CISCO CCNP SWITCH 642-813: Private VLAN

Quick review:

The private VLAN always has one  primary VLAN. Within the primary VLAN you will find the promiscuous port. All other ports are able to communictae with the promiscuous port. The default gateway is usually connected to promiscuous port.

Within primary VLAN you will encounter one or more secondary VLANs, there are two types:

– community VLAN: all ports within the community VLAN are able to communictae with each other and the promiscuous port;
– isolated VLAN: all ports within the isolated VLAN are unable to communictae with each other but they can communicate with the promiscuous port;

Note: Before you start configuring PVLAN, you must set VTP mode to transparent.

1. Create primary/secondary VLANs
2. Associate secondary VLANs to the primary VLAN
3. Configure interfaces as promiscuous/isolated/community interfaces

################################################################################3

1. Private VLANs can be configured as which three of these port types? (Choose three)

A. isolated
B. protected
C. private
D. associated
E. promiscuous
F. community

 Answer: A E F

2. A switch has been configured with Private VLANs. With that type of PVLAN port should the default gateway be configured?

A. Trunk
B. Isolated
C. Primary
D. Community
E. Promiscuous

 Answer: E

3. When configuring private VLANs, which configuration task must you do first?

A. Configure the private VLAN port parameters.
B. Configure and map the secondary VLAN to the primary VLAN.
C. Disable IGMP snooping.
D. Set the VTP mode to transparent.

Answer: D

4. Refer to the exhibit. From the configuration shown, what can you determine about the private VLAN configuration?

Switch# configure terminal
Switch (config)# vlan 20
Switch (config-vlan)# private-vlan primary
Switch (config-vlan)# exit
Switch (config)# vlan 501
Switch (config-vlan)# private-vlan isolated
Switch (config-vlan )#exit
Switch (config)# vlan 502
Switch (config-vlan)#private-vlan community
Switch (config-vlan)# exit
Switch (config)# vlan 503
Switch (config-vlan )# private-vlan community
Switch (config-vlan)# exit
Switch (config)# vlan 20
Switch (config-vlan)#private-vlan association 501-503
Switch (config-vlan)# end

A. Only VLAN 503 will be the community PVLAN because multiple community PVLANs are not allowed.
B. Users of VLANs 501 and 503 will be able to communicate.
C. VLAN 502 is a secondary VLAN.
D. VLAN 502 will be a standalone VLAN because it is not associated with any other VLANs.

Answer: C

5. Refer to the exhibit. What can be concluded about VLANs 200 and 202?

Switch#show vlan private-vlan type

primary       secondary       type                  interfaces
202                                         primary
200                                         isolated

A. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic between community ports and to promiscuous ports.

B. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic from isolated ports to a promiscuous port.
C. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic between community ports and to promiscuous ports.
D. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic from isolated ports to a promiscuous port.

Answer: B

6. Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other, although they are located on the same subnet. The servers do need, however, to communicate with a database server located in the inside network. What configuration will isolate the servers from each other?

PVLAN

A. The switch ports 3/1 and 3/2 will be defined as secondary VLAN community ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
B. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN community ports.
D. The switch ports 3/1 and 3/2 will be defined as secondary VLAN isolated ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.

Answer: D

Advertisements

CISCO CCNP SWITCH 642-813: VLAN Question

1. You are assigning VLANs to the ports of switch R1. What VLAN number value is an assigned to the default VLAN?

A VLAN 1003
B. VLAN 1
C. VLAN ON
D. VLAN A
E. VLAN 0

Answer: B

2. What is a characteristic of a static VLAN membership assignment?

A. VMPS server lookup is required
B. Easy to configure
C. Ease of adds, moves, and changes
D. Based on MAC address of the connected device

Answer: B

Explanation

There are two types of VLAN membership assignment:

– Static VLAN: switch ports are assigned to specific VLANs manually

– Dynamic VLAN: switch automatically assigns the port to a VLAN using information from the user device like MAC address, IP address etc. When a device is connected to a switch port, the switch must, in effect, query a database to establish VLAN membership.

Static VLAN assignment provides a simple way to assign VLAN to a port while Dynamic VLANs allow a great deal of flexibility and mobility for end users but require more administrative overhead.

3.  What is a characteristic of multi-VLAN access ports?

A. The port has to support STP PortFast.
B. The auxiliary VLAN is for data service and is identified by the PVID.
C. The port hardware is set as an 802.1Q trunk.
D. Both the voice service and data service use the same trust boundary.

Answer: C

Explanation

The multi-VLAN port feature on the Catalyst 2900 XL/3500 XL switches allows for configuring a single port in two or more VLANs. This feature allows users from different VLANs to access a server or router without implementing InterVLAN routing capability. A multi-VLAN port performs normal switching functions in all its assigned VLANs. VLAN traffic on the multi-VLAN port is not encapsulated as it is in trunking -> The port is set as an 802.1Q trunk -> C is correct.

Note: The limitations of implementing multi-VLAN port features are listed below.

1) You cannot configure a multi-VLAN port when a trunk is configured on the switch. You must connect the multi-VLAN port only to a router or server. The switch automatically transitions to VTP transparent mode when the multi-VLAN port feature is enabled, making the VTP disabled.

2) The multi-VLAN port feature is supported only on the Catalyst 2900 XL/3500 XL series switches. This feature is not supported on the Catalyst 4000/5000/6000 series or any other Cisco Catalyst switches.

The following example shows how to configure a port for multi-VLAN mode:
Switch(config-if)# switchport mode multi

The following example shows how to assign a multi-VLAN port already in multi mode to a range of VLANs:
Switch(config-if)# switchport multi vlan 5-10

4. The Company LAN switches are being configured to support the use of Dynamic VLANs. Which of the following are true of dynamic VLAN membership? (Choose two)

A. VLAN membership of a user always remains the same even when he/she is moved to another location.
B. VLAN membership of a user always changes when he/she is moved to another location.
C. Membership can be static or dynamic.
D. Membership can be static only.

Answer: A C

5.  Which of the following technologies would an Internet Service Provider use to support overlapping customer VLAN ID’s over transparent LAN services?

A. 802.1q tunneling
B. ATM
C. SDH
D. IP Over Optical Networking
E. ISL

Answer: A

6. Static VLANs are being used on the Company network. What is true about static VLANs?

A. Devices use DHCP to request their VLAN.
B. Attached devices are unaware of any VLANs.
C. Devices are assigned to VLANs based on their MAC addresses,
D. Devices are in the same VLAN regardless of which port they attach to.

Answer: B

Explanation

Port is assigned  to specific VLAN manually. Frames are not tagged. Attached devices are unaware of any VLANs in the network.

7. The Company LAN switches are being configured to support the use of Dynamic VLANs. What should be considered when implementing a dynamic VLAN solution? (Choose two)

A. Each switch port is assigned to a specific VLAN.
B. Dynamic VLANs require a VLAN Membership Policy Server.
C. Devices are in the same VLAN regardless of which port they attach to.
D. Dynamic VLAN assignments are made through the command line interface.

Answer: B C

Explanation

When a port is configured as “dynamic,” it receives VLAN information based on the MAC-address that is on the port. The VLAN is not statically assigned to the port; it is dynamically acquired from the VMPS (Virtual Membership Policy Server) based on the MAC-address on the port.

Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25ew/configuration/guide/vmps.html

8. The Company LAN is becoming saturated with broadcasts and multicast traffic. What could you do to help a network with many multicasts and broadcasts?

A. Creating smaller broadcast domains by implementing VLANs.
B. Separate nodes into different hubs.
C. Creating larger broadcast domains by implementing VLANs.
D. Separate nodes into different switches.
E. All of the above.

Answer: A

Explanation

VLANs are used to divide network into logical areas. VLANs can also be considered as broadcast domains. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router.

9. You have just created a new VLAN on your network. What is one step that you should include in your VLAN based implementation and verification plan?

A. Verify that different native VLANs exist between two switches for security purposes,
B. Verify that the VLAN was added on all switches with the use of the show vlan command.
C. Verify that the switch is configured to allow for trunking on the switch ports,
D. Verify that each switch port has the correct IP address space assigned to it for the new VLAN.

Answer: B

Explanation

Different native VLANs will cause error messages about the mismatch, and the potential exists that traffic will not pass correctly between the two native VLANs (although a trunk can be brought up with different native VLANs on each end) -> A is not correct.

