01-50

Навигация

QUESTION 1

You are the network administrator for your company and have configured Cisco Discovery Protocol (CDP) in your network. You recently noticed that when devices send large numbers of CDP neighbor announcements, some devices are crashing. You decide to disable CDP on the router.

Which command should you use to achieve the objective?

  1. no cdp run
  2. set cdp disable
  3. no cdp enable
  4. no cdp advertise-v2

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

You should use the no cdp run command to disable CDP on the router. Due to a known vulnerability regarding the handling of CDP by Cisco routers and switches when devices send large numbers of CDP neighbor announcements, some devices can crash or cause abnormal system behavior. To overcome this problem, you can disable CDP for the entire router by using the no cdp run command.

You cannot use the set cdp disable command to disable CDP on the router. This command disables CDP on an entire Catalyst switch. You cannot use the no cdp enable command to disable CDP on the router. This command disables CDP on a specific interface.

You cannot use the no cdp advertise-v2 command to disable CDP on the router. This command disables CDPv2 advertisements.

Objective:

LAN Switching Fundamentals Sub-Objective:

Configure and verify Layer 2 protocols

References:

Cisco > Support > Using Cisco Discovery Protocol

Cisco > Support > Technology Support > Network Management > Cisco’s Response to the CDP Issue > Document ID: 13621

QUESTION 2

Which of the following protocols allow the root switch location to be optimized per VLAN? (Choose all that apply.)

  1. PVST+
  2. RSTP
  3. PVRST
  4. STP

Correct Answer: AC Section: (none) Explanation

Explanation/Reference:

Explanation:

Both Per VLAN Spanning Tree Plus (PVST+) and Per VLAN Rapid Spanning Tree (PVRST) protocols allow for a spanning tree instance for each VLAN, allowing for the location optimization of the root bridge for each VLAN. These are Cisco proprietary enhancements to the 802.1d and 802.1w standards, respectively.

Rapid Spanning Tree Protocol (RSTP) is another name for the 802.1w standard. It supports only one instance of spanning tree. Spanning Tree Protocol (STP) is another name for the 802.1d standard. It supports only one instance of spanning tree.

Objective:

LAN Switching Fundamentals Sub-Objective:

Configure, verify, and troubleshoot STP protocols

References:

Cisco Home > Support > Technology Support > LAN Switching

QUESTION 3

Your assistant just finished configuring a small test network as part of his training. The network is configured as shown in the diagram below:

When testing the configuration, you find that Host A in the diagram cannot ping Host B.

Which of the following pairs of connections are required to be in the same subnet for Host A to be able to ping Host B? (Choose all that apply.)

  1. The IP address of Host A and the IP address of the Fa0/0 interface of Router A
  2. The IP address of the Fa0/0 interface of Router A and the IP address of the Fa0/0 interface of Router B
  3. The IP address of Host A and the IP address of the Fa0/0 interface of Router B
  4. The IP address of Host A and the IP address of Switch A
  5. The IP address of the S 0/0 interface of Router A and the IP address of the S 0/0 interface of Router B
  6. The IP address of Host A and the IP address of Host B
  7. The IP address of Host B and the IP address of the Fa0/0 interface of Router B

Correct Answer: AEG Section: (none) Explanation

Explanation/Reference:

Explanation:

The following pairs of connections are required to be in the same subnet:

the IP address of Host A and the IP address of the Fa0/0 interface of Router A

the IP address of the S 0/0 interface of Router A and the IP address of the S 0/0 interface of Router B the IP address of Host B and the IP address of the Fa0/0 interface of Router B

When troubleshooting a correctly labeled network diagram for IP addressing problems, one must start on one end and trace each link in one direction, ensuring at each step that the interfaces are in the same subnet. A switch simply passes the packet to the router; therefore, the IP address of the switch is not important. It performs its job even if it has no IP address.

Moving from Host A to Host B, however, the following links must be in the same subnet: The IP address of Host A and the IP address of the Fa0/0 interface of Router A

The IP address of the S0/0 interface of Router A and the IP address of the S0/0 interface of Router B The IP address of Host B and the IP address of the Fa0/0 interface of Router B

Neither of the switch addresses is important to the process.

If all other routing issues are correct, it is also not required for Host A and Host B to be in the same subnet. Objective:

Network Fundamentals Sub-Objective:

Configure, verify, and troubleshoot IPv4 addressing and subnetting

References:

Cisco > Home > Support > Technology Support > IP > IP Routing > Design > Design Technotes > IP Addressing and Subnetting for New Users

QUESTION 4

Which two fields are present in the output of the show ip interface brief command? (Choose two.)

  1. YES?
  2. Helper address
  3. OK?
  4. Method
  5. Proxy ARP

Correct Answer: CD Section: (none) Explanation

Explanation/Reference:

Explanation:

Sample output of the show ip interface brief command is as follows:

Router# show ip interface brief

Interface IP-Address OK? Method Status Protocol Ethernet0 10.108.00.5 YES NVRAM up up

Ethernet1 unassigned YES unset administratively down down Loopback0 10.108.200.5 YES NVRAM up up

Serial0 10.108.100.5 YES NVRAM up up Serial1 10.108.40.5 YES NVRAM up up Serial2 10.108.100.5 YES manual up up

Serial3 unassigned YES unset administratively down down

The following fields are present in the output of the show ip interface brief command:

OK?: If the value of this field is «yes», it represents that the IP address is valid. If the value of this field is «No», it represents an invalid IP address. Method: This field can have one of the following values:

RARP or SLARP: Reverse Address Resolution Protocol (RARP) or Serial Line Address Resolution Protocol (SLARP) request BOOTP: Bootstrap protocol

TFTP: Configuration file obtained from TFTP server Manual: Manually changed by CLI command NVRAM: Configuration file in NVRAM

IPCP: ip address negotiated command DHCP: ip address dhcp command unassigned: No IP address

unset: Unset other: Unknown

Interface: Refers to the type of interface.

IP-Address: Refers to the IP address assigned to the interface.

Status: Displays the interface status. Possible values in this field are as follows: up: Interface is administratively up.

down: Interface is down.

administratively down: Interface is administratively down.

Protocol: An indicator of the operational status of the routing protocol for this interface. YES? is not a valid field in the output of the show ip interface brief command.

Helper address and Proxy ARP fields are present in the output of the show ip interface command, not the show ip interface brief command.

Objective:

Network Fundamentals Sub-Objective:

Configure, verify, and troubleshoot IPv4 addressing and subnetting

References:

Cisco > Cisco IOS IP Addressing Command Reference > show ip interface

QUESTION 5

Which two modes are Cisco Internetwork Operating System (IOS) operating modes? (Choose two.)

  1. User Privileged mode
  2. User EXEC mode
  3. Local configuration mode
  4. Global configuration mode
  5. NVRAM monitor mode

Correct Answer: BD Section: (none) Explanation

Explanation/Reference:

Explanation:

User EXEC mode and global configuration mode are the Cisco IOS operating modes. The following list shows the Cisco IOS operating modes along with their description:

User EXEC mode: The commands in this mode are used to enable connections to remote devices and change the terminal settings for a short duration. User EXEC commands also enable you to perform basic tests and view system information.

Global configuration mode: The commands in this mode enable you to make changes to the entire system.

Privileged EXEC mode: The commands in this mode are used to configure operating parameters. This mode also provides access to the remaining command modes.

Interface configuration mode: The commands in this mode allow you to change the operation for interfaces such as serial or Ethernet ports. ROM monitor: The commands in this mode are used to perform low-level diagnostics.

All the other options are incorrect because they are not valid Cisco IOS operating modes.

To enter privileged EXEC mode, you must enter the command enable on the router. You will then be prompted for the enable password, if one has been created.

To enter global configuration mode, you must first enter privileged EXEC mode (see above) and then enter the command configure terminal (which can be abbreviated to config t), and the router will enter a mode that allows you to make global configuration changes.

Objective:

Network Fundamentals Sub-Objective:

Select the appropriate cabling type based on implementation requirements

References:

Cisco Documentation > RPM Installation and Configuration > IOS and Configuration Basics > Cisco IOS Modes of Operation

QUESTION 6

Which of the following accurately describes the purpose of a trunk?

  1. A trunk is used to carry traffic for a single VLAN and is typically used between switches.
  2. A trunk is used to carry traffic for a single VLAN and is typically used between a switch and an end-user device.
  3. A trunk is used to carry multiple VLANs and is typically used between switches.
  4. A trunk is used to carry multiple VLANs and is typically used between a switch and a server.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Trunk links are used between switches to allow communications between hosts that are in the same VLAN, but connected to different switches. Trunk links do not allow hosts in different VLANs to communicate, unless there is an additional trunk link connecting to a Layer 3 device, such as a router or a multilayer switch. Trunk links do allow a host in VLAN 10 on SwitchA to communicate with a host in VLAN 10 on SwitchB. Similarly, a host in VLAN 20 on SwitchA could also communicate with a host in VLAN 20 on SwitchB. A trunk link supports all VLANs by default, and frames that are not traveling on the native VLAN are «tagged» with the VLAN ID of the originating port before being sent over the trunk. The receiving switch reads the VLAN ID and forwards the frame to the appropriate host in the same VLAN.

The other options are incorrect because trunk links do not carry data for a single VLAN, nor are trunks used between switches and hosts (such as workstations and servers).

When a trunk link is extended to a router for the purpose of enabling routing between VLANs, the physical connection that the link connects to is usually subdivided logically into subinterfaces. Then each subinterface is given an IP address from the same subnet as the computers that reside on that VLAN. Finally, each computer in the VLAN will use the corresponding IP address on the matching subinterface of the router as its default gateway. In the example below, the switch has five VLANs created and some hosts connected to it. If hosts from different VLANs need to communicate, the link between the router and the switch must be a trunk link.

Furthermore, the physical link on the router must be subdivided into subinterfaces and addressed according to the legend shown for each subinterface in the diagram. For example, the configuration for VLAN 10 shown in the diagram would be as follows:

Router(config)# interface f0/0.10 Router(config-if)#encapsulation dot1q 10

Router(config-if)#ip address 192.168.10.254 255.255.255.0

Finally, each computer in VLAN 10 should have its default gateway set to 192.168.10.254. Objective:

LAN Switching Fundamentals Sub-Objective:

Describe and verify switching concepts References:

QUESTION 7

What will be the effects of executing the following set of commands? (Choose all that apply.)

router(config)# router eigrp 44

router (config-router)# network 10.0.0.0 router (config-router)# network 192.168.5.0

  1. EIGRP will be enabled in AS 44
  2. EIGRP instance number 44 will be enabled
  3. EIGRP will be activated on the router interface 10.0.0.2/8
  4. EIGRP will be activated on the router interface 192.168.5.9/24
  5. EIGRP will be activated on the router interface 10.0.5.8/16
  6. EIGRP will be activated on the router interface 192.168.6.1/24

Correct Answer: ACDE Section: (none) Explanation

Explanation/Reference:

Explanation:

The effects of executing this set of commands will be that Enhanced Interior Gateway Routing Protocol (EIGRP) will be enabled in Autonomous System (AS) 44 and will be active on the router interfaces 10.0.0.2/8,192.168.5.9/24, and 10.0.5.8/16.

