8:48 PM
Unknown
- About and Share LAB (1)
- BCRAN Knowledgenet Labs (1)
- BSCI Knowledgenet Labs (1)
- BSMSN Knowledgenet Labs (1)
- CCIE LAP (1)
- CCNA - Hotspot Questions (1)
- CCNA 640-802 VLAN / VTP Practice Questions (1)
- CCNA 640-802 WAN Practice Questions (1)
- CCNA Drag and Drop Questions (1)
- CCNA full course including simulators dumps etc (1)
- CCNA Implementation SIM (1)
- CCNA lab (11)
- CCNA Troubleshooting Questions 1 (1)
- CCNA Troubleshooting Questions 2 (1)
- CCNA VOICE Official Guide (1)
- CCNA WAN Questions (1)
- CCNA: Cisco Certified Network Associate: Fast Pass (1)
- CCNP Lab (3)
- Cisco ccna v4.0 practice (1)
- Cisco IOS access lists: 10 things you should know (1)
- Cisco Network Magic Pro 5.0.8282 (1)
- Cisco Press ICND1 2nd Edition Jan 2008 (1)
- Cisco Training CCNA IP Addressing - Part 1 of 5 (1)
- CONFIGURING STATIC ROUTING RIP IGRP OSPF ON CISCO ROUTER (2)
- Ebook.CCNA Security Official Exam Certification Guide Exam 640-553 Exam Certifica.1587202204 (1)
- GNS3-Topology: CCNA CCNP Full Mesh Topology Template (1)
- Hardening Cisco IOS Devices (1)
- IP adress (1)
- Latest News CCNA (1)
- MCSA (1)
- PacketTrap Ping Scan 1.1.3301 (1)
- Pix Firewall Simulator (1)
- Subnetting in 6 easy steps - part 1 (1)
- Take Assessment - EWAN Final Exam - CCNA Exploration: Accessing the WAN (Version 4.0) (1)
- TCP/IP and the OSI Reference Model (1)
- VPN Basic Knowledge... (1)
Saturday, July 25, 2009
Practice - Lab - Learning CCNA
CCNA Semester 4
- CCNA 4 - Final Exam (10)
- CCNA v4 - E3 - Module 7 (100%) (1)
- CCNA v4 - E4 - Module 1 (100%) (1)
- CCNA v4 - E4 - Module 2 (100%) (1)
- CCNA v4 - E4 - Module 3 (100%) (1)
- CCNA4 (24)
- CCNA4 Chapter 1 (1)
- CCNA4 Chapter 2 (1)
- CCNA4 Chapter 3 (1)
- CCNA4 Chapter 4 (2)
- CCNA4 Chapter 5 (2)
- CCNA4 Chapter 6 (2)
- CCNA4 Chapter 7 (3)
- CCNA4 Chapter 8 (1)
- CCNA4 Chapter 9 (1)
- CCNA4 FINAL (1)
CCNA Semester 3
- CCNA 3 - Final Exam (3)
- CCNA 3 final test (1)
- CCNA3 (10)
- CCNA3 Chapter 1 (2)
- CCNA3 Chapter 2 (2)
- CCNA3 Chapter 3 (2)
- CCNA3 Chapter 4 (2)
- CCNA3 Chapter 5 (2)
- CCNA3 Chapter 6 (2)
- CCNA3 Chapter 7 (2)
- CCNA3 – Answers chapter 4 v.4.0 (100/100) (1)
- NEW CCNA3 FINAL (1)
CCNA Semester 2
- CCNA2 (18)
- CCNA2 Chapter 1 (1)
- CCNA2 Chapter 10 (1)
- CCNA2 Chapter 11 (1)
- CCNA2 Chapter 2 (1)
- CCNA2 Chapter 3 (1)
- CCNA2 Chapter 4 (1)
- CCNA2 Chapter 5 (1)
- CCNA2 Chapter 6 (1)
- CCNA2 Chapter 7 (1)
- CCNA2 Chapter 8 (1)
- CCNA2 Chapter 9 (1)
- CCNA Practice Certification Exam 2 (1)
- CCNA 2 - Final Exam (7)
- CCNA 2 - Final Exam.CCNA2 (1)
VPN Basic Knowledge...
Practice Now
Hardening Cisco IOS Devices
Watch Now
Wednesday, July 22, 2009
CCNA v4 - E4 - Module 6 (100%)
1. Which two Layer 1 requirements are outlined in the Data-over-Cable Service Interface Specification (DOCSIS)? (Choose two.)
channel widths
modulation techniques
2. Which is an example of symmetric-key encryption?
pre-shared key
3. Which two statements are valid solutions for a cable ISP to reduce congestion for users? (Choose two.)
allocate an additional channel
subdivide the network to reduce users on each segment
4. While monitoring traffic on a cable network, a technician notes that data is being transmitted at 38 MHz. Which statement describes the situation observed by the technician?
Data is being transmitted from the subscriber to the headend.
5. After conducting research to learn about common remote connection options for teleworkers, a network administrator has decided to implement remote access over broadband to establish VPN connections over the public Internet. What is the result of this solution?
The connection has increased security and reliable connectivity. Users need a remote VPN router or VPN client software.
6. Data confidentiality through a VPN is achieved through which two methods? (Choose two.)
encryption
encapsulation
7. Data confidentiality through a VPN can be enhanced through the use of which three encryption protocols? (Choose three.)
AES
DES
RSA
8. What two protocols provide data authentication and integrity for IPsec? (Choose two.)
AH
ESP
9. A technician has been asked to configure a broadband connection for a teleworker. The technician has been instructed that all uploads and downloads for the connection must use existing phone lines. Which broadband technology should be used?
DSL
10. What are the three main functions of a secure VPN? (Choose three.)
authentication
data confidentiality
data integrity
11. A company is using WiMAX to provide access for teleworkers. What home equipment must the company provide at the teleworker's site?
a WiMAX receiver
12. Which two methods could an administrator use to authenticate users on a remote access VPN? (Choose two.)
digital certificates
smart cards
13. Which two statements about DSL are true? (Choose two.)
local loop can be up to 3.5 miles (5.5km)
user connections are aggregated at a DSLAM located at the CO
14. Which two features can be associated with the Worldwide Interoperability for Microwave Access (WiMAX) telecommunication technology? (Choose two.)
covers areas as large as 7,500 square kilometers
connects directly to the Internet through high-bandwidth connections
15. Refer to the exhibit. All users have a legitimate purpose and the necessary persissions to access the Corporate network. Based on the topology shown, which locations are able to establish VPN connectivity with the Corporate network?
All locations can support VPN connectivity.
16. Which statement describes cable?
Delivering services over a cable network requires downstream frequencies in the 50 to 860 MHz range, and upstream frequencies in the 5 to 42 MHz range.
17. Which two protocols can be used to encapsulate traffic that is traversing a VPN tunnel? (Choose two.)
IPsec
PPTP
18. Refer to the exhibit. A teleworker is connected over the Internet to the HQ Office. What type of secure connection can be established between the teleworker and the HQ Office?
a remote-access VPN
19. Refer to the exhibit. A VPN tunnel has been established between the HQ Office and the Branch Office over the public Internet. Which three mechanisms are required by the devices on each end of the VPN tunnel to protect the data from being intercepted and modified? (Choose three.)
The two parties must establish a secret key used by encryption and hash algorithms.
The two parties must agree on the encryption algorithm to be used over the VPN tunnel.
The devices must be authenticated before the communication path is considered secure.
channel widths
modulation techniques
2. Which is an example of symmetric-key encryption?
pre-shared key
3. Which two statements are valid solutions for a cable ISP to reduce congestion for users? (Choose two.)
allocate an additional channel
subdivide the network to reduce users on each segment
4. While monitoring traffic on a cable network, a technician notes that data is being transmitted at 38 MHz. Which statement describes the situation observed by the technician?
Data is being transmitted from the subscriber to the headend.
5. After conducting research to learn about common remote connection options for teleworkers, a network administrator has decided to implement remote access over broadband to establish VPN connections over the public Internet. What is the result of this solution?
The connection has increased security and reliable connectivity. Users need a remote VPN router or VPN client software.
6. Data confidentiality through a VPN is achieved through which two methods? (Choose two.)
encryption
encapsulation
7. Data confidentiality through a VPN can be enhanced through the use of which three encryption protocols? (Choose three.)
