interface fastethernet 0/1Switch1(config-if)# switchport mode trunkSwitch1(config-if)# switchport trunk encapsulation isl



QUESTION 434Which of the following are valid VLAN Trunk Protocols over Fast Ethernet? (Choose two)

A. Inter-Switch LinkB. 802.10C. LANED. 802.1Q

Correct Answer: ADSection: Switching (VLAN & VTP)Explanation



Two 2950 switches connect through ports Fa0/24 and a straight-through cable. Based on the output of theshow cdp neighbor command from both switches and the information given, what can be concluded?

A. Port Fa0/24 on each switch must be configured in VLAN 1 in order for the switches to see neighborinformation.

B. Port Fa0/24 on each switch must be configured as a trunk port in order for neighbor information to bereceived.

C. The switches are not cabled properly.D. An IP address needs to be assigned to both switches.E. VTP is incorrectly configured on switch A.




What can be determined about the interfaces of the Main_Campus router from the output shown?

A. The LAN interfaces are configured on different subnets.B. Interface FastEthernet 0/0 is configured as a trunk.C. The Layer 2 protocol of interface Serial 0/1 is NOT operational.D. The router is a modular router with five FastEthernet interfaces.E. Interface FastEthernet 0/0 is administratively deactivated.



QUESTION 437Refer to graphic and examine the output from the London switch . What VTP functions will this switch perform?

A. create, change, and delete VLANs for the VTP domainB. learn and save VTP configuration information in the running configuration onlyC. forward VTP configuration informationD. backup the VTP database for the closest VTP serverE. prevent VTP information from reaching workgroup switches



QUESTION 438Refer to the topology and partial switch command output shown in the graphic. The internetwork shown in thediagram is experiencing connectivity problems. Host A is unable to ping Host B. What needs to be done toenable these hosts to ping each another?

A. The gateway on Host A needs to be changed.B. The IP address on Host B needs to be reconfigured.

C. VLAN 2 must be named.D. The Fa0/1 interface on the ET-1 switch must be configured as a trunk port.E. Switch port Fa0/1 must be moved to a different VLAN.




Configuration of both switches has been completed. During testing, the network administrator notices that userson SwitchA can not connect with users in the same VLAN on SwitchB. What should be done to solve thisproblem?

A. Ensure that the IP address of SwitchA is on the same network as the IP address of SwitchB.B. Ensure that the same interface number is used to connect both switches.C. Ensure that the ports connecting the two switches are configured to trunk.D. Ensure that SwitchA and SwitchB are connected with a straight-through cable.


Explanation/Reference:For VLAN information to communicate from one switch to another within the same VLAN we need to configurethe link port (Fa0/3 switchA and fa0/4 switchB) between switches as trunk ports.

Switchport mode trunk


The switches have been configured with static VLANs as shown. During testing, the network administratornotices that VLAN 20 on SwitchA has no connectivity with VLAN 30 on SwitchB. What should the networkadministrator do?

A. Configure the interconnected ports on SwitchA and SwitchB into access mode.B. Connect the two switches with a straight-through cable.C. Add a Layer 3 device to connect VLAN 20 and VLAN 30.D. Configure the management VLAN with IP addresses.E. Ensure that the VTP passwords match on both switches.


Explanation/Reference:To enable connectivity between two different VLAN we need to add a layer 3 device and configure interVLANrouting on it.


Hosts on the same VLAN can communicate with each other but are unable to communicate with hosts ondifferent VLANs. What is needed to allow communication between VLANs?

A. a switch with a trunk link that is configured between the switchesB. a router with an IP address on the physical interface that is connected to the switchC. a switch with an access link that is configured between the switchesD. a router with subinterfaces configured on the physical interface that is connected to the switch

Correct Answer: D



QUESTION 442A network administrator has configured two switches, named London and Madrid, to use VTP. However, theswitches are not sharing VTP messages. Given the command output shown in the graphic, why are theseswitches not sharing VTP messages?

A. The VTP version is not correctly configured.B. The VTP operating mode is not correctly configured.C. The VTP domain name is not correctly configured.D. VTP pruning mode is disabled.E. VTP V2 mode is disabled.F. VTP traps generation is disabled.


Explanation/Reference:Both switches must have same domain name configured to exchange vtp messages. first domain name mustmatch so that switches can start exchanging vtp messages, domain name is like a password.


A network administrator is unable to connect remotely to a device and initiates a console session. Theadministrator executes the show ip interface brief command. Why did the remote connection fail?

A. The Gigabit Ethernet interfaces are not upB. The switch does not have a management IP address assigned.C. The switch needs to have a clock rate entered on one of its interfaces.D. VLAN1 is shut down.


Explanation/Reference:The virtual LAN Interface can be enabled or disabled with shutdown/no shutdown command. If you interface isdown, it will display administratively down status. You can bring up an interface having administratively downinterface using no shutdown command. Since the only IP configured on the switch belongs to VLAN 1, it needsto be enabled for you to remotely access the device.


How many broadcast domains exist in the exhibited topology?

A. three

B. fourC. twoD. sixE. fiveF. one




C-router is to be used as a "router-on-a-stick" to route between the VLANs. All the interfaces have beenproperly configured and IP routing is operational. The hosts in the VLANs have been configured with theappropriate default gateway. What can be said about this configuration?

A. These commands need to be added to the configuration:C-router(config)# router eigrp 123C-router(config-router)# network 172.19.0.0

B. No further routing configuration is required.C. These commands need to be added to the configuration:

C-router(config)# router ospf 1C-router(config-router)# network 172.19.0.0 0.0.3.255 area 0

D. These commands need to be added to the configuration:C-router(config)# router ripC-router(config-router)# network 172.19.0.0


Explanation/Reference:Since all the same router (C-router) is the default gateway for all three VLANs, all traffic destined to a differentVLA will be sent to the C-router. The C-router will have knowledge of all three networks since they will appearas directly connected in the routing table. Since the C-router already knows how to get to all three networks, norouting protocols need to be configured.


Given the output of the Floor3 switch, what statement describes the operation of this switch?

A. VTP is disabled on this switch.B. The switch can create, change, and delete VLANs.C. The switch learns VLAN information but does not save it to NVRAM.D. The switch can create VLANs locally but will not forward this information to other switches.E. The switch learns VLAN information and updates the local VLAN data base in NVRAM.



QUESTION 447Drag the options on the right to the proper locations.

Select and Place:

Correct Answer:



QUESTION 448

What interface did Sw-AC3 associate with source MAC address 0010.5a0c.ffba ?

Exhibit:

A. Fa0/1B. Fa0/3C. Fa0/6D. Fa0/8E. Fa0/9F. Fa0/12

Correct Answer: DSection: VTP SIM QuestionExplanation

Explanation/Reference:to find out which interface associated with a given MAC address, use the show mac-address-tablecommand. It shows the learned MAC addresses and their associated interfaces. After entering this command,you will see a MAC address table like this:

QUESTION 449

What ports on Sw-AC3 are operating has trunks (choose three)?

Exhibit:


Correct Answer: BEFSection: VTP SIM QuestionExplanation

Explanation/Reference:Use the show interface trunk command to determine the trunking status of a link and VLAN status. Thiscommand lists port, its mode, encapsulation and whether it is trunking. The image below shows how it works:

QUESTION 450

What kind of router is VLAN-R1?

Exhibit:

A. 1720B. 1841C. 2611D. 2620


Explanation/Reference:VLAN-R1 is the router directly connected to Sw-Ac3 switch, so we can use the show cdp neighborscommand to see:

1. Neighbor Device ID : The name of the neighbor device;

2. Local Interface : The interface to which this neighbor is heard

3. Capability: Capability of this neighboring device – R for router, S for switch, H for Host etc.

4. Platform: Which type of device the neighbor is

5. Port ID: The interface of the remote neighbor you receive CDP information

6. Holdtime: Decremental hold time in seconds

Sample output of show cdp neighbors command:

QUESTION 451

Which switch is the root bridge for VLAN 1?

show spanning-tree vlan 1 (exhibit):

show cdp neighbors (exhibit):

A. SW-DS1B. SW-AC1C. SW-AC2D. SW-AC3

Correct Answer: ASection: VTP SIM QuestionExplanation

Explanation/Reference:First we use the show spanning-tree vlan 1 to view the spanning-tree information of VLAN 1From the “Cost 19″, we learn that the root switch is directly connected to the Sw-Ac3 switch over a 100MbpsEthernet link

Notice that if you see all of the interface roles are Desg (designated) then you can confirm Sw-Ac3 switch is theroot bridge for this VLAN (VLAN 1).

If you see there is at least one Root port in the interface roles then you can confirm Sw-Ac3 is not the rootbridge because root bridge does not have root port. In this case, we notice that the root port on Sw-Ac3 switchis FastEthernet0/12, so we have to figure out which switch is associated with this port -> it is the root bridge.You can verify it with the show cdp neighbors command:

The “Local Intrfce” column refers to the interface on the switch running “show cdp neighbors” command. In thiscase, Sw-DS1 is associated with interface FastEthernet0/12 -> Sw-DS1 is the root bridge

QUESTION 452

What address should be configured as the default-gateway for the host connected to interface fa 0/4 of SW-Ac3?

show vlan (exhibit):

vlan (exhibit):

A. 192.168.1254B. 192.168.22.254C. 192.168.44.254D. 192.168.33.254

Correct Answer: CSection: VTP SIM QuestionExplanation

Explanation/Reference:First we have to identify which VLAN interface Fa0/4 belongs to by the show vlan command

From the exhibit we know that VLAN 44 is configured on router using sub-interface Fa0/0.44 with IP address192.168.44.254/24

Therefore the default gateway of the host should be 192.168.44.254

QUESTION 453

From which switch did Sw-Ac3 receive VLAN information ?

show vtp status (exhibit):

show cdp neighbor detail (exhibit):

A. SW-DS1B. SW-AC1C. SW-AC2D. SW-AC3

Correct Answer: CSection: VTP SIM QuestionExplanation

Explanation/Reference:to view the VTP configuration information, use the show vtp status command

So we knew Sw-Ac3 received VLAN information from 163.5.8.3 (notice:the IP address may be different). Finallywe use the show cdp neighbors detail to find out who 163.5.8.3 is:

QUESTION 454Refer to the exibit:

SwX was taken out of the production network for maintenance. It will be reconnected to the Fa 0/16 port of Sw-Ac3. What happens to the network when it is reconnected and a trunk exists between the two switches?

show vtp status (exhibit):

show vtp and show vlan (exhibit):


A. All VLANs except the default VLAN win be removed from all switchesB. All existing switches will have the students, admin, faculty, Servers, Management, Production, and no-where

VLANsC. The VLANs Servers, Management, Production and no-where will replace the VLANs on SwXD. The VLANs Servers, Management, Production and no-where will be removed from existing switches


Explanation/Reference:First we should view the VTP configuration of switch Sw-Ac3 by using the show vtp status command onSw-Ac3

Notice that its configuration revision number is 5 and VTP Domain Name is home-office

Next, from the exhibit we know that SwX has a revision number of 6, which is greater than that of Sw-Ac3switch, and both of them have same VTP Domain Name called “home-office”.

Therefore SwX will replace vlan information on other switches with its own information. We should check vlaninformation of Sw-Ac3 switch with show vlan command

So the correct answer is D – The VLANs Servers, Management, Production and n o-where will be removedfrom existing switches

Please notice that in the real CCNA exam you may see a different configuration revision of Sw-Ac3 or of SwX.In general, which switch has a higher revision number it will become the updater and other switches willoverwrite their current databases with the new information received from the updater (provided that they are onthe same domain and that switch is not in transparent mode). In particular, if the revision number of SwX islower than that of Sw-Ac3, the answer should be “C – The VLANs Servers, Management, Productionand no-where will replace the VLANs on SwX”.