The router eigrp 10 command is used to enable EIGRP on a router. The network 10.0.0.0 and network 192.168.5.0 commands are used to activate EIGRP over any interfaces that fall within the major networks 10.0.0.0 and 192.168.5.0, or within any subnets of these classful networks. The network commands in EIGRP configuration ignore any subnet-specific information by default. Since the IP address 10.0.5.8.9/24 is in a subnet of the Class A IP network 10.0.0.0, and only the first octet (byte) of a Class A IP address represents the major (classful) network, the remaining bytes are ignored by the network command.

EIGRP instance number 44 will not be enabled. The number 44 in the command does not represent an instance of EIGRP; it represents an autonomous system (AS) number. The autonomous-system parameter of the router eigrp command (router eigrp 44) specifies the autonomous system number. To ensure that all the routers in a network can communicate with each other, you should specify the same autonomous system number on all routers.

EIGRP will not be activated on the router interface 192.168.6.1/24. This interface does not exist within the Class C network 192.198.5.0 or Class A network 10.0.0.0, or within any of their subnets.

Objective:

Routing Fundamentals Sub-Objective:

Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)

References:

Cisco > Support > Cisco IOS Software > Configuring EIGRP > Enabling EIGRP

CCNA ICND2 Official Exam Certification Guide (Cisco Press, ISBN 1-58720-181-X), Chapter 10: EIGRP, pp. 389-390.

QUESTION 8

Users on the LAN are unable to access the Internet. How would you correct the immediate problem?

Router# show ip interface brief

Interface IP-Address OK? Method Status Protocol FastEthernet 0/0 unassigned YES unset down down FastEthernet 0/1 172.16.1.254 YES NVRAM up up

Serial0/0 200.16.4.25 YES NVRAM administratively down down Serial0/1 unassigned YES unset down down

  1. Configure a bandwidth on the serial interface.
  2. Perform a no shutdown command on the serial interface.
  3. Configure a private IP address on the Fastethernet0/0 LAN interface.
  4. Change the IP address on the serial interface.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

The output indicates that the serial interface leading to the Internet is administratively down. All router interfaces are disabled by default due to the presence of a shutdown command in the running configuration. The no shutdown command removes this configuration, and the interface becomes active. The command sequence is:

Router(config)# interface serial0/0 Router(config-if)# no shutdown

Although it was not the problem in the scenario, the S0/0 interface could also cause an error if it is configured as shown in this output: Interface IP-Address OK? Method Status Protocol

Serial0/0 200.16.4.25 YES NVRAM up down

In this example, the S0/0 interface has been enabled, and while there is Layer 1 connectivity (the Status column), Layer 2 is not functioning (the Protocol column). There are two possible reasons for this result:

Interface S0/0 is not receiving a clock signal from the CSU/DSU (if one is present).

The encapsulation type configured on S0/0 does not match the type configured on the other end of the link (if the other end is a router).

Configuring a bandwidth on the serial interface is incorrect because the output indicates the interface is administratively down, which does not pertain to bandwidth. Configuring a private IP address on the Fastethernet0/0 LAN interface is incorrect because the output indicates the problem is with the disabled serial interface.

The IP address on the serial interface may or may not be valid, but it is not the immediate cause of the connectivity problem. The serial interface is disabled.

Objective:

LAN Switching Fundamentals Sub-Objective:

Troubleshoot interface and cable issues (collisions, errors, duplex, speed)

References:

Cisco > Support > Administrative Commands > shutdown

QUESTION 9

When a packet is forwarded through a network from one host to another host, which of the following fields in the Ethernet frame will change at every hop?

  1. Source IP address
  2. Destination MAC address
  3. Source port number
  4. Destination IP address

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

When an Ethernet frame is forwarded through the network, both the source and destination MAC addresses will change at every hop.

The source and destination IP addresses and source and destination port numbers MUST remain the same for proper routing to occur, for the proper delivery to the

destination service, and for the proper reception of responses to the sending device. By contrast, the MAC addresses used at each hop must be those of the physical interfaces involved in the Layer 2 forwarding at each hop.

As a simple illustration of this process, IP addresses and MAC addresses are assigned to two computers and three routers shown in the diagram. The network is arranged as shown below:

The IP addresses and the MAC addresses of each device are shown below:

There will be four handoffs to get this packet from WKS1 to WKS2. The following table shows the destination IP addresses and destination MAC addresses used at each handoff.

As you can see, the destination IP address in the packet does not change, but the MAC address in the frame changes at each handoff.

Objective:

LAN Switching Fundamentals Sub-Objective:

Interpret Ethernet frame format

References:

MAC address changes for every new network

QUESTION 10

Which Cisco IOS Cisco Discovery Protocol (CDP) command displays the IP address of the directly connected Cisco devices?

  1. show cdp
  2. show cdp devices
  3. show cdp traffic
  4. show cdp neighbors detail

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

The show cdp neighbors detail command displays the IP address of the directly connected Cisco devices. CDP is a Layer 2 (Data Link layer) protocol that finds information about neighboring network devices. CDP does not use Network layer protocols to transmit information because it operates at the Data Link layer. For this reason, IP addresses need not even be configured on the interfaces for CDP to function. The only requirement is that the interfaces be enabled with the no shutdown command. An example of the output of the show cdp neighbors detail command is as follows:

The show cdp devices command is incorrect because this is not a valid Cisco IOS command.

The show cdp command is incorrect because this command is used to view the global CDP information. It lists the default update and holdtime timers, as in the following sample output:

Atlanta# show cdp Global CDP information:

Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled

The show cdp traffic command is incorrect because this command displays traffic information between network devices collected by the CDP, as in the following example:

Birmingham# show cdp traffic

Total packets output: 652, Input: 214

Hdr syntax: 0, Chksum error: 0, Encaps failed: 0

No memory: 0, Invalid: 0, Fragmented: 0

CDP version 1 advertisements output: 269, Input: 50

CDP version 2 advertisements output: 360, Input: 25 Objective:

Infrastructure Management Sub-Objective:

Use Cisco IOS tools to troubleshoot and resolve problems

References:

Cisco > Cisco IOS Network Management Command Reference > schema through show event manager session cli username > show cdp neighbors detail

QUESTION 11

Your assistant is interested in gathering statistics about connection-oriented operations. Which of the following should be done to enhance the accuracy of the information gathered?

  1. configure an IP SLA responder on the destination device
  2. configure an IP SLA responder on the source device
  3. schedule the operation on the destination device
  4. add the verify-data command to the configuration of the operation

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

Any IP SLA operations accuracy can be enhanced by configure an IP SLA responder on the destination device. It is important to note that only Cisco devices support the configuration as a responder.

You do not configure an IP SLA responder on the source device. You schedule the operation on the source device and the destination device is the one that is configured as a responder.

You do not schedule the operation on the destination device. You schedule the operation on the source device and the destination device is the one that is configured as a responder.

Adding the verify-data command to the configuration of the operation will not enhance the accuracy of the information gathered. When data verification is enabled, each operation response is checked for corruption. Use the verify-data command with caution during normal operations because it generates unnecessary overhead.

Objective:

Infrastructure Management Sub-Objective:

Troubleshoot network connectivity issues using ICMP echo-based IP SLA

References:

IP SLAs Configuration Guide, Cisco IOS Release 15M > Configuring IP SLAs TCP Connect Operations

QUESTION 12

You are the network administrator for your company. You have installed a new router in your network. You want to establish a remote connection from your computer to the new router so it can be configured. You are not concerned about security during the remote connection.

Which Cisco IOS command should you use to accomplish the task?

  1. ssh
  2. telnet
  3. terminal
  4. virtual

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

The telnet command should be used to establish a remote connection from your computer to the router. The syntax of the command is as follows:

telnet {{hostname | IP_address mask interface_name} | {IPv6_address interface_name} | {timeoutnumber}}

The following parameters are used with the telnet command:

hostname: Specifies the name of the host.

interface_name: Specifies the name of the network interface to which you need to telnet. IP_address: Specifies the IP address of the host.

IPv6_address: Specifies the IPv6 address associated to the host.

timeout number: Specifies the number of minutes that a telnet session can be idle.

The following features are the key characteristics of Telnet: It is a client server protocol.

It uses TCP port number 23.

It is used to establish a remote connection over the internet or Local Area Network (LAN). Telnet does not encrypt any data sent over the connection; that is, the data travels in clear text.

A Cisco router supports five simultaneous telnet sessions, by default. These lines are called vty 0-4.

A successful Telnet connection requires that the destination device be configured to support Telnet connections, which means it must be configured with a Telnet password.

The telnet command can also be used to test application layer connectivity to a device.

The ssh command is incorrect because this command is used to remotely establish a secure connection between two computers over the network. The terminal command is incorrect because this command is used to change console terminal settings.

The virtual command is incorrect because this command is used along with the http and telnet parameters to configure a virtual server.

Objective:

Infrastructure Management Sub-Objective:

Configure and verify device management

References:

Cisco > Cisco IOS Terminal Services Command Reference > telnet

QUESTION 13

You are configuring a WAN connection between two offices. You cannot ping between the routers in a test. The Serial0 interface on RouterA is connected to the Serial1 interface on RouterB.

The commands you have executed are shown below. What is the problem with the configuration?

  1. The passwords are incorrectly configured
  2. The usernames are incorrectly configured
  3. The wrong interface has been configured
  4. The encapsulation is incorrect on RouterA
  5. The encapsulation is incorrect on RouterB
  6. The authentication types do not match

Correct Answer: C

Explanation/Reference:

Explanation:

The two routers are connected using Serial0 on RouterA and Serial1 on RouterB. However, the configuration commands were executed on interface Serial0 on RouterB. So although the configuration itself is completely correct, it is configured on the wrong interface.

The passwords are correct. The passwords should match on both routers. In this case, they are both set to lie. If even one character does not match, including character casing, the authentication and the connection will fail.

The usernames are correct. The username should be set to the host name of the peer router. In this case, RouterA’s username is set to RouterB and RouterB’s username is set to RouterA, which is correct.

The encapsulations are correct. They are both set to PPP, which is the correct type of encapsulation when using authentication.

The authentication types do match. They are both set to CHAP. It is possible to configure two authentication methods, with the second used as a fallback method in cases where the other router does not support the first type. The command below would be used to enable CHAP with PAP as a fallback method:

RouterB(config-if)#ppp authentication chap pap

Objective:

WAN Technologies Sub-Objective:

Configure and verify PPP and MLPPP on WAN interfaces using local authentication

References:

Cisco > Home > Support > Technology Support > WAN > Point-To-Point Protocol (PPP) > Design > Design Technotes > Understanding and Configuring PPP CHAP Authentication

QUESTION 14

Which Cisco 2950 switch command or set of commands would be used to create a Virtual LAN (VLAN) named MARKETING with a VLAN number of 25?