AES
DES
RSA
8. What two protocols provide data authentication and integrity for IPsec? (Choose two.)
AH
ESP
9. A technician has been asked to configure a broadband connection for a teleworker. The technician has been instructed that all uploads and downloads for the connection must use existing phone lines. Which broadband technology should be used?
DSL
10. What are the three main functions of a secure VPN? (Choose three.)
authentication
data confidentiality
data integrity
11. A company is using WiMAX to provide access for teleworkers. What home equipment must the company provide at the teleworker's site?
a WiMAX receiver
12. Which two methods could an administrator use to authenticate users on a remote access VPN? (Choose two.)
digital certificates
smart cards
13. Which two statements about DSL are true? (Choose two.)
local loop can be up to 3.5 miles (5.5km)
user connections are aggregated at a DSLAM located at the CO
14. Which two features can be associated with the Worldwide Interoperability for Microwave Access (WiMAX) telecommunication technology? (Choose two.)
covers areas as large as 7,500 square kilometers
connects directly to the Internet through high-bandwidth connections
15. Refer to the exhibit. All users have a legitimate purpose and the necessary persissions to access the Corporate network. Based on the topology shown, which locations are able to establish VPN connectivity with the Corporate network?
All locations can support VPN connectivity.
16. Which statement describes cable?
Delivering services over a cable network requires downstream frequencies in the 50 to 860 MHz range, and upstream frequencies in the 5 to 42 MHz range.
17. Which two protocols can be used to encapsulate traffic that is traversing a VPN tunnel? (Choose two.)
IPsec
PPTP
18. Refer to the exhibit. A teleworker is connected over the Internet to the HQ Office. What type of secure connection can be established between the teleworker and the HQ Office?
a remote-access VPN
19. Refer to the exhibit. A VPN tunnel has been established between the HQ Office and the Branch Office over the public Internet. Which three mechanisms are required by the devices on each end of the VPN tunnel to protect the data from being intercepted and modified? (Choose three.)
The two parties must establish a secret key used by encryption and hash algorithms.
The two parties must agree on the encryption algorithm to be used over the VPN tunnel.
The devices must be authenticated before the communication path is considered secure.
CCNA v4 - E4 - Module 5 (100%)
1. Refer to the exhibit. What will be the effect of the configuration that is shown?
Users attempting to access hosts in the 192.168.30.0/24 network will be required to telnet to R3.
2. Which three parameters can ACLs use to filter traffic? (Choose three.)
protocol suite
source address
destination address
3. Refer to the exhibit. How does this access list process a packet with the source address 10.1.1.1 and a destination of 192.168.10.13?
It is dropped because it does not match any of the items in the ACL.
4 .Which two statements are correct about extended ACLs? (Choose two)
Extended ACLs evaluate the source and destination addresses.
Port numbers can be used to add greater definition to an ACL.
5. Where should a standard access control list be placed?
close to the destination
6. Which three statements describe ACL processing of packets? (Choose three.)
An implicit deny any rejects any packet that does not match any ACL statement.
A packet can either be rejected or forwarded as directed by the statement that is matched.
Each statement is checked only until a match is detected or until the end of the ACL statement list.
7. Refer to the exhibit. How will Router1 treat traffic matching the time-range requirement of EVERYOTHERDAY?
Telnet traffic entering fa0/0 from 10.1.1.254/24 destined to the 172.16.1.0/24 network is permitted.
8. Which two statements are true regarding the following extended ACL? (Choose two.)
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21
access-list 101 permit ip any any
FTP traffic originating from network 172.16.3.0/24 is denied.
Web traffic originating from 172.16.3.0 is permitted.
9. Which two statements are true regarding the significance of the access control list wildcard mask 0.0.0.7? (Choose two.)
The last 3 bits will be ignored
The first 29 bits will be checked
10. Refer to the exhibit. When creating an extended ACL to deny traffic from the 192.168.30.0 network destined for the Web server 209.165.201.30, where is the best location for applying the ACL?
R3 Fa0/0 inbound
11. How do Cisco standard ACLs filter traffic?
by source IP address
12. Which three items must be configured before a dynamic ACL can become active on a router? (Choose three.)
extended ACL
authentication
Telnet connectivity
13. A network administrator needs to allow traffic through the firewall router for sessions that originate from within the company network, but the administrator must block traffic for sessions that originate outside the network of the company. What type of ACL is most appropriate?
reflexive
14. Which statement about standard ACLs is true?
They should be placed as close to the destination as possible.
15. Which benefit does an extended ACL offer over a standard ACL?
In addition to the source address, an extended ACL can also filter on destination address, destination port, and source port.
16. The following commands were entered on a router:
Router(config)# access-list 2 deny 172.16.5.24
Router(config)# access-list 2 permit any
The ACL is correctly applied to an interface. What can be concluded about this set of commands?
Wildcard 0.0.0.0 is assumed
17. Refer to the exhibit. The administrator wishes to block web traffic from 192.168.1.50 from reaching the default port of the web service on 192.168.3.30. To do this, the access control list name is applied inbound on the router R1 LAN interface. After testing the list, the administrator has noted that the web traffic remains successful. Why is web traffic reaching the destination?
The range of source addresses specified in line 10 does not include host 192.168.1.50.
18. Which feature will require the use of a named ACL rather than a numbered ACL?
the ability to edit the ACL and add additional statements in the middle of the list without removing and re-creating the list
19. By default, how is IP traffic filtered in a Cisco router?
permitted in and out of all interfaces
20. Refer to the exhibit. The network administrator applied an ACL outbound on S0/0/0 on router R1. Immediately after the administrator did so, the users on network 172.22.30.0/24 started complaining that they have intermittent access to the resources available on the server on the 10.10.0.0/16 network. On the basis of the configuration that is provided, what is the possible reason for the problem?
The ACL permits the IP packets for users on network 172.22.30.0/24 only during a specific time range.
21. Interface s0/0/0 already has an IP ACL applied inbound. What happens when the network administrator attempts to apply a second inbound IP ACL?
The second ACL is applied to the interface, replacing the first.
22. A technician is creating an ACL and needs a way to indicate only the subnet 172.16.16.0/21. Which combination of network address and wildcard mask will accomplish the desired task?
172.16.16.0 0.0.7.255
23. Refer to the exhibit. Which statement is true about ACL 110 if ACL 110 is applied in the inbound direction on S0/0/0 of R1?
It will permit any TCP traffic that originated from network 172.22.10.0/24 to return inbound on the S0/0/0 interface.
24. Refer to the exhibit. ACL 120 is configured inbound on the serial0/0/0 interface on router R1, but the hosts on network 172.11.10.0/24 are able to telnet to network 10.10.0.0/16. On the basis of the provided configuration, what should be done to remedy the problem?
Apply the ACL outbound on the serial0/0/0 interface on router R1.
25. Which two statements are true regarding named ACLs? (Choose two.)
Names can be used to help identify the function of the ACL.
Certain complex ACLs, such as reflexive ACLs, must be defined with named ACLs.
Users attempting to access hosts in the 192.168.30.0/24 network will be required to telnet to R3.
2. Which three parameters can ACLs use to filter traffic? (Choose three.)
protocol suite
source address
destination address
3. Refer to the exhibit. How does this access list process a packet with the source address 10.1.1.1 and a destination of 192.168.10.13?
It is dropped because it does not match any of the items in the ACL.
4 .Which two statements are correct about extended ACLs? (Choose two)
Extended ACLs evaluate the source and destination addresses.
Port numbers can be used to add greater definition to an ACL.
5. Where should a standard access control list be placed?
close to the destination
6. Which three statements describe ACL processing of packets? (Choose three.)
An implicit deny any rejects any packet that does not match any ACL statement.
A packet can either be rejected or forwarded as directed by the statement that is matched.
Each statement is checked only until a match is detected or until the end of the ACL statement list.
7. Refer to the exhibit. How will Router1 treat traffic matching the time-range requirement of EVERYOTHERDAY?
Telnet traffic entering fa0/0 from 10.1.1.254/24 destined to the 172.16.1.0/24 network is permitted.
8. Which two statements are true regarding the following extended ACL? (Choose two.)
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21
access-list 101 permit ip any any
FTP traffic originating from network 172.16.3.0/24 is denied.
Web traffic originating from 172.16.3.0 is permitted.
9. Which two statements are true regarding the significance of the access control list wildcard mask 0.0.0.7? (Choose two.)
The last 3 bits will be ignored
The first 29 bits will be checked
10. Refer to the exhibit. When creating an extended ACL to deny traffic from the 192.168.30.0 network destined for the Web server 209.165.201.30, where is the best location for applying the ACL?