QUESTION 455

Out of which ports will a frame be forwarded that has source mac-address 0010.5a0c.fd86 and destinationmac-address 000a.8a47.e612? (Choose three)

show mac-address-table (exhibit):


show interface trunk (exhibit):

A. Fa0/8B. Fa0/3C. Fa0/1D. Fa0/12E. Fa0/4F. Fa0/6G. Fa0/7

Correct Answer: BCDSection: VTP SIM QuestionExplanation

Explanation/Reference:First we check to see which ports the source mac-address and the destination mac-address belong to by using show mac-address-table command

We notice that the source mac-address 0010.5a0c.fd86 is listed in the table and it belongs to Vlan 33 but wecan’t find the destination mac-address 000a.8a47.e612 in this table. In this case, the switch will flood to all portsof Vlan 33 and flood to all the trunk links, except the port it received this frame (port Fa0/6). Therefore from theoutput above, we can figure out it will flood this frame to Fa0/1, Fa0/3 and Fa0/12.

Please notice that the “show mac-address-table” command just lists information that was learned by the switch,it means that there can be other ports besides Fa0/1, Fa0/3 and Fa0/12 belong to Vlan 33. You can use the show vlan command to see which ports belong to vlan 33

And we found other ports which belong to vlan 33, they are Fa0/2, Fa0/5 and Fa0/7. Our switch will flood theframe to these ports, too.

And we can check which trunk ports will receive this frame by the show interface trunk command

QUESTION 456

If one of the host connected to Sw-AC3 wants to send something for the ip 190.0.2.5 (or any ip that is not onthe same subnet) what will be the destination MAC address?

show running-config (exhibit):

show cdp neighbor detail (exhibit):

show mac-address-table (exhibit):


Correct Answer: BSection: VTP SIM QuestionExplanation

Explanation/Reference:Because the destination address is not on the same subnet with the switch, it will forward the packet to itsdefault gateway. So we have to find out who is the default gateway of this switch by using the showrunning-config command

From the output, we notice that its default-gateway is 192.168.1.254. In fact, we can easily guess that its defaultgateway should be a layer 3 device like a router; and in this case, the VLAN-R1 router. To verify our theory, use

the show cdp neighbor detail command and focus on the description of VLAN-R1 router

From this output, we can confirm the switch’s default gateway is VLAN-R1 router (with the IP address of192.168.1.254). And “the interface: FastEthernet0/3″ tells us that the switch is connected to VLAN-R1 routerthrough Fa0/3 port (Fa0/3 is the port on the switch).

Finally we just need to use the show mac-address-table command to find out which MAC address isassociated with this interface

(Notice that in the real CCNA exam the MAC address or port may be different)

And we find out the corresponding MAC address is 000a.b7e9.8360. Although there are some entries of portFa0/3 with different Vlans but they have the same MAC address

QUESTION 457What are two security appliances that can be installed in a network? (Choose two.)

A. ATMB. IDSC. IOSD. IOXE. IPSF. SDM

Correct Answer: BESection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 458Which command shows if an access list is assigned to an interface?

A. show ip interface [interface] access-listsB. show ip access-lists interface [interface]C. show ip interface [interface]D. show ip access-lists [interface]

Correct Answer: CSection: Access List (ACL, VPN & Security Devices)Explanation



What will happen to HTTP traffic coming from the Internet that is destined for 172.16.12.10 if the traffic isprocessed by this ACL?

A. Traffic will be dropped per line 30 of the ACL.B. Traffic will be accepted per line 40 of the ACL.C. Traffic will be dropped, because of the implicit deny all at the end of the ACL.D. Traffic will be accepted, because the source address is not covered by the ACL.




Which statement describes the effect that the Router1 configuration has on devices in the 172.16.16.0 subnetwhen they try to connect to SVR-A using Telnet or SSH?

A. Devices will not be able to use Telnet or SSH.B. Devices will be able to use SSH, but not Telnet.C. Devices will be able to use Telnet, but not SSH.

D. Devices will be able to use Telnet and SSH.

Correct Answer: BSection: Access List (ACL, VPN & Security Devices)Explanation



The FMJ manufacturing company is concerned about unauthorized access to the Payroll Server. TheAccounting1, CEO, Mgr1, and Mgr2 workstations should be the only computers with access to the PayrollServer. What two technologies should be implemented to help prevent unauthorized access to the server?(Choose two.)

A. access listsB. encrypted router passwordsC. STPD. VLANsE. VTPF. wireless LANs

Correct Answer: ADSection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 462Which type of attack is characterized by flood of packet that requesing a TCP connection to a server?

A. denial of serviceB. brute forceC. reconnaissanceD. Trojan horse

Correct Answer: ASection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 463Which command sets and automatically encrypts the privileged enable mode password?

A. enbale password c1scoB. secret enable c1scoC. password enable c1scoD. enable secret c1sco

Correct Answer: DSection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 464The enable secret command is used to secure access to which CLI mode?

A. user EXEC modeB. global configuration modeC. privileged EXEC modeD. auxiliary setup mode



QUESTION 465Which two statements apply to dynamic access lists? (Choose two)

A. they offer simpler management in large internetworks.B. you can control logging messages.C. they allow packets to be filtered based on upper-layer session information.D. you can set a time-based security policy.E. they provide a level of security against spoofing.F. they are used to authenticate individual users.

Correct Answer: AFSection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 466A network engineer wants to allow a temporary entry for a remote user with a specific usename and passwordso that the user can access the entire network over the internet.which ACL can be used?

A. reflexive

B. extendedC. standardD. dynamic




Which three variables(router,protocol port,and router ACL direction)apply to an extended ACL that will preventstudent 01 from securely browsing the internet? (Choose three)

A. OUTB. Router 3C. HTTPSD. INE. Router 1

Correct Answer: BCDSection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 468Which component of VPN technology ensures that data can be read only by its intended recipient?

A. data integrityB. encryptionC. key exchangeD. authentication



QUESTION 469What is the effect of using the service password-encryption command?

A. Only passwords configured after the command has been entered will be encrypted.B. Only the enable password will be encrypted.C. Only the enable secret password will be encryptedD. It will encrypt the secret password and remove the enable secret password from the configuration.E. It will encrypt all current and future passwords.

Correct Answer: ESection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 470Which statement about access lists that are applied to an interface is true?

A. you can apply only one access list on any interfaceB. you can configure one access list, per direction, per layer 3 protocolC. you can place as many access lists as you want on any interfaceD. you can configure one access list, per direction, per layer 2 protocol



QUESTION 471Which item represents the standard IP ACL?

A. access-list 50 deny 192.168.1.1 0.0.0.255B. access-list 110 permit ip any anyC. access-list 2500 deny tcp any host 192.168.1.1 eq 22D. access-list 101 deny tcp any host 192.168.1.1

Correct Answer: ASection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 472Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?

A. Cisco IOS IPsec/SSL VPN clientB. Cisco VPN ClientC. ISDN terminal adapterD. Cisco Adaptive Security Appliance



QUESTION 473What algorithm technology must be used for ensuring data integrity when dataflow goes over VPN tunnel?(Choose two)

A. RSAB. DH-1C. DH-2D. HMAC-MD5E. HMAC-SHA1

Correct Answer: DESection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 474Which parameter standard access list takes into consideration for traffic filtering decisions?

A. Source MAC addressB. Destination IP addressC. Destination MAC addressD. Source IP address




It has been decided that PC1 should be denied access to Server. Which of the following commands arerequired to prevent only PC1 from accessing Server1 while allowing all other traffic to flow normally? (Choosetwo)

A. Router(config)# interface fa0/0Router(config-if)# ip access-group 101 out

B. Router(config)# interface fa0/0Router(config-if)# ip access-group 101 in

C. Router(config)# access-list 101 deny ip host 172.16.161.150 host 172.16.162.163Router(config)# access-list 101 permit ip any any

D. Router(config)# access-list 101 deny ip 172.16.161.150 0.0.0.255 172.16.162.163 0.0.0.0Router(config)# access-list 101 permit ip any any

Correct Answer: BCSection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 476An access list was written with the four statements shown in the graphic. Which single access list statement willcombine all four of these statements into a single statement that will have exactly the same effect?

A. access-list 10 permit 172.29.16.0 0.0.0.255B. access-list 10 permit 172.29.16.0 0.0.1.255C. access-list 10 permit 172.29.16.0 0.0.3.255D. access-list 10 permit 172.29.16.0 0.0.15.255E. access-list 10 permit 172.29.0.0 0.0.255.255



QUESTION 477Refer to the graphic. Assuming the following goals:

1) allow Telnet from the Internet to the HR server2) allow HTTP access from the Internet to the web server3) all other traffic from the Internet should be blocked

Which of the following access list statements are necessary to accomplish these goals? (Choose two.)

A. access-list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23B. access-list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80C. access-list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80D. access-list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23

Correct Answer: ABSection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 478You are securing a network and want to apply an ACL (access control list) to an interface of a router. Whichone of the following commands would you use?

A. apply access-list 101 outB. ip access-group 101 outC. access-class 101 outD. permit access-list 101 out



QUESTION 479As the network administrator, you have been instructed to prevent all traffic originating on the Router 1 LANfrom entering the router2. Which the following command would implement the access list on the interface ofrouter2?

A. access-list 101 outB. ip access-group 101 outC. access-list 101 inD. ip access-group 101 in



QUESTION 480What three pieces of information can be used in an extended access list to filter traffic? (Choose three.)

A. VLAN numberB. TCP or UDP port numbersC. source switch port numberD. source IP address and destination IP addressE. protocolF. source MAC address and destination MAC address

Correct Answer: BDESection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 481What is the effect of the following access list condition?

A. permit all packets matching the host bits in the source address to all destinationsB. permit all packets from the third subnet of the network address to all destinationsC. permit all packets matching the last octet of the destination address and accept all source addressesD. permit all packets to destinations matching the first three octets in the destination addressE. permit all packets matching the first three octets of the source address to all destinations

Correct Answer: ESection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 482The following access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29LAN:

How will the above access lists affect traffic?

A. FTP traffic from 192.169.1.9 to any host will be denied.B. All traffic exiting E0 will be denied.C. All FTP traffic to network 192.169.1.9/29 will be deniedD. No traffic, except for FTP traffic will be allowed to exit E0.E. FTP traffic from 192.169.1.22 will be denied.



QUESTION 483A network administrator wants to add a line to an access list that will block only Telnet access by the hosts onsubnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish thistask?

A. access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23access-list 1 permit ip any any

B. access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23access-list 101 permit ip any any

C. access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21access-list 1 permit ip any any

D. access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23access-list 101 permit ip any any



QUESTION 484Which protocol is an open standard protocol framework that is commonly used in VPNs to provide secure end-to-end connections?

A. PPTPB. IPsecC. RSAD. L2TP



QUESTION 485On your newly installed router, you apply the access list illustrated below to interface Ethernet0 on a router. Theinterface is connected to the 192.168.1.8/29 LAN.

How will the above access lists affect traffic?

A. All traffic will be allowed to exit E0 except FTP traffic.B. FTP traffic from 192.168.166.19 to any host will be denied.C. All traffic exiting E0 will be denied.D. All FTP traffic to network 192.168.166.18/29 from any host will be denied.



