CCNA Test Prep #1
Your business wants to create an app to control their network resources. You need to write up a description of how the app would communicate with the controller and thus to the network devices. What API would the application use to communicate with the controller?
North-Bound API The Application would communicate with the controller via the North-Bound API. The controller would then communicate with the individual devices using the South-Bound API.
Your medium sized company recently expanded their network with a small branch office location and you are responsible for setting up the newly purchased switches for VLANs and supporting VLAN traffic. Because it is a small branch the company wants to route between the VLANS without the use of a router to save on cost. What device would you use to route between those VLANs without the requirement of a router?
A layer 3 switch should be used Configuring VLANs on a layer three switch no longer requires a separate router to route between different VLANs because the routing functionality is built into the layer 3 switch.
There are a number of ways in which to carry VLAN traffic across a network. You have been tasked with configuring a new access layer switch with VLANS 2 through 12 with the requirement that data traffic for these VLANs will be carried across 8 switches. What feature will you configure so that traffic from the multiple VLANs to span across the 8 switches you are working with?
A trunk port is required to carry the traffic for all VLANs across the switches A trunk port is required for multiple VLANs to span multiple switches. There are two ports types on a switch, access port which allows traffic from one VLAN and trunk ports which allow access for multiple VLANS.
Consider a scenario where you configured 3 wireless access points in infrastructure mode to use 2.4GHz for a medium sized accounting business last year. In the past six months, this company has hired an additional 20 employees and shortly after adding them to the network, end users have started to report contention and network drop issues.What is the most likely solution you will implement for the accounting business?
Split the frequencies and configure the 2.4GHz as non-overlapping using channels 1, 6, and 11 If a wireless network contains multiple access points and the addition of more users, it can overwhelm the network. In this case a best practice is to split the frequencies over non-lapping channels, collisions and contention will occur, and connections will be dropped. Channels 1, 6, and 11 are the most commonly used in splitting the frequencies.
You have been tasked with automating your network hardware infrastructure for a medium sized business that is growing. Part of the upgrade will switch to using a SDN architecture in a new private cloud. What terminology represents the infrastructure like the physical switches, routers, cables, etc of a software defined architecture?
Underlay The physical infrastructure is referred to as the Underlay. It is how things are actually connected together. A service provider or cloud service provider would handle or maintain this. For a private cloud this would have to be managed internally.
You are explaining the differences between standard and extended access control lists to a junior network engineer and why there are particular times when an extended access control list must be used instead of a standard access control list. What advantages do extended access control lists have over standard access control lists?
They can use a source and destination for traffic They can use a protocol or port Extended access control lists extend the standard access control lists by adding additional entries, going from 100 for standard to 800 for extended. They also allow defining a source and destination for the traffic and can specify a protocol or port to fine tune the specific traffic to be controlled.
The security officer for your company has asked you to bring up a list of the log messages on a particular Cisco device that they have been getting some unusual traffic from. You connect to the device and begin displaying the logs on the screen. The security officer points to this entry:"Aug 21 18:40:46.392:%SYS-5-CONFIG_I: Configured from console by console" They mention there are a lot of them and wants to know what the log message is fully saying. What describes the parts, the security officer has already identified the timestamp and message portion, of the log message?
%SYS is the facility level and is for the System. 5 is the severity level; reported as a notification. CONFIG_I is the mnemonic, a short form of the message. The first portion of the syslog message is the timestamp. Next comes the % followed by the facility level where SYS means the message came from the System. The 5 represents the severity level which is Notification but values can be from 0 to 7.Next is a mnemonic that represents a short form of the message. Finally a message in plain text is displayed.
The company security officer has come to you to get information about the relationship between the security level number in syslog messages and their meanings. They ask you to list the levels for them. What list correctly identifies the severity level numbers to their names?
0 emergencies 1 alerts 2 critical 3 errors 4 warnings 5 notifications 6 informational 7 debugging There is a sentence you can learn that can help with remembering the order, "Every Awesome Cisco Engineer Wants Notifications and Information Daily". This gives the list Emergencies, Alerts, Critical, Errors, Warnings, Notifications, Informational, and Debugging. Finally, the most server item starts with 0 and the least significant is debugging with a value of 7.
A business wants to use multiple 2.4Ghz Wi-Fi access points spread throughout their building. What are the non-overlapping channels for this frequency?
1, 6, and 11 The non-overlapping channels for the 2.4Ghz Wi-Fi frequency are channels 1, 6, and 11. At 5Ghz there are far more non-overlapping channels.
You have just started working at a small Internet Service Provider. The Cisco devices managing the network have a lot of access control list rules configured for managing all the connections, hosting, and services provided by the business. There is a new client who will be joining who will need dozens of access control rules added to the routers to handle their very unique requirements. Fortunately, they only need fairly simple access controls so you believe Standard ACLs would be sufficient. What are the available identifiers for a standard ACL on a Cisco device?
36161 The IDs that identify the Standard Access Control Lists on a Cisco device are limited from 1 to 99. Extended Access Control Lists have 100 to 199 and 2000 to 2699. Named access controls lists are not limited to using a fixed ID value.
The business you work for has been growing substantially and as part of the growth they want to move from using local authentication, authorization, and accounting to using the Cisco new-model AAA security. What describes the steps of a simple AAA process?
A supplicant makes a request by sending a username and password to an authenticator. Then the authenticator forwards to an authentication server. Finally, the authentication server authorizes the authenticator to allow access For AAA security the first step is for the supplicant to communicate its authorization, username and password, to the authenticator. Then the authenticator forwards the authorization to the authentication server. The authentication server then authorizes the authenticator to allow access.
Consider a scenario where you have been tasked with configuring 8 access points that will be integrated into an enterprise network. The access points require configuration of 802.1x security, power control, dynamic channel assignment, and radius authentication. What will you use to configure the access points and what protocol will be used for management?
A wireless LAN controller for access point configuration and the CAPWAP protocol for management Access point configuration and management is completed on a wireless LAN controller (WLC). The WLC communicates with the access points as well as other WLC's within the same subnet using the CAPWAP management protocol. Using the WLC, access points can be configured with 802.1x security, RF management options such as dynamic channel assignments, power control, and RADIUS authentication.