Answer C is reasonable but it should be done after configuring trunking, not creating a new VLAN -> C is not correct.

A layer 2 switch only needs one IP address for management purpose -> D is not correct.

Answer B is the best choice to verify if our new VLAN was created, and which ports are associated with it.

10. You have configured a Cisco Catalyst switch to perform Layer 3 routing via an SVI and have assigned that interface to VLAN 20. To check the status of the SVI, you issue the show interfaces vlan 20 command at the CLI prompt. You see from the output display that the interface is in an “up/up” state. What must be true in an SVI configuration to bring the VLAN and line protocol up?

A. The port must be physically connected to another Layer 3 device.
B. At least one port in VLAN 20 must be active.
C. The Layer 3 routing protocol must be operational and receiving routing updates from neighboring peer devices.
D. Because this is a virtual interface, the operational status will always be in an “up/up” state.

Answer: B

Explanation

To be “up/up,” a router VLAN interface must fulfill the following general conditions:

– The VLAN exists and is “active” on the VLAN database of the switch (sh vlan brief)
– The VLAN interface (SVI) must exists on the router and must be “up”.
– Minimum one port (Layer 2 port – access or trunk) must be up in this VLAN.

Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/37sg/configuration/guides/l3_int.html)

11. Refer to the exhibit. Based upon the output of show vlan on switch CAT2, what can we conclude about interfaces Fa0/13 and Fa0/14?

show_vla_1

A. That interfaces Fa0/13 and Fa0/14 are in VLAN 1
B. That interfaces Fa0/13 and Fa0/14 are down
C. That interfaces Fa0/13 and Fa0/14 are trunk interfaces
D. That interfaces Fa0/13 and Fa0/14 have a domain mismatch with another switch
E. That interfaces Fa0/13 and Fa0/14 have a duplex mismatch with another switch

Answer: C

Explanation

Show vlan command shows ports assigned to VLANs. Trunk ports are not assigned to specific VLAN, are parts of mutiple VLANs so will never visible in output of this command. You can check trunk ports by using show interfaces trunk.

12. What two pieces of information will the show vlan id 5 command display? (Choose two)
A. Ports in VLAN 5
B. Utilization
C. VLAN information on port 0/5
D. Filters
E. MTU and type

Answer: A E

13. What are some virtues of implementing end-to-end VLANs? (Choose two)

A. End-to-end VLANs are easy to manage.
B. Users are grouped into VLANs independent of a physical location.
C. Each VLAN has a common set of security and resource requirements for all members.
D. Resources are restricted to a single location.

Answer: B C

Explanation

There are two kinds of VLANs:

Local VLANs:
– design is scalable
– users belong to the same broadcast domain when they are at the same location
– redundant path can be built easily
– Rule 20/80: only 20 percent of traffic is local, whereas 80 percent is destined to a remote re-source across the core layer

End-to-end VLANS: 

– geographically dispersed users appear on the same segment
– same policy can be aplied to the same group of users regardless of their phusical location.
– all switches need to know all VLANs
– broadcast messages flood all switches
– Rule 80/20 rule: 80 percent of user traffic stays within the local workgroup, whereas 20 percent is destinated for a remote resource in the campus network

14.  Which two statements are true about a switched virtual interface (SVI)? (Choose two)

A. An SVI is created by entering the no switchport command in interface configuration mode.
B. An SVI is normally created for the default VLAN (VLAN1) to permit remote switch administration.
C. An SVI provides a default gateway for a VLAN.
D. Multiple SVIs can be associated with a VLAN.
E. SVI is another name for a routed port.

Answer: B C

Explanation

Catalyst L2 fixed configuration switches that run Cisco IOS Software have only one configurable IP management interface, which by default is interface VLAN 1. Pure layer 2 switches can have only one interface VLAN up at the time. This is called the management VLAN (in IOS) or the sc0 interface (in CatOS). The main purpose of this interface is management (telnet, SNMP, etc). If the switch is a Layer 3 switch, you can configure multiple VLANs and route between them. An L3 switch can handle multiple IPs, so there is no specific management VLAN on the switch.

(Reference: http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008010e9ca.shtml)

15. You have just created a new VLAN on your network. What is one step that you should include in your VLAN based implementation and verification plan?

A. Verify that trunked links are configured to allow the VLAN traffic.
B. Verify that the switch is configured to allow for trunking on the switch ports.
C. Verify that each switch port has the correct IP address space assigned to it for the new VLAN.
D. Verify that different native VLANs exist between two switches for security purposes.

Answer: A

Explanation

A VLAN-based implementation and verification plan should include:

* Verification that trunked links are configured to allow the newly created VLANs.
* Verification that the SVI has already been created and that it shows up on all required switches using the show vlan command.

16. You have just created a new VLAN on your network for inter-VLAN routing. What is one step that you should include in your VLAN-based implementation and verification plan?

A. Verify that different native VLANs exist between two switches for security purposes.
B. Verify that the switch is configured to allow for trunking on the switch ports.
C. Verify that each switch port has the proper IP address space assigned to it for the new VLAN.
D. Verify that the VLAN virtual interface has been correctly created and enabled.

Answer: D

17. Under what circumstances should an administrator prefer local VLANs over end-to-end VLANs?

A. Eighty percent of traffic on the network is destined for Internet sites.
B. There are common sets of traffic filtering requirements for workgroups located in multiple buildings.
C. Eighty percent of a workgroup’s traffic is to the workgroup’s own local server.
D. Users are grouped into VLANs independent of physical location.

Answer: A

Explanation

Please check Q13.

18. Which of the following statements is true about the 80/20 rule (Choose two)?

A. 20 percent of the traffic on a network segment should be local.
B. no more than 20 percent of the network traffic should be able to move across a backbone.
C. no more than 80 percent of the network traffic should be able to move across a backbone.
D. 80 percent of the traffic on a network segment should be local.

Answer: B D

Explanation

The 80/20 rule states that 80 percent of user traffic stays within the local workgroup, whereas 20 percent is destinated for a remote resource in the campus network

19. Which two statements are true about best practices in VLAN design? (Choose two.)

A. Routing should occur at the access layer if voice VLANs are utilized. Otherwise, routing should occur at the distribution layer.
B. Routing may be performed at all layers but is most commonly done at the core and distribution layers.
C. Routing should not be performed between VLANs located on separate switches.
D. VLANs should be local to a switch.
E. VLANs should be localized to a single switch unless voice VLANs are being utilized.

Answer: B D

Explanation

First let’s review main characteristics of three layers in a campus network:

Access layer:

– Low cost per switch port
-High port density
-Scalable uplinks to higher layers
-User access functions such as VLAN membership, traffic and protocol filtering, and quality of service (QoS)
-Resiliency through multiple uplinks

Distribution Layer:

-Aggregation of multiple access-layer devices
-High Layer 3 throughput for packet handling
-Security and policy-based connectivity functions through access lists or packet filters
-QoS features
-Scalable and resilient high-speed links to the core and access layers

Core layer:

-Very high throughput at Layer 3
-No costly or unnecessary packet manipulations (access lists, packet filtering)
-Redundancy and resilience for high availability
-Advanced QoS functions

B: We can see at Distribution and Core layers, Layer 3 throughput (routing) is very high

D: Nowadays, end-to-end VLANs are not recommended in an enterprise network, unless there is a good reason. In an end-to-end VLAN, broadcast traffic is carried over from one end of the network to the other, creating the possibility for a broadcast storm or Layer 2 bridging
loop to spread across the whole extent of a VLAN. This can exhaust the bandwidth of distribution and core-layer links, as well as switch CPU resources. Now the storm or loop has disrupted users on the end-to-end VLAN, in addition to users on other VLANs that might
be crossing the core.

When such a problem occurs, troubleshooting becomes more difficult. In other words, the risks of end-to-end VLANs outweigh the convenience and benefits.

From that we can infer VLAN traffic should be local to the switch

(Reference: CCNP SWITCH 642-813 Official Certification Guide)

20. In the three-layer hierarchical network design model; what’s associated with the access layer? (Choose two)

A. optimized transport structure
B. high port density
C. boundary definition
D. data encryption
E. local VLANs
F. route summaries

Answer: B E

21. Refer to the exhibit. The user who is connected to interface FastEthernet 0/1 is on VLAN 10 and cannot access network resources. On the basis of the information in the exhibit, which command sequence would correct the problem?

s2

A. SW1(config)# vlan 10
SW1(config-vlan)# no shut

B. SW1(config)# interface fastethernet 0/1
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10

C. SW1(config)# interface fastethernet 0/1
SW1(config-if)# switchport mode access

D. SW1(config)# vlan 10
SW1(config-vlan)# state active

E. SW1(config)# interface fastethernet 0/1
SW1(config-if)# no shut

Answer: E

Explanation:

Operational mode of this port is down.