R3 Fa0/0 inbound
11. How do Cisco standard ACLs filter traffic?
by source IP address
12. Which three items must be configured before a dynamic ACL can become active on a router? (Choose three.)
extended ACL
authentication
Telnet connectivity
13. A network administrator needs to allow traffic through the firewall router for sessions that originate from within the company network, but the administrator must block traffic for sessions that originate outside the network of the company. What type of ACL is most appropriate?
reflexive
14. Which statement about standard ACLs is true?
They should be placed as close to the destination as possible.
15. Which benefit does an extended ACL offer over a standard ACL?
In addition to the source address, an extended ACL can also filter on destination address, destination port, and source port.
16. The following commands were entered on a router:
Router(config)# access-list 2 deny 172.16.5.24
Router(config)# access-list 2 permit any
The ACL is correctly applied to an interface. What can be concluded about this set of commands?
Wildcard 0.0.0.0 is assumed
17. Refer to the exhibit. The administrator wishes to block web traffic from 192.168.1.50 from reaching the default port of the web service on 192.168.3.30. To do this, the access control list name is applied inbound on the router R1 LAN interface. After testing the list, the administrator has noted that the web traffic remains successful. Why is web traffic reaching the destination?
The range of source addresses specified in line 10 does not include host 192.168.1.50.
18. Which feature will require the use of a named ACL rather than a numbered ACL?
the ability to edit the ACL and add additional statements in the middle of the list without removing and re-creating the list
19. By default, how is IP traffic filtered in a Cisco router?
permitted in and out of all interfaces
20. Refer to the exhibit. The network administrator applied an ACL outbound on S0/0/0 on router R1. Immediately after the administrator did so, the users on network 172.22.30.0/24 started complaining that they have intermittent access to the resources available on the server on the 10.10.0.0/16 network. On the basis of the configuration that is provided, what is the possible reason for the problem?
The ACL permits the IP packets for users on network 172.22.30.0/24 only during a specific time range.
21. Interface s0/0/0 already has an IP ACL applied inbound. What happens when the network administrator attempts to apply a second inbound IP ACL?
The second ACL is applied to the interface, replacing the first.
22. A technician is creating an ACL and needs a way to indicate only the subnet 172.16.16.0/21. Which combination of network address and wildcard mask will accomplish the desired task?
172.16.16.0 0.0.7.255
23. Refer to the exhibit. Which statement is true about ACL 110 if ACL 110 is applied in the inbound direction on S0/0/0 of R1?
It will permit any TCP traffic that originated from network 172.22.10.0/24 to return inbound on the S0/0/0 interface.
24. Refer to the exhibit. ACL 120 is configured inbound on the serial0/0/0 interface on router R1, but the hosts on network 172.11.10.0/24 are able to telnet to network 10.10.0.0/16. On the basis of the provided configuration, what should be done to remedy the problem?
Apply the ACL outbound on the serial0/0/0 interface on router R1.
25. Which two statements are true regarding named ACLs? (Choose two.)
Names can be used to help identify the function of the ACL.
Certain complex ACLs, such as reflexive ACLs, must be defined with named ACLs.
CCNA v4 - E4 - Module 4 (100%)
1. What is the best defense for protecting a network from phishing exploits?
Schedule training for all users.
2. What are three characteristics of a good security policy? (Choose three.)
It defines acceptable and unacceptable use of network resources.
It communicates consensus and defines roles.
It defines how to handle security incidents.
3. The Cisco IOS image naming convention allows identification of different versions and capabilities of the IOS. What information can be gained from the filename c2600-d-mz.121-4? (Choose two.)
The software is version 12.1, 4th revision.
The IOS is for the Cisco 2600 series hardware platform.
4. Refer to the exhibit. What is accomplished when both commands are configured on the router?
The commands disable the services such as echo, discard, and chargen on the router to prevent security vulnerabilities.
5. Which two conditions should the network administrator verify before attempting to upgrade a Cisco IOS image using a TFTP server? (Choose two.)
Verify connectivity between the router and TFTP server using the ping command.
Verify that there is enough flash memory for the new Cisco IOS image using the show flash command.
6. Which two statements regarding preventing network attacks are true? (Choose two.)
Physical security threat mitigation consists of controlling access to device console ports, labeling critical cable runs, installing UPS systems, and providing climate control.
Changing default usernames and passwords and disabling or uninstalling unnecessary services are aspects of device hardening.
7. An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?
virus
8. Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?
DoS
9. Refer to the exhibit. What is the purpose of the "ip ospf message-digest-key 1 md5 cisco" statement in the configuration?
to specify a key that is used to authenticate routing updates
10. Which two statements define the security risk when DNS services are enabled on the network? (Choose two.)
The basic DNS protocol does not provide authentication or integrity assurance.
The router configuration does not provide an option to set up main and backup DNS servers.
11. Which two statements are true about network attacks? (Choose two.)
A brute-force attack searches to try every possible password from a combination of characters.
Devices in the DMZ should not be fully trusted by internal devices, and communication between the DMZ and internal devices should be authenticated to prevent attacks such as port redirection.
12. Refer to the exhibit. A network administrator is trying to configure a router to use SDM, but it is not functioning correctly. What could be the problem?
The privilege level of the user is not configured correctly.
13. Refer to the exhibit. The network administrator is trying to back up the Cisco IOS router software and receives the output shown. What are two possible reasons for this output? (Choose two.)
The router cannot connect to the TFTP server.
The TFTP server software has not been started.
14
Which two statements are true regarding network security? (Choose two.)
Both experienced hackers who are capable of writing their own exploit code and inexperienced individuals who download exploits from the Internet pose a serious threat to network security.
Protecting network devices from physical damage caused by water or electricity is a necessary part of the security policy.
15. The password recovery process begins in which operating mode and using what type of connection? (Choose two.)
ROM monitor
direct connection through the console port
16. Which two objectives must a security policy accomplish? (Choose two.)
document the resources to be protected
identify the security objectives of the organization
17. Which statement is true about Cisco Security Device Manager (SDM)?
SDM can be run from router memory or from a PC.
18. Which step is required to recover a lost enable password for a router?
Set the configuration register to bypass the startup configuration.
19. Refer to the exhibit. Security Device Manager (SDM) is installed on router R1. What is the result of opening a web browser on PC1 and entering the URL https://192.168.10.1?
The SDM page of R1 appears with a dialog box that requests a username and password.
20. Intrusion detection occurs at which stage of the Security Wheel?
monitoring
21. Refer to the exhibit. Security Device Manager (SDM) has been used to configure a required level of security on the router. What would be accomplished when the SDM applies the next step on the security problems that are identified on the router?
SDM will reconfigure the services that are marked in the exhibit as “fix it” to apply the suggested security changes.
22
What are two benefits of using Cisco AutoSecure? (Choose two.)
It gives the administrator detailed control over which services are enabled or disabled.
It allows the administrator to configure security policies without having to understand all of the Cisco IOS software features.
Schedule training for all users.
2. What are three characteristics of a good security policy? (Choose three.)
It defines acceptable and unacceptable use of network resources.
It communicates consensus and defines roles.
It defines how to handle security incidents.
3. The Cisco IOS image naming convention allows identification of different versions and capabilities of the IOS. What information can be gained from the filename c2600-d-mz.121-4? (Choose two.)
The software is version 12.1, 4th revision.
The IOS is for the Cisco 2600 series hardware platform.
4. Refer to the exhibit. What is accomplished when both commands are configured on the router?
The commands disable the services such as echo, discard, and chargen on the router to prevent security vulnerabilities.
5. Which two conditions should the network administrator verify before attempting to upgrade a Cisco IOS image using a TFTP server? (Choose two.)
Verify connectivity between the router and TFTP server using the ping command.
Verify that there is enough flash memory for the new Cisco IOS image using the show flash command.
6. Which two statements regarding preventing network attacks are true? (Choose two.)
Physical security threat mitigation consists of controlling access to device console ports, labeling critical cable runs, installing UPS systems, and providing climate control.
Changing default usernames and passwords and disabling or uninstalling unnecessary services are aspects of device hardening.
7. An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?
virus
8. Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?
DoS
9. Refer to the exhibit. What is the purpose of the "ip ospf message-digest-key 1 md5 cisco" statement in the configuration?
to specify a key that is used to authenticate routing updates
10. Which two statements define the security risk when DNS services are enabled on the network? (Choose two.)
The basic DNS protocol does not provide authentication or integrity assurance.