Your company recently purchased some IP phones for the call center department and you are tasked with setting up the access layer switch to support the IP phones. The requirement is to includes create VLANs and support both VoIP phone and PC data on the same access port without the need for a trunk. What VLAN configuration will you apply to the access layer switch to support voice traffic on VLAN 10 and data on VLAN 20?
ASW1(config-if)#switchport mode trunk ASW1(config-if)#switchport voice vlan 10 ASW1(config-if)#switchport access vlan 20 A voice VLAN allows support for both VoIP and PC data using the same access port on the switch without the need to configure a trunk to carry the traffic. Configuring support for both data and voice on the same access port requires first designating the selected switchport on ASW1 as the access port with the switchport mode access command while in interface configuration mode. You can then designate VLAN 20 as the data VLAN with the switchport access vlan 20 command, followed by the switchport voice vlan 10 command to designate VLAN 10 as the voice VLAN.
You have just started with a new company that has plans to grow their network. They also want to switch their network hardware to Cisco so that they have a single supply vendor. As part of the process they need to build an inventory of their endpoints and you need to explain to some junior administrators what they should include as an endpoint. What would best describe the hardware that would be considered an endpoint in the network?
An endpoint is going to be the source of information or the destination for some information An endpoint is either a source of information or the destination for some information. It is a good indicator of how large the network infrastructure needs to be to accommodate the users and knowing this significantly helps in planning the network.
You have just been hired to set up an automation system for the business network. The business has been growing by leaps and bounds and can barely keep up with changes as-is. As part of the process you need to provide a write up of which configuration management tool should be used. You have interviewed the staff, mostly via video conferencing as they are spread all over the country near the infrastructure they have to manage, and found out they are familiar with Ruby, Python, and even YAML. Like the staff the servers are spread around the country. You have also learned that installing any software on some systems will be problematic as they are already maxed out or locked down with security software although all are accessible via SSH. What configuration management setup would you recommend and what features would make it the ideal choice for the business to consolidate on?
Ansible would be best because it is an agentless setup and the staff are already familiar with Python and YAML, which would be used for the configuration. It also does not require centralized management which may work better for the distributed nature of the systems and staff. The staff have the language support for any one of Puppet, Chef, and Ansible, which are Ruby for Puppet, Ruby and Git for Chef, and Python and YAML for Ansible, so the language would not be a determining factor. The different configuration management tools are differentiated by their use of an Agent or by being Agentless. Because installing the agent, or software, on a system could be problematic it would probably be best to use an agentless configuration management tool. Puppet and Chef both require agents while Ansible does not.
You have been asked to give information to senior management about alternatives to passwords after a network compromise was caused by an employee not protecting their password. They are interested in technologies that can unique identify a user and is not something they can lose, can be written down, or be taken from them. What password alternative technology would you recommend?
Biometric Biometric security is using something you are, like a fingerprint or iris scan, that can uniquely identify a person and cannot be taken or lost easily as it is part of you.
Your boss wants to upgrade the business from using 100Mbps FastEthernet to using Gigabit Ethernet since most of the physical devices and endpoints can support the higher speeds. An additional incentive is that your boss wants to also be able to support PoE for future devices using Power Sourcing Equipment that had been purchased earlier but not put in use yet. However, you notice that the cabling is almost all marked as Cat 5 and you need to make a case that the cabling needs to be upgraded. What would be the benefit and capabilities of upgrading to either Cat 5e or Cat 6?
Both support the same distance limitations of Cat 5 of 100 meters. Both support 10, 100, and 1000 Mbps although Cat 6 can support a higher frequency. Both support using PoE when used with Power Sourcing Equipment. The distance limitation for all twisted pair cabling is about 100 meters so it is the same for Cat 5, Cat 5e, and Cat 6. Cat 5e and Cat 6 can both support 1000 Mbps (Gigabit) connections although Cat 6 can handle higher frequencies than Cat 5. All three, Cat 5, 5e, and 6 can support PoE when used with Power Sourcing Equipment (whether that is built into the device or an external device to provide the power).
You have ran the command to show the IPv4 routing table on a Cisco router and the following entries were displayed: 01. 172.14.0.0/16 is variably subnetted, 2 subnets, 2 masks 02. C 172.14.0.0/24 is directly connected, GigabitEthernet0/1 03. L 172.14.0.1/32 is directly connected, GigabitEthernet0/1 04. 172.16.0.0/24 is subnetted, 1 subnets S 172.16.16.0 [1/0] via 192.168.16.3 What do the individual parts of the routing table entries represent?
C, L, and S represent the Routing Code /16, /24, /32 represent Subnet Masks [1/0] represent the Administrative Distance and Protocol Metric The first column in the routing table listing contains the Routing Code where C is for connected, L is for Local, and S is for Static. The next column is the IP address or network for the connection and includes the subnet mask like /16, /24/, /32 where applicable. Next can be a description or it may show the Administrative Distance and Protocol Metric inside an open and close square bracket separated by a slash.
You have started as a new network engineer for a small business that is growing and decided they needed someone dedicated to managing their growing network. Until now they have manually added routes or configuration ad hoc until what they wanted working started to work. Upon looking at their devices, which are all Cisco, you notice the routing table has a lot of routes and all of them are Static. They have been having problems lately with some machines being unable to communicate with some other parts of the network and they have been having intermittent issues with network connectivity between different segments of the network. You realize using static routes to link everything together is probably not a good solution as their network has grown. What would be the best way to ensure connectivity between the systems and eliminate the need of using static routes between all the devices?
Configure a gateway of last resort on the network devices Although static routes can be used to manage the connections between each device it usually requires configuration on both ends. As a network grows these connections can get unmanageable. Therefore, static routes should be used for backups for route management or used where there can only be one path or connection. In this case, where some routes work and some do not and static routes have already been configured, it is probably best to use route management and configure a gateway of last resort on the network devices.
Consider a scenario where you are planning the implementation of an enterprise wireless architecture. The network will contain 8 access points connected to a central switch that in return has a connection to a wireless lan controller (WLC). The WLC connects to a Nexus switch that goes to the production network. Today you are making note of the port connections and links required for carrying traffic between all of the devices.Considering the devices being used and their connections, what configurations you will implement?