22.  When you issue a command show port 3/1 on an Ethernet port, you observe the ‘Giants’ column has a non-zero entry. What could cause of this?

A. IEEE 802.1Q
B. IEEE 802.10
C. Misconfigured NIC
D. User configuration
E. All of the above

Answer: A

Explanation:

Giant/jumbo frames are frames larger than the standard Ethernet frame size of 1518 bytes, which includes the Layer 2 header and Frame Check Sequence (FCS).

frames  created by 802.1Q are often known as baby giants:
total frame size= 1500 + 4 (Number of Header Bytes)+ 18 = 1522

23. On a multilayer Catalyst switch, which interface command is used to convert a Layer 3 interface to a Layer 2 interface?

A. switchport access vlan vlan-id
B. switchport
C. switchport mode access
D. no switchport

Answer: B

CCNA 640-802: Model OSI, TCP/IP

1. Which of the following correctly describe steps in the OSI data encapsulation process? (Choose two)

A. The transport layer divides a data stream into segments and may add reliability and flow control information.
B. The data link layer adds physical source and destination addresses and an FCS to the segment.
C. Packets are created when the network layer encapsulates a frame with source and destination host addresses and protocol-related control information.
D. Packets are created when the network layer adds Layer 3 addresses and control information to a segment.
E. The presentation layer translates bits into voltages for transmission across the physical link.

Answer: A D

Explanation
The transport layer segments data into smaller pieces for transport. Each segment is assigned a sequence number, so that the receiving device can reassemble the data on arrival.

The transport layer also use flow control to maximize the transfer rate while minimizing the requirements to retransmit. For example, in TCP, basic flow control is implemented by acknowledgment by the receiver of the receipt of data; the sender waits for this acknowledgment before sending the next part.

The Network layer (Layer 3) has two key responsibilities. First, this layer controls the logical addressing of devices. Second, the network layer determines the best path to a particular destination network, and routes the data appropriately.

2. Which layer of the OSI reference model uses the hardware address of a device to ensure message delivery to the proper host on a LAN?
</strong>
A. physical
B. data link
C. network
D. transport

Answer: B

Explanation
The hardware address of a device or the Media Access Control (MAC) address is added in the Data Link layer. An Ethernet MAC address is a 48-bit binary value expressed as 12 hexadecimal digits (for example: 00:15:A4:CB:03:CA).

3. Which layer of the OSI reference model uses flow control, sequencing, and acknowledgments to ensure that reliable networking occurs?

A. data link
B. network
C. transport
D. presentation
E. physical

Answer: C

4. Which layer in the OSI reference model is responsible for determining the availability of the receiving program and checking to see if enough resources exist for that communication?

A. transport
B. network
C. presentation
D. session
E. application

Answer: E

5. Data transfer is slow between the source and destination. The quality of service requested by the transport layer in the OSI reference model is not being maintained. To fix this issue, at which layer should the troubleshooting process begin?

A. presentation
B. session
C. transport
D. network
E. physical

Answer: D

6. Which protocols are found in the network layer of the OSI reference model and are responsible for path determination and traffic switching?

A. LAN
B. routing
C. WAN
D. network

Answer: B

7. Refer to the exhibit. An administrator pings the default gateway at 10.10.10.1 and sees the output as shown. At which OSI layer is the problem?

—————————————————————-
C:\> ping 10.10.10.1
Pinging 10.10.10.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.10.10.1:
Packets: sent – 4, Received = 0, Lost – 4 (100% loss)
—————————————————————-

A. data link layer
B. application layer
C. access layer
D. session layer
E. network layer

Answer: E

Explanation
The Network layer is responsible for network addressing and routing through the internetwork. So a ping fails, you may have an issue with the Network layer (although lower layers like Data Link & Physical may cause the problem).

8. Which of the following are types of flow control? (Choose three)

A. buffering
B. cut-through
C. windowing
D. congestion avoidance
E. load balancing

Answer: A C D

Explanation
Three types of flow control are buffering, windowing & congestion avoidance:
+ Buffering: If a device receives packets too quickly for it to handle then it can store them in a memory section called a buffer and proceed them later.
+ Windowing: a window is the quantity of data segments that the transmitting device is allowed to send without receiving an acknowledgment for them. For example:
With the window size of 1, the sending device sends 1 segment and the receiving device must reply with 1 ACK before the sending device can send the next segment. This “waiting” takes some time.
By increasing the window size to 3, the sending device will send up to 3 segments before waiting an ACK -> helps reduce the waiting time.
+ Congestion avoidance: lower-priority traffic can be discarded when the network is overloaded -> minimize delays.

9. A network administrator is verifying the configuration of a newly installed host by establishing an FTP connection to a remote server. What is the highest layer of the protocol stack that the network administrator is using for this operation?

A. application
B. presentation
C. session
D. transport
E. internet
F. data link

Answer: A

Explanation
FTP belongs to Application layer and it is also the highest layer of the OSI model.

10. A receiving host computes the checksum on a frame and determines that the frame is damaged. The frame is then discarded. At which OSI layer did this happen?

A. session
B. network
C. physical
D. data link
E. transport

Answer: D

Explanation
When using the term “frame” we can easily recognize it belongs to the Data Link layer. In this layer, an Frame Check Sequence (FCS) field is added to the frame to verify that the frame data is received correctly.

11. As a frame leaves a Layer 3 device, the Layer 2 encapsulation information is changed from what it was when it entered the device. For what two reasons can this happen? (Choose two)

A. The data is moving from 10BASE-TX to 100BASE-TX.
B. The WAN encapsulation type has changed.
C. The data format has changed from analog to digital.
D. The source and destination hosts are in the same subnet.
E. The source and destination MAC addresses have changed.

Answer: B E

12. Acknowledgement, Sequencing, and Flow control are characteristics of which OSI layer?

A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 5
E. Layer 6
F. Layer 7

Answer: C

13. An inbound access list has been configured on a serial interface to deny packet entry for TCP and UDP ports 21, 23 and 25. What types of packets will be permitted by this ACL? (Choose three)

A. FTP
B. Telnet
C. SMTP
D. DNS
E. HTTP
F. POP3

Answer: D E F

Explanation
The access list denies packet entry for TCP & UDP -> all the services on ports 21, 23 and 25 are disabled. Services on these ports are FTP (port 21), Telnet (port 23), SMTP (port 25). Other services are allowed so D E F are the correct answers.

14. What are two characteristics of Telnet? (Choose two)

A. It sends data in clear text format.
B. It is no longer supported on Cisco network devices.
C. It is more secure than SSH.
D. It requires an enterprise license in order to be implemented.
E. It requires that the destination device be configured to support Telnet connections.

Answer: A E

Explanation
Telnet, part of the TCP/IP protocol suite, is a virtual terminal protocol that allows you to make connections to remote devices, gather information, and run programs. Telnet is considered insecure because it transfers all data in clear text -> A is correct.

The destination device needs to support Telnet connection. For example, if a device doesn’t support TCP/IP protocol suit then maybe we can’t telnet to it.

15. An administrator issues the command ping 127.0.0.1 from the command line prompt on a PC. If a reply is received, what does this confirm?

A. The PC has connectivity with a local host.
B. The PC has connectivity with a Layer 3 device.
C. The PC has a default gateway correctly configured
D. The PC has connectivity up to Layer 5 of the OSI model
E. The PC has the TCP/IP protocol stack correctly installed.

Answer: E

Explanation
The address 127.0.0.1 is called loopback address. When we ping 127.0.0.1, in fact we are pinging the local network card and test the TCP/IP protocol suite on our device.

16. Where does routing occur within the DoD TCP/IP reference model?

A. application
B. internet
C. network
D. transport

Answer: B

17. A host is attempting to send data to another host on a different network. What is the first action that the sending host will take?

A. Drop the data.
B. Send the data frames to the default gateway.
C. Create an ARP request to get a MAC address for the receiving host.
D. Send a TCP SYN and wait for the SYN ACK with the IP address of the receiving host.

Answer: B

Explanation
Before sending data, the sending host checks if the destination host is inside or outside the local network. If it is outside the local network, the data will be sent to the default gateway.