QUESTION 486Recently, unauthorized users have used Telnet to gain access to the company router. As the networkadministrator, you want to configure and apply an access list to allow Telnet access to the router, but only fromyour computer. Please consider the problem carefully, which group of commands would be the best choice toallow only the IP address 172.16.3.3 to have Telnet access to the router?

A. access-list 101 permit tcp any host 172.16.3.3 eq telnet interface s0/0ip access-group 101 in

B. access-list 3 permit host 172.16.3.3line vty 0 4ip access-group 3 in

C. access-list 3 permit host 172.16.3.3line vty 0 4access-class 3 in

D. access-list 101 permit tcp any host 172.16.3.3 eq telnetaccess-list 101 permit ip any anyinterface s0/0ip access-group 101 in



QUESTION 487Your boss is learning a CCNA training course, refer to the exhibit. The access list has been configured on theS0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will bedenied? (Choose two)

access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnetaccess-list 101 permit ip any any

A. source ip address: 192.168.15.5; destination port: 21B. source ip address: 192.168.15.37 destination port: 21C. source ip address: 192.168.15.41 destination port: 21D. source ip address: 192.168.15.36 destination port: 23E. source ip address: 192.168.15.46; destination port: 23

F. source ip address: 192.168.15.49 destination port: 23

Correct Answer: DESection: Access List (ACL, VPN & Security Devices)Explanation



Why would the network administrator configure RA in this manner?

A. to give students access to the InternetB. to prevent students from accessing the command prompt of RAC. to prevent administrators from accessing the console of RAD. to give administrators access to the InternetE. to prevent students from accessing the InternetF. to prevent students from accessing the Admin network



QUESTION 489The access control list shown in the graphic has been applied to the Ethernet interface of router R1 using the ipaccess-group 101 in command. Which of the following Telnet sessions will be blocked by this ACL? (Choosetwo)

A. from host PC-A to host 5.1.1.10B. from host PC-A to host 5.1.3.10C. from host PC-B to host 5.1.2.10D. from host PC-B to host 5.1.3.8

Correct Answer: BDSection: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 490The exhibit shows a company network. The network administrator would like to permit only hosts on the172.30.16.0/24 network to access the Internet. Which wild card mask and address combination will only matchaddresses on this network?

A. 172.30.0.0 0.0.0.0B. 172.30.16.0 0.0.0.255C. 172.30.0.0 0.0.15.255D. 172.30.16.0 0.0.31.255E. 172.30.16.0 0.0.255.255



QUESTION 491An access list has been designed to prevent HTTP traffic from the Accounting Department from reaching theHR server attached to the Holyoke router. Which of the following access lists will accomplish this task whengrouped with the e0 interface on the Chicopee router?

A.permit ip any anydeny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80

B.permit ip any anydeny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80

C.deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80permit ip any any

D.deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80permit ip any any



QUESTION 492The access list shown in the graphic should deny all hosts located on network 172.16.1.0, except host172.16.1.5, from accessing the 172.16.4.0 network. All other networks should be accessible. Which commandsequence will correctly apply this access list?

A. routerA(config)# interface fa0/0routerA(config-if)# ip access-group 10 in

B. routerA(config)# interface s0/0routerA(config-if)# ip access-group 10 out

C. routerB(config)# interface fa0/1routerB(config-if)# ip access-group 10 out

D. routerB(config)# interface fa0/0routerB(config-if)# ip access-group 10 out

E. routerB(config)# interface s0/1routerB(config-if)# ip access-group 10 out



QUESTION 493Which IPsec security protocol should be used when confidentiality is required?

A. PSKB. AHC. MD5D. ESP



QUESTION 494

Select and Place:

Correct Answer:

Section: Access List (ACL, VPN & Security Devices)Explanation


QUESTION 495

Select and Place:

Correct Answer:



QUESTION 496

Select and Place:

Correct Answer:



QUESTION 497

Select and Place:

Correct Answer:

Section: Access List (ACL, VPN & Security Devices)

Explanation


QUESTION 498Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?

ACL (exhibit):


show running-config 2 (exhibit):

A. Correctly assign an IP address to interface fa0/1B. Change the ip access-group command on fa0/0 from “in” to “out”C. Remove access-group 106 in from interface fa0/0 and add access-group 115 in. D. Remove access-group 102 out from interface s0/0/0 and add access-group 114 in E. Remove access-group 106 in from interface fa0/0 and add access-group 104 in

Correct Answer: ESection: ACL Simulation 1Explanation

Explanation/Reference:Let’s have a look at the access list 104:

The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies alltelnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is appliedon the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmptraffic because the “echo-reply” message will be sent over the outbound direction.

QUESTION 499What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?

ACL (exhibit):


A. Attempts to telnet to the router would failB. It would allow all traffic from the 10.4.4.0 networkC. IP traffic would be passed through the interface but TCP and UDP traffic would notD. Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface

Correct Answer: BSection: ACL Simulation 1Explanation

Explanation/Reference:From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easilyunderstand that this access list allows all traffic (ip) from 10.4.4.0/24 network

QUESTION 500What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?

ACL (exhibit):

A. No host could connect to Router through s0/0/1B. Telnet and ping would work but routing updates would fail. C. FTP, FTP-DATA, echo, and www would work but telnet would failD. Only traffic from the 10.4.4.0 network would pass through the interface

Correct Answer: ASection: ACL Simulation 1Explanation

Explanation/Reference:First let’s see what was configured on interface S0/0/1:

Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in”on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will beaccepted (so we can eliminate answer C).B is not correct because if telnet and ping can work then routing updates can, too.D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonableanswer is A.

But here raise a question…

The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in theform of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A:“no host could connect to Router through s0/0/1” seems right…

But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip addressof 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through thathost. Now answer A seems incorrect!

QUESTION 501Refer to the exhibit. The router has been configured with these commands:

hostname Gatewayinterface FastEthernet 0/0ip address 198.133.219.14 255.255.255.248no shutdowninterface FastEthernet 0/1ip address 192.168.10.254 255.255.255.0no shutdowninterface Serial 0/0ip address 64.100.0.2 255.255.255.252no shutdownip route 0.0.0.0 0.0.0.0 64.100.0.1

What are the two results of this configuration? (Choose two.)

A. The default route should have a next hop address of 64.100.0.3.

B. Hosts on the LAN that is connected to FastEthernet 0/1 are using public IP addressing.C. The address of the subnet segment with the WWW server will support seven more servers.D. The addressing scheme allows users on the Internet to access the WWW server.E. Hosts on the LAN that is connected to FastEthernet 0/1 will not be able to access the Internet without

address translation.

Correct Answer: DESection: Network Address Translations (NAT)Explanation


Since the hosts on the Fast Ethernet 0/1 network are using private RFC 1918 IP addressing (192.168.10.0/24)their IP addresses will need to be translated into a publicly routable address in order to access the Internet.However, the server is using the 198.133.219.9 IP address, which is publicly routable and so Internet users canindeed access this server (assuming that the 198.133.219.9 IP address has been correctly assigned to thenetwork)


Addresses within the range 10.10.10.0/24 are not being translated to the 1.128.0/16 range. Which commandshows if 10.10.10.0/24 are allowed inside addresses?

A. debug ip nat

B. show access-list

C. show ip nat translation

D. show ip nat statistics

Correct Answer: BSection: Network Address Translations (NAT)Explanation



Which command would allow the translations to be created on the router?

A. ip nat pool mynats 1.1.128.1 1.1.135.254 prefix-length 19

B. ip nat outside mynats 1.1.128.1 1.1.135.254 prefix-length 19

C. ip nat pool mynats 1.1.128.1 1.1.135.254 prefix-length 18

D. ip nat outside mynats 1.1.128.1 1.1.135.254 prefix-length 18

Correct Answer: ASection: Network Address Translations (NAT)Explanation


QUESTION 504Refer to the exhibit. What does the (*) represent in the output?

A. Packet is destined for a local interface to the router.B. Packet was translated, but no response was received from the distant device.C. Packet was not translated, because no additional ports are available.D. Packet was translated and fast switched to the destination.

Correct Answer: DSection: Network Address Translations (NAT)Explanation


The above output is from the “debug ip nat” command. In this output, the first two lines show the Domain NameSystem (DNS) request and reply debugging output.

In the first line (DNS request):

s=10.10.0.2->1.2.4.2: source of the IP address (10.10.0.2) and how it is being translated (to 1.2.4.2)d=1.2.4.1: destination address of the packet

[51607]: the IP identification number of the packet

In the second line (DNS reply):

s=1.2.4.1: source of the replyd=1.2.4.2->10.10.0.2: how the destination is being translated

The remaining lines show debugging output from a Telnet connection from a host on the inside of the networkto a host on the outside of the network. All Telnet packets, except for the first packet, were translated in the fastpath, as indicated by the asterisk (*).

Note: If the connection is already established, the security appliance does not need to re-check packets and thepackets are sent to the Fast Path.

(Reference: http://www.cisco.com/en/US/docs/ios/12_3t/debug/command/reference/dbg_i2gt.html)


What command sequence will enable PAT from the inside to outside network?

A. (config) ip nat pool isp-net 1.2.4.2 netmask 255.255.255.0 overload

B. (config-if) ip nat outside overload

C. (config) ip nat inside source list 1 interface ethernet1 overload

D. (config-if) ip nat inside overload

Correct Answer: CSection: Network Address Translations (NAT)Explanation


The command “ip nat inside source list 1 interface ethernet1 overload” means:

+ “ip nat”: use NAT+ “inside”: NAT from inside to outside+ “source list 1″: the source addresses can be found in access list 1+ “interface ethernet1″: NAT out of this interface+ “overload”: use NAT overload (PAT)


A junior network engineer has prepared the exhibited configuration file. What two statements are true of theplanned configuration for interface fa0/1? (Choose two.)

A. The two FastEthernet interfaces will require NAT configured on two outside serial interfaces.B. Address translation on fa0/1 is not required for DMZ Devices to access the Internet.C. The fa0/1 IP address overlaps with the space used by s0/0.D. The fa0/1 IP address is invalid for the IP subnet on which it resides.E. Internet hosts may not initiate connections to DMZ Devices through the configuration that is shown.

Correct Answer: BESection: Network Address Translations (NAT)Explanation


Both inside FastEthernet interfaces can use only one outside interface to go to the Internet -> A is not correct.

DMZ devices use IP addresses in the range of 128.107.1.128/25 which are public IP addresses so they don’tneed address translation to access the Internet -> B is correct.

The fa0/1 interface’s IP address is 128.107.1.254 255.255.255.128 (range from 128.107.1.128 to128.107.1.255) while the IP address of s0/0 is 128.107.1.1 255.255.255.252 (ranges from 128.107.1.0 to128.107.1.4) so they are not overlapped with each other -> C is not correct.

DMZ devices are in the range of 128.107.1.128/25 (from 128.107.1.128 to 128.107.1.255) and fa0/1 IP address(128.107.1.254) is a valid IP address on this subnet -> D is not correct.

DMZ devices (and other internal hosts) are using dynamic PAT, which is a type of dynamic NAT. With dynamicNAT, translations do not exist in the NAT table until the router receives traffic that requires translation. In other

words, if DMZ devices communicate with outside hosts first, dynamic translation works fine. But if outside hostscommunicate with DMZ devices first, no translation is created in NAT table and the packets will be dropped.This is the reason why “Internet hosts may not initiate connections to DMZ Devices through the configurationthat is shown” -> E is correct.


What statement is true of the configuration for this network?

A. The configuration that is shown provides inadequate outside address space for translation of the number ofinside addresses that are supported.

B. Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support theNAT configuration as shown.