Configure the links between the access points and central switch as access ports with each access point in its own vlan Configure the link between the central switch and WLC as a trunk link to carry vlan traffic Configure LAG 802.3ad between the Nexus production switch and the WLC for redundancy Configuring network access on enterprise wireless devices incudes ensuring the access points connected to a central switch are access ports with each access point being in its own vlan. To carry the access point vlan traffic, a trunk link is configured between the wireless lan controller and the central switch. To avoid spanning-tree issues with shutting down a redundant link on the production switch, 802.3ad should be configured.
DHCP has a process that it goes through that starts with the client and results in a client contacting a DHCP server and getting network details like an IP Address, Subnet Mask, Default Gateway, etc. What are the steps in this process?
DHCP Discover DHCP Offer DHCP Request DHCP Acknowledge When a client starts it will send a DHCP Discover packet to find the DHCP Server. The server will then give a DHCP Offer saying it has the information you need and a possible address lease. The client then does a DHCP Request to accept the offer and finally the server sends a DHCP Acknowledgement. There is an easy way to remember this via the acronym DORA.
You need to configure some static IPs to names so that a local network can access a server by its name rather than the IP Address. What is the service used by your web browser in order to connect to a website that converts a Fully Qualified Domain Name (FQDN) to an IP address?
DNS The Domain Name System (DNS) is the service that can translates Fully Qualified Domain Names (FQDN) to IP Addresses. A Cisco device can be configured to provide a static address for a local named server in a network. There can be limitations based on the device resources but this can help with smaller offices, branch offices, or locations where accessing a local server by name can be advantageous.
Within your OSPFv2 network you have multiple point-to-point and multiaccess networks managed by Cisco devices. The OSPFv2 election has made some devices Designated Routers (DR) and has set others up as Backup Designed Routers (BDR). What would the other devices in the multiaccess network be set to if they are not a DR or BDR?
DROTHER Each device in an OSPFv2 network must be one of Designated Router (DR), Backup Designated Router (BDR), DR Other (DROTHER), or, if in a point-to-point network a hyphen representing that no DR or BDR is required since it is just two devices. Therefore, in multiaccess networks once a device is made a DR, and another made a BDR, the rest are labelled as DROTHER.
Consider a scenario where an intern working towards becoming CCNA certified shows you a spanning-tree topology that has four switches in total. Two are designated as Root Bridges and three are designated as the root ports. There are six links and five designated ports and the remaining ports are blocked ports. They want to know if their spanning-tree topology they created will work or have issues.Based on their topology, what area(s) will be of concern operationally?
Designated ports Root bridge A spanning-tree topology can have only one root bridge designated, two root bridges will not operate. Since there are six links, there should also be six designated ports rather than five and not achieving correct operation. The rest of the spanning-tree topology is correct.
You are working with a small network with just a couple devices and a few hosts that was configured using static routes for performance and simplicity reasons. You have been asked to add a route from one device directly to a new host system at 172.14.0.2 with netmask 255.255.255.255. What type of route would you need to create?
Host route A host route is used to create a static route directly to a host and it uses a /32 (255.255.255.255) subnet since it is going directly to the host versus a network.
A small business you work for is doing heavy AI research and is expecting to grow substantially in the next quarter and wants to build some redundancy into their internet systems to support future developers. They have multiple Cisco routers and switches and use dynamic routing protocols but they are concerned about the router that is currently configured as the gateway for all the client systems that are currently connected on the network. For this reason they want to minimize the risk from that single point of failure by having a second backup router for the connection to their internet service provider. They use DHCP for all the network connected clients so changing the IP address for the gateway shouldn't be a problem. They currently do not overload the network and only have a single ISP connection so only hardware/routing redundancy is necessary. The current network hardware is all Cisco and the future plans are to stay with Cisco hardware for all network equipment. A manager has written up some information about each of the possible solutions they have identified but they are unsure of the limitations or capabilities of the solutions. Which solution is described best and would meet the requirements necessary to add redundancy to the gateway?
Hot Standby Router Protocol (HSRP) would work for this environment since they only have Cisco hardware. It does use a virtual address which can be configured via DHCP on the clients so that is a minimal change. Load balancing or sharing is not required so the second device would be on hot standby and ready to take over should the first device fail. The First Hop Redundancy Protocols of HSRP, VRRP, and GLBP could all meet the requirements of adding redundancy to the gateway device. However, VRRP and GLBP are designed and used for networks that are more diverse and contain multiple vendors' hardware which this business does not need to support. HSRP, VRRP, and GLBP all require a virtual IP. This is because most network devices do not usually support multiple gateway IPs so adding one to DHCP would not solve the issue.GLBP is not limited to Cisco devices and its key feature of Load Balancing is not really a consideration in this case so going with the simple Cisco HSRP solution would probably be the best solution.
A junior network administrator is doing some traffic analysis on a medium sized network. They are trying to figure out which traffic they can ignore as they try to focus on problem areas. They come to you asking about link-local scope multicast IPv6 addresses since they know multicast is not the problem and want to filter them out. What could you suggest to the network administrator to help them with filtering out Ipv6 multicast packets?
IPv6 multicast addresses start with FF02 and they can filter all those out IPv6 link-local scope multicast IPs all start with FF02 and do work similar to the 224 multicast space in IPv4. Some well-known multicasts are: FF02::1 - all IPv6 devices FF02::2 - all IPv6 routers FF02::5 - all OSPFv3 routers FF02::A - all EIGRP (IPv6) routers
You have a medium sized network that have data and voice and users have been coming to you recently complaining about slow-downs in the network and worse, a senior officer of the business has just mentioned they were getting stuttering and cut-outs during their last phone call with a business partner. There are multiple Cisco routers within your local network before it goes out to the internet. You have not used any QoS on the network as it has not been a problem until recently. What QoS configuration would best reduce the risk of issues with voice traffic?
Implement classification to identify the voice traffic and then use DSCP to mark voice traffic for Expedited forwarding (46) In order to manage the traffic with QoS the first thing that must happen is to identify the traffic that needs to be prioritized. This is done via Classification (e.g., Class Maps). Then the traffic must be marked so that it can be identified per-hop within the network. The marking is done by DSCP, Differentiated Services Code Point, and we want to give it a value of 46. The value 46 is EF, Expedited Forwarding, as this will give it priority over other data by allowing it to jump to the front of the line.