The router configuration does not provide an option to set up main and backup DNS servers.
11. Which two statements are true about network attacks? (Choose two.)
A brute-force attack searches to try every possible password from a combination of characters.
Devices in the DMZ should not be fully trusted by internal devices, and communication between the DMZ and internal devices should be authenticated to prevent attacks such as port redirection.
12. Refer to the exhibit. A network administrator is trying to configure a router to use SDM, but it is not functioning correctly. What could be the problem?
The privilege level of the user is not configured correctly.
13. Refer to the exhibit. The network administrator is trying to back up the Cisco IOS router software and receives the output shown. What are two possible reasons for this output? (Choose two.)
The router cannot connect to the TFTP server.
The TFTP server software has not been started.
14
Which two statements are true regarding network security? (Choose two.)
Both experienced hackers who are capable of writing their own exploit code and inexperienced individuals who download exploits from the Internet pose a serious threat to network security.
Protecting network devices from physical damage caused by water or electricity is a necessary part of the security policy.
15. The password recovery process begins in which operating mode and using what type of connection? (Choose two.)
ROM monitor
direct connection through the console port
16. Which two objectives must a security policy accomplish? (Choose two.)
document the resources to be protected
identify the security objectives of the organization
17. Which statement is true about Cisco Security Device Manager (SDM)?
SDM can be run from router memory or from a PC.
18. Which step is required to recover a lost enable password for a router?
Set the configuration register to bypass the startup configuration.
19. Refer to the exhibit. Security Device Manager (SDM) is installed on router R1. What is the result of opening a web browser on PC1 and entering the URL https://192.168.10.1?
The SDM page of R1 appears with a dialog box that requests a username and password.
20. Intrusion detection occurs at which stage of the Security Wheel?
monitoring
21. Refer to the exhibit. Security Device Manager (SDM) has been used to configure a required level of security on the router. What would be accomplished when the SDM applies the next step on the security problems that are identified on the router?
SDM will reconfigure the services that are marked in the exhibit as “fix it” to apply the suggested security changes.
22
What are two benefits of using Cisco AutoSecure? (Choose two.)
It gives the administrator detailed control over which services are enabled or disabled.
It allows the administrator to configure security policies without having to understand all of the Cisco IOS software features.
CCNA 2 FINAL (Latest version 100/100)
1
Refer to the exhibit. Two routers are unable to establish an adjacency. What is the possible cause for this?
The two routers are connected on a multiaccess network.
(true answer) The hello and dead intervals are different on the two routers.
They have different OSPF router IDs.
They have different process IDs.
2
What is the function of the OSPF LSR packet?
It is used to confirm the receipt of LSUs.
It is used to establish and maintain adjacency with other OSPF routers.
(true answer) It is used by the receiving routers to request more information about any entry in the DBD.
It is used to check the database synchronization between routers.
3
Refer to the exhibit. The hosts that are connected to R2 are unable to ping the hosts that are connected to R1. How can this problem be resolved?
Configure the router ID on both routers.
(true answer) Configure the R2 router interfaces for area 0.
Configure a loopback interface on both routers.
Configure the proper subnet masks on the router interfaces.
4
Which two statements are true for link-state routing protocols? (Choose two.)
(true answer) Routers that run a link-state protocol can establish a complete topology of the network.
Routers in a multipoint network that run a link-state protocol can exchange routing tables.
Routers use only hop count for routing decisions.
(true answer) The shortest path first algorithm is used.
Split horizon is used to avoid routing loops.
5
Refer to the exhibit. Which two statements are true based on the exhibited output? (Choose two.)
The administrative distance of EIGRP has been set to 50.
(true answer) All routes are stable.
(true answer) The show ip eigrp topology command has been run on R1.
The serial interface between the two routers is down.
Each route has one feasible successor.
6
Refer to the exhibit. Which three statements are true of the routing table for Router1? (Choose three.)
The route to network 172.16.0.0 has an AD of 156160.
Network 192.168.0.16 can best be reached using FastEthernet0/0.
(true answer) The AD of EIGRP routes has been manually changed to a value other than the default value.
(true answer) Router1 is running both the EIGRP and OSPF routing process.
Network 172.17.0.0 can only be reached using a default route.
(true answer) No default route has been configured.
7
Which two router component and operation pair are correctly described? (Choose two.)
DRAM - loads the bootstrap
RAM - stores the operating system
Flash - executes diagnostics at bootup
(true answer) NVRAM - stores the configuration file
ROM - stores the backup configuration file
(true answer) POST - runs diagnostics on hardware modules
8
What are two tasks that must be completed before two routers can use OSPF to form a neighbor adjacency? (Choose two.)
The routers must elect a designated router.
(true answer) The routers must agree on the network type.
(true answer) The routers must use the same dead interval.
The routers must exchange link state requests.
The routers must exchange database description packets.
9
What are two functions of a router? (Choose two.)
(true answer) It forwards data packets toward their destination.
It forwards the packet to the destination if the TTL value is 0.
It changes the destination IP address of data packets before forwarding them to an exit interface.
It determines the best path based on the destination MAC address.
(true answer) It acts as an intersection between multiple IP networks.
10
Refer to the exhibit. Which statement is true about router R2?
The routing table content indicates that interface S0/0/0 is administratively down.
The route for 172.16.1.0 is a static route.
A packet that is destined for a host on the 172.16.3.0 network is forwarded without performing a routing table lookup.
(true answer) The packets that are routed to network 172.16.1.0 require two routing table lookups.
11
Refer to the exhibit. The output of the show ip route command for router R1 is displayed. What action will the router take for a packet that is destined for 192.168.1.5?
It will drop the packet.
It will forward the packet to interface Serial0/0/0.
It will determine the route for the packet through a routing protocol.
(true answer) It will forward the packet to the default gateway.
12
Refer to the exhibit. Although R2 is configured correctly, host A is unable to access the Internet. Which two static routes can be configured on R1 to enable Internet connectivity for host A? (Choose two.)
ip route 0.0.0.0 0.0.0.0 Fa0/0
(true answer) ip route 0.0.0.0 0.0.0.0 Fa0/1
ip route 0.0.0.0 0.0.0.0 10.1.1.1
(true answer) ip route 0.0.0.0 0.0.0.0 10.1.1.2
ip route 209.165.202.0 255.255.255.0 10.1.1.1
ip route 209.165.202.0 255.255.255.0 10.1.1.2
13
Refer to the exhibit. Which two facts can be derived from this output? (Choose two.)
(true answer) Three network devices are directly connected to Router2.
(true answer) The serial interface between Router2 and Router3 is up.
Router1 and Router3 are directly connected.
Six devices are up and running on the network.
Layer 3 functionality between routers is configured properly.
14
Refer to the exhibit. Routers R1 and R3 use different routing protocols with default administrative distance values. All devices are properly configured and the destination network is advertised by both protocols.
Which path will be used to transmit the data packets between PC1 and PC2?
(true answer) The packets will travel via R2-R1.
The packets will travel via R2-R3.
The traffic will be load-balanced between two paths — via R2-R1 and via R2-R3.
The packets will travel via R2-R3, and the other path via R2-R1 will be retained as the backup path.
15
A network administrator uses the RIP routing protocol to implement routing within an autonomous system. What are two characteristics of this protocol? (Choose two.)
(true answer) It uses the Bellman-Ford algorithm to determine the best path.
It displays an actual map of the network topology.
It offers rapid convergence in large networks.
(true answer) It periodically sends complete routing tables to all connected devices.
It is beneficial in complex and hierarchically designed networks.
16
Refer to the exhibit. What is the meaning of the highlighted value 2?
It is the administrative distance of the routing protocol.
(true answer) It is the number of hops between R2 and the 192.168.8.0/24 network.
It is the value used by the DUAL algorithm to determine the bandwidth for the link.
It is the convergence time measured in seconds.
17
In a lab test environment, a router has learned about network 172.16.1.0 through four different dynamic routing processes. Which route will be used to reach this network?
(true answer) D 172.16.1.0/24 [90/2195456] via 192.168.200.1, 00:00:09, Serial0/0/0
O 172.16.1.0/24 [110/1012] via 192.168.200.1, 00:00:22, Serial0/0/0
R 172.16.1.0/24 [120/1] via 192.168.200.1, 00:00:17, Serial0/0/0
I 172.16.1.0/24 [100/1192] via 192.168.200.1, 00:00:09, Serial0/0/0
18
Refer to the exhibit. The routers are properly configured using a dynamic routing protocol with default settings, and the network is fully converged. Router A is forwarding data to router E. Which statement is true about the routing path?