18. What is the purpose using the traceroute command?

A. to map all the devices on a network.
B. to display the current TCP/IP configuration values.
C. to see how a device MAC address is mapped to its IP address.
D. to see the path a packet will take when traveling to a specified destination.
E. to display the MTU values for each router in a specified network path from source to a destination.

Answer: D

19. A network admin wants to know every hop the packets take when he accesses cisco.com. Which command is the most appropriate to use?

A. path cisco.com
B. debugcisco.com
C. trace cisco.com
D. traceroute cisco.com

Answer: D

20. A TCP/IP Transfer is diagrammed in the exhibit.
A window size of three has been negotiated for this transfer. Which message will be returned from the receiver to the sender as part of this TCP/IP transfer?

20

A. Send ACK 1-3
B. Send ACK 3
C. Send ACK 4
D. Send ACK 4-6
E. Send ACK 6
F. Send ACK 7

Answer: C

Explanation
In response, the receiver replies with an ACK. The acknowledgment number is set to one more than the received sequence number. The ACK means “I have got all messages up to sequence number n-1 so please send me the message for sequence number n”.

21. Refer to the exhibit. Host A pings Host B. What source MAC address and source IP address are contained in the frame as the frame leaves R2 destined for host B?

21

A. abcd.abcd.a001
B. abcd.abcd.b002
C. abcd.abcd.c003
D. 10.2.0.15
E. 10.0.64.1
F. 10.0.128.15

Answer: B D

Explanation
When packets are sent from Host A to Host B, the source and destination IP addresses are never changed and they are the IP addresses of Host A & Host B. Only the MAC addresses will be changed to reflect the device of the current network. In this case, when the frame leaves R2 destined for host B. It will have:

+ Source IP: IP of Host A – 10.2.0.15 (never changed)
+ Destination IP: IP of Host B – 10.0.128.15 (never changed)
+ Source MAC: MAC of Fa0/0 of R2 – abcd.abcd.b002
+ Destination MAC: MAC of Host B – abcd.abcd.d004

22. Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true? (Choose two)

22
A. Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.
B. Router C will use ICMP to inform Router B that Host 2 cannot be reached.
C. Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached.
D. Router C will send a Destination Unreachable message type.
E. Router C will send a Router Selection message type.
F. Router C will send a Source Quench message type.

Answer: A D

Explanation
The last known good router will try to inform you that the destination cannot be reached (with a Destination Unreachable message type) so from that information you can learn how far your packets can travel to and where the problem is.

23. Refer to the exhibit. The switch in the graphic has a default configuration and the MAC table is fully populated. In addition, this network is operating properly. The graphic represents selected header information in a frame leaving host A. What can be concluded from this information?

23

A. The MAC address of host A is FFFF.FFFF.FFFF.
B. The router will forward the packet in this frame to the Internet.
C. The switch will only forward this frame to the attached router interface.
D. All devices in this LAN except host A will pass the packet to Layer 3.

Answer: D

Explanation
This frame is leaving host A so host A is the source of this frame. In this frame, the MAC destination is FFFF.FFFF.FFFF which is a broadcast address so Sw1 will flood this frame out all its ports except the port it received the frame -> Hosts B, C, D and the interface connected to Sw1 on R1 will receive this frame. When receiving this frame, they will pass the packet to Layer 3 (because they consider broadcast address “everyone, including me”). At Layer 3, the Destination IP will be checked and only the host (or the interface on the router) with correct IP will respond to Host A while others keep silence -> D is correct.

Just for your information, maybe you can ask “this is a broadcast message so why router R1 doesn’t drop it?”. Suppose this is an ARP Request message. In fact, R1 drops that packet but it also learns that it is an ARP Request so R1 looks up its routing table to find a route to that destination. If it can find one, it will send an ARP Reply back for host A”.

CCNA 640-802: IPv6

1. As a CCNA candidate, you must have a firm understanding of the IPv6 address structure. Refer to IPv6 address, could you tell me how many bits are included in each filed?

A – 24
B – 4
C – 3
D – 16

Answer: D

Explanation:
The format of a IPv6 address is X:X:X:X:X:X:X:X where X is a 16-bit hexadecimal field. For example: 110A:0192:190F:0000:0000:082C:875A:132c

2. In practical IPv6 application, a technology encapsulates IPv6 packets inside IPv4 packets, this technology is called what?

A – tunneling
B – hashing
C – routing
D – NAT

Answer: A

3. Internet Protocol version 6 (IPv6) is the next-generation Internet Protocol version designated as the successor to IPv4 because IPv4 address space is being exhausted. Which one of the following descriptions about IPv6 is correct?

A – Addresses are not hierarchical and are assigned at random.
B – Broadcasts have been eliminated and replaced with multicasts.
C – There are 2.7 billion available addresses.
D – An interface can only be configured with one IPv6 address.

Answer: B

4. Which two of these statements are true of IPv6 address representation? (Choose two)

A – The first 64 bits represent the dynamically created interface ID.
B – A single interface may be assigned multiple IPV6 addresses of any type.
C – Every IPV6 interface contains at least one loopback address.
D – Leading zeros in an IPV6 16 bit hexadecimal field are mandatory.

Answer: B C

Explanation:
Leading zeros in IPv6 are optional do that 05C7 equals 5C7 and 0000 equals 0 -> D is not corect.

5. Which three of the following are IPv6 transition mechanisms? (Choose three)

A – 6to4 tunneling
B – GRE tunneling
C – ISATAP tunneling
D – Teredo tunneling
E – VPN tunneling
F – PPP tunneling

Answer: A C D

Explanation:
Below is a summary of IPv6 transition technologies:

6 to 4 tunneling: This mechanism allows IPv6 sites to communicate with each other over the IPv4 network without explicit tunnel setup. The main advantage of this technology is that it requires no end-node reconfiguration and minimal router configuration but it is not intended as a permanent solution.

ISATAP tunneling (Intra-Site Automatic Tunnel Addressing Protocol): is a mechanism for transmitting IPv6 packets over IPv4 network. The word “automatic” means that once an ISATAP server/router has been set up, only the clients must be configured to connect to it.

Teredo tunneling: This mechanism tunnels IPv6 datagrams within IPv4 UDP datagrams, allowing private IPv4 address and IPv4 NAT traversal to be used.

In fact, GRE tunneling is also a IPv6 transition mechanism but is not mentioned in CCNA so we shouldn’t choose it (there are 4 types of IPv6 transition mechanisms mentioned in CCNA; they are: manual, 6-to-4, Teredo and ISATAP).

6. Which two descriptions are correct about characteristics of IPv6 unicast addressing? (Choose two)

A – Global addresses start with 2000::/3.
B – Link-local addresses start with FF00::/10.
C – Link-local addresses start with FE00:/12.
D – There is only one loopback address and it is ::1.

Answer: A D

Explanation:
Below is the list of common kinds of IPv6 addresses:

Loopback address ::1
Link-local address FE80::/10
Site-local address FEC0::/10
Global address 2000::/3
Multicast address FF00::/8

7. Select the valid IPv6 addresses. (Choose all apply)

A – ::192:168:0:1
B – 2002:c0a8:101::42
C – 2003:dead:beef:4dad:23:46:bb:101
D – ::
E – 2000::
F – 2001:3452:4952:2837::

Answer: A B C D F

Explanation:
Answers A B C are correct because A and B are the short form of 0:0:0:0:192:168:0:1 and 2002:c0a8:0101:0:0:0:0:0042 while C are normal IPv6 address.

Answer D is correct because “::” is named the “unspecified” address and is typically used in the source field of a datagram that is sent by a device that seeks to have its IP address configured.

Answer E is not correct because a global-unicast IPv6 address is started with binary 001, denoted as 2000::/3 in IPv6 and it also known as an aggregatable global unicast address.The 2000:: (in particular, 2000::/3) is just a prefix and is not a valid IPv6 address.

The entire global-unicast IPv6 address range is from 2000::/128 to 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/128, resulting in a total usable space of over 42,535,295,865,117,307,932,921,825,928,971,000,000 addresses, which is only 1/8th of the entire IPv6 address space!

8. What is the Multicast for all-router muticast access?

A – FF02::4
B – FF02::3
C – FF02::2
D – FF02::1

Answer: C

CCNA 640-802: Cisco IOS

1. When you are logged into a switch, which prompt indicates that you are in privileged mode?

A. %
B. @
C. >
D. $
E. #

Answer: E

Explanation
The “#” (like Switch#) indicates you are in privileged mode while the “>” indicates you are in user mode.