You have been tasked with implementing layer 2 discovery protocols for use within an existing branch location branch 1, and a newly implemented branch location, branch 2. The requirements for branch 1 include supporting all Cisco only devices, with multi-vendor devices to be added in the future, and a layer 2 protocol that can report duplex errors and speed mismatches. The requirement for branch 2 is to be able to support a mixed vendor environment only.Based on the requirements, how would you most likely implement the layer 2 discovery protocols within the two branch locations?
In branch location 2 run LLDP only In branch location 1, enable CDP when needed using SSH and LLDP as the always on layer 2 protocol CDP is a Cisco protocol developed to obtain information about directly connected Cisco switches, routers, and other Cisco devices and can only function on Cisco specific devices. It is a best practice to enable it only when required using a secure protocol for security reasons. LLDP is an IEEE standard that can be implemented in mixed vendor environments. Both CDP and LLDP can be active at the same time if required. CDP is able to report log messages such as duplex errors and speed mismatches.
You have been asked to review your networks security policy and you notice there is not much dealing with mitigation techniques actually covered in the document. What are some mitigation techniques that should be covered?
Locking secure areas Server hardening Updating software Typical mitigation techniques include updating software, classifying data and determining its value, server hardening, and locking secure areas.
Consider a scenario where you have configured the spanning-tree protocol in a new switched network and this week you are looking at optimizing the spanning-tree protocol with the use of portfast. You will be enabling it globally and all ports have been designated as access ports.What configuration can be used to deploy Portfast?
NYACCESS1(config)#spanning-tree portfast default The Portfast mechanism is used to improve STP performance by configuring ports connected to work stations to transition directly to forwarding state bypassing the listening and learning states using the spanning-tree portfast default command in global configuration mode. This method requires all ports be designated as access ports and then disabling any ports that do not require the feature. The spanning-tree portfast command can also be used in interface configuration mode to apply the feature on a port-by-port basis.
Consider a scenario where you have been tasked with configuring support for voice and data on an end user port on switch NYCORE1. The requirement is to support IP phone data as well as a personal computer on the same access port. The data VLAN will be designated as 5 and the voice VLAN 10 and you have entered into interface configuration mode for fa1/0/15.Considering the requirements, how will you configure the NYCORE1 interface to support traffic for the IP phone and personal computer?
NYCORE1(config-if)#switchport mode access NYCORE1(config-if)#switchport access vlan 5 NYCORE1(config-if)#switchport voice vlan 10 Configuring support for both data and voice on the same access port requires first designating the selected switchport on NYCORE1 as the access port with the switchport mode access command while in interface configuration mode. You can then designate VLAN 5 as the data VLAN with the switchport access vlan 5 command, followed by the switchport voice vlan 10 command to designate VLAN 10 as the voice VLAN.
A small business wants to add some additional security to their network by allowing only certain traffic to communicate across their network. They have contracted you to help do this but they are not familiar with their Cisco networking equipment and therefore they want to know what options they have available. What are the access control lists options available on Cisco devices to control the network traffic on a device?
Named ACLs Standard ACLs Extended ACLs Cisco provides the Standard Access Control List, the Extended Access Control List, and Named Access Control list for configuring and setting up access controls for traffic on a Cisco device.
You are on a Cisco device and using the ping command you cannot access a router elsewhere in the network. After looking at the routing table you have realized there is no route configured that can get you to that device. What type of route can you configure to allow access to the other device?
Network Route When a route for a given IP does not exist, your options are to either add a Default Route or a Network Route to the routing table.
You have been brought in to diagnose an issue with a medium sized IPv4 Cisco network. The first thing you notice is that the network is very congested and every device is very loaded. They recently switched to using OSPFv2 for dynamic routing and problems started soon after. The routing table appears to be dropping the routes and this tends to happen when the load on the network is at the highest peaks during the day. What is the most likely cause of the issue and what could be done to mitigate the issue?
OSPF uses a Dead Interval timer and if it does not get its keep-alives within a specific timeframe the neighbor connection is dropped; increasing the time for the dead intervals may reduce the issue during slowdowns on the network because of the load OSPF default configuration will send keep-alives every 10 seconds to their neighbors, and failing to get 4, the dead internal, of them in a row will result in the neighbor being dropped and forced to reestablish that connection. The keep-alives sends a lot of traffic and on an overloaded network could result in the keep alive packets being delayed or lost which would then result in the neighbors disconnecting. A solution could be to increase the keep alive time which would increase the Dead Interval timing allowing the devices to stay neighbors.
You have been given the task of selecting an implementation of the Spanning-Tree Protocol (STP) for a new branch location. Your manager has requested an implementation of STP that provides a separate STP instance for each VLAN, a very high requirement of resources, and fast convergence.Considering the requirements, which STP implementation and standard will you configure on the branch location switches?
PVRST+ (Cisco enhanced) In this case PVRST+ (Cisco enhanced) would be the best implementation option as it allows a number of VLANs to use different paths through the network by manipulating and modifying the spanning-tree infrastructure. PVRST+ has a very high resource need and is fast at convergence.
You have been asked to look at an issue with a network device that is disconnecting clients from time to time. You notice it has Port Security activated and the violation option is set to shutdown. They would like to figure out what device may be causing this issue. What violation option would not shut down the port but would keep a counter of the violations so you could investigate the issue without users being fully disconnected?
Protect Protect tracks the violations and won't shut down the port but will drop the traffic. The violation count increments and doing show port security shows the violations and the number of devices trying to plug in which can help in determining what may be causing an issue.
A small business has hired you to help them transition their local network to be cloud based. They want to focus on their business processes versus the day to day technical needs of managing their growing network. They only use a couple of in-house built software applications that are already network enabled and run on their dedicated hardware. However, the developers believe it would be quite feasible to move the software to a cloud based system since their current infrastructure simulates a cloud environment already. The developers and management would like to focus only on their applications in the future and not have to worry about the hardware or any other software management. What Cloud service model would give them the flexibility of running their custom applications while removing the needs of managing even the operating system?
PaaS Since they only need to run and manage their custom applications, and want to minimize their infrastructure management, then Platform as a Service (PaaS) would give them this ability. Infrastructure as a Service (IaaS) could also work for them but that would leave them still having to manage the OS.