  1. switch(config)# vtp domain MARKETING 25
  2. switch(config)# vlan 25

switch(config-vlan)# name MARKETING

  1. switch(config-if)# vlan 25 name MARKETING
  2. switch(config)# vtp 25

switch(config-vtp)# name MARKETING

Correct Answer: B

Explanation/Reference:

Explanation:

The following commands would create a VLAN named MARKETING with a VLAN number of 25:

switch(config)# vlan 25

switch(config-vlan)# name MARKETING

The steps to add anew VLAN are as follows:

  1. Create the new VLAN
  2. Name the VLAN
  3. Add the desired ports to the VLAN

VLANs on current Cisco switches are configured in global configuration mode. The VLAN is first created with the vlan # command, and then optionally named with the name vlan-name command. Interfaces are added to VLANs using either the interface or interface range commands.

The switch(config)# vtp domain MARKETING 25 command will not create a VLAN. This command creates a VLAN Trunking Protocol (VTP) domain. VTP is a means of synchronizing VLANs between switches, not a method of manually creating VLANs.

The vlan 25 name command is deprecated, and is not supported on newer Cisco switches. Even on switches that support the command, this answer is incorrect because the vlan 25 name command was issued in VLAN database mode, rather than interface mode.

Objective:

LAN Switching Fundamentals Sub-Objective:

Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

References:

Cisco > Support > LAN Switching > Virtual LANS / VLAN Trunking Protocol (VLANS/VTP) > Configure > Configuration Examples and Technotes > Configuring VLAN Trunk Protocol (VTP) > Document ID: 98154

QUESTION 15

You are discovering that there are differences between the configuration of EIGRP for IPv6 and EIGRP for IPv4. Which statement is true with regard to the difference?

  1. A router ID is required for both versions
  2. A router ID must be configured under the routing process for EIGRP for IPv4
  3. AS numbers are not required in EIGRP for IPv6
  4. AS numbers are not required in EIGRP for IPv4

Correct Answer: A

Section: (none)

Explanation

Explanation/Reference:

Explanation:

Both versions of EIGRP require a router ID. The difference is that with EIGRP for IPv6, you must configure a router ID under the routing process if there are no IPv4 addresses on the router. In EIGRP for IPv4, the router can select one of the configured IPv4 addresses as the router ID.

A router ID can be configured under the routing process for EIGRP for IPv4, but it is not required. In EIGRP for IPv4, the router can select one of the configured Pv4 addresses as the router ID.

AS numbers are required in both versions of EIGRP. Objective:

Routing Fundamentals Sub-Objective:

Configure, verify, and troubleshoot EIGRP for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub)

References:

Home > Articles > Cisco Certification > CCNA Routing and Switching > C > Cisco ICND2 Foundation Learning Guide: Implementing an EIGRP Solution > Implementing EIGRP for IPv6

QUESTION 16

You are creating a configuration to use on a switch. The configuration must enable you to remotely manage the switch. Which of the following command sets is correct? (Assume the commands are executed at the correct prompt.)

  1. interface vlan 1

ip address 192.168.20.244 255.255.255.240

no shutdown exit

ip default-gateway 192.168.20.241

line vty 0 15 password cisco login

exit

  1. interface fastethernet 0/1

ip address 192.168.20.244 255.255.255.240

no shutdown exit

ip default-gateway 192.168.20.241

line vty 0 15 password cisco login

exit

  1. interface vlan 1

ip address 192.168.20.244 255.255.255.240

no shutdown exit

ip route 192.168.20.241

line vty 0 15 login

exit

  1. interface vlan 1

ip address 192.168.20.244 255.255.255.240

no shutdown exit

ip default-gateway 192.168.20.241

line con 0 15 password cisco login

exit

  1. interface vlan 1

ip address 192.168.20.244 255.255.255.240

no shutdown exit

ip default-gateway 192.168.20.27

line vty 0 15 password cisco login

exit

  1. interface vlan 1

ip address 192.168.20.244 255.255.255.240

shutdown exit

ip default-gateway 192.168.20.241

line vty 0 15 password cisco login

exit

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

The following command set is correct:

interface vlan 1

ip address 192.168.20.244 255.255.255.240

no shutdown exit

ip default-gateway 192.168.20.241

line vty 0 15 password cisco login

exit

It sets an IP address for VLAN 1, which is the management VLAN. Next, it sets a default gateway that is in the same network with the IP address. It correctly enables the interface, sets a required password on the VTY lines, and sets the switch to prompt for the password.

Switches do not need IP addresses unless you want to remotely manage the devices. When an IP address is assigned to a switch for this purpose, it is not applied to a physical interface. It is applied to the VLAN 1 interface, which is the management VLAN by default.

The following command set is incorrect because it applies the IP address to the fastethernet 0/1 interface, rather than the management VLAN. When you set an IP address for the switch, you do so on the management VLAN, not one of the physical interfaces.

interface fastethernet 0/1

ip address 192.168.20.244 255.255.255.240

no shutdown exit

ip default-gateway 192.168.20.241

line vty 0 15 password cisco login

exit

The following command set is incorrect because it does not set a password on the VTY lines, which is required to connect with Telnet unless you include the no login command.

interface vlan 1

ip address 192.168.20.244 255.255.255.240

no shutdown exit

ip default-gateway 192.168.20.241

line con 0 15 login

exit

The following command set is incorrect because it sets the password in the console line rather than the VTY lines.

interface vlan 1

ip address 192.168.20.244 255.255.255.240

no shutdown exit

ip default-gateway 192.168.20.241

line con 0 15 password cisco login

exit

The following command set is incorrect because the address for VLAN1 and the gateway are not in the same subnet. With a 28-bit mask the interval is 16, which means the network that the gateway is in is the 192.168.20.16/28 network and VLAN 1 is in the 192.1683.20.240/28 network.

interface vlan 1

ip address 192.168.20.244 255.255.255.240

no shutdown exit

ip default-gateway 192.168.20.27

line vty 0 15 password cisco login

exit

The following command set is incorrect because the VLAN 1 interface has been disabled with the shutdown command.

interface vlan 1

ip address 192.168.20.244 255.255.255.240

shutdown exit

ip default-gateway 192.168.20.241

line vty 0 15 password cisco login

exit

Objective:

Infrastructure Management Sub-Objective:

Configure and verify device management

References:

Home>Support>Product Support>End-of-Sale and End-of-life Products>Cisco Catalyst 6000 Series Switches>Troubleshoot and Alerts> Troubleshooting TechNotes>Configuring a Management IP Address on Catalyst 4500/4000, 5500/5000, 6500/6000, and Catalyst Fixed Configuration Switches

QUESTION 17

What command should you use to quickly view the HSRP state of the switch for all HSRP groups of which the switch is a member?

  1. switch# show standby brief
  2. switch# show ip interface brief
  3. switch# show hsrp
  4. switch# show standby

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

The command show standby brief should be used to quickly view the HSRP state of a switch for all HSRP groups of which it is a member. The summary information it provides includes the group number, priority, state, active device address, standby address, and group address.

The command show standby can be used to display detailed information about HSRP groups of which a switch is a member. This command would not provide a quick view. This command displays information about HSRP on all configured interfaces and for all HSRP groups. It also displays hello timer information and the expiration timer for the standby switch.

The command show ip interface brief is useful in that lists the interfaces and displays the basic IP configuration of each. This output would include the IP address of the interface and the state of the interface, but not HSRP information.

The command show hsrp is not a valid command due to incorrect syntax. Objective:

Infrastructure Services Sub-Objective:

Configure, verify, and troubleshoot basic HSRP

References:

Cisco > Cisco IOS IP Application Services Command Reference > show standby

Cisco > Cisco IOS IP Application Services Configuration Guide, Release 12.4 > Part 1: First Hop Redundancy Protocols > Configuring HSRP

QUESTION 18

You are connecting a new computer to Switch55. The new computer should be placed in the Accounting VLAN. You execute the show vlan command and get the following output:

Examine the additional network diagram.

What action should you take to place the new computer in the Accounting VLAN and allow for inter-VLAN routing?

  1. Connect the new computer to Fa0/1
  2. Connect the new computer to Fa0/14
  3. Connect the new computer to Fa0/5
  4. Configure a dynamic routing protocol on the router interface

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Switchport Fa0/5 can be used to place the computer in the Accounting VLAN.

The diagram indicates that a router has been configured as a «router-on-a-stick» to perform inter-VLAN routing between VLANs 10, 20, 30 and 40. The show vlan output indicates that interfaces Fa0/5, Fa0/15, and Fa0/6 have been assigned to VLAN 20, the Accounting VLAN:

20 accounting active Fa0/5, Fa0/6, Fa0/15

Switchports Fa0/1 and Fa0/14 are both in the default VLAN, as indicated by the portion of the output describing the switch ports that are unassigned and therefore still residing in the default VLAN:

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/7, Fa0/8, Fa0/9,

Fa0/14, Fa0/16, Fa0/23, Fa0/19, Fa0/20, Fa0/23

It is not necessary to configure a dynamic routing protocol on the router. Since the router is directly connected to all four subinterfaces and their associated networks, the networks will automatically be in the router’s routing table, making inter-VLAN routing possible.

Objective:

LAN Switching Fundamentals Sub-Objective:

Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

References:

Cisco > Support > Cisco IOS LAN Switching Command Reference > show vlan

Cisco Networking Essentials 2nd Edition, by Troy McMillan (ISBN 1119092159). Sybex, 2015. Chapter 15: Configuring Inter-VLAN Routing

QUESTION 19

What two devices can be connected to a router WAN serial interface that can provide clocking? (Choose two.)

  1. CSU/DSU
  2. switch
  3. modem
  4. hub

Correct Answer: AC Section: (none) Explanation

Explanation/Reference:

Explanation:

A router DTE interface must receive a clock rate from the DCE end and the rate can be provided by either a CSU/DSU or a modem. Therefore, the connection between the local router and the service provider can be successfully completed by adding either of these devices between the service provider and the local router.

Switches and hubs are neither capable of providing the clock rate nor able to complete the connection between the local router and the service provider. Objective:

Network Fundamentals Sub-Objective:

Describe the impact of infrastructure components in an enterprise network

References:

Cisco Documentation > Internetworking Technology Handbook > Introduction to WAN Technologies

QUESTION 20

Which Cisco Internetwork Operating System (IOS) command is used to view the number of Enhanced Interior Gateway Routing Protocol (EIGRP) packets that are sent and received?

  1. show eigrp neighbors
  2. show ip eigrp interfaces
  3. show ip eigrp packets
  4. show ip eigrp traffic
  5. show ip route
  6. show ip eigrp topology

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

The show ip eigrp traffic command is used to view the number of EIGRP packets that are sent and received. The syntax of the command is: Router# show ip eigrp traffic [autonomous-system-number]

The autonomous-system-number parameter is optional. The output of the command is as follows:

Router# show ip eigrp traffic

IP-EIGRP Traffic Statistics for process 78 Hellos sent/received: 2180/2005

Updates sent/received: 70/21 Queries sent/received: 3/1 Replies sent/received: 0/3 Acks sent/received: 22/11

The show ip eigrp neighbors command is incorrect because it does not show the number of packets sent or received. It does show IP addresses of the devices with which the router has established an adjacency, as well as the retransmit interval and the queue count for each neighbor, as shown below:

Router# show ip eigrp neighbors IP-EIGRP Neighbors for process 49

Address Interface Holdtime Uptime Q Seq SRTT RTO (secs) (h:m:s) Count Num (ms) (ms)

146.89.81.28 Ethernet1 13 0:00:41 0 11 4 20

146.89.80.28 Ethernet0 12 0:02:01 0 10 12 24

146.89.80.31 Ethernet0 11 0:02:02 0 4 5 20

The show ip eigrp interfaces command is incorrect because this command is used to view information about the interfaces configured for EIGRP. The show ip eigrp packets command is incorrect because it is not a valid Cisco IOS commands.