(true answer) If the network uses the RIP protocol, router A will determine that all paths have equal cost.
If the network uses the RIP protocol, router A will update only the A-C-E path in its routing table.
If the network uses the EIGRP routing protocol, router A will determine that path A-D-E has the lowest cost.
If both RIP and EIGRP protocols are configured on router A, the router will use the route information that is learned by the RIP routing protocol.
19
Which statement is true about the RIPv1 protocol?
It is a link-state routing protocol.
(true answer) It excludes subnet information from the routing updates.
It uses the DUAL algorithm to insert backup routes into the topology table.
It uses classless routing as the default method on the router.
20
Refer to the exhibit. The 10.4.0.0 network fails. What mechanism prevents R2 from receiving false update information regarding the 10.4.0.0 network?
(true answer) split horizon
hold-down timers
route poisoning
triggered updates
21
Refer to the exhibit. All routers are running RIPv1. The two networks 10.1.1.0/29 and 10.1.1.16/29 are unable to access each other. What can be the cause of this problem?
Because RIPv1 is a classless protocol, it does not support this access.
(true answer) RIPv1 does not support discontiguous networks.
RIPv1 does not support load balancing.
RIPv1 does not support automatic summarization.
22
How does route poisoning prevent routing loops?
New routing updates are ignored until the network has converged.
(true answer) Failed routes are advertised with a metric of infinity.
A route is marked as unavailable when its Time to Live is exceeded.
The unreachable route is cleared from the routing table after the invalid timer expires.
23
Which statement is true about the metrics used by routing protocols?
(true answer) A metric is a value used by a particular routing protocol to compare paths to remote networks.
A common metric is used by all routing protocols.
The metric with the highest value is installed in the routing table.
The router may use only one parameter at a time to calculate the metric.
24
Refer to the exhibit. Both routers are using the RIPv2 routing protocol and static routes are undefined. R1 can ping 192.168.2.1 and 10.1.1.2, but is unable to ping 192.168.4.1.
What is the reason for the ping failure?
The serial interface between two routers is down.
R2 is not forwarding the routing updates.
(true answer) The 192.168.4.0 network is not included in the RIP configuration of R2.
RIPv1 needs to be configured.
25
Refer to the exhibit. A network administrator wants to reduce the size of the routing table of R1. Which partial routing table entry in R1 represents the route summary for R2, without including any additional subnets?
10.0.0.0/16 is subnetted, 1 subnets
D 10.5.0.0[90/205891] via 192.168.1.2, S0/0/0
10.0.0.0/24 is subnetted, 4 subnets
D 10.5.0.0[90/205198] via 192.168.1.2, S0/0/0
(true answer) 10.0.0.0/22 is subnetted, 1 subnets
D 10.5.0.0[90/205901] via 192.168.1.2, S0/0/0
10.0.0.0/8 is subnetted, 4 subnets
D 10.5.0.0[90/205001] via 192.168.1.2, S0/0/0
26
Refer to the exhibit. An administrator is adding a new subnet of 50 hosts to R3. Which subnet address should be used for the new subnet that provides enough addresses while wasting a minimum of addresses?
192.168.1.0/24
192.168.1.48 /28
192.168.1.32/27
(true answer) 192.168.1.64/26
27
Refer to the exhibit. How many routes are ultimate routes?
3
4
(true answer) 5
7
28
Refer to the exhibit. Which router is advertising subnet 172.16.1.32/28?
Router1
Router2
Router3
(true answer) Router4
29
Which two statements are true about the EIGRP successor route? (Choose two.)
It is saved in the topology table for use if the primary route fails.
(true answer) It may be backed up by a feasible successor route.
(true answer) It is used by EIGRP to forward traffic to the destination.
It is flagged as active in the routing table.
After the discovery process has occurred, the successor route is stored in the neighbor table.
30
Refer to the exhibit. R2 is configured correctly. The network administrator has configured R1 as shown. Which two facts can be deduced from the configuration of R1? (Choose two.)
(true answer) R1 will forward the route information for subnet 192.168.100.0/30.
The administrative distance has been set to 50 on R1.
(true answer) R1 will not forward route information for subnet 192.168.100.4.0/30.
R1 will forward the EGRP update for subnet 10.10.10.0/30.
Autosummarization must be enabled.
31
Refer to the exhibit. All routers are running the same routing protocol. Based on the exhibit and its displayed commands, which statement is true?
Routers B, C, and D have no access to the Internet.
(true answer) The link to the ISP will be excluded from the routing protocol process.
A default route must be configured on every router.
The wildcard mask is incorrectly configured.
32
Which two components are used to determine the router ID in the configuration of the OSPF routing process? (Choose two.)
the IP address of the first FastEthernet interface
(true answer) the highest IP address of any logical interface
(true answer) the highest IP address of any physical interface
the default gateway IP address
the priority value of 1 on any physical interface
33
Refer to the exhibit. R1 and R2 are unable to establish an adjacency. What two configuration changes will correct the problem? (Choose
two.)
Set a lower priority on R2.
(true answer) Configure the routers in the same area.
Set a lower cost on R2 compared to R1.
Add a backup designated router to the network.
(true answer) Match the hello and dead timers on both routers.
34
Refer to the exhibit. All routers are properly configured to use the EIGRP routing protocol with default settings, and the network is fully converged. Which statement correctly describes the path that the traffic will use from the 10.1.1.0/24 network to the 10.1.2.0/24 network?
It will use the A-D path only.
It will use the path A-D, and the paths A-C-D and A-B-D will be retained as the backup paths.
It will use all the paths equally in a round-robin fashion.
(true answer) The traffic will be load-balanced between A-B-D and A-C-D.
35
Which routing protocol maintains a topology table separate from the routing table?
IGRP
RIPv1
RIPv2
(true answer) EIGRP
36
Refer to the exhibit. A ping between the serial interfaces of R1 and R2 is successful, but a ping between their FastEthernet interfaces fails. What is the reason for this problem?
The FastEthernet interface of R1 is disabled.
(true answer) One of the default routes is configured incorrectly.
A routing protocol is not configured on both routers.
The default gateway has not been configured on both routers.
37
Refer to the exhibit. What action will R2 take for a packet that is destined for 192.168.2.0?
It will drop the packet.
It will forward the packet via the S0/0/0 interface.
It will forward the packet via the Fa0/0 interface.
(true answer) It will forward the packet to R1.
38
Refer to the exhibit. A network administrator has configured R1 as shown, and all interfaces are functioning correctly. A ping from R1 to 172.16.1.1 fails. What could be the cause of this problem?
The serial interface on R1 is configured incorrectly.
(true answer) The default route is configured incorrectly.
The default-information originate command must be issued on R1.
Autosummarization must be disabled on R1.
39
Refer to the exhibit. All interfaces are addressed and functioning correctly. The network administrator runs the tracert command on host A. Which two facts could be responsible for the output of this command? (Choose two.)
(true answer) The entry for 192.168.2.0/24 is missing from the routing table of R1.
(true answer) The entry for 192.168.1.0/24 is missing from the routing table of R2.
The entry for 10.1.1.0/30 is missing from the routing table of R1.
The entry for 10.1.1.0/30 is missing from the routing table of R2.
The entry for 192.168.1.0/24 is missing from the routing table of R1.
The entry for 192.168.2.0/24 is missing from the routing table of R2.
40
A router has learned two equal cost paths to a remote network via the EIGRP and RIP protocols. Both protocols are using their default configurations. Which path to the remote network will be installed in the routing table?
(true answer) the path learned via EIGRP
the path learned via RIP
the path with the highest metric value
both paths with load balancing
41
Refer to the exhibit. The network has three connected routers: R1, R2, and R3. The routes of all three routers are displayed. All routers are operational and pings are not blocked on this network.
Which ping will fail?
from R1 to 172.16.1.1
(true answer) from R1 to 192.168.3.1
from R2 to 192.168.1.1
from R2 to 192.168.3.1
42
Refer to the exhibit. Which summarization should R1 use to advertise its networks to R2?
192.168.1.0/24
192.168.0.0/24
(true answer) 192.168.0.0/22
192.168.1.0/22
43
Refer to the exhibit. Host A is unable to access the Internet. What is the reason for this?
The IP address of host A is incorrect.
The default gateway of host A is incorrect.
(true answer) The Fa0/1 interfaces of the two routers are configured for different subnets.