A small business owner has had a network attack that caused some damage to their business processes but did not compromise data. The owner wants to get revenge on the attacker and you have been asked to help. You explain that a reactive approach to the attack would probably not be beneficial and could actually cause more harm and you instead suggest the business take a proactive security posture to prevent a hacker from causing harm again in the future. What are three basic security program components from Cisco that are proactive for security?
Physical Access Controls
You are investigating the use of orchestration tools for your medium sized network so you can make a presentation to senior management. While investigating you have narrowed your search to three products, Puppet, Chef, and Ansible. You want to create mock-ups of the scripts that could potentially be used for each product for demonstration purposes. What are the script names used for the orchestration tools Puppet, Chef, and Ansible?
Puppet uses Manifests and Modules Chef uses Recipes and Cookbooks Ansible uses Playbooks and Roles Puppet scripts are referred to as Manifests and Modules where a module is a grouping of manifests. Chef uses Recipes and Cookbooks to refer to their scripts where the cookbook contains the configuration and distribution and the recipe specifies the resources and order in which they will be applied. Ansible uses Playbooks and Roles where roles are used to set the configuration of a system to a given Role while playbooks link roles to hosts.
A business wants to replace some cables that have been run years ago between two buildings. The buildings are connected via a conduit and the cables in the conduit are fiber optic. Each end appears to be an SC connector and the writing on the cable says 9/125 where you can read it. The cable is very faded and worn and this is why they need to be replaced. The distance between the two buildings is over five kilometers. What type of Fiber Optic cable has probably been used between the two buildings?
Single-mode The 9/125 means the core of the cable is 9 microns in thickness and the cable is 125 microns thick which is a Single-mode cable indication. Also, from the description the cable is travelling a distance which is more common with a Single-mode fiber optic cable which is able to go 10 to 40 kilometers.
Consider a spanning-tree topology that has four switches in total; SW1 has MAC address 0000.1111.1111 and a priority of 32768, SW2 has MAC address 0000.1111.2222 and a priority of 32768, SW3 has MAC address 0000.3333.1111 and a priority of 32786, and SW4 has MAC address 0000.1111.4444 and a priority of 32768. There are four 1GB links between each of the switches and you know there will be three root ports, four designated ports with the rest blocked, and one will become the root bridge. Based on the spanning-tree topology, which switch is most likely to become the root bridge?
Switch SW1 will be elected the root bridge Root Bridge selection is based on the switch that has the lowest priority. In this case they are all the same so the switches exchange their MAC addresses to settle the tie in priority. Switch SW1 has the lowest MAC address of 0000.1111.1111 so it wins the title of root bridge.
A business has hired you to provide networking knowledge and support to a group of developers who are creating some applications for the business. The entire app is unique to the business and is being build in-house to meet their very specific requirements. The application communicates between each employee who is running it and keeps them all informed as a manufacturing process completes. The specs and digital files that make up the final products have to be transferred from location to location so that the final product meets all the specifications. Missing a step or doing a step out of order would be catastrophic. The developers are debating the benefits of either using TCP or UDP for the network communications in the application for when data transfers from employee to employee and to managers. Which connection type would you recommend?
TCP should be used since it is connection oriented and can do automatic retransmission of segments, sequencing, and is generally used for downloads and file sharing TCP is a connection oriented connection type that can do automatic segment retransmission and uses sequences to make sure data arrives in the correct order through the network. Its primary uses are for downloads, web pages, and file sharing. In this case, where the application has to keep synchronization between the employees and they need to transfer files to and from each other during the process TCP would be the correct connection type to use. UDP is better suited to protocols that have to be fast but could potentially get data out of order or even miss some data without significantly impacting the quality, like video, audio, and voice streaming.
You have a single OSPF area configured on a small group of Cisco devices. Quite a few of the devices have multiple connections and when you look at the OSPF neighbors on one device you see it is FULL/BDR for most of the connections. However, one is a point-to-point network and is set to FULL/ - in the listing. What does FULL/ - tell you about the connection between the two OSPFv2 configured devices?
That there is only one connection between the two routers and therefore it does not have a Designated Router and Backup Designated Router since it is just the two devices When there are only two devices on a link there is no need to have a Designated Route (DR) or Backup Designated Route (BDR) for that connection. Therefore, in cases where there is only one connection, and it uses Point-to-Point between two routes, the state is displayed as FULL/ - in the OSPF neighbor listing.
You are explaining how the new Cisco DNA Center management software, software defined networking, and controllers can be used to manage the entire network infrastructure. A junior network administrator is having problems understanding how all the devices and software communicate. How would you explain the purpose of the Data Plane?
The Data Plane is lower level and is responsible for moving data from one interface to another The Data Plane runs on a lower level than the Control Plane and is responsible for moving data from one interface to another. It takes instructions and then moves the data.
A junior engineer is viewing packets as they move through the network to investigate an issue with routing from a Cisco device. They are having problems understanding how the data moves from one device to another to traverse the network. What part of the data changes as the data moves from device to device to facilitate the routing of the data through the network?
The Layer 2 MAC Address changes The Layer 2 MAC Address changes as the data moves from device to device while the Layer 3 IP address stays the same. This allows the data to move from one device to the next without losing where the data came from and where it is to be delivered.
A small business has decided to switch from wired networking to simply using wireless for their 5 employees. You have been hired to guide them with the planning of their Wi-Fi implementation. They would like to give employees the opportunity to get near gigabit speeds although most will not need it except when transferring the odd file from employee to employee. Their employees are also not very technical so they want an easy way to identify the network when employees are using it. They want to protect the data that transfer over the network with encryption. However, with so few employees they don't really have infrastructure beyond having common passwords they share already. They have no interest in purchasing advanced encryption or security hardware or software beyond what would built into a wireless device itself. What recommendation would work best for this small business in terms of their SSID, Encryption, and IEEE standard?