The show ip route command will not display EIGRP packets that are sent and received. It is used to view the routing table. When connectivity problems occur between subnets, this is the logical first command to execute. Routers must have routes to successfully send packets to remote subnets. Using this command is especially relevant when the underlying physical connection to the remote network has been verified as functional, but routing is still not occurring.

The show ip eigrp topology command is incorrect because it does not show the number of packets sent or received. This command displays all successor and feasible successor routes (if they exist) to each network. If you are interested in that information for only a specific destination network, you can specify that as shown in the output below. When you do, the command output displays all possible routes, including those that are not feasible successors:

In the above output, four routers are providing a route to the network specified in the command. However, only one of the submitted routes satisfies the feasibility test. This test dictates that to be a feasible successor, the advertised distance of the route must be less than the feasible distance of the current successor route.

The current successor route has a FD of 41152000, as shown in the first section of the output. In the values listed for each of the four submitted routes, the first number is the feasible distance and the second is the advertised distance. Only the route received from 10.0.0.2 (second section) with FD/AD values of 53973240/120256 satisfies this requirement, and thus this route is the only feasible successor route present in the topology table for the network specified in the command.

Objective:

Routing Fundamentals Sub-Objective:

Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)

References:

Cisco > Cisco IOS IP Routing Protocols Command Reference > Routing Information Protocol Commands > show ip eigrp traffic

QUESTION 21

Which statement is NOT true regarding Internet Control Message Protocol (ICMP)?

  1. ICMP can identify network problems.
  2. ICMP is documented in RFC 792.
  3. ICMP provides reliable transmission of data in an Internet Protocol (IP) environment.
  4. An ICMP echo-request message is generated by the ping command.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

ICMP does NOT provide reliable transmission of data in an Internet Protocol (IP) environment. The Transmission Control Protocol (TCP) is used to provide reliable transmission of data in an IP environment.

The following statements are TRUE regarding ICMP: ICMP can identify network problems.

ICMP is documented in RFC 792.

An ICMP echo-request message is generated by the ping command.

An ICMP echo-reply message is an indicator that the destination node is reachable.

ICMP is a network-layer protocol that uses message packets for error reporting and informational messages.

Objective:

Network Fundamentals Sub-Objective:

Compare and contrast TCP and UDP protocols

References:

Cisco > Internetworking Technology Handbook > Internet Protocols (IP) > Internet Control Message Protocol (ICMP)

QUESTION 22

What is the valid host address range for the subnet 172.25.4.0 /23?

A. 172.25.4.1 to 172.25.5.254

B. 172.25.4.10 to 172.25.5.210

C. 172.25.4.35 to 172.25.5.64

D. 172.25.4.21 to 172.25.5.56

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

For the subnet 172.25.4.0, the valid host range will start at 172.25.4.1 and end at 172.25.5.254.

To determine the valid range of addresses in a subnet, one must determine the subnet number or network ID and the broadcast address of the subnet and all valid addresses will lie within those boundaries.

In this case:

Network address: 172.25.0.0

Subnet mask in decimal: 255.255.254.0 (/23 indicates 23 bit in the mask) Subnet mask in binary: 11111111.11111111.11111110.00000000

The formulas to calculate the number of subnets and hosts are:

Number of subnets = 2number-of-subnet-bits

Number of hosts per subnet = 2number-of-host-bits — 2

In this scenario:

Number of subnet bits: 7 (the binary 1s in the third octet of the subnet mask) Number of subnets: 27 = 128

Number of host bits: 9 (the binary 0s in the subnet mask) Number of hosts: 29 — 2 = 510

These formulas are useful when determining if a subnet mask/network ID combination will support a given number of hosts.

To determine the boundaries of each of the 128 subnets that this mask will yield, you should utilize a concept called the interval or block size. This number helps to identify the distance between network IDs. Determining the network IDs allows the identification of the broadcast address for each subnet, because the broadcast address for any particular subnet will always be the last address before the next network ID. The interval is determined by the value of the far right-hand bit in the mask, which is 2 in this case. Then it is applied to the octet where the mask ends. In this case, the first 4 network IDs are:

172.25.0.0

172.25.2.0

172.25.4.0

172.25.6.0

…incrementing by two at each point

Therefore, the valid addresses in the 172.25.4.0 network are framed by the two addresses that cannot be used: 172.25.4.0 (network ID) and 172.25.5.255 (broadcast address, or the last address before the next network ID). The addresses within these boundaries are 172.25.4.1 to 172.25.5.254.

For subnet 172.25.0.0, the valid host range will run from 172.25.0.1 to 172.25.1.254. The broadcast address for subnet 172.25.0.0 will be 172.25.1.255. For subnet 172.25.2.0, the valid host range will run from 172.25.2.1 to 172.25.3.254. The broadcast address for subnet 172.25.2.0 is 172.25.3.255.

For the subnet 172.25.4.0, the valid host range will run from 172.25.4.1 to 172.25.5.254. The broadcast address for subnet 172.25.4.0 is 172.25.5.255.

Always remember that the first address of each subnet is the network ID, and as such cannot be used as a host or router IP address. Also, the last address of each

subnet is the broadcast address for the subnet, and as such cannot be used as a host or router IP address.

Objective:

Network Fundamentals Sub-Objective:

Compare and contrast IPv4 address types

References:

Cisco > Support > Technology Support > IP > IP Routing > Design > Design Technotes > IP Addressing and Subnetting for New Users > Document ID: 13788 > Understanding IP Addresses

QUESTION 23

Which of the following are port roles in the Rapid Spanning Tree Protocol (RSTP)? (Choose three.)

  1. Alternate
  2. Listening
  3. Routing
  4. Designated
  5. Backup
  6. Blocking
  7. Discarding

Correct Answer: ADE Section: (none) Explanation

Explanation/Reference:

Explanation:

There are five port roles in RSTP:

Root port: the closest port to the root bridge in terms of path cost. There can be only one root port on each switch, and the root switch is the only switch in the network that does not have a root port.

Designated port: a forwarding port to the root bridge. All versions of STP require each network segment to have only one path toward the root bridge, to avoid bridging loops in redundantly connected environments. All bridges connected to a given segment listen to one another’s BPDUs and agree that the bridge that is sending the best BPDU is the designated bridge for the segment.

Alternate port: a blocking port that becomes the root port if the active root port fails.

Backup port: a blocking port that becomes the designated port if an existing designated port fails. Disabled port: a disabled port has no role within the operation of spanning tree.

RSTP was designed to provide rapid convergence of the spanning tree in case of changes to the active topology, such as switch failure.

RSTP has the following similarities to STP:

RSTP elects the root switch using the same parameters as STP.

RSTP elects the root port using the same rules as STP.

Designated ports on each LAN segment are elected in RSTP in the same way as STP.

Listening is a port state, not a port role. Listening is the STP transitional state while a port is preparing to enter a root or designated role.

Blocking is a port state, not a port role. A blocking port is inactive in STP spanning tree, and blocking is not a port state in RSTP. In RSTP that port state is called discarding.

The routing port does not exist in the RSTP topology. Discarding is an RSTP port state, not a port role.

Objective:

LAN Switching Fundamentals Sub-Objective:

Configure, verify, and troubleshoot STP protocols

References:

Support > Technology Support > LAN Switching > Spanning Tree Protocol > Troubleshoot and Alerts > Troubleshooting TechNotes > Understanding Rapid Spanning Tree Protocol (802.1w)

QUESTION 24

Which of the following cables would be used to connect a router to a switch?

  1. v.35
  2. crossover
  3. rollover
  4. straight-through

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

A straight-through cable would be used. When connecting «unlike» devices, such as a switch to a router, a straight-through cable is used. This is a cable where the wires are in the same sequence at both ends of the cable.

NOTE: The one exception to this general rule of connecting unlike devices with a straight-through cable is when a computer NIC is connected to an Ethernet port on a router. In that case, a crossover cable is used.

A v.35 cable is used to connect serial connections between routers. This cable has a male DB-60 connector on the Cisco end and a male Winchester connector on the network end. It comes in two types: DCE and DTE. It is often used to simulate a WAN connection in lab environments. In that case, the DCE end acts as the CSU/DSU and is the end where the clock rate is set. A CSU/DSU (Channel Service Unit/Data Service Unit) is a device that connects the router to the T1 or T3 line.

A crossover cable has two wires reversed and is used to connect «like» devices, such as a switch to a switch. It is also used when a computer NIC is connected to an Ethernet port on a router.

A rollover cable is used to connect to the console port of a router to configure the router. It is also called a console cable. The diagram below illustrates the correct usage of each of the cable types shown using the following legend:

SO Ethernet Straight through Cable CO Ethernet Crossover Cable Serial Serial cable

RO Rollover cable

Objective:

Network Fundamentals Sub-Objective:

Select the appropriate cabling type based on implementation requirements

References:

Cisco > Product Support > Routers > Cisco 1000 Series Routers > 5-in-1 V.35 Assembly and Pinouts > Document ID: 46803 Cisco > Tech Notes > Cabling Guide for Console and AUX Ports > Document ID: 12223

QUESTION 25

In the diagram below, if the workstation at 10.0.1.3 sends a packet to the workstation at 10.1.1.3, what will be the source physical address when the packet arrives at 10.1.1.3?

  1. ab.ab.ab.ab.ab.ab
  2. ee.ee.ee.ee.ee.ee
  3. dd.dd.dd.dd.dd.dd
  4. cc.cc.cc.cc.cc.cc
  5. aa.aa.aa.aa.aa.aa
  6. bb.bb.bb.bb.bb.bb

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

The source physical address of the packet when it arrives at 10.1.1.3 will be that of the interface on the R2 router, dd.dd.dd.dd.dd.dd . Each router will change the MAC address field to the MAC address of its sending interface as it sends the packet and will leave the IP address field unchanged. The switches will change neither field, but will simply use the MAC address field to determine the forwarding path and switch the frame to the port where the MAC address is located. The R2 router is the last device that will make a change to the MAC address field.

The source (10.0.1.3) and destination (10.1.1.3) IP address fields will stay the same at each device. The MAC address field changes when R1 sends the frame to R2 and when R2 send the frame to the workstation at 10.1.1.3.

Objective:

LAN Switching Fundamentals Sub-Objective:

Describe and verify switching concepts

References:

Cisco > IOS Technology Handbook > Routing Basics

QUESTION 26

Which two security features can be configured to prevent unauthorized access into the network through a networking device? (Choose two.)

  1. Anti-Replay
  2. Traffic filtering
  3. Authentication
  4. IPSec network security

Correct Answer: BC Section: (none) Explanation

Explanation/Reference:

Explanation:

Traffic filtering and authentication security can be configured to prevent unauthorized access into the network through a networking device. Unauthorized access to the company’s network should be blocked because unauthorized access can damage a company’s network. Attackers may access confidential data, plant a virus in the network, or flood the network with illegitimate packets. Therefore, preventive measures should be taken to block any unauthorized access.