Note: The “#” sign in “Switch(config)#” indicates this is only accessible at privileged EXEC mode. The “(config)#” part indicates we are in configuration mode.

2. Which command is used to copy the configuration from RAM into NVRAM?

A. copy running-config startup-config
B. copy startup-config: running-config:
C. copy running config startup config
D. copy startup config running config
E. write terminal

Answer: A

Explanation
The running-config is saved in RAM while the startup-config is saved in NVRAM. So in order to copy the configuration from RAM into NVRAM we use the command “copy running-config startup-config” (syntax: copy).

3. Which command is used to load a configuration from a TFTP server and merge the configuration into RAM?

A. copy running-config: TFTP:
B. copy TFTP: running-config
C. copy TFTP: startup-config
D. copy startup-config: TFTP:

Answer: B

Explanation
The syntax of the copy command is “copy” so to copy a configuration from a TFTP server into RAM we use the command “copy TFTP: running-config”.

4. There are no boot system commands in a router configuration in NVRAM. What is the fallback sequence that router will use to find an IOS during reload?

A. Flash, TFTP server, ROM
B. Flash, NVRAM, ROM
C. ROM, NVRAM, TFTP server
D. NVRAM, TFTP server, ROM
E. TFTP server, Flash, NVRAM

Answer: A

Explanation
When you turn the router on, it runs through the following boot process.

The Power-On Self Test (POST) checks the router’s hardware. When the POST completes successfully, the System OK LED indicator comes on.
The router checks the configuration register to identify where to load the IOS image from. A setting of 0×2102 means that the router will use information in the startup-config file to locate the IOS image. If the startup-config file is missing or does not specify a location, it will check the following locations for the IOS image:

1. Flash (the default location)
2. TFTP server
3. ROM (used if no other source is found)

The router loads the configuration file into RAM (which configures the router). The router can load a configuration file from:

+ NVRAM (startup-configuration file)
+ TFTP server
If a configuration file is not found, the router starts in setup mode.

5. A Cisco router is booting and has just completed the POST process.It is now ready to find and load an IOS image. What function does the router perform next?

A. It checks the configuration register
B. It attempts to boot from a TFTP server
C. It loads the first image file in flash memory
D. It inspects the configuration file in NVRAM for boot instructions

Answer: A

6. Refer to the partial command output shown. Which two statements are correct regarding the router hardware? (Choose two)

————————————————————————————–
system image file is “flash:c2600-do3s-mz.120-5.T1″

Cisco 2621 (MPC860) processor (revision 0×600) with 53248K/12288K bytes of memory
Processor board ID JAD05280307 (3536592999)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
2 Low-speed serial(sync/async) network interface(s)
16 terminal line(s)

32K bytes of non-volatile configuration memory.
16384K bytes of processor board system flash (Read/Write)
————————————————————————————–

A. Total RAM size is 32 KB
B. Total RAM size is 16384 KB (16 MB)
C. Total RAM size is 65536 KB (64 MB)
D. Flash size is 32 KB
E. Flash size is 16384 KB (16 MB).
F. Flash size is 65536 KB (64 MB)

Answer: C E

Explanation:
The line “Cisco 2621 (MPC860) processor (revision 0×600) with 53248K/12288K bytes of memory” tells how much RAM in your router. The first parameter (53248) specifies how much Dynamic RAM (DRAM) in your router while the second parameter (12288K) indicates how much DRAM is being used for Packet memory (used by incoming and outgoing packets) in your router. Therefore you have to add both numbers to find the amount of DRAM available on your router

The flash size is straightforward from the line “16384K bytes of processor board system flash (Read/Write)”

7. Which router IOS commands can be used to troubleshoot LAN connectivity problems? (Choose three)

A. ping
B. tracert
C. ipconfig
D. show ip route
E. winipcfg
F. show interfaces

Answer: A D F

Explanation
The ping command can be used to test if the local device can reach a specific destination.

“tracert” is not a valid command in Cisco IOS commands, the correct command should be “traceroute”.

The ipconfig command is not a valid command in Cisco IOS too.

The “show ip route” command can be used to view the routing table of the router. It is a very useful command to find out many connectivity problems (like directly connected networks, learned network via routing protocols…).

“winipcfg” is an old tool in Windows 95/98 to view IP settings of the installed network interfaces. But it is not a valid command in Cisco IOS commands.

The “show interfaces” command is used to check all the interfaces on the local device only. It has very limited information to trouble LAN connectivity problem but it is the most reasonable to choose.

8. Which two locations can be configured as a source for the IOS image in the boot system command? (Choose two)

A. RAM
B. NVRAM
C. flash memory
D. HTTP server
E. TFTP server
F. Telnet server

Answer: C E

9. Refer to the exhibit. Why is flash memory erased prior to upgrading the IOS image from the TFTP server?

————————————————————————————–
Router# copy tftp flash
Address or name of remote host []? 192.168.2.167
Source filename []? c1600-k8sy-mz.123-16a.bin
Destination filename [c1600-k8sy-mz.123-16a.bin]?
Accessing tftp://192.168.2.167/ c1600-k8sy-mz.l23-16a.bin…
Erasing flash before copying? [confirm]
Erasing the flash filesystem will remove all files! continue? [confirm]
Erasing device
Eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
Eeeeeeeeeeeeeeeeeeeeeeeeeeeeeee …erased
Erase of flash: complete
Loading c1600-k8sy-mz.l23-16a.bin from 192.168.2.167 (via Ethernet0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK – 6888962/13777920 bytes]

verifying checksum… OK (0x7BF3)
6888962 bytes copied in 209.920 secs (32961 bytes/sec)
Router#
————————————————————————————–

A. The router cannot verify that the Cisco IOS image currently in flash is valid
B. Flash memory on Cisco routers can contain only a single IOS image.
C. Erasing current flash content is requested during the copy dialog.
D. In order for the router to use the new image as the default, it must be the only IOS image in flash.

Answer: C

Explanation
During the copy process, the router asked “Erasing flash before copying? [confirm]” and the administrator confirmed (by pressing Enter) so the flash was deleted.

Note: In this case, the flash has enough space to copy a new IOS without deleting the current one. The current IOS is deleted just because the administrator wants to do so. If the flash does not have enough space you will see an error message like this:

%Error copying tftp://192.168.2.167/ c1600-k8sy-mz.l23-16a.bin (Not enough space on device)

10. Which command reveals the last method used to powercycle a router?

A. show reload
B. show boot
C. show running-config
D. show version

Answer: D

11, Refer to the exhibit. A router boots to the prompt shown in the exhibit. What does this signify, and how should the network administrator respond?

rommon 1>

A. This prompt signifies that the configuration file was not found in NVRAM. The network administrator should follow the prompts to enter a basic configuration.
B. The prompt signifies that the configuration file was not found in flash memory. The network administrator should use TFTP to transfer a configuration file to the router.
C. The prompt signifies that the IOS image in flash memory is invalid or corrupted. The network administrator should use TFTP to transfer an IOS image to the router.
D. The prompt signifies that the router could not authenticate the user. The network administrator should modify the IOS image and reboot the router.

Answer: C

Explanation
If a Cisco router boots in ROMmon mode, it means:

+ The value of the configuration register is set to XXX0 (the boot field – fourth bit – is 0)
+ The router is unable to locate a valid Cisco IOS software image (you can use the “dir flash:” command in ROMmon mode to look for the IOS in the Flash then try to boot that flash with the “boot flash:” command).

If the IOS image is invalid or corrupted, the fastest way to re-install a new Cisco IOS software image on the router is to copy a new one from TFTP (with “tftpdnld” command).

12. What should be done prior to backing up an IOS image to a TFTP server? (Choose three)

A. Make sure that the server can be reached across the network.
B. Check that authentication for TFTP access to the server is set.
C. Assure that the network server has adequate space for the IOS image.
D. Verify file naming and path requirements.
E. Make sure that the server can store binary files.
F. Adjust the TCP window size to speed up the transfer.