C. The number 1 referred to in the ip nat inside souce command recerences access-list number 1.D. ExternalRouter must be configured with static routers to network 172.16.2.0/24

Correct Answer: CSection: Network Address Translations (NAT)Explanation


QUESTION 508Which two statements about static NAT translations are true? (Choose two)

A. They are always present in the NAT table.B. They allow connection to be initiated from the outside.

C. They can be configured with access lists, to allow two or more connections to be initiated from the outside.D. They require no inside or outside interface markings because addresses are statically defined.

Correct Answer: ABSection: Network Address Translations (NAT)Explanation


With static NAT, translations exist in the NAT translation table as soon as you configure static NAT command(s), and they remain in the translation table until you delete the static NAT command(s).

With dynamic NAT, translations do not exist in the NAT table until the router receives traffic that requirestranslation. Dynamic translations have a timeout period after which they are purged from the translation table.

-> A is correct.

Because static NAT translations are always present in the NAT table so outside hosts can initiate theconnection without being dropped -> B is correct.

Static translations can not be configured with access lists. To configure static NAT, we only need to specifysource IP, NAT IP, inside interface & outside interface.

-> C is not correct.

We have to specify which is the inside and outside interface -> D is not correct.

For your information, below is an example of configuring static NAT:

R0(config)#int f0/0R0(config-if)#ip nat insideR0(config-if)#int f0/1R0(config-if)#ip nat outsideR0(config)#ip nat inside source static 10.0.0.1 200.0.0.2

(Reference: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml)

QUESTION 509Refer to the network diagram and configuration shown in the graphic:

The network at the SOS Company has just been configured for NAT as shown. Initial tests indicate thateverything is functioning as intended. However, it is found that a number of hosts cannot access the Internet.What is the problem?

A. The access list is not correct.B. There are not enough IP addresses available in the NAT address pool.C. The wrong interface has been configured with the ip nat inside command.D. The IP address of the Fa0/0 interface is not usable.E. The S0/1 interface of the ISP router is in the wrong subnet.



The NAT POOL defined above only permits 5 hosts at a time. Because only 5 public IP’s are available for NATtranslation i.e only 5 hosts are translated because of one-to-one translation (private to public IP) and thereforeremaining hosts are unable to access internet.To overcome this problem use the NAT OVERLOAD or Port address translation.


Which statement about packet addresses are true during data exchange when host A makes Web-request toWWW Server, considering that there is NAT overload scheme for data passing from Corp LAN hosts to outsidenetworks in use?

A. Source 234.15.27.226:3015 and destination 234.15.27.225:80B. Source 200.15.239.128:3015 and destination 192.168.10.34:80C. Destination 192.168.10.11:3015 and source 200.15.239.128:80D. Source 192.168.10.34:80 and destination 192.168.10.254:3015E. Destination 234.15.27.225:3015 and source 200.15.239.128:80

Correct Answer: ESection: Network Address Translations (NAT)Explanation


From A to Corp router: + Source: 192.168.10.34: 3015 & Destination: 200.15.239.128:80From Corp to WWW Server:+ Source: 234.15.27.225:3015 & Destination: 200.15.239.128:80From WWW Server to Corp:+ Source: 200.15.239.128:80 & Destination: 234.15.27. 225:3015From Corp to Host A:+ Source: 200.15.239.128:80 & Destination: 192.168.10.34:3015So the only correct answer is E (from WWW server to Corp)


Which statements describe why the workstation with the IP address 192.168.89.99 cannot access the Internet?(Choose two.)

A. The NAT pool is not properly configured to use routable outside addresses.B. The NAT outside interface is not configured properly.C. The router is not properly configured to use the access control list for NAT.D. The NAT inside interfaces are not configured properly.

Correct Answer: CDSection: Network Address Translations (NAT)Explanation


QUESTION 512Study the exhibit carefully. NAT has been used for converting all the IP addresses on the internal network to thesingle address 128.107.1.1 as traffic is routed toward the Internet. Which of these statements accuratelydescribes what will happen when the IP traffic returns from the Internet destined for hosts on the internalnetwork?

A. IR will convert the source IP addresses of all packets before forwarding them onto the internal network.B. ER will translate the destination IP addresses of all packets before forwarding them to IR.C. ER will require a route to 172.16.0.0/16 in its routing table to properly direct the traffic.D. ER can use the directly connected interface on the 128.107.1.0/27 network to route return traffic to its

originators.



QUESTION 513What is the function of the Cisco IOS command ip nat inside source static 10.1.1.5 172.35.16.5?

A. It maps one inside source address to a range of outside global addresses.B. It creates a global address pool for all outside NAT transactions.C. It establishes a dynamic address pool for an inside static address.D. It creates a one-to-one mapping between an inside local address and an inside global address.E. It creates dynamic source translations for all inside local PAT transactions.



QUESTION 514In any NAT (Network Address Translation) configuration, what is the Inside Global IP address?

A. a registered address that represents an inside host to an outside networkB. a globally unique, private IP address assigned to a host on the inside networkC. the summarized address for all of the internal subnetted addressesD. the MAC address of the router used by inside hosts to connect to the Internet




Router4 can ping Router5 (172.16.6.5), but not Router7 (172.16.11.7). There are no routing protocols running

in any of the routers, and Router4 has Router6 as its default gateway. What can be done to address thisproblem?

A. Change the inside and outside NAT commands.B. Add a static route in Router7 back to Router4.C. Convert to static NAT.D. Convert to dynamic NAT.



QUESTION 516The network administrator has configured NAT as shown in the graphic. Some clients can access the Internetwhile others cannot. What should the network administrator do to resolve this problem?

A. Configure an IP NAT pool.B. Properly configure the ACL.C. Apply the ACL to the S0 interface.D. Configure another interface with the ip nat outside command.

Correct Answer: BSection: Network Address Translations (NAT)

Explanation


QUESTION 517Refer to the topology and router configuration shown in the graphic:

A host on the LAN is accessing an FTP server across the Internet. Which of the following addresses couldappear as a source address for the packets forwarded by the router to the destination server?

A. 10.10.0.1B. 10.10.0.2C. 199.99.9.33D. 199.99.9.57E. 200.2.2.17F. 200.2.2.18




A company wants to use NAT in the network shown. Which commands will apply the NAT configuration to theproper interfaces? (Choose two.)

A. R1(config)# interface serial0/1R1(config-if)# ip nat inside

B. R1(config)# interface serial0/1R1(config-if)# ip nat outside

C. R1(config)# interface fastethernet0/0R1(config-if)# ip nat inside

D. R1(config)# interface fastethernet0/0R1(config-if)# ip nat outside

E. R1(config)# interface serial0/1R1(config-if)# ip nat outside source pool 200.2.2.18 255.255.255.252

F. R1(config)# interface fastethernet0/0R1(config-if)# ip nat inside source 10.10.0.0 255.255.255.0

Correct Answer: BCSection: Network Address Translations (NAT)Explanation


QUESTION 519A company with 25 computers decides to connect its network to the Internet. The company would like for all ofthe computers to have access to the Internet at the same time, but the company only has four usable public IPaddresses. What should be configured on the router so that all computers can connect to the Internetsimultaneously?

A. static NATB. global NATC. dynamic NATD. static NAT with ACL’sE. dynamic NAT with overload

Correct Answer: ESection: Network Address Translations (NAT)Explanation



Given the partial configuration shown in the exhibit, why do internal workstations on the 192.168.1.0 network failto access the Internet?

A. A NAT pool has not been defined.B. NAT has not been applied to the inside and outside interfaces.C. The access list has not been applied to the proper interface to allow traffic out of the internal network.D. The wrong interface is overloaded.



QUESTION 521A network administrator would like to implement NAT in the network shown in the graphic to allow inside hoststo use a private addressing scheme. Where should NAT be configured?

A. Corporate routerB. Engineering routerC. Sales routerD. all routersE. all routers and switches



QUESTION 522

Select and Place:

Correct Answer:

Section: Network Address Translations (NAT)Explanation


QUESTION 523Which of the following describes the roles of devices in a WAN? (Choose three.)

A. A CSU/DSU terminates a digital local loop.B. A modem terminates a digital local loop.C. A CSU/DSU terminates an analog local loop.D. A modem terminates an analog local loop.E. A router is commonly considered a DTE device.F. A router is commonly considered a DCE device.

Correct Answer: ADE

Section: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 524When configuring a serial interface on a router, what is the default encapsulation?

A. ATM-DXIB. Frame-RelayC. HDLCD. LAPDE. PPP

Correct Answer: CSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 525Which three options are valid WAN connectivity methods? (Choose three.)

A. PPPB. WAPC. HDLCD. MPLSE. L2TPv3F. ATM

Correct Answer: ACFSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation



Which WAN protocol is being used?

A. ATMB. HDLCC. Frame RelayD. PPP



QUESTION 527What is the difference between a CSU/DSU and a modem?

A. A CSU/DSU converts analog signals from a router to a leased line; a modem converts analog signals froma router to a leased line.

B. A CSU/DSU converts analog signals from a router to a phone line; a modem converts digital signals from arouter to a leased line.

C. A CSU/DSU converts digital signals from a router to a phone line; a modem converts analog signals from arouter to a phone line.

D. A CSU/DSU converts digital signals from a router to a leased line; a modem converts digital signals from arouter to a phone line.

Correct Answer: DSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 528When troubleshooting a Frame Relay connection, what is the first step when performing a loopback test?

A. Set the encapsulation of the interface to HDLC.B. Place the CSU/DSU in local-loop mode.C. Enable local-loop mode on the DCE Frame Relay router.D. Verify that the encapsulation is set to Frame Relay.

Correct Answer: ASection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


The first thing when performing a loopback test on a Frame Relay connection is to reconfigure theencapsulation of the interface to HDLC protocol instead of Frame Relay protocol. The main reason is FrameRelay requires a pair of DCE/DTE which cannot be used in a loopback test.

For more information about steps of trouble shooting Frame Relay, please read: http://www.cisco.com/en/US/tech/tk713/tk237/technologies_tech_note09186a008014f8a7.shtml#topic20

For your information, below is a paragraph quoted from the above link:

“Serial0 is down, line protocol is down”

This output means you have a problem with the cable, channel service unit/data service unit (CSU/DSU), or theserial line. You need to troubleshoot the problem with a loopback test. To do a loopback test, follow the stepsbelow:

1. Set the serial line encapsulation to HDLC and ke epalive to 10 seconds. To do so, issue thecommands encapsulation hdlc and keepalive 10 under the serial interface.

2. Place the CSU/DSU or modem in local loop mode. If the line protocol comes up when the CSU, DSU ormodem is in local loopback mode (indicated by a “line protocol is up (looped)” message), it suggests that theproblem is occurring beyond the local CSU/DSU. If the status line does not change states, there is possibly aproblem in the router, connecting cable, CSU/DSU or modem. In most cases, the problem is with the CSU/DSUor modem.

3. Ping your own IP address with the CSU/DSU or modem looped. There should not be any misses. Anextended ping of 0×0000 is helpful in resolving line problems since a T1 or E1 derives clock from data andrequires a transition every 8 bits. B8ZS ensures that. A heavy zero data pattern helps to determine if thetransitions are appropriately forced on the trunk. A heavy ones pattern is used to appropriately simulate a highzero load in case there is a pair of data inverters in the path. The alternating pattern (0×5555) represents a“typical” data pattern. If your pings fail or if you get cyclic redundancy check (CRC) errors, a bit error rate tester(BERT) with an appropriate analyzer from the telco is needed.

4. When you are finished testing, make sure you return the encapsulation to Frame Relay.

QUESTION 529What occurs on a Frame Relay network when the CIR is exceeded?

