CCNA test 001
18. Which type of port removes the VLAN ID from the frame before it egresses the interface? A. Access port B. Trunk port C. Voice port D. Native port
All VLAN tagging is removed from the frame before it egresses an access port to the end device. Trunk ports carry the VLAN tagging from end to end. Voice ports tag packets only when the CoS value is modified from the default. Native ports are used when frames arrive on a trunk and do not contain any tagging information.
17. Which of the following statements does not represent the logical management of a firewall? A. All physical access to the firewall should be tightly controlled. B. All firewall policies should be documented. C. Firewall logs should be regularly monitored. D. Firewalls should allow traffic by default and deny traffic explicitly.
All physical access to a firewall should be controlled tightly so that it is not tampered with, which could allow external threats to enter the network. This control should include vendors and approved administrators. Physical access to the firewall is a security principle and therefore not a consideration for the management of a firewall. All firewall policies should be documented as a part of the firewall management process. Firewall logs should be regularly monitored for suspicious activity as part of the firewall management process. Firewalls can allow or deny traffic by default; this is a consideration when managing a firewall.
7. Which advantage(s) are gained using switches? A. Low latency B. Software switching C. High cost D. All of the above
Switches allow for low latency because frames are forwarded with ASIC hardwarebased switching and have low cost. Software switching is only used by legacy bridges and virtual switches. Software switching can actually create latency. Using a switch lowers the cost (latency); it does not raise the cost.
8. How can you identify that a file is a YAML file? A. The file begins with three dashes. B. The file begins with a hashbang preprocessor. C. The contents are contained between curly brackets. D. The contents are contained between square brackets.
A YAML file will always begin with three dashes. This is how you know you are working with a YAML file structure. Files that start with a hashbang preprocessor are normally scripts, and the hashbang describes to the operating system which command interpreter to use. A file that has its content contained between curly braces or square braces is normally a JSON file.
3. Which statement is true about collision domains? A. All computers in the collision domain have the potential to have a frame collision. B. All computers in the collision domain have the potential to receive layer 2 broadcast messages. C. All computers in the collision domain have the potential to receive layer 3 broadcast messages. D. All computers in the collision domain are set to 10 Mb/s full-duplex.
A collision domain is defined as a group of computers that can potentially have a frame collision. Adding switches that can negotiate full-duplex and forward/filter fixes these issues. The potential of receiving layer 2 and layer 3 broadcast messages can increase the number of collisions. Layer 2 and layer 3 broadcasts do not create collision domains since unicast messages can also cause collisions. It is more common to see computers in collision domains set to 10 Mb/s half-duplex, not full-duplex.
22. What is the AD of a directly connected network? A. The AD is 0. B. The AD is 1. C. The AD is 5. D. Directly connected networks do not have an AD.
A directly connected network has an administrative distance (AD) of 0 and is the most highly reliable. The administrative distance of 1 is used for static entries. The administrative distance of 5 is used for Enhanced Interior Gateway Routing Protocol summary routes. Directly connected networks have an AD of 0 that is trusted over all other router sources.
1. Which is a reason to automate a process for the configuration of several routers? A. To increase the possibility for misconfiguration B. To create an outcome that can be reproduced C. To decrease problems from the new configuration D. To allow you to do less work
A reason to automate a process for the configuration of several routers is to create a positive outcome that can be reproduced. Automating processes for configuration decreases the possibility for misconfiguration. Automation of configuration does not decrease problems from the new configuration; if anything, it automates the increase of possible problems. Although it might seem like automating a process for configuration allows you to do less work, it is not always the case.
13. Which is a requirement for the use of DHCP snooping to protect a device? A. The device is on a layer 2 switched port on the same VLAN. B. The DHCP server is running on the layer 2 switch. C. The device is on a layer 3 routed port on the same VLAN. D. Configuration of a dedicated IP address for monitoring DHCP transactions.
A requirement of DHCP snooping is that the device is on the VLAN that DHCP snooping is monitoring. There is nothing that requires the DHCP server to run on a layer 2 switch. The device that is being protected must be on a layer 2 switched port on the same VLAN and not a layer 3 routed port. DHCP snooping does not require a dedicated IP address to be configured for its operations.
10. What is a reason a network administrator would segment a network with a switch? A. Create more broadcast domains B. Create isolation of ARP messages C. Create fewer collision domains D. Isolate traffic between segments
A switch creates micro-segmentation, which in turns isolates traffic between two talking computers from other computers that are not part of the communications. This in turn increases bandwidth for the computers that are not part of the communications between the two talking computers. The creation of broadcast domains can only be achieved with the addition of VLANs and a router. The isolation of ARP messages can only be achieved by the creation of broadcast domains. Segmentation with a switch will create more collision domains, not fewer collision domains.
19. You have an Adaptive Security Appliance (ASA) and two separate Internet connections via different providers. How could you apply the same policies to both connections? A. Place both connections into the same zone. B. Place each connection into an ISP zone. C. Apply the same ACL to both of the interfaces. D. Each connection must be managed separately.
ASAs allow for zones to be created and the connections applied to the zones. This methodology allows for security rules to be applied uniformly to the outside zone. There is no such thing as an ISP zone. You can apply an ACL to the zone but not directly to the interface. Each connection can be managed by a group once it is added to the same zone.