The traffic filtering security feature uses two measures to prevent unauthorized access into the network: access lists and Cisco IOS firewalls.

Access lists are configured to determine which traffic to block and which traffic should be forwarded at the router interfaces. The following types of access lists are available when using Cisco devices:

Basic access lists: Allow only specific traffic through the device; other traffic is dropped.

Extended access lists: Used to filter the traffic based on source IP address, destination IP address, port numbers, or protocols.

Cisco IOS firewalls provide various security features according to your needs. Following are the key components of Cisco IOS firewall: Context-based Access Control (CBAC): Filters TCP and UDP packets on the basis of application layer protocol session information.

Cisco IOS firewall Intrusion Detection System (IDS): Used to detect suspicious activity. IDS are used to watch packets and sessions as they flow through the router and scan then to match IDS signatures. If the packet is detected as suspicious, the packet is dropped.

Authentication Proxy: Used to apply specific security policies on a per-user basis.

Authentication security can be used to prevent unauthorized access to the network. When a user attempts to access a service or host within the network, they must enter credentials such as their user name and password. If the credentials are correct, then access is provided; otherwise, the user is not allowed to access the service.

Anti-replay and IPSec network security cannot prevent unauthorized access through a networking device into the network. Anti-replay prevents the capture and replay of packets on a network. Although a good security feature to deploy it does not specifically address access to the network through a device. IPSec is used to encrypt and protect the integrity of data that travels through the network, not control access through a device.

Objective:

Infrastructure Security Sub-Objective:

Configure, verify, and troubleshoot basic device hardening

References:

Cisco > Tech Notes > Cisco Guide to Harden Cisco IOS Devices > Document ID: 13608

QUESTION 27

Which Cisco IOS command is used on a Cisco Catalyst 6500 series switch to view the spanning-tree protocol (STP) information for a virtual LAN (VLAN)?

  1. show spanning tree
  2. show spanning-tree vlan
  3. show spantree
  4. show spantree vlan

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

The show spanning-tree vlan Cisco IOS command is used on a Catalyst 6500 series switch to view the spanning-tree information for a VLAN, such as information on the root switch (bridge ID, root path, root cost), as well as local switch.

The following is sample output of the show spanning-treevlan vlan-id command:

The show spanning tree command is incorrect because it is not the correct syntax of a Cisco IOS command.

The show spantree and show spantree vlan commands are incorrect because these are CatOS commands, not Cisco IOS commands. Objective:

LAN Switching Fundamentals Sub-Objective:

Configure and verify Layer 2 protocols

References:

Cisco > Cisco IOS LAN Switching Command Reference > show spanning-tree

QUESTION 28

Which Enhanced Interior Gateway Routing Protocol (EIGRP) packet type is used for neighbor discovery?

  1. Hello
  2. Update
  3. Queries
  4. Replies

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

Hello packets are used for neighbor discovery. These are sent as multicasts and do not require an acknowledgement.

Update packets are sent to communicate the routes used by a router to converge. When a new route is discovered or the convergence process is completed, updates are sent as multicast. During topology table synchronization, updates are sent as unicasts to neighboring peers.

Query packets are sent when a router performs route computation and cannot find a feasible successor. These packets are sent to neighboring peers asking if they have a feasible successor to the destination network.

Reply packets are sent in response of a query packet. These are unicast and sent to the originator of the query. Objective:

Routing Fundamentals Sub-Objective:

Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub) References:

QUESTION 29

Which layer in the Open Systems Interconnection (OSI) model enables coding and conversion functions for application layer data?

  1. Presentation layer
  2. Session layer
  3. Application layer
  4. Physical layer

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

The Presentation layer in the OSI model enables coding and conversion functions for application layer data. Data formatting and encryption is done at this layer. The Presentation layer converts data into a format that can be accepted by the application layer. The Presentation layer is also known as the syntax layer, which provides translation between different data formats by using a common format.

The Session layer in the OSI model does not enable coding and conversion functions for the application layer data. It is used to create, manage, and terminate sessions between communicating nodes. The session layer handles the service requests and service responses that take place between different applications.

The Application layer in the OSI model does not enable coding and conversion functions for the application layer data. The application layer is responsible for interacting directly with the application, and provides application services, such as e-mail and File Transfer Protocol (FTP).

The Physical layer in the OSI model does not enable coding and conversion functions. The Physical layer consists of the hardware that sends and receives data on a carrier. The protocols that work at the Physical layer include Fast Ethernet, RS-232, and Asynchronous Transfer Mode (ATM). The Physical layer is the base layer in the OSI model.

The three remaining layers in the OSI model are the Transport, Network, and Data Link layers. The Transport layer is responsible for error-free and sequential delivery of data. This layer is used to manage data transmission between devices, a process known as flow control. The Transport layer protocols are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

The Network layer is used to define the network address or the Internet Protocol (IP) address that is then used by the routers to forward the packets. The Data Link layer ensures reliable transmission of data across a network.

The seven layers of the OSI model are sequentially interconnected to each other. From the top to the bottom, the seven layers are: Layer 7: Application

Layer 6: Presentation

Layer 5: Session

Layer 4: Transport

Layer 3: Network Layer 2: Data Link Layer 1: Physical

Objective:

Network Fundamentals Sub-Objective:

Compare and contrast OSI and TCP/IP models

References:

Internetworking Technology Handbook > Internetworking Basics > OSI Model and Communication Between Systems 

QUESTION 30

Below is the output of the show ip route command from one of your routers:

What does the value 110 represent in the output?

  1. OSPF administrative distance
  2. EIGRP administrative distance
  3. OSPF cost
  4. EIGRP cost

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

The value of 110 represents the administrative distance of the route, which in this case was learned by OSPF. OSPF routes are always indicated by an O to the left of the route details. The two values in brackets in each route entry indicate the administrative distance on the left of the forward slash. The value to the right of the slash is the cost of the route. Therefore, [110/2] represents an administrative distance of 110 and a cost of 2.

The value of 110 does not represent EIGRP administrative distance because the route was not learned from EIGRP. If it were, the route would have a D to the left of the route details. Moreover, the default administrative distance of EIGRP is 90, not 110.

The values do not represent OSPF cost. The cost value is on the right side of the forward slash within the brackets in each route entry. For example, the route entry O 1.1.1.4 [110/2] via 1.1.1.2, 00:10:04, FastEthernet0/1 indicates an OSPF cost of 2.

The values do not represent an EIGRP cost. First, if it were an EIGRP route, the route would have a D to the left of the route details. Moreover, the cost value is

located within the square brackets to the right of the forward slash in each route entry. The only cost values shown in the table are 2, 11, and 12.

Objective:

Routing Fundamentals Sub-Objective:

Describe how a routing table is populated by different routing information sources

References:

Cisco > Support > Cisco IOS IP Routing: Protocol-Independent Command Reference > show ip route The Anatomy of «Show IP Route»

QUESTION 31

With the following equipment list, which of the following network scenarios could be supported?

Two IP subnets of 255.255.255.0 Seven 48-port switches

Two router interfaces

  1. 300 workstations in a single broadcast domain, each workstation in its own collision domain
  2. 300 workstations, with 150 workstations in two broadcast domains and each workstation in its own collision domain
  3. 300 workstations, with 150 workstations in two broadcast domains and all workstations in the same collision domain
  4. 600 workstations, with 300 workstations in two broadcast domains and each workstation in its own collision domain

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

This equipment will support 300 workstations, with 150 workstations divided in two broadcast domains and each workstation in its own collision domain. Subnets with a 24-bit mask (255.255.255.0) yield 254 addresses in each network, so 150 is within those limits. Also, seven 48-port switches make 336 ports available. After subtracting out 2 ports per switch for connecting the switches to each other and the router ( a total of 14) that leaves 321 ports yielding 160 for each subnet ( with one left over) . Two subnets require two router interfaces, which are available in the scenario, and since switches are in use, each switch port is its own collision domain.

This equipment will not support 300 workstations in a single broadcast domain with each workstation in its own collision domain. With a 24-bit mask, 300 workstations cannot be placed in a single subnet.

This equipment will not support 300 workstations, 150 each in two broadcast domains and all workstations in the same collision domain. The 300 workstations cannot be placed in the same collision domain when using switches. If hubs were in use that would be possible, but not desirable.

This equipment will not support 600 workstations, 300 each in two broadcast domains; each workstation in its own collision domain. 600 workstations cannot be placed in two subnets when using the mask 255.255.255.0. Each subnet can only hold 254 workstations, not 300. Moreover, 300 workstations cannot be placed in the same collision domain when using switches. If hubs were in use that would be possible but not desirable.

Objective:

Network Fundamentals Sub-Objective:

Describe the impact of infrastructure components in an enterprise network

References:

Cisco Documentation > Internetwork Design Guide > Internetworking Basics

QUESTION 32

Which of the following is NOT a true statement regarding Virtual Private Networks (VPNs)?

  1. A VPN is a method of securing private data over public networks
  2. IPsec is a method for providing security over VPN
  3. Frame Relay is a Layer 3 VPN technology
  4. IPsec provides packet-level encryption
  5. A Cisco VPN solution provides increased security, reduced cost, and scalability

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Frame Relay is a Layer 2 VPN technology, providing connectivity over switched carrier Wide Area Networks (WANs). Packets are encapsulated in Frame Relay frames, and assigned Data Link Connection Identifiers (DLCIs) to identify to the local Frame Relay switch the virtual circuit (VC) that the data should follow.

A VPN is a method of securing private data over public networks (such as the Internet), so this is a true statement.

IPsec is a security framework that provides security for data traveling over VPNs, so this is a true statement. It is an open standard protocol framework that is used to secure end-to-end communications.

IPsec allows for encryption at the packet level (Layer 3) when configured in tunnel mode, so this is a true statement.

VPN solutions such as those supported by Cisco ASA firewalls and Cisco integrated routers provide the following benefits: Lower desktop support costs

Threat protection

Flexible and cost-effective licensing

Reduced cost and management complexity

Objective:

WAN Technologies Sub-Objective:

Describe WAN access connectivity options

References:

Cisco > Internetworking Technology Handbook > Frame Relay  

Cisco > Internetworking Technology Handbook > Virtual Private Networks (VPNs)

QUESTION 33

Which of the following IPV6 commands is used to define a static host name-to-address mapping in the host name cache?

  1. ipv6 host
  2. ipv6 unicast routing
  3. ipv6 neighbor
  4. ipv6 local

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

The ipv6 host command is used to define a static host name-to-address mapping in the host name cache, and is executed in global configuration mode. The ipv6 unicast-routing command is used to enable IPv6 forwarding on a router.

There is no ipv6 local command. There is an ipv6 local pool command that can be used to define a prefix pool when using DHCPv6.

The ipv6 neighbor command is used to configure a static entry in the IPv6 neighbor discovery cache, which will enhance the neighbor discovery process that occurs with IPv6.

Objective:

Infrastructure Services Sub-Objective:

Troubleshoot client connectivity issues involving DNS

References:

Cisco > Cisco IOS IPv6 Command Reference > ipv6 host

QUESTION 34

Which two statements are TRUE of synchronous serial ports? (Choose two.)