The SSID should simply be their business name to make identifying it easy. For the IEEE standard it sounds like 802.11ac (Wi-Fi 5) standard would be sufficient using the 2.4 & 5 Ghz frequencies. Using WPA2 PSK should give them the encryption necessary to protect their data. The SSID can be any value but should be unique to the world around you and easily identifiable to the employees so using the business name or other identifier the employees would easily recognize is recommended. The 802.1ac (Wi-Fi 5) standard at the 2.4 & 5 Ghz frequency has a max data rate of 1.3 Gbps which should be sufficient for their network use for so few employees. The 802.11n has a max data rate of only 600Mbps while 801.11ax can go to 10-12 Gbps which is probably way more than they would need. WPA2 would be recommended for the Encryption since it uses the AES encryption algorithm which is currently the most secure. However, WPA2 has two types, the PSK and Enterprise. Enterprise would require running an authentication service like RADIUS and may be more difficult to configure versus using WPA2 PSK which uses a pre-shared key to authenticate. Therefore WPA2 PSK would be sufficient for their uses.
You have been brought in to help a small business deal with an intermittent problem they are having with their network. They use the First Hop Redundancy protocol HSRP on two devices where one has the IP 192.168.1.1 and the other is 192.168.1.2. Both devices are configured and work; however, whenever the Cisco device with the 192.168.1.1 address is disconnected everyone's Internet access stops. You have checked a couple client systems and the IP for the gateway is set to 192.168.1.1. What is the most likely cause for this failure?
The clients are set to the wrong IP address and their gateway should be set to the Virtual IP address configured in the HSRP settings Hot Standby Router Protocol has to be configured with a unique third Virtual IP address that is set the same on both devices. This third virtual address must be provided as the gateway to any client systems. When one of the devices goes down the hot standby device will take over handling the traffic on the virtual device.
A small network is transitioning from using IPv4 to IPv6 for their local systems and is going to use EIGRP for the dynamic routing protocol. After running the configuration and activating the IPv6 on interface g0/0 and setting an IPv6 address everything looks good. You have confirmed that a dynamic route has been configured and that a default route has been set for the device. However, the routing does not work and diagnostics do not seem to show a working route. What step is the most likely to have been missed during the configuration of the IPv6 routing?
The configuration for IPv6 must include turning on unicast routing A common step to miss, and one that is necessary, for configuring IPv6 static and dynamic routes is to activate unicast routing on the device.
You are investigating some options for storing configuration data for local systems that will need to be accessed from multiple automation apps in the future. One format you are investigating is JSON. What best describes how data is physically stored in the JSON file format?
The data is stored in name and value pairs enclosed by braces The JSON file format is stored in plain text with a set of name and value pairs. The name and value pairs are identified by the name followed by a colon followed by a value. These name and value pairs are then enclosed by an open and close brace. The braces can be embedded into other name value pairs allowing for nesting of sets of name and value pairs.
You have been asked to plan out the network for a small business with three smaller branch offices in other countries. For compliancy reasons all outbound internet traffic from any branch must come through the main office so it can be inspected. Additionally, the Internet connection at the main office must have redundant hardware so that if one device fails, another device will manage the connection until the issue is resolved. Each branch also has their own server for storing their clients' personal data; however, any office must be able to access that servers data in order to help clients if any of the offices, including the main office, is not open. However, even if the main office goes offline, access to the data on the servers between the branch offices must still be accessible to each of the other branches. What network topology architecture would work best for the businesses requirements?
The main office should use a dual homed connection to the internet and a full mesh network should be used between the branch offices to allow full access to each other's servers The main office needs to have redundant hardware with their connection to the ISP to ensure if a device fails a secondary can take over and continue to offer Internet access. This is a Dual Homed connection. For the secondary branches each must have a connection to the others so that they can operate independently of any that may fail. If all the offices were on the same WAN then a MPLS leased line may work but this is unlikely with multi-country connectivity and any connection that requires the main office to do the routing between the offices would cause a single point of failure between the offices if/when the main office has a failure or has to go offline. Therefore, having a network between all the offices that allow each to communicate with the others independently would be a better solution which would suggest using a Full Mesh network.
Consider a scenario where you are configuring a trunk link between two access layer switches to carry traffic for 12 VLANs. Today you have an intern who is working towards obtaining their CCNA certification with you and they want to understand how the native VLAN operates on switches and asks which attributes are inherent to 802.1Q native VLANs.What responses are you most likely to provide the intern?
The native VLAN should be disabled with the shutdown command An unused VLAN should be configured to be the native VLAN on trunk links A native VLAN mismatch causes traffic to be merged between the VLANs
A junior network engineer is configuring the security on a new Cisco device that has recently arrived. The business is fairly small and after they added their three admin users to the system they noticed they have added them all with plain text passwords. They have set the privilege level to 15 so the users will have full access but the configuration using plain text passwords was done incorrectly and the junior network engineer has come to you to find out what went wrong. What should have the junior network engineer done differently when adding the users?
The password option passed into the username command should have been replaced with the option secret When adding users or setting passwords on Cisco device there is sometimes multiple options for the password. The option password generally save the password as plain text in the configuration. The option secret will encrypt the password before storing it in the configuration.
You are analysing some issues with a routing table on a Cisco router. The IP address for one line in the routing table is 2001:AC:E::1/128 [0/0]. What is the prefix and what does it represent for the IPV6 routing table entry?
The prefix is 128 and this represents a host similar to a subnet of 255.255.255.255 for an IPv4 address The 128 following the IPv6 address represents the number of bits used for the prefix. Where the number of bits after the prefix can be used for hosts. A prefix of 128 means this is a single host and is similar to a /32 or 255.255.255.255 subnet mask in IPv4.
You have been tasked with configuring 8 access points that will be integrated into an enterprise network. To start you want to plan out the configuration of security, channels, and bands and will use a wireless lan controller for management.What will most likely be included in your deployment plan for the access points?
The use of channels 1, 6, and 11 The use of WPA2 (Enterprise) with AES and 802.1x for authentication The use of 2.4 or 5.0 GHz bands The most commonly used bands within the WLAN are 2.4 and 5GHz that are split over 3 non over lapping channels 1, 6, and 11. Since this is an enterprise network, the use of WPA2 (Enterprise) with AES and 802.1x for authentication should be used for security.
A small business is using IPv4 and Cisco devices and has asked you to give their junior network administrator some information on how to use OSPF. The first question they have is what is required to get two devices that are running OSPF to become neighbors. Therefore, what do two OSPFv2 configured network devices have to share to become neighbors?