A. All TCP traffic is marked discard eligible.B. All UDP traffic is marked discard eligible and a BECN is sent.C. All TCP traffic is marked discard eligible and a BECN is sent.D. All traffic exceeding the CIR is marked discard eligible.



Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the Frame Relayswitch. Frames that are sent in excess of the CIR are marked as discard eligible (DE) which means they can bedropped if the congestion occurs within the Frame Relay network.

Note: In the Frame Relay frame format, there is a bit called Discard eligible (DE) bit that is used to identifyframes that are first to be dropped when the CIR is exceeded.

QUESTION 530What are two characteristics of Frame Relay point-to-point subinterfaces? (Choose two.)

A. They create split-horizon issues.B. They require a unique subnet within a routing domain.C. They emulate leased lines.D. They are ideal for full-mesh topologies.E. They require the use of NBMA options when using OSPF.

Correct Answer: BCSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 531At which layers of the OSI model do WANs operate? (Choose two.)

A. application layerB. session layerC. transport layerD. network layerE. datalink layerF. physical layer

Correct Answer: EFSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 532Which three Layer 2 encapsulation types would be used on a WAN rather than a LAN? (Choose three.)

A. HDLCB. EthernetC. Token RingD. PPPE. FDDIF. Frame Relay

Correct Answer: ADFSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 533A network administrator is designing a new corporate internetwork. The corporation is concerned aboutdowntime due to link failure and also about link costs. Which topology will provide some redundancy to increasereliablity for all sites but will cost less than a fully redundant topology?

A.

B.

C.

D.

Correct Answer: BSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 534A network administrator is designing a new corporate internetwork. The corporation is most concerned aboutdowntime due to link failure and is willing to incur higher carrier costs to provide the needed reliability. Whichtopology will provide the maximum amount of reliability?

A.

B.

C.

D.

Correct Answer: C



QUESTION 535A network administrator is designing a new corporate internetwork. The corporation is concerned about linkcosts but wants to provide the branch offices with direct connectivity to headquarters. Which topology willprovide each branch office with a direct connection to headquarters while minimizing connectivity costs?

A.

B.

C.

D.



QUESTION 536The output of the show frame-relay pvc command shows "PVC STATUS=INACTIVE". What does this mean?

A. The PVC is configured correctly and is operating normally, but no data packets have been detected formore than five minutes.

B. The PVC is configured correctly, is operating normally, and is no longer actively seeking the address theremote route.

C. The PVC is configured correctly, is operating normally, and is waiting for interesting to trigger a call to theremote router.

D. The PVC is configured correctly on the local side, but there is a problem on the remote end of the PVC.E. The PVC is not configured on the switch.

Correct Answer: DSection: WAN (HDLC, PPP, Frame Relay & Etc.)

Explanation


The PVC STATUS displays the status of the PVC. The DCE device creates and sends the report to the DTEdevices. There are 4 statuses:

+ ACTIVE: the PVC is operational and can transmit data+ INACTIVE: the connection from the local router to the switch is working, but the connection to the remoterouter is not available+ DELETED: the PVC is not present and no LMI information is being received from the Frame Relay switch+ STATIC: the Local Management Interface (LMI) mechanism on the interface is disabled (by using the “nokeepalive” command). This status is rarely seen so it is ignored in some books.

QUESTION 537The administrator is unable to establish connectivity between two Cisco routers. Upon reviewing the commandoutput of both routers, what is the most likely cause of the problem?

A. Authentication needs to be changed to PAP for both routers.B. Serial IP addresses of routers are not on the same subnet.C. Username/password is incorrectly configured.D. Router names are incorrectly configured.



QUESTION 538All WAN links inside the ABC University network use PPP with CHAP for authentication security. Whichcommand will display the CHAP authentication process as it occur between two routers in the network?

A. show chap authentication

B. show interface serial0

C. debug ppp authentication

D. debug chap authentication

E. show ppp authentication chap




The Bigtime router is unable to authenticate to the Littletime router. What is the cause of the problem?

A. The usernames are incorrectly configured on the two routers.B. The passwords do not match on the two routers.C. CHAP authentication cannot be used on a serial interface.D. The routers cannot be connected from interface S0/0 to interface S0/0.E. With CHAP authentication, one router must authenticate to another router. The routers cannot be

configured to authenticate to each other.




A router interface is being configured for Frame Relay. However, as the exhibit shows, the router will not acceptthe command to configure the LMI type. What is the problem?

A. The interface does not support Frame Relay connections.B. The interface does not have an IP address assigned to it yet.C. The interface requires that the no shutdown command be configured first.D. the interface requires that the encapsulation frame-relay command be configured first.



QUESTION 541Users have been complaining that their Frame Relay connection to the corporate site is very slow. The networkadministrator suspects that the link is overloaded. Based on the partial output of the Router# show framerelay pvc command shown in the graphic, which output value indicates to the local router that traffic sent tothe corporate site is experiencing congestion?

A. DLCI = 100B. last time PVC status changed 00:25:40C. in BECN packets 192D. in FECN packets 147E. in DE packets 0



First we should grasp the concept of BECN & FECN through an example:

Suppose Router A wants to send data to Router B through a Frame Relay network. If the network is congested,Switch 1 (a DCE device) will set the FECN bit value of that frame to 1,indicating that frame experiencedcongestion in the path from source to destination. This frame is forwarded to Switch 2 and to Router B (with theFECN bit = 1).

Switch 1 knows that the network is congesting so it also sends frames back to Router A with BECN bit set to 1to inform that path through the network is congested.

In general, BECN is used on frames traveling away from the congested area to warn source devices thatcongestion has occurred on that path while FECN is used to alert receiving devices if the frame experiencescongestion.

BECN also informs the transmitting devices to slow down the traffic a bit until the network returns to normalstate.

The question asks “which output value indicates to the local router that traffic sent to the corporate site isexperiencing congestion” which means it asks about the returned parameter which indicates congestion ->BECN.

QUESTION 542Which command is used to enable CHAP authentication whit PAP as the fallback method on a serial interface?

A. (config-if)# authentication ppp chap fallback pppB. (config-if)# authentication ppp chap papC. (config-if)# ppp authentication chap papD. (config-if)# ppp authentication chap fallback ppp



QUESTION 543It has become necessary to configure an existing serial interface to accept a second Frame Relay virtual

circuit.Which of the following are required to solve this? (Choose three)

A. Configure static frame relay map entries for each subinterface network.B. Remove the ip address from the physical interfaceC. Create the virtual interfaces with the interface commandD. Configure each subinterface with its own IP addressE. Disable split horizon to prevent routing loops between the subinterface networksF. Encapsulate the physical interface with multipoint PPP

Correct Answer: BCDSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


Normally, when only one logical virtual circuit (PVC) is assigned to a router it is placed on the physical serialinterface. To accept a second PVC, subinterfaces must be created, with each PVC using its own logicalinterface as shown in the example below:

interface serial 0 encapsulation frame-relay

interface serial 0.1 point-to-pointip address 10.0.1.1 255.255.255.0frame-relay interface-dlci 142

interface serial 0.2 multipointip address 10.0.2.1 255.255.255.0frame-relay map 10.0.2.2 118

In this example, two virtual circuits are used (one pt-pt and one point-multipoint), each with its own IP address.

Note that the physical serial 0 interface was not assigned an IP address.

QUESTION 544What two statistics appear in show frame-relay map output? (Choose two)

A. The number of FECN packets that are received by the routerB. The number of BECN packets that are received by the router.C. The ip address of the local routerD. The value of the local DLCIE. The status of the PVC that is configured on the router

Correct Answer: DESection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation



Which statement describes DLCI 17?

A. DLCI 17 describes the ISDN circuit between R2 and R3.B. DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1.C. DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3.D. DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider.



DLCI stands for Data Link Connection Identifier. DLCI values are used on Frame Relay interfaces to distinguishbetween different virtual circuits. DLCIs have local significance because the identifier references the pointbetween the local router and the local Frame Relay switch to which the DLCI is connected.


In the Frame Relay network, which ip address would be assigned to the interfaces with point-to-point PVCs?

A. DLCI 16:192.168.10.1/24DLCI 17:192.168.10.2/24DLCI 99:192.168.10.3/24DLCI 28:192.168.10.4/24

B. DLCI 16:192.168.10.1/24DLCI 17:192.168.11.1/24DLCI 99:192.168.10.2/24DLCI 28:192.168.11.2/24

C. DLCI 16:192.168.10.1/24

DLCI 17:192.168.11.1/24DLCI 99:192.168.12.1/24DLCI 28:192.168.13.1/24

D. DLCI 16:192.168.10.1/24DLCI 17:192.168.10.1/24DLCI 99:192.168.10.2/24DLCI 28:192.168.10.3/24



QUESTION 547What is the purpose of the inverse ARP?

A. to map a known DLCI to an IP addressB. to map a known IP address to a MAC addressC. to map known SPID to a MACaddressD. to map a known DLCI to a MAC addressE. to map a known IP address to a SPID.F. to map a known MAC address to an IP address



QUESTION 548The serial0/0 interface of the Tampa router connects to the Orlando router:

Which two statements are true about the connection between these two routers?

A. The only device with which the Tampa router will negotiate a data link is the Orlando router.B. The link is addressed on the *zero*subnet 10.0.0.0 network.C. The link uses a three-way handshake for authentication.D. The link uses a two-way handshake for authentication.E. Data exchanges between the Oriando and Tampa routers are encrypted.

Correct Answer: ACSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 549What does the frame-relay interface-dlci command configure?

A. remote DLCI on the main interfaceB. local DLCI on the main interfaceC. local DLCI on the subinterfaceD. remote DLCI on the subinterface



QUESTION 550Which command allows you to verify the encapsulation type (CISCO or IETF) for a frame relay link?

A. show framerelay mapB. show framerelay lmiC. show inter serialD. show framerelay pvc



QUESTION 551What can a network administrator utilize by using PPP Layer 2 encapsulation? (Choose three.)

A. VLAN supportB. CompressionC. AuthenticationD. Sliding windowsE. Multilink supportF. Quality of service

Correct Answer: BCESection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 552As a CCNA candidate, you need to know PPP very well. Which of the statements are true regarding keycharacteristics of PPP? (Choose three.)

A. can be used over analog circuitsB. maps Layer 2 to Layer 3 addressC. encapsulates several routed protocolsD. supports IP onlyE. provides error correction

Correct Answer: ACESection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 553The Frame Relay network in the diagram is not functioning properly. What is the cause of the problem?

A. The Gallant router has the wrong LMI type configuredB. Inverse ARP is providing the wrong PVC information to the Gallant routerC. The S3 interface of the Steele router has been configured with the frame-relay encapsulation ietf commandD. The frame-relay map statement in the Attalla router for the PVC to Steele is not correctE. The IP address on the serial interface of the Attalla router is configured incorrectly



On serial 3 of Attalla we can see that there are 2 PVC's defined, but only one of them is working and is shownas active. The frame relay map that was used to specify DLCI 509 was incorrect. Incorrect DLCI assignmentsthat are configured in routers normally show up as "deleted" in the frame relay maps.

QUESTION 554Exhibit:

Router 1# show running-config

<some output text omitted>

interface serial0/0bandwidth 64ip address 172.16.100.2 255.255.0.0encapsulation frame-relayframe-relay map ip 172.16.100.1 200 broadcast

As a technician, you found the router1 is unable to reach the second router. Both routers are running IOSversion 12.0. Based on this information, what is the most likely cause of the problem?