  1. These ports can be used to provide leased-line or dial-up communications.
  2. These ports do not support the High-Level Data Link Control (HDLC) encapsulation method.
  3. An AUI connector is used with serial ports.
  4. These ports can be used to configure high-speed lines (E1 or T1).
  5. An RJ-45 connector is used with serial ports.

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

Synchronous serial ports can be used to provide leased-line or dial-up communications, and these ports can be used to configure high-speed lines (E1 or T1). The following are also true of synchronous serial ports:

With the help of synchronous serial lines, dialers can be configured, which are then used to support dial-on-demand routing. These ports are found on several serial network interface processors and cards.

The option stating that synchronous serial ports cannot support High-Level Data Link Control (HDLC) encapsulation method is incorrect because HDLC is the default encapsulation method configured on serial interfaces.

The option stating that an AUI connector is used with serial ports is incorrect because AUI is a connector used with Ethernet ports.

The option stating that an RJ-45 connector is used with serial ports is incorrect because RJ-45 and RJ-48 connectors are used with ISDN BRI connections. Objective:

WAN Technologies Sub-Objective:

Describe WAN access connectivity options References:

QUESTION 35

Refer to the following sample output:

Which Cisco Internetwork Operating System (IOS) command produces this output?

  1. show interfaces
  2. show interfaces summary
  3. show interfaces serial fast-ethernet
  4. show interfaces fast-ethernet 0/0

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

The show interfaces summary command will produce the given output. This command provides a summarized view of all interfaces configured on a device.

The show interfaces command is incorrect because this command does not produce the displayed output. This command is used to view information regarding statistics for specific interfaces. Without specifying an interface, a section for each interface will display, as in the example below for FastEthernet0:

The show interfaces serial fast-ethernet command is incorrect because this is not a valid Cisco IOS command.

The show interfaces fast-ethernet 0/0 command is incorrect. Although it produces similar output, that output only relates to the FastEthernet 0/0 interface. An example of this output follows:

Notice that the line of output that says FastEthernet0 is up, line protocol is up indicates that Layers 1 to 3 of the OSI Model are functioning correctly. Also, in the lower portion, there are no values in the error counters such as input errors, output errors, and so on. Finally, make note in line 8 where the interface is set to autosense both the duplex and the speed. Duplex and speed must be in agreement between the NIC on the host and the switch port.

Objective:

Routing Fundamentals Sub-Objective:

Troubleshoot basic Layer 3 end-to-end connectivity issues

References:

Cisco > Cisco IOS Interface and Hardware Component Command Reference > show interfaces summary

QUESTION 36

Which of the following is NOT a VLAN Trunking Protocol (VTP) mode of operation?

  1. client
  2. server
  3. virtual
  4. transparent

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Virtual is not a valid VTP mode of operation. There are three different VTP modes of operation: client, server, and transparent.

In client mode, a switch can synchronize VLAN information with the domain and forward advertisements. However, VLANs cannot be created, deleted, or modified from a switch in client mode. Also, a client mode switch does not save VLAN information in non-volatile Random Access Memory (NVRAM). It is stored in Flash in a file called vlan.dat.

In server mode, a switch synchronizes the VLAN information with the domain, sends and forwards advertisements, and can create, delete, or modify VLANs. In server mode, VLAN information is stored in Flash in a file called vlan.dat.

In transparent mode, a switch does not synchronize its VLAN configuration with the domain, but it forwards advertisements. VLANs can be created, deleted, or modified locally and VLAN configuration is saved in both the running-config file in RAM and in flash in a file called vlan.dat.

Objective:

LAN Switching Fundamentals Sub-Objective:

Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

References:

Cisco > Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.2(25) > Understanding and Configuring VLANs, VTP, and VMPS

QUESTION 37

Which of the following commands will enable a global IPv6 address based on the Modified EUI-64 format interface ID?

A. ipv6 address 5000::2222:1/64

B. ipv6 address autoconfig

C. ipv6 address 2001:db8:2222:7272::72/64 link-local

D. ipv6 enable

Correct Answer: B

Section: (none) Explanation

Explanation/Reference:

Explanation:

To configure the interface to create a global IPv6 address based on the Modified EUI-64 format interface ID, you must enable stateless autoconfiguration. In stateless autoconfiguration, the interface will receive the network prefix from the router advertisement (RA) and generate a full IPv6 address by spreading the 48-bit MAC address of the interface across 64 bits to complete the address. This can all be done simply by executing the ipv6 address autoconfig command at the interface configuration prompt.

The command ipv6 address 5000::2222:1/64 is used to manually assign a full IPv6 address to the interface without using stateless autoconfiguration or the eui-64 keyword to manually specify the first 64 bits and allow the last 64 bits to be generated from the MAC address of the interface.

The command ipv6 address 2001:db8:2222:7272::72/64 link local is used to configure a link-local address manually without allowing the system to generate one from the MAC address, which is the default method.

The command ipv6 enable is used to allow the system to generate a link-local address from the MAC address. Because this is the default behavior, the command is not required if any other ipv6 commands have been issued. Regardless of how many manual IPv6 addresses you configure, a link local address is always generated by default.

Objective:

Network Fundamentals Sub-Objective:

Configure, verify, and troubleshoot IPv6 addressing

References:

Cisco > Product Support > Security > Cisco ASA 5500-X Series Firewalls > Configure > Configuration Guides > Cisco Security Appliance Command Line Configuration Guide, Version 7.2 > Chapter: Configuring IPv6 > Enforcing the Use of Modified EUI-64 Interface IDs in IPv6 Addresses

Cisco > Support > Cisco IOS IPv6 Command Reference > ipv6 address

QUESTION 38

Which of the following commands is used to verify the link-local, global unicast, and multicast addresses of an IPv6 router?

  1. show ipv6 neighbors (only link-local addresses)
  2. show ipv6 route
  3. show ipv6 protocols
  4. show ipv6 interface

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

The show ipv6 interface command is used to verify the link-local, global unicast, and multicast addresses assigned to an IPv6-enabled router interface. The show ipv6 interface command displays information regarding that interface, such as the physical state, MTU, and IPv6 enable/disable state.

Here is the partial output of the show ipv6 interface command on an IPv6-enabled router named rtrA:

In the sample output, you can see that the Fa0/1 interface of rtrA has the link-local address FE80::6339:7BFF:FE5D:A031/64 and the global unicast address 2001:7067:90D1:1::1. The global unicast address is not in EUI-64 format because when the ipv6 address command was issued, the eui64 keyword was not used. If the EUI-64 format had been specified with the eui64 keyword, the global unicast address would have been 2001:7067:90D1:1:6339:7BFF:FE5D:A031.

An IPv6-enabled interface has not only a link-local and global unicast address, but also one or more multicast addresses. A multicast address is an IPv6 address that has the prefix FF00::/8. These addresses are assigned to interfaces of different nodes such that they appear as a logical group. This implies that when a packet is destined for a multicast address, that packet is delivered to all the interfaces that have the same multicast address. The various multicast groups are as follows:

FF02::1 Indicates the group of all the nodes on the local segment FF02::2 Indicates the group of all the routers on the local segment

FF02::1:FF00:0/104 Indicates a solicited-node multicast group for every unicast or anycast address assigned to the interface

You can also notice in the sample output that the Fa0/1 interface belongs to three multicast groups: FF02::1, FF02::2, and FF02::1:FF5D:A031. The first two multicast groups refer to the all-host and all-router multicast groups, respectively. The third group, FF02::1:FF5D:A031, is the solicited-node multicast address. This address is created for every unicast or anycast address. A solicited-node multicast address is determined by assigning the least significant 24 bits of the unicast address to the least significant 24 bits of the FF02::1:FF00:0 address.

The show ipv6 neighbors command displays the link-local /global unicast addresses of the neighbors, including other information such as state and the next-hop interface.

The show ipv6 route command is used to view the IPv6 routing table on the router. This command displays the prefixes, administrative distance, metric, and next- hop addresses for various IPv6 networks.

The show ipv6 protocols command is used to view the active routing protocols for IPv6 on the router. This command shows the interfaces, redistribution status, and summarization status about each of the routing protocols enabled on the router.

Objective:

Network Fundamentals Sub-Objective:

Configure, verify, and troubleshoot IPv6 addressing

References:

Cisco IOS IPv6 Command Reference > show ipv6 eigrp topology through show ipv6 nat statistics > show ipv6 interface Cisco IOS IPv6 Command Reference > show ipv6 nat translations through show ipv6 protocols > show ipv6 neighbors Cisco IOS IPv6 Command Reference > show ipv6 nat translations through show ipv6 protocols > show ipv6 protocols

Cisco > Products & Services > Cisco IOS and NX-OS Software > Cisco IOS Technologies > IPv6 > Product Literature > White Papers > Cisco IOS IPv6 Multicast Introduction

Cisco > IPv6 Implementation Guide, Release 15.2M&T > Implementing IPv6 Multicast

QUESTION 39

Which type of Category 5 unshielded twisted-pair (UTP) cable is used to work as a trunk between two switches?

  1. RJ-45 straight-through
  2. RJ-41 crossover
  3. RJ-11 straight-through
  4. RJ-45 crossover

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

An RJ-45 crossover cable connects two switches. To act as a trunk a trunking protocol such as ISL or 802.1q must be configured on the link. . A trunk is a connection between two switches that is used to carry traffic from multiple VLANs.

In general, the rule to follow when choosing between a straight-through and a crossover cable is: When connecting like devices (i.e. router to router, switch to switch), use a crossover cable.

When connecting dissimilar devices (i.e. switch to router), use a straight-through cable.

The one exception to this rule is when connecting a computer NIC to a router, in which case a crossover cable is used. Be aware, however, that many devices, including network cards in computers, now have the ability to sense automatically when they are connected to a like device and adapt to the connection, making crossover cables unnecessary in those situations.

You should not choose an RJ-45 straight-through cable. The cable type to be used depends on the circuit connection of the hardware. To connect two switches, a crossover cable is required. The difference between a straight-through cable and a crossover cable lies in the location of the wire termination on the two ends of an RJ-45 cable. If the UTP cable wire connects Pin 1 of one side to Pin 1 of other side and Pin 2 to 2 through all eight pins of the RJ 45 connector, the cable is said to be straight-through. On the other hand, if Pin 1 of one side of an RJ-45 cable connects to Pin 3 of the other end, and Pin 2 connects to Pin 6 of the other end, it is known as a crossover cable. A straight-through cable is used to connect a computer’s network interface card (NIC) to a hub or switch.

You should not choose an RJ-41 crossover cable. RJ-41 is a single-line universal data jack normally associated with fixed-loss loop (FLL) or programmed (P) modems. It is not used between switches.

You should not choose an RJ-11 straight-through cable type. RJ-11 UTP cables have four pins and are used to connect voice instruments. RJ-11 UTP cables are not intended for connecting computers and transferring data. They are commonly used for telephones and modems.