They must have the same subnet and Area ID For two OSPF configured Cisco devices to become neighbors they must be on the same subnet and have the same Area ID. For a single OSPF configuration they must be area 0 (there must always be an OSPF Area 0).
A small business has contacted you to solve some IPv4 networking issues they are having. Although they are small they need to segment their network for compliancy reasons. They operate like one business but are basically a collection of multiple independent business that act like departments where each department's internet and network traffic must be separated. This means they need a lot of small subnets, some as small as just 2 devices while others can be around 10-15 devices. How could Variable Length Subnet Masking help in their situation?
This would let them subnet a larger private class A, B, or C address range into smaller subnets more suited for each departments size and not leave unused addresses in each network Variable Length Subnet Masking (VLSM) is the process of breaking down a class A, B, or C subnet into a smaller set of addresses. Therefore, a set of 4 addresses could be assigned to a network that has only 2 devices, the extra 2 addresses are needed for the Broadcast and Network ID addresses. This allows for more subnets and vlans within a single class A, B, or C private address range thus reducing the number of wasted or unused addresses in each network.
An associate is asking you about how OSPFv2 differs from EIGRP as the business is planning on switching to OSPF. As part of the conversation you get into how OSPF uses multiple tables on the router in order to better facilitate handling dynamic routing. What are the three tables used in OSPFv2?
Topology table Routing table Neighbor table The neighbor table is used to keep a list of OSPF nighbors. The Topology table (LSDB) contains a list of subnets, routers, and links. The Routing table runs Dijkstra against LSDB to find the best route for each subnet based on "cost".
Your company recently expanded their network adding a multilayer access switch, S1, within the branch office location. VLANs 10 and 20 have been configured on S1 to carry traffic over a trunk configuration using native VLAN 100, however, with some verification commands, you discover that traffic is not being routed between two VLANs. You view the configurations applied to each switch. Code Output Switch 1: S1(config)# interface fa 0/1/23 S1(config-if)# switchport mode trunk S1(config-if)# switchport trunk encapsulation isl S1(config-if)# switchport trunk native vlan 100 Code Output Switch 2: S2(config)# interface fa 0/1/24 S2(config-if)# switchport mode trunk S2(config-if)# encapsulation dot1Q S2(config-if)# switchport trunk native vlan 100 What is the most likely cause of the two VLANs not routing traffic?
Trunk encapsulation incorrectly set on switch The trunk encapsulation needs to match on both sides of the trunk link. ISL encapsulation is an older technology that is not supported or available on newer switches. 802.1Q is the most up to date trunk encapsulation method for carrying traffic for multiple VLANs spanning across the network.
A couple employees have compromised a highly secured network by accident. They took some USB keys they found in a common lobby used by multiple businesses. They plugged the USB keys into their computers to see if they could find the owners thinking it was one of their co-workers or friends from an adjoining business within the same building. This compromise has caused a lot of problems and senior management now wants to be more proactive about threats to the network and systems. What Cisco security program component do you think would best cover this situation and train users to be proactive against issues like this in the future?
User awareness training gives users awareness of threats and attacks that can allow them to make better decisions regarding the network The three components of the Cisco security program are User Awareness, Training, and Physical Access Controls. User Awareness is training users to be aware of attack vectors and situations that could lead to compromising a system and be alert for them.
A team has been asked to setup and configure Simple Network Management Protocol on a group of local Cisco devices to help with managing and monitoring thier Cisco devices. However, the team had not used SNMP before and wants to use the minimum amount of resources but still needs to ensure they meet compliancy and business requirements. As the only one who knows about SNMP they have asked you to summarize the different versions. Which description best lays out the differences between the SNMP versions?
Version 1 offers a simple way to query devices but has no authentication or authorization. Version 2c offers the use of a Community string for authorization but it was in plain text. Version 3 offers authorization, authentication, and encryption. SNMP version 1 did not offer authentication or authorization for managing or querying a device. SNMP version 2c added support for a Community string, which was simply a password, that when used allowed authentication; unfortunately, the Community string is not encrypted and is passed over the network in clear text. Version 3 of SNMP added Authentication (users), Authorization (passwords), and encryption. It is highly recommended to use SNMP version 3 when possible.
A junior network engineer has been tasked with tracking down issues that a lot of employees are having with their wireless devices. The devices are disconnecting and not reconnecting or failing to connect to the network or resources when they move from the back offices to the conference rooms in the front of the building. They are trying to figure out where they should start debugging the issue but are stumped and thus have come to you. This is a very large network with many management layers and hardware devices supporting hundreds of wireless devices. Which network components would you suggest they start with to investigate this issue?
WLCs and APs The management of the Wireless devices and their connections to the network are through Access Points and these are managed with Wireless Lan Controllers. Therefore, a good starting point to investigate the issues would be through the WLCs and any associated APs.
A large business has hired you as a consultant to help them decide which wireless infrastructure they want to implement. They currently do not have any wireless but need it to support a variety of business growth plans. They deal with medical and personal data so the data must be protected as well as protecting any access to the physical network. They expect about 200 users and they would like to use their current RADIUS infrastructure used for authentication and in the future will want to implement biometrics. Which Wireless security protocol would you recommend then focus on for their infrastructure?
WPA2 (Enterprise) The business is large so automating the securing of the connection would be needed. They also deal with sensitive data so they should make sure they use the best encryption and authentication possible. Finally, since they already use RADIUS for authentication it would make sense to use WPA2 (Enterprise) for their wireless as they can leverage the use of RADIUS for the wireless connections.
You have a Cisco router that crashed during the night. When you arrive in the morning and connect to the console port you see it is just showing the rommom prompt. You suspect the operating system file has become corrupted and you have a backup of the file on another system. What actions could you take to recover this device?
You could use tftp and copy to get the backup operating system file from the backup system and save it to the local flash The "rommon>" prompt means the system could not boot properly and since the operating system file is suspect then restoring it from a backup system is a good idea. In order to do this you need to use the copy command and either ftp to tftp to transfer the file to the flash on the local system. The ftp or tftp action would have to take place on the local device and is done over the network.