The subnet mask for the Fa0/0 interface of R1 is incorrect.
44
Refer to the exhibit. Which two components are required to complete the configuration? (Choose two.)
a CSU/DSU device
(true answer) a DTE device
a DCE device
a crossover cable
(true answer) a V.35 cable
45
A router boots and enters setup mode. What is the reason for this?
The IOS image is corrupt.
Cisco IOS is missing from flash memory.
(true answer) The configuration file is missing from NVRAM.
The POST process has detected hardware failure.
46
Refer to the exhibit. A network administrator is accessing router R1 from the console port. Once the administrator is connected to the router, which password should the administrator enter at the R1> prompt to access the privileged EXEC mode?
Cisco001
Cisco123
(true answer) Cisco789
Cisco901
47
Refer to the exhibit. While trying to diagnose a routing problem in the network, the network administrator runs the debug ip rip command. What can be determined from the output of this command?
The router will be unable to ping 192.168.1.2.
The router has two interfaces that participate in the RIP process.
The router will forward the updates for 192.168.1.0 on interface Serial0/0/1.
(true answer) The router is not originating routes for 172.16.1.0.
48
Refer to the exhibit. To implement the RIPv2 protocol, the network administrator runs the commands as displayed. However, the show ip protocol command fails to display any output. How can the administrator solve the problem that is indicated by the lack of output from this command?
Include the default-information originate command.
Include the no auto-summary command.
(true answer) Specify the network for which RIP routing has to be enabled.
Implement RIPv2 authentication in the network.
49
Refer to the exhibit. Router R2 is configured properly and all interfaces are functional. Router R1 has been installed recently. Host A is unable to ping host B.
Which procedure can resolve this problem?
Configure a static route on R1 using the IP address of the serial interface on R1.
Configure a default route on R1 with the exit interface Fa0/0 on R1.
(true answer) Configure a static route on R1 using the IP address of S0/0/0 on R2.
Configure a default route on R1 using the IP address of Fa0/0 on R2.
50
Refer to the exhibit. The show cdp neighbors command was run at R1. Which two facts about the newly detected device can be determined from the output? (Choose two.)
(true answer) ABCD is a router that is connected to R1.
ABCD is a non-CISCO device that is connected to R1.
(true answer) The device is connected at the Serial0/0/1 interface of R1.
R1 is connected at the S0/0/1 interface of device ABCD.
ABCD does not support switching capability.
51
Refer to the exhibit. A router learns a route to the 192.168.6.0 network, as shown in the output of theshow ip rip database command. However, upon running the show ip route command, the network administrator sees that the router has installed a different route to the 192.168.6.0 network learned via EIGRP. What could be the reason for the missing RIP route?
(true answer) Compared to RIP, EIGRP has a lower administrative distance.
Compared to EIGRP, RIP has a higher metric value for the route.
Compared to RIP, the EIGRP route has fewer hops.
Compared to RIP, EIGRP has a faster update timer.
52
All routers in a network are configured in a single OSPF area with the same priority value. No loopback interface has been set on any of the routers. Which secondary value will the routers use to determine the router ID?
The highest MAC address among the active interfaces of the network will be used.
There will be no router ID until a loopback interface is configured.
The highest IP address among the active FastEthernet interfaces that are running OSPF will be used.
(true answer) The highest IP address among the active interfaces will be used.
53
Refer to the exhibit. Routers R1 and R2 are directly connected via their serial interfaces and are both running the EIGRP routing protocol. R1 and R2 can ping the directly connected serial interface of their neighbor, but they cannot form an EIGRP neighbor adjacency.
What action should be taken to solve this problem?
Enable the serial interfaces of both routers.
Configure EIGRP to send periodic updates.
Configure the same hello interval between the routers.
(true answer) Configure both routers with the same EIGRP process ID.
54
Which three statements are true regarding the encapsulation and de-encapsulation of packets when traveling through a router? (Choose three.)
(true answer) The router modifies the TTL field, decrementing it by one.
The router changes the source IP to the IP of the exit interface.
(true answer) The router maintains the same source and destination IP.
(true answer) The router changes the source physical address to the physical address of the exit interface.
The router changes the destination IP to the IP of the exit interface.
The router sends the packet out all other interfaces, besides the one it entered the router on.
55
Refer to the exhibit. Packets destined to which two networks will require the router to perform a recursive lookup? (Choose two.)
(true answer) 10.0.0.0/8
64.100.0.0/16
128.107.0.0/16
172.16.40.0/24
192.168.1.0/24
(true answer) 192.168.2.0/24
56
Which two statements are correct about the split horizon with poison reverse method of routing loop prevention? (Choose two.)
It is enabled by default on all Cisco IOS implementations.
(true answer) It assigns a value that represents an infinite metric to the poisoned route.
(true answer) It sends back the poisoned route update to the same interface from where it was received.
It instructs routers to hold all changes that might affect routes, for a specified period of time.
It limits the number of hops a packet can traverse through the network before it is discarded.
57
A network administrator has enabled RIP on routers B and C in the network diagram. Which of the following commands will prevent RIP updates from being sent to Router A?
A(config)# router rip
A(config-router)# passive-interface S0/0
B(config)# router rip
B(config-router)# network 192.168.25.48
B(config-router)# network 192.168.25.64
A(config)# router rip
A(config-router)# no network 192.168.25.32
(true answer) B(config)# router rip
B(config-router)# passive-interface S0/0
A(config)# no router rip
Refer to the exhibit. Two routers are unable to establish an adjacency. What is the possible cause for this?
The two routers are connected on a multiaccess network.
(true answer) The hello and dead intervals are different on the two routers.
They have different OSPF router IDs.
They have different process IDs.
2
What is the function of the OSPF LSR packet?
It is used to confirm the receipt of LSUs.
It is used to establish and maintain adjacency with other OSPF routers.
(true answer) It is used by the receiving routers to request more information about any entry in the DBD.
It is used to check the database synchronization between routers.
3
Refer to the exhibit. The hosts that are connected to R2 are unable to ping the hosts that are connected to R1. How can this problem be resolved?
Configure the router ID on both routers.
(true answer) Configure the R2 router interfaces for area 0.
Configure a loopback interface on both routers.
Configure the proper subnet masks on the router interfaces.
4
Which two statements are true for link-state routing protocols? (Choose two.)
(true answer) Routers that run a link-state protocol can establish a complete topology of the network.
Routers in a multipoint network that run a link-state protocol can exchange routing tables.
Routers use only hop count for routing decisions.
(true answer) The shortest path first algorithm is used.
Split horizon is used to avoid routing loops.
5
Refer to the exhibit. Which two statements are true based on the exhibited output? (Choose two.)
The administrative distance of EIGRP has been set to 50.
(true answer) All routes are stable.
(true answer) The show ip eigrp topology command has been run on R1.
The serial interface between the two routers is down.
Each route has one feasible successor.
6
Refer to the exhibit. Which three statements are true of the routing table for Router1? (Choose three.)
The route to network 172.16.0.0 has an AD of 156160.
Network 192.168.0.16 can best be reached using FastEthernet0/0.
(true answer) The AD of EIGRP routes has been manually changed to a value other than the default value.
(true answer) Router1 is running both the EIGRP and OSPF routing process.
Network 172.17.0.0 can only be reached using a default route.
(true answer) No default route has been configured.
7
Which two router component and operation pair are correctly described? (Choose two.)
DRAM - loads the bootstrap
RAM - stores the operating system
Flash - executes diagnostics at bootup
(true answer) NVRAM - stores the configuration file
ROM - stores the backup configuration file
(true answer) POST - runs diagnostics on hardware modules
8
What are two tasks that must be completed before two routers can use OSPF to form a neighbor adjacency? (Choose two.)
The routers must elect a designated router.
(true answer) The routers must agree on the network type.
(true answer) The routers must use the same dead interval.
The routers must exchange link state requests.
The routers must exchange database description packets.
9
What are two functions of a router? (Choose two.)
(true answer) It forwards data packets toward their destination.
It forwards the packet to the destination if the TTL value is 0.
It changes the destination IP address of data packets before forwarding them to an exit interface.
It determines the best path based on the destination MAC address.
(true answer) It acts as an intersection between multiple IP networks.
10
Refer to the exhibit. Which statement is true about router R2?
The routing table content indicates that interface S0/0/0 is administratively down.
The route for 172.16.1.0 is a static route.
A packet that is destined for a host on the 172.16.3.0 network is forwarded without performing a routing table lookup.