Answer: A C D

13. Which two privileged mode cisco ios commands can be used to determine a cisco router chassis serial number? (choose two)

A. show inventory
B. show flash filesys
C. dir flash:|include chassis
D. show diag
E. show controllers

Answer: A D

14. Which command helps a network administrator to manage memory by displaying flash memory and NVRAM utilization?

A. show secure
B. show file systems
C. show flash
D. show version

Answer: B

15. A network administrator changes the configuration register to 0×2142 and reboots the router. What are two results of making this change? (Choose two)

A. The IOS image will be ignored.
B. The router will prompt to enter initial configuration mode.
C. The router will boot to ROM.
D. Any configuration entries in NVRAM will be ignored.
E. The configuration in flash memory will be booted.

Answer: B D

Explanation
The router bypasses the startup configuration stored in NVRAM during its boot sequence so the router will enter initial configuration mode. This feature is normally used during a password recovery procedure.

16. Refer to the exhibit. For what two reasons has the router loaded its IOS image from the location that is shown? (Choose two)

————————————————————————————
Router1> show version
Cisco Internetwork Operating System Software
IOS ™ 7200 Software (C7200-J-M), Experimental Version 11.3tl997091S:1647S2)
[hampton-nitro-baseline 249]
Copyright (c) 1986-1997 by cisco Systems, Inc.
Compiled Wed 08-0ct-97 06:39 by hampton
Image text-base: 0×60008900, data-base: 0x60B98000

ROM: System Bootstrap, Version 11.1(11855) [beta 2], INTERIM SOFTWARE
BOOTPLASH: 7200 Software (C7200-BOOT-M), Version 11.1(472), RELEASE SOFTWARE (fcl)

Router1 uptime is 23 hours, 33 minutes
System restarted by abort at PC 0x6022322C at 10:50:SS PDT Tue Oct 21 1997
System image file is “tftp://112.16.1.129/hampton/nitro/c7200-j-mz”

cisco 7206 (NPE150) processor with 57344K/8192K bytes of memory.

Configuration register is 0×2102
————————————————————————————

A. Router1 has specific boot system command that instruct it to load IOS from TFTP server.
B. Router1 is acting as a TFTP server for other routers.
C. Router1 cannot locate a valid IOS image in flash memory.
D. Router1 defaulted to ROMMON mode and loaded the IOS image from a TFTP sewer.
E. Cisco routers will first attempt to load a image from TFTP for management purposes.

Answer: A C

Explanation
When powered on, the router first checks its hardware via Power-On Self Test (POST). Then it checks the configuration register to identify where to load the IOS image from. In the output above we learn that the Configuration register value is 0×2102 so the router will try to boot the system image from Flash memory first.

But we also see a line “System image file is “tftp://112.16.1.129/hampton/nitro/c7200-j-mz”. Please notice that this line tells us the image file that the device last started. In this case it is from a TFTP server. Therefore we can deduce that the router could not load the IOS image from the flash and the IOS image has been loaded from TFTP server.

Note:
If the startup-config file is missing or does not specify a location, it will check the following locations for the IOS image:

+ Flash (the default location)
+ TFTP server
+ ROM (used if no other source is found)

17. How does using the service password encryption command on a router provide additional security?

A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router

Answer: B

Explanation

By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.

18. Refer to the diagram. What is the largest configuration file that can be stored on this router?

————————————————————————————————
R# show version
Cisco IOS Software. 1841 Software (C1841-IPBASE-M}, Version 12.4(1a), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986*2005 by Cisco Systems, Inc.
Compiled Fri 27-May-0512:32 by hqluong

ROM: System Bootstrap. Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)

N-East uptime is 5 days, 49 minutes
System returned to ROM by reload at 15:17:00 UTC Thu Jun 8 2006
System image file is “flash:c1841-ipbase-mz.124-1a.bin”

Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Processor board ID FTX0932W21Y
2 FastEthernet interfaces
2 Low-speed serial(sync/async) interfaces
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)

Configuration register Is 0×2102

R#
————————————————————————————————

A. 191K bytes
B. 16384K bytes
C. 31369K bytes
D. 114688K bytes

Answer: A

Explanation
Non-volatile RAM (NVRAM) holds the router’s startup configuration file. NVRAM contents are not lost when the router is powered down or reloaded.

19. Which command shows system hardware and software version information?

A. show configuration
B. show environment
C. show inventory
D. show platform
E. show version

Answer: E

20. Refer to the exhibit. If number 2 is selected from the setup script, what happens when the user runs setup from a privileged prompt?

————————————————————————————————
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.

Enter your selection [2]:
————————————————————————————————

A. Setup is additive and any changes will be added to the config script.
B. Setup effectively starts the configuration over as if the router was booted for the first time.
C. Setup will not run if an enable secret password exists on the router.
D. Setup will not run, because it is only viable when no configuration exists on the router.

Answer: A

21. Which command shows your active Telnet connections?

A. show sessions
B. show cdp neighbors
C. show users
D. show queue

Answer: A

22. Which command can you use to determine the cisco ios feature set on a cisco router?

A. show version
B. dir flash:include ios
C. show environment
D. show diag
E. show inventory

Answer: A

23. A system administrator types the command to change the hostname of a router. Where on the Cisco IFS is that change stored?

A. NVRAM
B. RAM
C. FLASH
D. ROM
E. PCMCIA

Answer: B

Explanation

The change is only reflected in the running-config on RAM. It can be lost if we reset the router without saving it.

24. Before installing a new upgraded version of the IOS, what should be checked on the router, and which command should be used to gather this information? (Choose two)

A. the amount of available ROM
B. the amount of available flash and RAM memory
C. the version of the bootstrap software present on the router
D. show version
E. show processes
F. show running-config

Answer: B D

Explanation
When upgrading new version of the IOS we need to copy the IOS to the Flash so first we have to check if the Flash has enough memory or not. Also running the new IOS may require more RAM than the older one so we should check the available RAM too. We can check both with the “show version” command.

25. Refer to the exhibit. A network administrator configures a new router and enters the copy startup-config running-config on the router. The network administrator powers down the router and sets it up at a remote location. When the router starts, it enter the system configuration dialog as shown. What is the cause of the problem?

————————————————————————————————

— System Configuration Dialog —
Would you like to enter the initial configuration dialog? [yes/no]: % Please answer yes’ or ‘no’.
Would you like to enter the initial configuration dialog? [yes/ho]: n

Would you like to terminate autoinstall? [yes]:

Press RETURN to get started!

————————————————————————————————

A. The network administrator failed to save the configuration.
B. The configuration register is set to 0×2100.
C. The boot system flash command is missing from the configuration.
D. The configuration register is set to 0×2102.
E. The router is configured with the boot system startup command.

Answer: A

Explanation
The “System Configuration Dialog” appears only when no startup configuration file is found. The network administrator has made a mistake because the command “copy startup-config running-config” will copy the startup config (which is empty) over the running config (which is configured by the administrator). So everything configured was deleted.

26. Refer to the exhibit. What can be determined about the router from the console output?

————————————————————————————————

1 FastEthernet/IEEE 802.3 interface(s)
125K bytes of non-volatile configuration memory.
65536K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes) .
8192K bytes of Flash internal SIMM (Sector size 256K).

———-System Configuration Dialog ———-

Would you like to enter the initial configuration dialog? [yes/no]:

————————————————————————————————

A. No configuration file was found in NVRAM.
B. No configuration file was found in flash.
C. No configuration file was found in the PCMCIA card.
D. Configuration file is normal and will load in 15 seconds.

Answer: A

Explanation
When no startup configuration file is found in NVRAM, the System Configuration Dialog will appear to ask if we want to enter the initial configuration dialog or not.

Basic Questions

1. What are some of the advantages of using a router to segment the network? (Choose two)

A. Filtering can occur based on Layer 3 information.
B. Broadcasts are eliminated.
C. Routers generally cost less than switches.
D. Broadcasts are not forwarded across the router.
E. Adding a router to the network decreases latency.

Answer: A D

2. For what two purposes does the Ethernet protocol use physical addresses? (Choose two)

A. to uniquely identify devices at Layer 2
B. to allow communication with devices on a different network
C. to differentiate a Layer 2 frame from a Layer 3 packet
D. to establish a priority system to determine which device gets to transmit first
E. to allow communication between different devices on the same network
F. to allow detection of a remote device when its physical address is unknown

Answer: A E

Explanation:
Physical addresses or MAC addresses are used to identify devices at layer 2 -> A is correct.

MAC addresses are only used to communicate on the same network. To communicate on different network we have to use Layer 3 addresses (IP addresses) -> B is not correct; E is correct.