Note: Cisco switches have an auto-mdix feature that notices when the wrong cabling pinouts are used, and readjusts the switch’s logic so that the cable will work. Objective:

Network Fundamentals Sub-Objective:

Select the appropriate cabling type based on implementation requirements

References:

Cisco Documentation > Internetwork Design Guide > Designing Switched LAN Internetworks > Technologies for Building Switched LAN Internetworks Cisco > Troubleshooting Technotes > Cisco 7000 Series Routers > Cabling Guide for Console and AUX Ports > Types of RJ-45 Cabling

QUESTION 40

A router is running a classful routing protocol. Which command will enable this router to select a default route when routing to an unknown subnet of a network for which it knows the major network?

  1. ip classless
  2. no ip classless
  3. auto-summary
  4. no auto-summary

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

The ip classless command causes a routing protocol to change its default behavior of discarding any traffic that is bound for unknown subnets of a known classful network. If the command is enabled, the router tries to match the most number of bits possible against the route in its routing table. Alternatively, the router will use the default route rather than dropping the packet.

For an example of this behavior, examine the diagram below. The ip route 0.0.0.0 0.0.0.0 serial 0/0 command has been issued on Router B. If the 25.1.6.0/24 network is unknown to Router B, then under normal circumstances, Router B would NOT use its configured default route. Instead, it would drop any packets addressed to that unknown network, because when a router knows a route to a major classful network or its subnets (in this case, 25.1.5.0/30 and 25.1.1.0/24), it will not use a statically configured default route to forward traffic to an unknown subnet of that network (in this case 25.1.6.0/24). In the scenario described in the diagram, Router B will drop the packet. However, if the ip classless command has been executed, it will use the default route and send the traffic to Router A.

The ip classless command is a global configuration mode command enabled by default in Cisco IOS version 12.0 and later. If the default route is learned from IS-IS or OSPF, as opposed to being statically configured as in the above example, the ip classless command is not necessary for the router to use the default route.

The no ip classless command on routers will disable the forwarding of packets destined to an unknown subnet of a known classful network. Therefore, it is an incorrect option.

The auto-summary command is used to allow automatic summarization of subnet routes into network-level routes. This is a command executed in router configuration mode.

Classless routing protocols such as Routing Information Protocol version 2 (RIPv2) and Enhanced Interior Gateway Routing Protocol (EIGRP) perform automatic route summarization at classful boundaries. The no auto-summary command is used to turn off this route summarization.

Objective:

Routing Fundamentals Sub-Objective:

Configure, verify, and troubleshoot IPv4 and IPv6 static routing

References:

Cisco > Articles > Cisco Certification > CCNP > CCNP Self-Study: Advanced IP Addressing

Cisco > Cisco IOS IP Addressing Services Command Reference > IP Addressing Commands > ip classless

QUESTION 41

Which Cisco IOS command is used to configure encapsulation for a PPP serial link on a Cisco router?

  1. encapsulation ppp
  2. encapsulation ip ppp
  3. ip encapsulation ppp
  4. encapsulation ppp-synch

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

PPP is a Layer 2 protocol encasulation type that supports both synchronous and asynchronous circuits and provides built-in security mechanaims. The encapsulation ppp interface configuration mode command is used to configure encapsulation for a PPP (Point to Point Protocol) serial link on a Cisco router. PPP encapsulation provides for router-to-router and host-to-network connections over both synchronous and asynchronous circuits. Serial links are configured to use Cisco High Level Data Link Control (HDLC) encapsulation, by default, on Cisco routers. The Cisco version of HDLC is incompatible with the industry standard version used on other router brands because it contains a type field that identifies the underlying network protocol being encapsulated by HDLC. This is a beneficial feature of Cisco HDLC but makes it incompatible with other router brands.

For this reason, a Cisco router that is going to be connected to a non-Cisco router should be configured to use PPP instead of the default. The encapsulation ppp interface configuration mode command will do this. If you set one of the routers for PPP and leave the other router at the default encapsulation for a serial connection, the connection will fail due to incompatible encapsulation.

You would use the show run command to verify matching encapsulation types. In the partial output of the show run command for two routers shown below, it can be seen that although one of the routers has the encapsulation ppp command in its configuration, the other does not. The absense of the encapsulation ppp command means that the default HDLC is being used. This incompatibility will cause both routers to report a serial interface up, line protocol down condition since the connection is live, but the Layer 2 framing is misconfigured.

If authentication between the routers is also required, the authentication pap, authentication ms-chap, or authentication chap commands could be used to apply Password Authentication Protocol (PAP), Microsoft Challenge Authentication Protocol (MS-CHAP), or Challenge Authentication Protocol (CHAP) authentication to the connection, respectively.

A full configuration of a serial link for using PPP with authentication is as shown below:

Router1(config)#interface Serial0 Router1(config-if)#encapsulation ppp Router1(config-if)#ppp authentication pap

Note above that the third line enables PAP authentication, which is not secure. Alternately, you can use CHAP authentication (which is secure) with the ppp authentication chap command. Regardless of which authentication mechanism you choose, these authentication commands will only be accepted on an interface where PPP encapsulation has been enabled, which rules out any non-serial interfaces.

The third type of encapsulation that can be configured on a serial WAN link is Frame Relay, which can be selected with the encapsulation frame relay command under the interface.

In summary, the three encapsulation types available for WAN serial links are PPP, HDLC, and Frame Relay. The command for each is as follows, executed under the interface configuration prompt:

encapsulation ppp encapsulation hdlc encapsulation frame relay

All other options are invalid commands. Objective:

WAN Technologies Sub-Objective:

Configure and verify PPP and MLPPP on WAN interfaces using local authentication

References:

Internetworking Technology Handbook > WAN Technologies > Point-to-Point Protocol

QUESTION 42

A user in your network is having trouble accessing resources and the Internet. You decide to examine the partial output of the ipconfig/all command on his machine. The output is shown below:

Which of the following statements describes the user’s problem?

  1. The default gateway address is incorrect
  2. The IP address of the device is incorrect
  3. There is no DNS server configured
  4. IP routing is not enabled

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

The IP address of the device is incorrect. It is not in the same subnet as the default gateway address. While it is possible that the default gateway address is incorrect, that is not as likely a reason, given the fact that the DNS server is also in the same IP subnet as the default gateway.

There is a DNS server configured and its IP address is 192.168.0.50. If a DNS server were not configured, this user would be unable to access the Internet, even if all IP addressing problems were resolved.

IP routing is NOT enabled. However, it is not required to be enabled because this device is not acting as a router. The device does not need IP routing enabled to access resources and the Internet if all other IP addressing issues are resolved.

Objective:

Infrastructure Services Sub-Objective:

Describe DNS lookup operation

References:

PChuck’s Network > Microsoft Windows Networking, Security, and Support > Reading IPConfig and Diagnosing Network Problems

QUESTION 43

Which of the following commands would instruct OSPF to advertise ONLY the 192.168.10.0/24 network in Area 0?

  1. Router(config)# router ospf 1

Router(config-router)# network 192.168.10.0 0.0.0.255 area 0

  1. Router(config)# router ospf 1

Router(config-router)# network 192.168.11.0 0.0.0.255 area 0

  1. Router(config)# router ospf 1

Router(config-router)# network 192.168.10.0 255.255.255.0 area 0

  1. Router(config)# router ospf 1

Router(config-router)# network 192.168.10.0 0.0.255.255 area 0

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

The command Router(config-router)# network 192.168.10.0 0.0.0.255 area 0 would instruct OSPF to advertise the 192.168.10.0 network in Area 0. It is executed in OSPF process 1 configuration mode, as indicated by the prompt Router(config-router)#. This command correctly states the network as 192.168.10.0 and uses the proper wildcard mask of 0.0.0.255.

The command Router(config-router)# network 192.168.11.0 0.0.0.255 area 0 is incorrect because it advertises the 192.168.11.0/24 network instead of the 192.168.10.0/24 network.

The command Router(config-router)# network 192.168.10.0 255.255.255.0 area 0 is incorrect because it uses a regular mask instead of a wildcard mask.

The wildcard mask in OSPF network statements must be expressed inversely, and not as a regular subnet mask. If the network you are configuring for OSPF operation is 192.168.10.0/24, then the inverse version of a /24 mask (or 255.255.255.0) would be 0.0.0.255. The correct command, Router(config-router)# network

192.168.10.0 0.0.0.255 area 0,will configure OSPF to run over any local interfaces assigned an IP address beginning with 192.168.10, since the inverse mask dictates that the first three octets must be a match.

The command Router(config-router)# network 192.168.10.0 0.0.255.255 area 0 is incorrect because it uses an improper wildcard mask. This mask would instruct OSPF to advertise any network with a prefix longer than the 192.168.0.0/16 network.

When routing does not seem to be working correctly, one of the first things to check is whether OSPF is operating on the proper interfaces. OSPF is enabled by network statements. To verify the network statements that were entered, you should execute the show run command and examine the output. If the network statement is configured so that the interface on the router is not in that network, OSPF will not operate on that interface. For example, suppose that Router A has an interface of 192.168.5.1/30 and the show run command produces the following output:

<output omitted> router ospf 2 area 0

network 192.168.5.0 0.0.0.4

In this case, OSPF will not operate on the interface because the router interface is not in the network indicated by the network statement. The problem is not the network address but the wildcard mask. For a 30-bit mask, the wildcard should be 0.0.0.3, not 0.0.0.4. The wildcard mask can be determined by subtracting the regular mask value in the last octet (252) from 255, which is 3. The solution would to remove the incorrect statement and enter the correct statement as follows:

routerA(config)# router ospf 2 area 0

no network 192.168.5.0 0.0.0.4 area 0

network 192.168.5.0 0.0.0.3 area 0

Objective:

Routing Fundamentals Sub-Objective:

Configure, verify, and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

References:

Cisco > Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4T > Part 6: OSPF > Configuring OSPF > OSPF Configuration Task List > Enabling OSPF

QUESTION 44

You are the network administrator for your company. You have a Class B address range and are planning for a network that allows 150 hosts per subnet and at least 164 subnets.

Which subnet mask should you use to accomplish the task? A. 255.255.192.0

B. 255.255.255.192

C. 255.255.255.0

D. 255.255.255.252

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

You should use 255.255.255.0 as the subnet mask to allow 150 hosts per subnet and at least 164 subnets. The formulas used to calculate the number of subnets and hosts are:

Number of subnets = 2number-of-subnet-bits

Number of hosts per subnet = 2number-of-host-bits — 2

Subnet mask in decimal: 255.255.255.0

Subnet mask in binary: 11111111.11111111.11111111.00000000

Number of subnet bits: 8 (binary 1s in the subnet octet of the subnet mask) Number of host bits: 8 (binary 0s in the subnet mask)

In this scenario, we find that for 255.255.255.0:

Subnets that can be used: 28 = 256 Hosts that can be used: 28 — 2 = 254

The other options do not allow 150 hosts per subnet and at least 164 subnets.

If you use 255.255.192.0 as the subnet mask, then the total number of hosts that can be connected per subnet is 16382 (214 — 2 = 16382). However, there will be 4 subnets (22 = 4).

If you use 255.255.255.192 as the subnet mask, there will be 62 hosts (26 — 2 = 62).

If you use 255.255.255.252 as the subnet mask, there will be two hosts per subnet (22 — 2 = 2).