A. incorrect IP addressB. incorrect bandwidth configurationC. incorrect map statementD. incorrect LMI configuration



The local DLCI from Router1 to Frame-relay cloud is 100, the local DLCI from the second router to FR cloud is200. FR mapping from router1 to the second router is as follows:frame-relay map ip 172.16.100.1 100broadcast.

DLCI's are locally significant. The local DLCI needs to be specified in the "frame-relay map" configurationstatement to reach the neighboring frame-relay router. In this case DLCI 100 is used to reach 172.16.100.1, sothe correct configuration statement should be "frame-relay map ip 172.16.100.1 100 broadcast."

QUESTION 555Which of the following Frame-Relay encapsulation commands would you use, if you had to connect your Ciscorouter to a non-Cisco router?

A. Router(config-if)# Encapsulation frame-relay aal5snapB. Router(config-if)# Encapsulation frame-relay islC. Router(config-if)# Encapsulation frame-relay ietfD. Router(config-if)# Encapsulation frame-relay dot1q



QUESTION 556What Frame Relay mechanism is used to build the map illustrated in the accompanying graphic?

A. inverse multiplexingB. LMI mappingC. ARPD. Inverse ARP



QUESTION 557Which function does the Frame Relay DLCI provide with respect to router RouterA?

A. defines the signaling standard between router RouterA and the frame switchB. identifies the circuit between router RouterB and the frame switchC. identifies the encapsulation used between router RouterA and router RouterBD. identifies the circuit between router RouterA and the frame switch



QUESTION 558In a Frame Relay environment, what is the function of the DE bit?

A. the activation of the LMI protocolB. the identification of frames that are transmitted above the CIRC. the identification of what routing updates to blockD. the identification of the virtual circuit




The corporate office and branch location have been attached through two non-Cisco routers over a highlyreliable WAN connection for over a year. A new Cisco router has been installed to replace the hardware at thebranch location. Since the installation, IP communication cannot be verified across the link. Given the output onBranch1Router, what would be a logical first step to take to resolve this problem?

A. Change the encapsulation on Branch1Router to match CorporateRouter.B. Verify successful DCE communication between the two sites.C. Ensure an exact match between the bandwidth setting on CorporateRouter and Branch1Router.D. Verify Layer 1 communication on the Branch1Router Serial 0/0 interface.E. Change the encapsulation on CorporateRouter to HDLC.F. Change the bandwidth setting on Branch1Router to match the actual line speed.



QUESTION 560A Cisco router that was providing Frame Relay connectivity at a remote site was replaced with a differentvendor's frame relay router. Connectivity is now down between the central and remote site. What is the mostlikely cause of the problem?

A. Mismatched LMI typesB. Incorrect DLCI

C. Mismatched encapsulation typesD. Incorrect IP address mapping




Serial0/0 does not respond to a ping request from a host on the FastEthernet0/0 LAN.How can this problem becorrected?

A. Enable the Serial 0/0 interface.B. Correct the IP address for Serial 0/0.C. Correct the IP address for FastEthernet 0/0.D. Change the encapsulation type on Serial 0/0.E. Enable autoconfiguration on the Serial 0/0 interface.


Explanation/Reference:Need to run the command no shutdown to enable the serial 0/0 from administratively down to up state.

QUESTION 562Which of the following are key characteristics of PPP? (Choose three.)

A. can be used over analog circuitsB. maps Layer 2 to Layer 3 addressC. encapsulates several routed protocolsD. supports IP onlyE. provides error correction

Correct Answer: ACESection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation



The network administrator must complete the connection between the RTA of the XYZ Company and theservice provider. To accomplish this task, which two devices could be installed at the customer site to provide aconnection through the local loop to the central office of the provider? (Choose two.)

A. WAN switchB. PVCC. ATM switchD. multiplexerE. CSU/DSUF. modem

Correct Answer: EFSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 564A default Frame Relay WAN is classified as what type of physical network?

A. point-to-pointB. broadcast multi-accessC. nonbroadcast multi-accessD. nonbroadcast multipointE. broadcast point-to-multipoint



QUESTION 565The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the followingstatements is true concerning this command?

A. This command should be executed from the global configuration mode.B. The IP address 10.121.16.8 is the local router port used to forward data.C. 102 is the remote DLCI that will receive the information.D. This command is required for all Frame Relay configurations.E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC.

Correct Answer: ESection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation



What does STATUS=ACTIVE refer to in the output of the show frame-relay pvc command?

A. The PVC is experiencing congestion.B. The Frame Relay switch is correctly programmed with the DLCI and is operational.C. The router is actively broadcasting to establish a link to the Frame Relay switch.D. The router is connected to the local Frame Relay switch, but not to the far end device.




Assuming that the entire network topology is shown, what is the operational status of the interfaces of R2 asindicated by the command output shown?

A. One interface has a problem.

B. Two interfaces have problems.C. The interfaces are functioning correctly.D. The operational status of the interfaces cannot be determined from the output shown.



QUESTION 568Two routers named Atlanta and Brevard are connected by their serial interfaces as illustrated, but there is noconnectivity between them. The Atlanta router is known to have a correct configuration. Given the partialconfigurations, identify the problem on the Brevard router that is causing the lack of connectivity.

A. transmission unit size too largeB. no loopback setC. an incorrect subnet maskD. incompatible encapsulation at each endE. an incorrect IP addressF. incompatible bandwidth bewteen routers



QUESTION 569After the router interfaces shown in the diagram have been configured, it is discovered that hosts in the BranchLAN cannot access the Internet. Further testing reveals additional connectivity issues. What will fix thisproblem?

A. Change the address of the Branch router LAN interface.B. Change the address of the Branch router WAN interface.C. Change the subnet mask of the HQ router LAN interface.D. Change the address of the HQ router LAN interface.E. Change the address of the HQ router interface to the Internet.F. Change the subnet mask of the HQ router interface to the Internet.



QUESTION 570The show interfaces serial 0/0 command resulted in the output shown in the graphic. What are possible causesfor this interface status? (Choose three.)

A. The interface is shut down.B. No keepalive messages are received.C. The clockrate is not set.D. No loopback address is set.E. No cable is attached to the interface.F. There is a mismatch in the encapsulation type.

Correct Answer: BCFSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 571A mid-sized company with five branch offices across Canada wants to create a WAN that will provide the mostcost effective fully meshed environment with at least 512 kbps throughput. What WAN service would meet thisneed?

A. Frame RelayB. leased linesC. ISDN BRID. ATME. PPP



QUESTION 572The user of Host1 wants to ping the DSL modem/router at 192.168.1.254. Based on the Host1 ARP table that isshown in the exhibit, what will Host1 do?

A. Send a unicast ARP packet to the DSL modem/routerB. Send unicast ICMP packets to the DSL modem/routerC. Send Layer 3 broadcast packets to which the DSL modem/router respondsD. Send a Layer 2 broadcast that is received by Host2, the switch, and the DSL modem/router




The network administrator is in a campus building distant from Building B.WANRouter is hosting a newlyinstalled WAN link on interface S0/0. The new link is notfunctioning and the administrator needs to determine ifthe correct cable has been attached to theS0/0 interface. How can the administrator accurately verify thecorrect cable type on S0/0 in themost efficient manner?

A. Telnet to WANRouter and execute the command show running-configurationB. Telnet to WANRouter and execute the command show interfaces S0/0C. Physically examine the cable between WANRouter S0/0 and the DCE.D. Telnet to WANRouter and execute the command show processes S0/0E. Telnet to WANRouter and execute the command show controller S0/0F. Establish a console session on WANRouter and execute the command show interfaces S0/0




Which two statements are true based the output of the show frame-relay lmi command issued on the Branchrouter? (Choose two.)

A. LMI messages are being sent on DLCI 1023.B. The LMI exchange between the router and Frame Relay switch is functioning properly.C. LMI messages are being sent on DLCI 0.D. The Frame Relay switch is not responding to LMI requests from the router.E. The router is providing a clock signal on Serial0/0 on the circuit to the Frame Relay switch.F. Interface Serial0/0 is not configured to encapsulate Frame Relay.

Correct Answer: CDSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


Local Management Interface (LMI) messages manage the local access link between the router and the FrameRelay switch. A Frame Relay DTE can send an LMI Status Enquiry message to the switch; the switch thenreplies with an LMI Status message to inform the router about the DLCIs of the defined VCs, as well as thestatus of each VC. By default, the LMI messages flow every 10 seconds. Every sixth message carries a fullStatus message, which includes more complete status information about each VC. As we can see, the routerhas sent 61 messages, but received back none. We also know that DLCI 0 is used as this is the LMI DLCI usedin ANSI. If the LMI type had been Cisco, the DLCI used is 1023.

QUESTION 575Drag and drop. Match the items on the left with its corresponding definition on the right.

Select and Place:

Correct Answer:



QUESTION 576

Select and Place:

Correct Answer:



QUESTION 577Drag the Frame Relay acronym on the left to match i ts definition on the right. (Not all acronyms areused.)

Select and Place:

Correct Answer:



QUESTION 578If router has a packet destination address 192.168.1.255. What describes the operation of the network?

lab3_2-jpg (exhibit):

sample (exhibit):

A. R1 will forward the packet out all interfacesB. R1 will drop this packet because this it is not a valid IP addressC. As R1 forwards the frame containing this packet, SW-A will add 192.168.1.255 to its MAC tableD. R1 will encapsulate the packet in a frame with a destination MAC address of FF-FF-FF-FF-FF-FFE. As R1 forwards the frame containing this packet, SW-A will forward it to the device assigned the IP address

of 192.168.1.255

Correct Answer: BSection: Hotspot Topology Based QuestionsExplanation


QUESTION 579Users on the 192.168.1.0 /24 network must access files located on the server 1. What route could beconfigured on router R1 for the file requests to reach the server ?


sample (exhibit):

A. ip route 0.0.0.0 0.0.0.0 s 0/0/0B. ip route 0.0.0.0 0.0.0.0 209.165.200.226C. ip route 209.165.200.0 255.255.255.0 192.168.1.250D. ip route 192.168.1.0 255.255.255.0 209.165.100.250

Correct Answer: ASection: Hotspot Topology Based QuestionsExplanation


QUESTION 580When a packet is sent from Host1 to Server1,in how many different frames will the packet be encapsulated asit is sent across the internetwork?


sample (exhibit):

A. 0B. 1C. 2D. 3E. 4

Correct Answer: DSection: Hotspot Topology Based QuestionsExplanation


QUESTION 581What must be configured on the network in order for users on the internet to view web pages located on webserver2?


sample (exhibit):

A. On router R2, configure a default static route to the 192.168.1.0 networkB. On router R2, configure DNS to resolve the URL assigned to Web Server 2 to the 192.168.1.10 addressC. On router R1, configure NAT to translate an address on the 209.165.100.0/24 network to 192.168.1.10D. On router R1, configure DHCP to assign a registered IP address on the 209.165.100.0/24 network to Web

Server 2.

Correct Answer: CSection: Hotspot Topology Based QuestionsExplanation


QUESTION 582The router address 192.168.1.250 is the default gateway for both web server2 and host 1. What is the correctsubnet mask for this network?


sample (exhibit):

A. 255.255.255.0B. 255.255.255.192C. 255.255.255.250D. 255.255.255.252

Correct Answer: ASection: Hotspot Topology Based QuestionsExplanation


QUESTION 583

What destination Layer 2 address will be used in the frame header containing a packet for host 172.30.0.4

Exhibit:

A. 704B. 196C. 702D. 344

Correct Answer: CSection: Hotspot Topology Based Questions 2

Explanation


The destination layer 2 address is a DLCI for frame-relay network. The destination host packet address is172.30.0.4 corresponding DLCI is 702. This can be confirmed by looking at the show frame-relay map outputwhich shows the framerelay map statements for layer 3 address to its corresponding layer 2 address IP172.30.0.4 is mapped to DLCI 702 .