(true answer) The packets that are routed to network 172.16.1.0 require two routing table lookups.
11
Refer to the exhibit. The output of the show ip route command for router R1 is displayed. What action will the router take for a packet that is destined for 192.168.1.5?
It will drop the packet.
It will forward the packet to interface Serial0/0/0.
It will determine the route for the packet through a routing protocol.
(true answer) It will forward the packet to the default gateway.
12
Refer to the exhibit. Although R2 is configured correctly, host A is unable to access the Internet. Which two static routes can be configured on R1 to enable Internet connectivity for host A? (Choose two.)
ip route 0.0.0.0 0.0.0.0 Fa0/0
(true answer) ip route 0.0.0.0 0.0.0.0 Fa0/1
ip route 0.0.0.0 0.0.0.0 10.1.1.1
(true answer) ip route 0.0.0.0 0.0.0.0 10.1.1.2
ip route 209.165.202.0 255.255.255.0 10.1.1.1
ip route 209.165.202.0 255.255.255.0 10.1.1.2
13
Refer to the exhibit. Which two facts can be derived from this output? (Choose two.)
(true answer) Three network devices are directly connected to Router2.
(true answer) The serial interface between Router2 and Router3 is up.
Router1 and Router3 are directly connected.
Six devices are up and running on the network.
Layer 3 functionality between routers is configured properly.
14
Refer to the exhibit. Routers R1 and R3 use different routing protocols with default administrative distance values. All devices are properly configured and the destination network is advertised by both protocols.
Which path will be used to transmit the data packets between PC1 and PC2?
(true answer) The packets will travel via R2-R1.
The packets will travel via R2-R3.
The traffic will be load-balanced between two paths — via R2-R1 and via R2-R3.
The packets will travel via R2-R3, and the other path via R2-R1 will be retained as the backup path.
15
A network administrator uses the RIP routing protocol to implement routing within an autonomous system. What are two characteristics of this protocol? (Choose two.)
(true answer) It uses the Bellman-Ford algorithm to determine the best path.
It displays an actual map of the network topology.
It offers rapid convergence in large networks.
(true answer) It periodically sends complete routing tables to all connected devices.
It is beneficial in complex and hierarchically designed networks.
16
Refer to the exhibit. What is the meaning of the highlighted value 2?
It is the administrative distance of the routing protocol.
(true answer) It is the number of hops between R2 and the 192.168.8.0/24 network.
It is the value used by the DUAL algorithm to determine the bandwidth for the link.
It is the convergence time measured in seconds.
17
In a lab test environment, a router has learned about network 172.16.1.0 through four different dynamic routing processes. Which route will be used to reach this network?
(true answer) D 172.16.1.0/24 [90/2195456] via 192.168.200.1, 00:00:09, Serial0/0/0
O 172.16.1.0/24 [110/1012] via 192.168.200.1, 00:00:22, Serial0/0/0
R 172.16.1.0/24 [120/1] via 192.168.200.1, 00:00:17, Serial0/0/0
I 172.16.1.0/24 [100/1192] via 192.168.200.1, 00:00:09, Serial0/0/0
18
Refer to the exhibit. The routers are properly configured using a dynamic routing protocol with default settings, and the network is fully converged. Router A is forwarding data to router E. Which statement is true about the routing path?
(true answer) If the network uses the RIP protocol, router A will determine that all paths have equal cost.
If the network uses the RIP protocol, router A will update only the A-C-E path in its routing table.
If the network uses the EIGRP routing protocol, router A will determine that path A-D-E has the lowest cost.
If both RIP and EIGRP protocols are configured on router A, the router will use the route information that is learned by the RIP routing protocol.
19
Which statement is true about the RIPv1 protocol?
It is a link-state routing protocol.
(true answer) It excludes subnet information from the routing updates.
It uses the DUAL algorithm to insert backup routes into the topology table.
It uses classless routing as the default method on the router.
20
Refer to the exhibit. The 10.4.0.0 network fails. What mechanism prevents R2 from receiving false update information regarding the 10.4.0.0 network?
(true answer) split horizon
hold-down timers
route poisoning
triggered updates
21
Refer to the exhibit. All routers are running RIPv1. The two networks 10.1.1.0/29 and 10.1.1.16/29 are unable to access each other. What can be the cause of this problem?
Because RIPv1 is a classless protocol, it does not support this access.
(true answer) RIPv1 does not support discontiguous networks.
RIPv1 does not support load balancing.
RIPv1 does not support automatic summarization.
22
How does route poisoning prevent routing loops?
New routing updates are ignored until the network has converged.
(true answer) Failed routes are advertised with a metric of infinity.
A route is marked as unavailable when its Time to Live is exceeded.
The unreachable route is cleared from the routing table after the invalid timer expires.
23
Which statement is true about the metrics used by routing protocols?
(true answer) A metric is a value used by a particular routing protocol to compare paths to remote networks.
A common metric is used by all routing protocols.
The metric with the highest value is installed in the routing table.
The router may use only one parameter at a time to calculate the metric.
24
Refer to the exhibit. Both routers are using the RIPv2 routing protocol and static routes are undefined. R1 can ping 192.168.2.1 and 10.1.1.2, but is unable to ping 192.168.4.1.
What is the reason for the ping failure?
The serial interface between two routers is down.
R2 is not forwarding the routing updates.
(true answer) The 192.168.4.0 network is not included in the RIP configuration of R2.
RIPv1 needs to be configured.
25
Refer to the exhibit. A network administrator wants to reduce the size of the routing table of R1. Which partial routing table entry in R1 represents the route summary for R2, without including any additional subnets?
10.0.0.0/16 is subnetted, 1 subnets
D 10.5.0.0[90/205891] via 192.168.1.2, S0/0/0
10.0.0.0/24 is subnetted, 4 subnets
D 10.5.0.0[90/205198] via 192.168.1.2, S0/0/0
(true answer) 10.0.0.0/22 is subnetted, 1 subnets
D 10.5.0.0[90/205901] via 192.168.1.2, S0/0/0
10.0.0.0/8 is subnetted, 4 subnets
D 10.5.0.0[90/205001] via 192.168.1.2, S0/0/0
26
Refer to the exhibit. An administrator is adding a new subnet of 50 hosts to R3. Which subnet address should be used for the new subnet that provides enough addresses while wasting a minimum of addresses?
192.168.1.0/24
192.168.1.48 /28
192.168.1.32/27
(true answer) 192.168.1.64/26
27
Refer to the exhibit. How many routes are ultimate routes?
3
4
(true answer) 5
7
28
Refer to the exhibit. Which router is advertising subnet 172.16.1.32/28?
Router1
Router2
Router3
(true answer) Router4
29
Which two statements are true about the EIGRP successor route? (Choose two.)
It is saved in the topology table for use if the primary route fails.
(true answer) It may be backed up by a feasible successor route.
(true answer) It is used by EIGRP to forward traffic to the destination.
It is flagged as active in the routing table.
After the discovery process has occurred, the successor route is stored in the neighbor table.
30
Refer to the exhibit. R2 is configured correctly. The network administrator has configured R1 as shown. Which two facts can be deduced from the configuration of R1? (Choose two.)
(true answer) R1 will forward the route information for subnet 192.168.100.0/30.
The administrative distance has been set to 50 on R1.
(true answer) R1 will not forward route information for subnet 192.168.100.4.0/30.
R1 will forward the EGRP update for subnet 10.10.10.0/30.
Autosummarization must be enabled.
31
Refer to the exhibit. All routers are running the same routing protocol. Based on the exhibit and its displayed commands, which statement is true?
Routers B, C, and D have no access to the Internet.
(true answer) The link to the ISP will be excluded from the routing protocol process.
A default route must be configured on every router.
The wildcard mask is incorrectly configured.
32
Which two components are used to determine the router ID in the configuration of the OSPF routing process? (Choose two.)
the IP address of the first FastEthernet interface
(true answer) the highest IP address of any logical interface
(true answer) the highest IP address of any physical interface
the default gateway IP address
the priority value of 1 on any physical interface
33
Refer to the exhibit. R1 and R2 are unable to establish an adjacency. What two configuration changes will correct the problem? (Choose
two.)
Set a lower priority on R2.
(true answer) Configure the routers in the same area.
Set a lower cost on R2 compared to R1.
Add a backup designated router to the network.
(true answer) Match the hello and dead timers on both routers.
34
Refer to the exhibit. All routers are properly configured to use the EIGRP routing protocol with default settings, and the network is fully converged. Which statement correctly describes the path that the traffic will use from the 10.1.1.0/24 network to the 10.1.2.0/24 network?