You are working for a small business that recently purchased some Cisco switches and you have been asked to change the IPv4 address on one of the gigabit Ethernet ports. What commands would set the IPv4 address to 192.168.16.1 with a subnet mask of 255.255.255.0 from the configuration terminal for device 0 and port ID 2?
interface gigabitethernet 0/2 ip address 192.168.16.1 255.255.255.0 From the configuration terminal you need to first switch to the interface you want to configure. This is done using the command interface gigabitethernet 0/2 where 0 is the device and 2 is the port ID. You then use the ip address command followed by the IP address and subnet in one line to set the actual IPv4 address: ip address 192.168.16.1 255.255.255.0 Note, it may be necessary to do a "no shutdown" to start the port if it had not been turned on previously.
You have a branch office that had its own DHCP server; however, you now want to use the DHCP server from the main office. You are going to do this by using a relay for DHCP. A broadcast route has been configured between the two networks already and the branch office router can communicate with the main office DHCP server. What command will set up the DHCP Relay agent on the router for the local system to the DHCP server at 172.14.0.2 from the configuration menu for int g0/0?
ip helper-address 172.14.0.2 For the DHCP relay there must be a way to communicate the broadcast messages from the local branch office network to the main office DHCP server. This is configured by adding an ip route between the two networks. Then, in order to have the DHCP requests relayed it is necessary to switch to the interface that is connected to the main office branch and run the command ip helper-address with the ip address of the DHCP server.
You are configuring a very small branch office that, at the moment, only has one employee, a single dedicated static internet routable IP address, and a local server for the employee to use. On the local router you have multiple interfaces where g0/1 connects to the internet service provider. The employee has a single computer that needs to access the internet. The employee also accesses a local server on the LAN at 191.68.16.100. The employees' computer IP address is 192.168.16.10 and the internet service providers IP is 172.14.0.2. However, this is an older Cisco device and when you tried to activate PAT it caused an error. You have ordered a new device but it will be some time before it shows up. You know that NAT was used on this device before (although not PAT). What would be the easiest way to configure a NAT connection for the employee?
ip nat inside source static 192.168.16.10 172.14.0.2 Since there is one IP address and just the single employees' computer needs access to the internet it would probably be simplest to configure Static NAT. Overloading would use PAT and that is not working so overloading the interface for the use of multiple shared connections will not work. Therefore, to configure the Static NAT it is necessary to set the inside source to static and specify the local ip that will be translated to/from the ISP address: ip nat inside source static 192.168.16.10 172.14.0.2
You are configuring the default route for an IPv4 network on multiple Cisco devices. The IP address for the gateway router is 192.168.16.3. What command line statement sets the correct Gateway of Last Resort?
ip route 0.0.0.0 0.0.0.0 192.168.16.3 In order to set the Gateway of Last Resort you use the ip route command and pass in all 0's for the IP and subnet mask followed by the IP of the default gateway. The do show ip route displays the entry for this route with a star (*) beside the code.
You are looking at switching to using IPv6 on the business network since the new Internet service provider supports it. What would set an IPv6 address from the terminal in the interface configuration for gigabitethernet 0/0?
ipv6 address 2001:A0A8:10::1/64 To set an IPv6 address you must use the ipv6 command instead of the ip command. Then follow it with the keyword address followed by the IPv6 address, a slash, and the prefix.
You want to configure a dynamic routing protocol on a small business system that only has a couple Cisco routers but plans to add a few more over the next year. You decide to configure EIGRP on the network to handle the routing. What command could you run from the configuration terminal on each device to have them build neighbors and routes dynamically?
router eigrp 1 no auto-summary network 192.16.16.0 EIGRP is a very simple dynamic routing protocol and easy to configure. You first use the router command and setup eigrp, then turn off auto summary and then give it the network(s) you want to set up for neighbors:router eigrp 1 no auto-summary network 192.16.16.0 Once two or more devices are configured they will begin neighboring and log messages will show when a neighbor has been found. From the do show ip route command you should see routes with "D" in the code column representing EIGRP connections.
A network has been configured to use OSPFv2 and has a single area 0. However, when you connected to one Cisco device and run the do show ip protocols from the router configuration it has not been configured for OSPF. What command will start OSPFv2 on the router using Process ID 1 from the configuration terminal?
router ospf 1 The initial command to start configuring OSPFv2 on a Cisco device is to give the router command followed by ospf and then a process ID which must be between 1 and 65535.
You are configuring OSPFv2 and want to set the router ID to values that would be easier to identify. What command would change the router ID for a Cisco device when in the router configuration?
router-id 0.0.0.1 The command that sets the router id is router-id followed by a new A.B.C.D IP address format. This is not an IP address but an identifier so 0.0.0.1 could represent the first or primary router in the network.
An employee seems to be having problems communicating over the network. Pings are not working or working intermittently and even simple protocols like FTP are reporting errors when trying to do file transfers. Web viewing is extremely slow for some reason. You have connected to the Cisco device that is physically connected to the employee's endpoint system and know the interface is fa1/0/1. What command can show you the collision counts, duplex mode, media type, packets, configured port speed, and errors that have been identified by the Cisco device for that interface?
show interface fa1/0/1 The Cisco command show interface fa1/0/1 displays a list of details and information for the interface. Items like the duplex, speed, and media type are displayed at the top. The bottom shows details like the input and output packet counts, input and output errors, overruns, broadcasts, and collision counts.
A Cisco router seems to be dropping MAC address from the MAC table very quickly and you know the device had been configured previously for an unusual task in another department. You suspect the MAC address table aging time has been modified from the default of 5 or 10 minutes. What command will show you the MAC address table aging time?
show mac address-table aging-time The command that shows the global and VLAN MAC address table aging time is show aging-time mac address table. The time displayed is in seconds, so 300 seconds would be 5 minutes.
A small business has HSRP configured on two Cisco devices; however, one device is very old and not very powerful so they really do not want this device to handle traffic except as a backup. The interface is on vlan 1, it is using group ID 10, and the priorities on both devices have been left at their defaults. What commands should be run on the better device to ensure it takes priority whenever it is available?
standby 10 priority 110 standby 10 preempt A higher priority has to be set and the device should be set to preempt if you want a single device to take over the management when it comes up. HSRP is controlled via the "standby" command and must be followed by the group; then you can provide the term priority and a new priority value or the single command preempt to have it preempt any other device: standby 10 priority 110 standby 10 preempt