Note: This mask is frequently used for a subnet that connects two routers. In that case, there are two interfaces in the subnet, and thus it is most efficient use of the addressing space. This is also the most efficient way to address a point-to-point serial link.

A note about the formulas: You will always subtract 2 from the number of hosts (2number-of-host-bits — 2) because the all-zeroes bit address is reserved for the network address and the all-ones bit address is reserved for the broadcast address.

Before Cisco IOS Software Release 12.0, it was common practice to subtract 2 from the networks formula (2number-of-subnet-bits) to exclude the all-ones subnet and subnet zero. Today that range is usable, except with some legacy systems. On certain networks with legacy software, you may need to use the previous formula (2number-of-subnet-bits — 2) to calculate the number of valid subnets.

Objective:

Network Fundamentals Sub-Objective:

Apply troubleshooting methodologies to resolve problems

References:

Cisco > Technology Support > IP > IP Routing > Design TechNotes > IP Addressing and Subnetting for New Users > Document ID: 13788 > Understanding IP Addresses

Cisco > Technology Support > IP > IP Addressing Services > Design TechNotes > Subnet Zero and the All-Ones Subnet > Document ID: 13711

QUESTION 45

Which commands would you use to determine the IP address and hostname of a directly connected switch from which you received VLAN information? (Choose two. Each correct answer is part of the solution.)

  1. show vtp status
  2. show cdp neighbors detail
  3. show cdp neighbor status
  4. show vtp counters
  5. show cdp neighbor

Correct Answer: AB Section: (none) Explanation

Explanation/Reference:

Explanation:

The VLAN Trunking Protocol (VTP) is used to synchronize VLANs between switches, and the question implies that VTP is being used in this environment. The show vtp status command will display the IP address of the switch that last updated your VLAN database. The output of this command is as follows:

The «Configuration last modified by 10.1.1.2» output reveals the IP address of the switch from which you received VLAN information. Once you know the IP address of the switch, you can use the show cdp neighbors detail command to determine the hostname associated with this IP address. The output of this command is as follows:

The show cdp neighbors detail command provides detailed information about directly connected Cisco devices. The detail option is required to provide the IP address of the neighboring devices, and indicates here that IP address 10.1.1.2 is assigned to Device ID: SwitchB, which is the hostname for this device. SwitchB is the switch from which you received VLANs.

Although not offered as an option, the show cdp entry* command will also display all directly connected devices and will indicate the hostname and the IP address and platform, but will not indicate from which device VTP information was received. Its output is shown below:

This command displays the same information as the show cdp neighbor detail command. It includes: The IP address of the neighbor (in this case 10.1.1.2)

The port on which the CDP information was received (in this case FastEthernet0/4) The platform (in this case a Cisco WS-C2950G-24 Switch)

The show vtp counters command is incorrect because it does not display information about neighboring devices, nor information regarding from which switch VLANs were received.

The show cdp neighbor command is incorrect because the detail option is required to display the IP addresses of neighboring devices. The show cdp neighbor status command is incorrect because this is not a valid Cisco IOS command.

Objective:

LAN Switching Fundamentals Sub-Objective:

Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches References:

QUESTION 46

Which Cisco command keeps unauthorized users from viewing passwords in the router configuration file?

  1. enable secret
  2. enable password
  3. enable encryption
  4. service encryption
  5. service password-encryption

Correct Answer: E Section: (none) Explanation

Explanation/Reference:

Explanation:

The service password-encryption global configuration mode command keeps unauthorized users from viewing passwords in the router configuration file. The service password-encryption command encrypts all current and future passwords configured on the router, including the line password, virtual terminal password, console password, user name password, routing protocol passwords such as BGP neighbor passwords, the privileged command password, and authentication key passwords. Moreover, it encrypts any future passwords created on the router.

The encryption process occurs whenever the current configuration is built or a password is configured. The service password-encryption command will cause the router configuration file to display encrypted characters instead of passwords when the running-configuration or startup-configuration files are viewed.

The enable password command creates a password that will be required to enter privileged EXEC mode, but the password will not be encrypted.

The enable secret command provides encryption to the enable mode passwords but does not apply globally to all passwords configured on the router. It also does not encrypt any future passwords created on the router.

The enable encryption and service encryption commands are invalid. Objective:

Infrastructure Security Sub-Objective:

Configure, verify, and troubleshoot basic device hardening

References:

Cisco > Cisco IOS Security Command Reference > service password-encryption Cisco Tech Notes > Cisco IOS Password Encryption Facts > Document ID: 107614

QUESTION 47

Which of the following statements are TRUE regarding carrier sense multiple access collision detection (CSMA/CD)? (Choose three.)

  1. Networks are segmented into multiple collision domains using switches for CSMA/CD networks.
  2. Networks are segmented into multiple broadcast domains using switches for CSMA/CD networks.
  3. CSMA/CD networks normally operate on half-duplex mode.
  4. CSMA/CD networks normally operate on full-duplex mode.
  5. Gigabit Ethernet uses CSMA/CD as the media access control method.
  6. Gigabit Ethernet uses carrier sense multiple access with collision avoidance (CSMA/CA) as the media access control method.

Correct Answer: ACE Section: (none) Explanation

Explanation/Reference:

Explanation:

The following statements are true:

Networks are segmented into multiple collision domains using switches for CSMA/CD networks CSMA/CD networks normally operate on half-duplex mode

Gigabit Ethernet uses CSMA/CD as its media access control method

CSMA/CD is a Local Area Network (LAN) access method used in Ethernet. In CSMA/CD, if a device or a node wants to send a packet in the network, it first determines if the network is free. If the network is not free, then the node will wait before sending the packet into a network. If the network is free, then the node sends the packet; if another device sends a packet simultaneously, their signals or packets collide. When the collision is detected, both packets wait for a random amount of time before retrying.

The option stating that networks are segmented into multiple broadcast domains using switches for CSMA/CD networks is incorrect because networks are segmented into multiple broadcast domains using routers for CSMA/CD networks.

The option stating that CSMA/CD networks normally operate on full-duplex mode is incorrect; these networks normally operate on half-duplex mode.

The option stating that gigabit Ethernet uses CSMA/CA as the media access control method is incorrect because gigabit Ethernet uses CSMA/CD as the media access control method.

Objective:

LAN Switching Fundamentals Sub-Objective:

Describe and verify switching concepts

References:

Cisco > Internetworking Technology Handbook > Introduction to LAN Protocols > LAN Media-Access Methods Cisco > The Internet Protocol Journal — Volume 2, No. 3 > Gigabit Ethernet

QUESTION 48

Which of the following is a frame tagging method for identifying Virtual LAN (VLAN) memberships over trunk links?

  1. STP
  2. RIP
  3. CDP

D. 802.1q

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

802.1q is a frame tagging method for identifying Virtual LAN (VLAN) memberships over trunk links. Frame tagging ensures identification of individual VLAN frames over a trunk link that carries frames for multiple VLANs. This frame tagging method is a standardized protocol developed by The Institute of Electrical and Electronics Engineers (IEEE). Cisco has also developed a proprietary frame tagging method, known as Inter-Switch Link (ISL).

When configuring a trunk link between a router and a switch, you must configure the physical interface on the router with one subinterface for each VLAN, and you must configure the physical ports on the router and the switch with the same encapsulation type, whether 802.1q or ISL.

Spanning Tree Protocol (STP) is not a frame tagging method, but a protocol used to remove switching loops in redundantly configured switched environments and create a single active Layer 2 path between any two network segments. Whenever a network segment can be handled by more than one switch, STP will elect one switch to take responsibility, and the other switches will be placed into a blocking state for the ports connected to that segment. In this way, only one switch receives and forwards data for this segment, removing the potential for generating multiple copies of the same frame. The benefits of STP include:

Prevention of broadcast storms Prevention of multiple frame copies

Media Access Control (MAC) address database stability

Routing Information Protocol (RIP) is not a frame tagging method, but a distance vector routing protocol. It populates routing tables dynamically about the topology changes.

Cisco Discovery Protocol is not a frame tagging method, but a Cisco proprietary protocol used to collect hardware and protocol information for directly connected Cisco devices. CDP has nothing to do with VLANs.

Objective:

LAN Switching Fundamentals Sub-Objective:

Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

References:

Cisco > Support > Technology Support > LAN Switching > Layer-Three-Switching and Forwarding > Configure > Configuration Examples and Technotes > Configuring InterVLAN Routing and ISL/802.1Q Trunking on a Catalyst 2900XL/3500XL/2950 Switch Using an External Router

QUESTION 49

A packet is received with a destination IP address of 10.2.16.10.

What would the next hop IP address be for this packet?

A. 192.168.1.10

B. 192.168.4.2

C. 192.168.10.254

  1. None; the packet will be dropped.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

The packet will be routed to the next hop IP address of 192.168.4.2, since this routing table entry is the most specific match for the remote network. Packets are routed according to the most specific, or «longest,» match in the routing table.

The packet in the scenario has a destination IP address of 10.2.16.10, which matches two entries in the routing table.

10.0.0.0 /8: this matches based on the /8 mask, where only the first byte has to match. The destination IP address of 10.2.16.10 has a first byte matching 10. If this were the only matching route table entry, it would be selected.

10.2.16.0 /24: The first 24 bits of this entry match the first 24 bits of the destination IP address of 10.2.16.10.

Therefore, the 10.2.16.0 /24 entry is selected for routing this packet because it most specifically matches the destination IP address, or has the longest number of matching bits.

The next hops of 192.168.1.10 and 192.168.10.254 will not be used, as these routes are not the most specific matches for the destination IP address of the packet.

It is interesting to note that packets that are destined for the 10.2.32.0 network will be load balanced across both serial 0/0 and serial 0/1 because the cost (2172425) is the same for both paths.

The packet will not be dropped because there is at least one routing table entry that matches the destination IP address of the packet.

To ensure that no packets are dropped, even if there is no matching route in the routing table, a default route could be configured as follows (next hop picked at random for illustration):

Router(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1

This configuration would instruct the router to send any packets that do match the existing routes to 192.168.1.1. For example, a packet destined for 201.50.6.8/24 would not match any routes in the table, and would thus be forwarded to 192.168.1.1.

If you understand how routing tables and routing advertisements work, it is relatively simple to describe the contents of a router’s routing table without seeing the table directly. To do so, you would view the router’s configuration and the configuration of its neighbors using show run, along with a diagram of its network connections. For example, examine the diagram of the two routers shown below along with their respective configurations:

It will contain S*0.0.0.0/0 [1/0] via 192.35.87.5 because of the static default route indicated in line 4 of its configuration output.

It will contain R 192.168.110.128/26 [120/1] via 192.35.87.5 00:00:22, Serial 0/0 because Router 2 has a network 192.168.110.128 statement indicating that it will advertise this network to its neighbors.

It will contain the two routes C 192.35.87.4/30 is directly connected, S0/0 and C 192.168.54.64/26 is directly connected, Fa0/0 because all directly connected routes are automatically placed in the table.

Objective:

Routing Fundamentals Sub-Objective:

Interpret the components of routing table

References:

Cisco > Support > IP > IP Routing > Design > Design TechNotes > Route Selection in Cisco Routers > Document ID: 8651

Вам также может понравиться...

Популярные записи