3. Which command can be used from a PC to verify the connectivity between host that connect through path?

A. tracert address
B. ping address
C. arp address
D. traceroute address

Answer: A

Explanation:
“traceroute” command has the same function of the “tracert” command but it is used on Cisco routers only, not on a PC.

4. Refer to the exhibit.

PC> tracert 10.16.176.23
Tracing route to 10.16.176.23 over a maximum of 30 hops

1 31 ms 31 ms 32ms 172.16.182.1
2 62 ms 62 ms 62 ms 192.1681.6
3 93 ms 92 ms 34 ms 192.168.1.10
4 125 ms 110ms 125ms 10.16.176.23

Trace complete.

Host A has tested connectivity to a remote network. What is the default gateway for host A?

A. 172.16.182.1
B. 192.168.1.1
C. 10.16.176.1
D. 192.168.1.6

Answer: A

Explanation
It will list all the routers (from nearest to farthest) it passes through until it reaches its destination so the first hop is its nearest IP. If we ping from a PC, it is also the default gateway for that PC.

5. What functions do routers perform in a network? (Choose two)

A. packet switching
B. access layer security
C. path selection
D. VLAN membership assignment
E. bridging between LAN segments
F. microsegmentation of broadcast domains

Answer: A C

6. For which type of connection should a straight-through cable be used?

A. switch to switch
B. switch to hub
C. switch to router
D. hub to hub
E. router to PC

Answer: C

Explanation
To specify when we use crossover cable or straight-through cable, we should remember:

Group 1: Router, Host, Server
Group 2: Hub, Switch

One device in group 1 + One device in group 2: use straight-through cable
Two devices in the same group: use crossover cable

7. Which type of cable is used to connect the COM port of a host to the COM port of a router or switch?

A. crossover
B. straight-through
C. rolled
D. shielded twisted-pair

Answer: C

8. What is the first 24 bits in a MAC address called?

A. NIC
B. BIA
C. OUI
D. VAI

Answer: C

Explanation
Organizational Unique Identifier (OUI) is the first 24 bits of a MAC address for a network device, which indicates the specific vendor for that device as assigned by the Institute of Electrical and Electronics Engineers, Incorporated (IEEE). This identifier uniquely identifies a vendor, manufacturer, or an organization.

9. In an Ethernet network, under what two scenarios can devices transmit? (Choose two)

A. when they receive a special token
B. when there is a carrier
C. when they detect no other devices are sending
D. when the medium is idle
E. when the server grants access

Answer: C D

Explanation
Ethernet network is a shared environment so all devices have the right to access to the medium. If more than one device transmits simultaneously, the signals collide and can not reach the destination.

If a device detects another device is sending, it will wait for a specified amount of time before attempting to transmit.

When there is no traffic detected, a device will transmit its message. While this transmission is occurring, the device continues to listen for traffic or collisions on the LAN. After the message is sent, the device returns to its default listening mode.

So we can see C and D are the correct answers. But in fact “answer C – when they detect no other devices are sending” and “when the medium is idle” are nearly the same.

10. Which two benefits are provided by using a hierarchical addressing network addressing scheme? (Choose two)

A. reduces routing table entries
B. auto-negotiation of media rates
C. efficient utilization of MAC addresses
D. dedicated communications between devices
E. ease of management and troubleshooting

Answer: A E

11. When a host transmits data across a network to another host, which process does the data go through?

A. standardization
B. conversion
C. encapsulation
D. synchronization

Answer: C

12. Which two Ethernet fiber-optic modes support distances of greater than 550 meters?

A. 1000BASE-CX
B. 100BASE-FX
C. 1000BASE-LX
D. 1000BASE-SX
E. 1000BASE-ZX

Answer: C E

Explanation:
Below lists the cabling standards mentioned above
Standard Cabling Maximum length
1000BASE-CX Twinaxial cabling 25 meters
100BASE-FX Two strands, multimode 400 m
1000BASE-LX Long-wavelength laser, MM orSM fiber 10 km (SM)3 km (MM)
1000BASE-SX Short-wavelength laser, MM fiber 220 m with 62.5-micron fiber; 550 mwith 50-micron fiber
1000BASE-ZX Extended wavelength, SM fiber 100 km

13. Refer to the exhibit. What type of connection would be supported by the cable diagram shown?

Pin Color Function Pin Color Function
1 White/Green TX+ 1 White/Green TX+
2 Green TX- 2 Green TX-
3 White/Orange RX+ 3 White/Orange RX+
6 Orange RX- 6 Orange RX-

A. PC to router
B. PC to switch
C. server to router
D. router to router

Answer: B

Explanation
From the “Pin” and “Color” in the exhibit we know that this is a straight-through cable so it can be used to connect PC to switch.

14. Refer to the exhibit. What type of connection would be supported by the cable diagram shown?

Pin Color Function Pin Color Function
1 White/Green TX+ 3 White/Green RX+
2 Green TX- 6 Green RX-
3 White/Orange RX+ 1 White/Orange TX+
6 Orange RX- 2 Orange TX-

A. PC to router
B. PC to switch
C. server to switch
D. switch to router

Answer: A

15. Which two topologies are using the correct type of twisted-pair cables? (Choose two)

1
Answer: D E

16. Which of the following statements describe the network shown in the graphic? (Choose two)

16
A. There are two broadcast domains in the network.
B. There are four broadcast domains in the network.
C. There are six broadcast domains in the network.
D. There are four collision domains in the network.
E. There are five collision domains in the network.
F. There are seven collision domains in the network.

Answer: A F

Explanation
Only router can break up broadcast domains so in the exhibit there are 2 broadcast domains: from e0 interface to the left is a broadcast domain and from e1 interface to the right is another broadcast domain.

Both router and switch can break up collision domains so there is only 1 collision domain on the left of the router (because hub doesn’t break up collision domain) and there are 6 collision domains on the right of the router (1 collision domain from e1 interface to the switch + 5 collision domains for 5 PCs in Production).

17. Refer to the exhibit. The two connected ports on the switch are not turning orange or green. What would be the most effective steps to troubleshoot this physical layer problem? (Choose three)

17
A. Ensure that the Ethernet encapsulations match on the interconnected router and switch ports.
B. Ensure that cables A and B are straight-through cables.
C. Ensure cable A is plugged into a trunk port.
D. Ensure the switch has power.
E. Reboot all of the devices.
F. Reseat all cables.

Answer: B D F

Explanation
The ports on the switch are not up indicating it is a layer 1 (physical) problem so we should check cable type, power and how they are plugged in.

18. Refer to the exhibit. Two buildings on the San Jose campus of a small company must be connected to use Ethernet with a bandwidth of at least 100 Mbps. The company is concerned about possible problems from voltage potential difference between the two buildings. Which media type should be used for the connection?

18
A. UTP cable
B. STP cable
C. Coaxial cable
D. Fiber optic cable

Answer: D

Explanation
Because the company has problem about voltage potential difference between the two buildings so they should connect via fiber optic cable which uses light pulses to transmit information instead of using electronic pulses.

19. Refer to the exhibit. A network engineer is troubleshooting an internet connectivity problem on the computer. What causing the problem?

19
A. wrong DNS server
B. wrong default gateway
C. incorrect IP address
D. incorrect subnet mask

Answer: C

Explanation
The IP address of the PC (192.168.11.2/24) is not on the same network with its gateway 192.168.1.1.

20. How many broadcast domains are shown in the graphic assuming only the default vlan is configured on the switches?

20
A. one
B. six
C. twelve
D. two

Answer: A

Explanation
Only router can break up broadcast domains but in this exhibit no router is used so there is only 1 broadcast domain.

For your information, there are 7 collision domains in this exhibit (6 collision domains between hubs & switches + 1 collision between the two switches).

CISCO CCNA 4: Chapter 5

1. The following commands were entered on a router:

Router(config)# access-list 2 deny 172.16.5.24
Router(config)# access-list 2 permit any
The ACL is correctly applied to an interface. What can be concluded about this set of commands?

The wildcard mask 0.0.0.0 is assumed.
The access list statements are misconfigured.
All nodes on the 172.16.0.0 network will be denied access to other networks.
No traffic will be allowed to access any nodes or services on the 172.16.0.0 network.

correct: 1

2. Interface s0/0/0 already has an IP ACL applied inbound. What happens when the network administrator attempts to apply a second inbound IP ACL?

The second ACL is applied to the interface, replacing the first.
Both ACLs are applied to the interface.
The network administrator receives an error.
Only the first ACL remains applied to the interface.