It will use the A-D path only.
It will use the path A-D, and the paths A-C-D and A-B-D will be retained as the backup paths.
It will use all the paths equally in a round-robin fashion.
(true answer) The traffic will be load-balanced between A-B-D and A-C-D.
35
Which routing protocol maintains a topology table separate from the routing table?
IGRP
RIPv1
RIPv2
(true answer) EIGRP
36
Refer to the exhibit. A ping between the serial interfaces of R1 and R2 is successful, but a ping between their FastEthernet interfaces fails. What is the reason for this problem?
The FastEthernet interface of R1 is disabled.
(true answer) One of the default routes is configured incorrectly.
A routing protocol is not configured on both routers.
The default gateway has not been configured on both routers.
37
Refer to the exhibit. What action will R2 take for a packet that is destined for 192.168.2.0?
It will drop the packet.
It will forward the packet via the S0/0/0 interface.
It will forward the packet via the Fa0/0 interface.
(true answer) It will forward the packet to R1.
38
Refer to the exhibit. A network administrator has configured R1 as shown, and all interfaces are functioning correctly. A ping from R1 to 172.16.1.1 fails. What could be the cause of this problem?
The serial interface on R1 is configured incorrectly.
(true answer) The default route is configured incorrectly.
The default-information originate command must be issued on R1.
Autosummarization must be disabled on R1.
39
Refer to the exhibit. All interfaces are addressed and functioning correctly. The network administrator runs the tracert command on host A. Which two facts could be responsible for the output of this command? (Choose two.)
(true answer) The entry for 192.168.2.0/24 is missing from the routing table of R1.
(true answer) The entry for 192.168.1.0/24 is missing from the routing table of R2.
The entry for 10.1.1.0/30 is missing from the routing table of R1.
The entry for 10.1.1.0/30 is missing from the routing table of R2.
The entry for 192.168.1.0/24 is missing from the routing table of R1.
The entry for 192.168.2.0/24 is missing from the routing table of R2.
40
A router has learned two equal cost paths to a remote network via the EIGRP and RIP protocols. Both protocols are using their default configurations. Which path to the remote network will be installed in the routing table?
(true answer) the path learned via EIGRP
the path learned via RIP
the path with the highest metric value
both paths with load balancing
41
Refer to the exhibit. The network has three connected routers: R1, R2, and R3. The routes of all three routers are displayed. All routers are operational and pings are not blocked on this network.
Which ping will fail?
from R1 to 172.16.1.1
(true answer) from R1 to 192.168.3.1
from R2 to 192.168.1.1
from R2 to 192.168.3.1
42
Refer to the exhibit. Which summarization should R1 use to advertise its networks to R2?
192.168.1.0/24
192.168.0.0/24
(true answer) 192.168.0.0/22
192.168.1.0/22
43
Refer to the exhibit. Host A is unable to access the Internet. What is the reason for this?
The IP address of host A is incorrect.
The default gateway of host A is incorrect.
(true answer) The Fa0/1 interfaces of the two routers are configured for different subnets.
The subnet mask for the Fa0/0 interface of R1 is incorrect.
44
Refer to the exhibit. Which two components are required to complete the configuration? (Choose two.)
a CSU/DSU device
(true answer) a DTE device
a DCE device
a crossover cable
(true answer) a V.35 cable
45
A router boots and enters setup mode. What is the reason for this?
The IOS image is corrupt.
Cisco IOS is missing from flash memory.
(true answer) The configuration file is missing from NVRAM.
The POST process has detected hardware failure.
46
Refer to the exhibit. A network administrator is accessing router R1 from the console port. Once the administrator is connected to the router, which password should the administrator enter at the R1> prompt to access the privileged EXEC mode?
Cisco001
Cisco123
(true answer) Cisco789
Cisco901
47
Refer to the exhibit. While trying to diagnose a routing problem in the network, the network administrator runs the debug ip rip command. What can be determined from the output of this command?
The router will be unable to ping 192.168.1.2.
The router has two interfaces that participate in the RIP process.
The router will forward the updates for 192.168.1.0 on interface Serial0/0/1.
(true answer) The router is not originating routes for 172.16.1.0.
48
Refer to the exhibit. To implement the RIPv2 protocol, the network administrator runs the commands as displayed. However, the show ip protocol command fails to display any output. How can the administrator solve the problem that is indicated by the lack of output from this command?
Include the default-information originate command.
Include the no auto-summary command.
(true answer) Specify the network for which RIP routing has to be enabled.
Implement RIPv2 authentication in the network.
49
Refer to the exhibit. Router R2 is configured properly and all interfaces are functional. Router R1 has been installed recently. Host A is unable to ping host B.
Which procedure can resolve this problem?
Configure a static route on R1 using the IP address of the serial interface on R1.
Configure a default route on R1 with the exit interface Fa0/0 on R1.
(true answer) Configure a static route on R1 using the IP address of S0/0/0 on R2.
Configure a default route on R1 using the IP address of Fa0/0 on R2.
50
Refer to the exhibit. The show cdp neighbors command was run at R1. Which two facts about the newly detected device can be determined from the output? (Choose two.)
(true answer) ABCD is a router that is connected to R1.
ABCD is a non-CISCO device that is connected to R1.
(true answer) The device is connected at the Serial0/0/1 interface of R1.
R1 is connected at the S0/0/1 interface of device ABCD.
ABCD does not support switching capability.
51
Refer to the exhibit. A router learns a route to the 192.168.6.0 network, as shown in the output of theshow ip rip database command. However, upon running the show ip route command, the network administrator sees that the router has installed a different route to the 192.168.6.0 network learned via EIGRP. What could be the reason for the missing RIP route?
(true answer) Compared to RIP, EIGRP has a lower administrative distance.
Compared to EIGRP, RIP has a higher metric value for the route.
Compared to RIP, the EIGRP route has fewer hops.
Compared to RIP, EIGRP has a faster update timer.
52
All routers in a network are configured in a single OSPF area with the same priority value. No loopback interface has been set on any of the routers. Which secondary value will the routers use to determine the router ID?
The highest MAC address among the active interfaces of the network will be used.
There will be no router ID until a loopback interface is configured.
The highest IP address among the active FastEthernet interfaces that are running OSPF will be used.
(true answer) The highest IP address among the active interfaces will be used.
53
Refer to the exhibit. Routers R1 and R2 are directly connected via their serial interfaces and are both running the EIGRP routing protocol. R1 and R2 can ping the directly connected serial interface of their neighbor, but they cannot form an EIGRP neighbor adjacency.
What action should be taken to solve this problem?
Enable the serial interfaces of both routers.
Configure EIGRP to send periodic updates.
Configure the same hello interval between the routers.
(true answer) Configure both routers with the same EIGRP process ID.
54
Which three statements are true regarding the encapsulation and de-encapsulation of packets when traveling through a router? (Choose three.)
(true answer) The router modifies the TTL field, decrementing it by one.
The router changes the source IP to the IP of the exit interface.
(true answer) The router maintains the same source and destination IP.
(true answer) The router changes the source physical address to the physical address of the exit interface.
The router changes the destination IP to the IP of the exit interface.
The router sends the packet out all other interfaces, besides the one it entered the router on.
55
Refer to the exhibit. Packets destined to which two networks will require the router to perform a recursive lookup? (Choose two.)
(true answer) 10.0.0.0/8
64.100.0.0/16
128.107.0.0/16
172.16.40.0/24
192.168.1.0/24
(true answer) 192.168.2.0/24
56
Which two statements are correct about the split horizon with poison reverse method of routing loop prevention? (Choose two.)
It is enabled by default on all Cisco IOS implementations.
(true answer) It assigns a value that represents an infinite metric to the poisoned route.
(true answer) It sends back the poisoned route update to the same interface from where it was received.
It instructs routers to hold all changes that might affect routes, for a specified period of time.
It limits the number of hops a packet can traverse through the network before it is discarded.
57
A network administrator has enabled RIP on routers B and C in the network diagram. Which of the following commands will prevent RIP updates from being sent to Router A?
A(config)# router rip
A(config-router)# passive-interface S0/0
B(config)# router rip
B(config-router)# network 192.168.25.48
B(config-router)# network 192.168.25.64
A(config)# router rip
A(config-router)# no network 192.168.25.32
(true answer) B(config)# router rip
B(config-router)# passive-interface S0/0
A(config)# no router rip