QUESTION 584

A static map to the S-AMER location is required. Which command should be used to create this map?

Exhibit:

A. frame-relay map ip 172.30.0.3 704 broadcastB. frame-relay map ip 172.30.0.3 196 broadcast

C. frame-relay map ip 172.30.0.3 702 broadcastD. frame-relay map ip 172.30.0.3 344 broadcast

Correct Answer: BSection: Hotspot Topology Based Questions 2Explanation


QUESTION 585

Which connection uses the default encapsulation for serial interfaces on Cisco routers?

Exhibit:

A. The serial connection to the MidEast branch office.B. The serial connection to the DeepSouth branch office.C. The serial connection to the NorthCentral branch office.D. The serial connection to the Multinational Core.

Correct Answer: ASection: Hotspot Topology Based Questions 2Explanation


QUESTION 586

If required, what password should be configured on the router in the MidEast branch office to allow aconnection to be established with the Dubai router?

show frame-relay map (exhibit):


A. No password is required.B. En8bleC. Scr8D. T1netE. C0nsole

Correct Answer: DSection: Hotspot Topology Based Questions 2Explanation


QUESTION 587

A single 802.11g access point has been configured and installed in the center of a square office. A few wirelessusers are experiencing slow performance and drops while most users are operating at peak efficiency. Whatare three likely causes of this problem? (Choose three.)

A. mismatched TKIP encryptionB. null SSIDC. cordless phonesD. mismatched SSIDE. metal file cabinetsF. antenna type or direction

Correct Answer: CEFSection: WirelessExplanation



What two facts can be determined from the WLAN diagram? (Choose two.)

A. The area of overlap of the two cells represents a basic service set (BSS).B. The network diagram represents an extended service set (ESS).C. Access points in each cell must be configured to use channel 1.D. The area of overlap must be less than 10% of the area to ensure connectivity.E. The two APs should be configured to operate on different channels.

Correct Answer: BESection: WirelessExplanation


QUESTION 589Which two devices can interfere with the operation of a wireless network because they operate on similarfrequencies? (Choose two.)

A. copierB. microwave ovenC. toasterD. cordless phoneE. IP phoneF. AM radio

Correct Answer: BDSection: WirelessExplanation


QUESTION 590What are three basic parameters to configure on a wireless access point? (Choose three.)

A. SSIDB. RTS/CTSC. AES-CCMPD. TKIP/MICE. RF channelF. authentication method

Correct Answer: AEFSection: WirelessExplanation


SSID (Service Set Identifier) can also be written as ESSID, which is used to distinguish different networks. Ithas 32 characters at most, WLAN cards set up different SSID to enter different networks. SSID is usuallybroadcast by AP or wireless routers , you can view SSID of the present area through XP built-in scanningfeature .Taking security into consideration, SSID can be not broadcast, meanwhile users need to set up SSIDmanually to enter the appropriate network. Simply speaking, SSID is the name of a local area network, onlythose computers that set up the same SSID value can communicate with each other. RF is an acronym forRadio Frequency. It is the electromagnetic frequency that can be radiated to space, frequency range from 300KHz to 30GHz.

QUESTION 591What speeds must be disabled in a mixed 802.11b/g WLAN to allow only 802.11g clients to connect?

A. 6, 9, 12, 18B. 1, 2, 5.5, 6C. 5.5, 6, 9, 11D. 1, 2, 5.5, 11

Correct Answer: DSection: WirelessExplanation


QUESTION 592What is the maximum data rate specified for IEEE 802.11b WLANs?

A. 10 MbpsB. 11 MbpsC. 54 MbpsD. 100 Mbps

Correct Answer: BSection: WirelessExplanation


QUESTION 593A wireless client cannot connect to an 802.11b/g BSS with a b/g wireless card. The client section of the accesspoint does not list any active WLAN clients. What is a possible reason for this?

A. The incorrect channel is configured on the client.B. The client's IP address is on the wrong subnet.C. The client has an incorrect pre-shared key.D. The SSID is configured incorrectly on the client.



QUESTION 594Which two features did WPAv1 add to address the inherent weaknesses found in WEP? (Choose two.)

A. a stronger encryption algorithmB. key mixing using temporal keysC. shared key authenticationD. a shorter initialization vectorE. per frame sequence counters

Correct Answer: BESection: WirelessExplanation


QUESTION 595Which two wireless encryption methods are based on the RC4 encryption algorithm? (Choose two.)

A. WEPB. CCKMC. AESD. TKIPE. CCMP

Correct Answer: ADSection: WirelessExplanation


QUESTION 596You have finished physically installing an access point on the ceiling at your office. At a minimum, whichparamenter must be configured on the access point in order to allow a wireless client to operate on it?

A. AESB. PSKC. SSIDD. TKIPE. WEP

Correct Answer: CSection: WirelessExplanation


QUESTION 597Which additional configuration step is necessary in order to connect to an access point that has SSIDbroadcasting disabled?

A. Set the SSID value in the client software to public.B. Configure open authentication on the AP and the client.C. Set the SSID value on the client to the SSID configured on the AP.D. Configured MAC address filtering to permit the client to connect to the AP.

Correct Answer: CSection: WirelessExplanation


QUESTION 598What is one reason that WPA encryption is preferred over WEP?

A. A WPA key is longer and requires more special characters than the WEP key.B. The access point and the client are manually configured with different WPA key values.C. WPA key values remain the same until the client configuration is changed.D. The values of WPA keys can change dynamically while the system is used.



QUESTION 599Which spread spectrum technology does the 802.11b standard define for operation?

A. IRB. DSSSC. FHSSD. DSSS and FHSSE. IR, FHSS, and DSSS



QUESTION 600You and a co-worker have established wireless communication directly between your wireless laptops. Whattype of wireless topology has been created?

A. BSSB. IBSSC. SSIDD. ESS



QUESTION 601Which two statements best describe the wireless security standard that is defined by WPA? (Choose two.)

A. It specifies use of a static encryption key that must be changed frequently to enhance security.B. It requires use of an open authentication method.C. It specifies the use of dynamic encryption keys that change each time a client establishes a connection.D. It requires that all access points and wireless devices use the same encryption key.E. It includes authentication by PSK.

Correct Answer: CESection: WirelessExplanation


QUESTION 602Which two practices help secure the configuration utilities on wireless access points from unauthorized access?(Choose two.)

A. configuring traffic filteringB. changing the mixed mode setting to single modeC. configuring a new administrator passwordD. assigning a private IP address to the APE. changing the default SSID value

Correct Answer: CESection: WirelessExplanation


QUESTION 603Which wireless LAN design ensures that the mobile wireless client will not lose connectivity when moving fromone access point to another?

A. The administrator can configure all access points to use the same channelB. Overlapping the wireless cell coverage by at least 10%C. Using adapters and access points manufactured by the same companyD. Utilizing MAC address filtering to allow the client MAC address to authenticate with the surrounding APs



QUESTION 604According to capabilities of WPA security, which encryption type does WPA2 use?

A. AES-CCMPB. PSKC. TKIP/MICD. PPK via IV

Correct Answer: ASection: WirelessExplanation


QUESTION 605Which two of these statements are true of IPv6 address representation? (Choose two.)

A. There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast.B. A single interface may be assigned multiple IPv6 addresses of any type.C. Every IPv6 interface contains at least one loopback address.

D. The first 64 bits represent the dynamically created interface ID.E. Leading zeros in an IPv6 16 bit hexadecimal field are mandatory.

Correct Answer: BCSection: IPv6Explanation


QUESTION 606What is known as "one-to-nearest" addressing in IPv6?

A. global unicastB. anycastC. multicastD. unspecified address

Correct Answer: BSection: IPv6Explanation


QUESTION 607Which option is a valid IPv6 address?

A. 2001:0000:130F::099a::12aB. 2002:7654:A1AD:61:81AF:CCC1C. FEC0:ABCD:WXYZ:0067::2A4D. 2004:1:25A4:886F::1

Correct Answer: DSection: IPv6Explanation


QUESTION 608How many bits are contained in each field of an IPv6 address?

A. 24B. 4C. 8D. 16



QUESTION 609Which term describes the process of encapsulating IPv6 packets inside IPv4 packets?

A. tunnelingB. hashingC. routingD. NAT

Correct Answer: ASection: IPv6Explanation


QUESTION 610Which statement about RIPng is true?

A. RIPng allows for routes with up to 30 hops.B. RIPng is enabled on each interface separately.C. RIPng uses broadcasts to exchange routes.D. There can be only one RIPng process per router.



QUESTION 611Internet Protocol Version 6 (IPv6) is the next-generation Internet Protocol version designated as the successorto IPv4 because IPv4 address space is being exhausted. Which one of the following descriptions about IPv6 iscorrect?

A. Addresses are not hierarchical and are assigned at random.B. Only one IPv6 address can exist on a given interface.C. There are 2.7 billion addresses available.D. Broadcasts have been eliminated and replaced with multicasts.



QUESTION 612Running both IPv4 and IPv6 on a router simultaneously is known as what?

A. 4to6 routingB. 6to4 routingC. binary routingD. dual-stack routingE. NextGen routing



QUESTION 613What are three IPv6 transition mechanisms? (Choose three.)

A. 6to4 tunnelingB. VPN tunnelingC. GRE tunnelingD. ISATAP tunnelingE. PPP tunnelingF. Teredo tunneling

Correct Answer: ADFSection: IPv6Explanation


QUESTION 614Select the valid IPv6 addresses. (Choose all apply)

A. ::192:168:0:1B. 2002:c0a8:101::42C. 2003:dead:beef:4dad:23:46:bb:101D. ::E. 2000::F. 2001:3452:4952:2837::

Correct Answer: ABCDFSection: IPv6Explanation

Explanation/Reference:Answers A B C are correct because A and B are the short form of 0:0:0:0:192:168:0:1 and2002:c0a8:0101:0:0:0:0:0042 while C are normal IPv6 address.

Answer D is correct because “::” is named the “unspecified” address and is typically used in the source field of adatagram that is sent by a device that seeks to have its IP address configured.

Answer E is not correct because a global-unicast IPv6 address is started with binary 001, denoted as 2000::/3in IPv6 and it also known as an aggregatable global unicast address.The 2000:: (in particular, 2000::/3) is just aprefix and is not a valid IPv6 address.

The entire global-unicast IPv6 address range is from 2000::/128 to3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/128, resulting in a total usable space of over42,535,295,865,117,307,932,921,825,928,971,000,000 addresses, which is only 1/8th of the entire IPv6address space!

QUESTION 615

Which statement is true?

A. An IPv6 address is 64 b long and is represented as hexadecimal characters.B. An IPv6 address is 32 b long and is represented as decimal digits.C. An IPv6 address is 128 b long and is represented as decimal digits.D. An IPv6 address is 128 b long and is represented as hexadecimal characters.



QUESTION 616In which integration method is an IPv6 packet encapsulated within an IPv4 protocol?

A. proxy.B. dual-stackC. tunnelingD. dot1q

Correct Answer: CSection: IPv6Explanation


QUESTION 617Which two data link layers are supported by cisco ios software for IPv6? (Choose two)

A. PPPB. FDDIC. Frame Relay PVCD. NBMAE. Frame Relay SVC

Correct Answer: ACSection: IPv6Explanation


QUESTION 618Which IPv6 address is valid?