Correct: 1

3. Which two statements are correct about extended ACLs? (Choose two)

Extended ACLs use a number range from 1-99.
Extended ACLs end with an implicit permit statement.
Extended ACLs evaluate the source and destination addresses.
Port numbers can be used to add greater definition to an ACL.
Multiple ACLs can be placed on the same interface as long as they are in the same direction.

correct: 3, 4

4. Which benefit does an extended ACL offer over a standard ACL?

Extended ACLs can be named, but standard ACLs cannot.
Unlike standard ACLs, extended ACLS can be applied in the inbound or outbound direction.
Based on payload content, an extended ACL can filter packets, such as information in an e-mail or instant message.
In addition to the source address, an extended ACL can also filter on destination address, destination port, and source port.

correct: 4

5.

Refer to the exhibit. How will Router1 treat traffic matching the time-range requirement of EVERYOTHERDAY?

TCP traffic entering fa0/0 from 172.16.1.254/24 destined to the 10.1.1.0/24 network is permitted.
TCP traffic entering fa0/0 from 10.1.1.254/24 destined to the 172.16.1.0/24 network is permitted.
Telnet traffic entering fa0/0 from 172.16.1.254/24 destined to the 10.1.1.0/24 network is permitted.
Telnet traffic entering fa0/0 from 10.1.1.254/24 destined to the 172.16.1.0/24 network is permitted.

correct: 4

6. Which three statements describe ACL processing of packets? (Choose three.)

An implicit deny any rejects any packet that does not match any ACL statement.
A packet can either be rejected or forwarded as directed by the statement that is matched.
A packet that has been denied by one statement can be permitted by a subsequent statement.
A packet that does not match the conditions of any ACL statements will be forwarded by default.
Each statement is checked only until a match is detected or until the end of the ACL statement list.
Each packet is compared to the conditions of every statement in the ACL before a forwarding decision is made.

correct: 1, 2, 5

7.

Refer to the exhibit. The administrator wishes to block web traffic from 192.168.1.50 from reaching the default port of the web service on 192.168.3.30. To do this, the access control list name is applied inbound on the router R1 LAN interface. After testing the list, the administrator has noted that the web traffic remains successful. Why is web traffic reaching the destination?

Web traffic does not use port 80 by default.
The access list is applied in the wrong direction.
The access list needs to be placed closer to the destination, on R3.
The range of source addresses specified in line 10 does not include host 192.168.1.50.

correct: 4

8. Which feature will require the use of a named ACL rather than a numbered ACL?

the ability to filter traffic based on a specific protocol
the ability to filter traffic based on an entire protocol suite and destination
the ability to specify source and destination addresses to use when identifying traffic
the ability to edit the ACL and add additional statements in the middle of the list without removing and re-creating the list

correct: 4

9. Which two statements are true regarding the significance of the access control list wildcard mask 0.0.0.7? (Choose two.)

The first 29 bits of a given IP address will be ignored.
The last 3 bits of a given IP address will be ignored.
The first 32 bits of a given IP address will be checked.
The first 29 bits of a given IP address will be checked.
The last 3 bits of a given IP address will be checked.

correct: 2, 4

10. Where should a standard access control list be placed?

close to the source
close to the destination
on an Ethernet port
on a serial port

correct: 2

11. How do Cisco standard ACLs filter traffic?

by destination UDP port
by protocol type
by source IP address
by source UDP port
by destination IP address

correct: 3

12. Which two statements are true regarding named ACLs? (Choose two.)

Only named ACLs allow comments.
Names can be used to help identify the function of the ACL.
Named ACLs offer more specific filtering options than numbered ACLs.
Certain complex ACLs, such as reflexive ACLs, must be defined with named ACLs.
More than one named IP ACL can be configured in each direction on a router interface.

correct: 2, 4

13.

Refer to the exhibit. What will be the effect of the configuration that is shown?

Users attempting to access hosts in the 192.168.30.0/24 network will be required to telnet to R3.
Hosts connecting to resources in the 191.68.30.0/24 network have an idle timeout of 15 minutes.
Anyone attempting to telnet into R3 will have an absolute time limit of five minutes.
Telnet access to R3 will only be permitted on Serial 0/0/1.

correct: 1

14.

Refer to the exhibit. An administrator has configured two access lists on R1. The list inbound on the serial interface is named Serial and the list inbound on the LAN interface is named LAN. What affect will be produced by the access control lists?

PC1 will be able to telnet to PC3.
R3 will not be able to communicate with PC1 and PC3.
PC3 cannot telnet to R3 and cannot communicate with PC1.
PC1 will not be able to telnet to R3 and PC3 will not be able to communicate with PC1.

correct: 4

15. Which two statements are true regarding the following extended ACL? (Choose two.)

access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21
access-list 101 permit ip any any

FTP traffic originating from network 172.16.3.0/24 is denied.
All traffic is implicitly denied.
FTP traffic destined for the 172.16.3.0/24 network is denied.
Telnet traffic originating on network 172.16.3.0/24 is denied.
Web traffic originating from 172.16.3.0 is permitted.

correct: 1, 5

16. Which statement about standard ACLs is true?

Standard ACLS must be numbered and cannot be named.
They should be placed as close to the destination as possible.
They can filter based on source and destination address as well as on source and destination port.
When applied to an outbound interface, incoming packets are processed before they are routed to the outbound interface.

correct: 2

17.

Refer to the exhibit. Which statement is true about ACL 110 if ACL 110 is applied in the inbound direction on S0/0/0 of R1?

It will deny TCP traffic to the Internet if the traffic is sourced from the 172.22.10.0/24 network.
It will not allow TCP traffic coming from the Internet to enter the network 172.22.10.0/24.
It will allow any TCP traffic from the Internet to enter the network 172.22.10.0/24.
It will permit any TCP traffic that originated from network 172.22.10.0/24 to return inbound on the S0/0/0 interface.

correct: 4

18. Which three parameters can ACLs use to filter traffic? (Choose three.)

packet size
protocol suite
source address
destination address
source router interface
destination router interface

correct: 2, 3, 4

19.

Refer to the exhibit. How does this access list process a packet with the source address 10.1.1.1 and a destination of 192.168.10.13?

It is allowed because of the implicit deny any.
It is dropped because it does not match any of the items in the ACL.
It is allowed because line 10 of the ACL allows packets to 192.168.0.0/16.
It is allowed because line 20 of the ACL allows packets to the host 192.168.10.13.

correct: 2

20. By default, how is IP traffic filtered in a Cisco router?

blocked in and out of all interfaces
blocked on all inbound interfaces, but permitted on all outbound interfaces
permitted in and out of all interfaces
blocked on all outbound interfaces, but permitted on all inbound interfaces

correct: 3

21.

Refer to the exhibit. When creating an extended ACL to deny traffic from the 192.168.30.0 network destined for the Web server 209.165.201.30, where is the best location for applying the ACL?

ISP Fa0/0 outbound
R2 S0/0/1 inbound
R3 Fa0/0 inbound
R3 S0/0/1 outbound

correct: 3

22.

Refer to the exhibit. ACL 120 is configured inbound on the serial0/0/0 interface on router R1, but the hosts on network 172.11.10.0/24 are able to telnet to network 10.10.0.0/16. On the basis of the provided configuration, what should be done to remedy the problem?

Apply the ACL outbound on the serial0/0/0 interface on router R1.
Apply the ACL outbound on the FastEthernet0/0 interface on router R1.
Include the established keyword at the end of the first line in the ACL.
Include a statement in the ACL to deny the UDP traffic that originates from 172.11.10.0/24 network.

correct: 1

23. A network administrator needs to allow traffic through the firewall router for sessions that originate from within the company network, but the administrator must block traffic for sessions that originate outside the network of the company. What type of ACL is most appropriate?

dynamic
port-based
reflexive
time-based

correct: 3

24. A technician is creating an ACL and needs a way to indicate only the subnet 172.16.16.0/21. Which combination of network address and wildcard mask will accomplish the desired task?

172.16.0.0 0.0.255.255
127.16.16.0 0.0.0.255
172.16.16.0 0.0.7.255
172.16.16.0 0.0.15.255
172.16.16.0 0.0.255.255

correct: 3

25. Which three items must be configured before a dynamic ACL can become active on a router? (Choose three.)

extended ACL
reflexive ACL
console logging
authentication
Telnet connectivity
user account with a privilege level of 15

correct: 1, 4, 5