A. 2031:0:130F::9C0:876A:130BB. 2001:0DB8:0000:130F:0000:0000:08GC:140BC. 2001:0DB8:0:130H::87C:140BD. 2031::130F::9C0:876A:130B

Correct Answer: ASection: IPv6

Explanation


QUESTION 619Which command enables IPv6 forwarding on a cisco router?

A. IPv6 hostB. IPv6 unicast-routingC. IPv6 localD. IPv6 neighbor



QUESTION 620Which three approaches can be used while migrating from an IPv4 addressing scheme to an IPv6 scheme?(Choose three)

A. static mapping of IPv4 address to IPv6 addressesB. configuring IPv4 tunnels between IPv6 islandsC. use DHCPv6 to map IPv4 addresses to IPv6 addressesD. use proxying and translation (NAT-PT) to translate IPv6 packets into IPv4 packetsE. configure IPv6 directlyF. enable dual-stack routing

Correct Answer: BDFSection: IPv6Explanation


QUESTION 621What is the alternative notation for the IPV6 address B514:82C3:0000:0000:0029:EC7A:0000:EC72?

A. B514:82C3:0029::EC7A:0000:EC72B. B514:82C3:0029:EC7A:EC72C. B514:82C3::0029:EC7A:0:EC72D. B514:82C3::0029:EC7A:EC72



QUESTION 622Which IPV6 routing protocol uses multicast group FFO2::8 to send updates?

A. RIPngB. OSPFv3C. IS-IS for IPv6D. static



QUESTION 623Wich command can you use to manually assign a static IPV6 address to a router interface?

A. ipv6 address PREFIX_1::1/64B. ipv6 autoconfig 2001:db8:2222:7272::72/64C. ipv6 autoconfigD. ipv6 address 2001:db8:2222:7272::72/64



QUESTION 624Which IPv6 routing protocol uses multicast group FF02::9 to send updates?

A. RIPngB. OSPFv3C. staticD. IS-IS for IPv6

Correct Answer: ASection: IPv6Explanation


QUESTION 625Which of these represents an IPv6 link-local address?

A. FE08::280e:611:a:f14f:3d69B. FE81::280f:512b:e14f:3d69C. FE80::380e:611a:e14f:3d69D. FEFE:0345:5f1b::e14d:3d69



QUESTION 626Which two are features of IPv6? (Choose two)

A. multicastB. broadcastC. allcastD. podcastE. anycast

Correct Answer: AESection: IPv6Explanation


QUESTION 627The network administrator has been asked to give reasons for moving from IPv4 to IPv6. What are two validreasons for adopting IPv6 over IPv4? (Choose two)

A. telnet access does not require a passwordB. natC. no broadcastD. change of destination address in the IPv6 headerE. change of source address in the IPv6 headerF. autoconfiguration

Correct Answer: CFSection: IPv6Explanation


QUESTION 628Which address is a muticast group address that is used by RIPng as the destination address?

A. FF02::AB. FF05::101C. FF02::9D. FF02::6



QUESTION 629Which address is a muticast group address that is used by EIGRPv6 as the destination address?

A. FF02::9B. FF02::10C. FF05::101D. FF02::AE. FF02::6



QUESTION 630What is the Multicast for all-router muticast access ?

A. FF02::4B. FF02::3C. FF02::2D. FF02::1



QUESTION 631Which two descriptions are correct about characteristics of IPv6 unicast addressing? (Choose two)

A. Global addresses start with 2000::/3.B. Link-local addresses start with FF00::/10.C. Link-local addresses start with FE00:/12.D. There is only one loopback address and it is ::1.

Correct Answer: ADSection: IPv6Explanation


QUESTION 632Which two of these statements are true of IPv6 address representation? (Choose two)

A. The first 64 bits represent the dynamically created interface ID.B. A single interface may be assigned multiple IPV6 addresses of any type. C. Every IPV6 interface contains at least one loopback address.D. Leading zeros in an IPV6 16 bit hexadecimal field are mandatory.

Correct Answer: BCSection: IPv6Explanation

Explanation/Reference:Leading zeros in IPv6 are optional do that 05C7 equals 5C7 and 0000 equals 0 -> D is not corect.

QUESTION 633The corporate head office has a teleconferencing system that uses VOIP(voice over IP) technology. Thissystem uses UDP as the transport for the data transmissions. If these UDP datagrams arrive at theirdestination out of sequence, what will happen?

A. UDP will send an ICMP information Request to the source host.B. UDP will pass the information in the datagrams up to the next OSI layer in the order that they arrive.C. UDP will drop the datagrams.D. UDP will use the sequence numbers in the datagram headers to reassemble the data in the correct order.



VOIP systems utilize UDP because it is faster and uses less overhead. In addition, the reliable transportmechanism used in TCP is useless to VOIP because if a packet gets dropped and needs to be resent, it will bealready too late.

UDP provides a service for applications to exchange messages. Unlike TCP, UDP is connectionless andprovides no reliability, no windowing, and no reordering of the received data . However, UDP provides somefunctions of TCP , such as data transfer, segmentation, and multiplexing using port numbers, and it does sowith fewer bytes of overhead and with less processing required. UDP data transfer differs from TCP datatransfer in that no reordering or recovery is accomplished. Applications that use UDP are tolerant of lost data,or they have some application mechanism to recover data loss.

Reference: CCNA Self-Study CCNA INTRO exam certification Guide (Cisco Press, ISBN 1-58720-094-5) Page161.

QUESTION 634How should a router that is being used in a Frame Relay network be configured to avoid split horizon issuesfrom preventing routing updates?

A. Configure a separate sub-interface for each PVC with a unique DLCI and subnet assigned to the sub-interface.

B. Configure each Frame Relay circuit as a point-to-point line to support multicast and broadcast traffic.C. Configure many sub-interfaces on the same subnet.D. Configure a single sub-interface to establish multiple PVC connections to multiple remote router interfaces.



QUESTION 635What are two recommended ways of protecting network device configuration files from outside network securitythreats? (Choose two.)

A. Allow unrestricted access to the console or VTY ports.B. Use a firewall to restrict access from the outside to the network devices.

C. Always use Telnet to access the device command line because its data is automatically encrypted.D. Use SSH or another encrypted and authenticated transport to access device configurations.E. Prevent the loss of passwords by disabling password encryption.

Correct Answer: BDSection: Access List (ACL, VPN & Security Devices)Explanation


This question is to examine the knowledge point related to network security. Internet firewall is a or a group ofsystems, which will enhance the in-house network security of a mechanism. It decides which in-house servicescan be accessed by the outside, which people from the outside can access what in-house services and whichoutside services can be accessed by in-house personnel. Firewall is an Internet customs inspection post. So asto keep the effectiveness of the firewall, all the information in or out of the Internet must flow through the firewalland being checked by it. Only the authorized data is allowed to pass through the firewall and the firewall itselfmust be free of infiltration. Unfortunately, once the firewall system has been break through or roundabout, it isincapable of providing any protection.

SSH is the abbreviation of Secure Shell, which is established by the Network Working Group of IETF. SSH is asecure protocol which is based on application layer and transport layer.

QUESTION 636What should be part of a comprehensive network security plan?

A. Allow users to develop their own approach to network security.B. Physically secure network equipment from potential access by unauthorized individuals.C. Encourage users to use personal information in their passwords to minimize the likelihood of passwords

being forgotten.D. Delay deployment of software patches and updates until their effect on end-user equipment is well known

and widely reportedE. Minimize network overhead by deactivating automatic antivirus client updates.



Computer systems and networks are vulnerable to physical attack; therefore, procedures should beimplemented to ensure that systems and networks are physically secure. Physical access to a system ornetwork provides the opportunity for an intruder to damage, steal, or corrupt computer equipment, software,and information. When computer systems are networked with other departments or agencies for the purpose ofsharing information, it is critical that each party to the network take appropriate measures to ensure that itssystem will not be physically breached, thereby compromising the entire network. Physical security proceduresmay be the least expensive to implement but can also be the most costly if not implemented. The mostexpensive and sophisticated computer protection software can be overcome once an intruder obtains physicalaccess to the network.

QUESTION 637A network administrator needs to configure a serial link between the main office and a remote location. Therouter at the remote office is a non-Cisco router.How should the network administrator configure the serialinterface of the main office router to make the connection?

A. Main(config)#interface serial 0/0

Main(config-if)#ip address 172.16.1.1 255.255.255.252Main(config-if)#encapsulation ietfMain(config-if)#no shutdown

B. Main(config)#interface serial 0/0Main(config-if)#ip address 172.16.1.1 255.255.255.252Main(config-if)#no shutdown

C. Main(config)# interface serial 0/0Main(config-if)#ip address 172.16.1.1 255.255.255.252Main(config-if)#encapsulation PPPMain(config-if)#no shutdown

D. Main(config)#interface serial 0/0Main(config-if)#ip address 172.16.1.1 255.255.255.252Main(config-if)#encapsulation frame-relayMain(config-if)#authentication chapMain(config-if)#no shutdown



QUESTION 638Which three are characteristics of an IPv6 anycast address? (Choose three)

A. one-to-many communication modelB. delivery of packets to the group interface that is closest to the sending deviceC. any-to-many communication modelD. a unique IPv6 address for each device in the groupE. the same address for multiple devices in the groupF. one-to-nearest communication model

Correct Answer: BEFSection: IPv6Explanation


QUESTION 639Which of the following are characteristcs of a Frame Relay point-to-point subinterface? (Choose Two)

A. Requires use if inverse ARPB. Resolves None Broadcast Multi Access (NMBA) split horizon issuesC. Require the frame-relay map commandD. Maps one IP subnet per DLCIE. Maps one IP subnet accross multiple DLCIs

Correct Answer: BDSection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 640What are three reasons that an organization with multiple branch offices and roaming users might implement aCisco VPN solution instead of point-to-point WAN links? (Choose three.)

A. reduce costB. better throughputC. broadband incompatibilityD. increased securityE. scalabilityF. reduced latency

Correct Answer: ADESection: WAN (HDLC, PPP, Frame Relay & Etc.)Explanation


QUESTION 641What are two benefits of using NAT? (choose two)

A. NAT protects network security because private networks are not advertised.B. NAT accelerates the routing process because no modifications are made on the packets. C. Dynamic NAT facilitates connections from the outside of the network.D. NAT facilitates end-to-end communication when IPsec is enable.E. NAT eliminates the need to re-address all host that require external access.F. NAT conserves addresses through host MAC-level multiplexing.

Correct Answer: AESection: Network Address Translations (NAT)Explanation


By not reveal the internal Ip addresses, NAT adds some security to the inside network -> A is correct.

NAT has to modify the source IP addresses in the packets -> B is not correct.

Connection from the outside of the network through a “NAT” network is more difficult than a more networkbecause IP addresses of inside hosts are hidden -> C is not correct.

In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange(IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> D is notcorrect.

By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-address the insidehosts -> E is correct.

NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowingmany private IP addresses to use the same public IP address to go to the Internet -> F is not correct.

QUESTION 642How are VTP advertisements delivered to switches across th network?

A. Anycast frames

B. Multicast framesC. Broadcast framesD. Unicast frames



QUESTION 643What cisco IOS command can help to determine the timing of various debug events, relative to each other,when you are debugging a complicated rmuter issue?

A. service timestamps debug datetime msecB. show clock detailC. clock calendar-validD. service timestamps log datetime msec

Correct Answer: ASection: Cisco IOS adv. (incl. file mngmnt, CDP, gl obal cmnds)Explanation



Cisco Certified Network Associate - GRATIS EXAM

Documents

Transcript of Cisco Certified Network Associate - GRATIS EXAM