12. What can you use to protect against spoofing of internal IP addresses on the perimeter of your network? A. ACLs B. Intrusion detection systems C. SSL D. Host intrusion detection systems
Access control lists (ACLs) are an effective way to mitigate spoofing of internal IPs from outside the trusted network. ACLs are used to control traffic by either allowing, denying, or logging traffic depending on specific conditions. An intrusion detection system (IDS) can be used to notify you if it detects an attack, but it will not prevent an attack. Secure Sockets Layer (SSL) communications offer both encryption and authentication of the data via certificate signing. This would prevent tampering of the data end to end, but it will not prevent spoofing. A host intrusion detection system (HIDS) is an application that runs on a host to detect intrusions. A HIDS is similar to an IDS, but it is all software based and resides on the host it is to protect.
21. Why are ADs used with routing tables? A. ADs define protocol standards. B. ADs define reliability of routing protocols. C. ADs allow for the shortest distance between routes. D. ADs are programmed by the administrator for path selection.
Administrative distance (AD) is an order of reliability between dynamic routing protocols and static routes. Administrative distances do not define protocol standards; they only reference them. Administrative distances do not allow for the shortest distance between routers; they allow the router to choose the best path to the destination network. Although administrative distances are programmed into route statements by administrators, they do not calculate path selection.
6. After you release a network automation script to production, which step should be completed? A. Testing B. Building C. Planning D. Monitoring
After a network automation script is released to production, the very next process should be to monitor its effects on the network. This step should already be considered with pre-built metrics so that you can positively conclude its intended function. The testing step should have been done prior to the deployment phase. The building phase is done when you are ready to test a completed configuration change. The planning phase is the first phase before anything is put into motion; it is where you have determined the metrics for the project, which determines if the changes are successful.
9. You are examining a routing table and see a route marked with S*. Which type of route is this? A. Static route B. Default route C. Dynamic route D. OSPF route
Although this is a static route, it is a very special static route called a default route or gateway of last resort. The S signifies that it is static and the * signifies that it is the default route. Most all default routes are static, but default routes can also be populated with dynamic routing protocols. The S signifies that the route is a static route; therefore, it cannot be populated with a dynamic routing protocol such as OSPF.
6. Which type of device can detect an intrusion on your network? A. Honey pots B. IDS C. IPS D. HIDS
An intrusion detection system, or IDS, can detect an attack based upon its signature. They are commonly found in firewall systems such as Firepower Threat Defense (FTD). Although similar to an IPS, the IDS will only notify someone in the event of a detection. Honey pots are server or network appliances that have been security weakened to attract bad actors so their actions and tactics can be examined. An intrusion prevention system, or IPS, can detect and prevent attacks based on their signature. They too are commonly found in firewall systems such as Firepower Threat Defense (FTD). A host intrusion detection system (HIDS) is an application that runs on a host to detect intrusions. A HIDS is similar to an IDS, but it is all software based and resides on the host it is to protect.
8. Which appliance can be used to mitigate denial of service attacks? A. Honey pots B. IDS C. IPS D. HIDS
An intrusion prevention system (IPS) will help mitigate denial of service attacks (DoS). Common features of IPS can be found in the Cisco Adaptive Security Appliance. Honey pots are server or network appliances that have been security weakened to attract bad actors so their actions and tactics can be examined. An intrusion detection system, or IDS, can detect an attack based upon its signature. They are also commonly found in firewall systems such as Firepower Threat Defense (FTD) devices. Although similar to an IPS, the IDS will only notify someone in the event of a detection. A host intrusion detection system (HIDS) is an application that runs on a host to detect intrusions. A HIDS is similar to an IDS, but it is all software based and resides on the host it is to protect.
3. Which type of device can prevent an intrusion on your network? A. Honey pots B. IDS C. IPS D. HIDS
An intrusion prevention system, or IPS, can detect and prevent attacks based on their signature. They are commonly found in firewall systems such as Firepower Threat Defense (FTD) devices. Honey pots are server or network appliances that have been security weakened to attract bad actors so their actions and tactics can be examined. An IDS is a system that can detect an attack based upon a signature. They too are found in firewall systems such as FTD devices. Although similar to an IPS, the IDS will only notify someone in the event of a detection. A host intrusion detection system (HIDS) is an application that runs on a host to detect intrusions. A HIDS is similar to an IDS, but it is all software based and resides on the host it is to protect.
14. What attack vector can be used for a man in the middle attack? A. DHCP B. DNS C. Wireless D. All of the above
Any service that allows the user to create a connection or access to information can be used as an attack vector. In the case of DHCP, the attacker will set the gateway to their IP address. In the case of DNS, the attacker could spoof a request to redirect the traffic. In the case of wireless, the attacker can spoof the Service Set Identifier (SSID).
4. Which statement is true about RIPv2 advertisements? A. RIPv2 allows for neighborship through hello packets. B. RIPv2 broadcasts only updates on all active interfaces. C. RIPv2 multicasts the full routing table every 30 seconds. D. RIPv2 multicasts the full routing table every 60 seconds.
By default, RIPv2 multicasts the full routing table on all active interfaces every 30 seconds. RIPv2 does not allow for neighborship through hello packets, such as link-state and hybrid dynamic routing protocols. RIPv2 uses multicasts, not broadcasts. RIPv2 multicasts the full routing table every 30 seconds, not every 60 seconds.
29. What is the Cisco metric for OSPF? A. 108/bandwidth B. Delay, bandwidth, reliability, load C. K metrics D. Bandwidth
Cisco uses a metric for OSPF that is calculated as 108/bandwidth. This cost value is of 100 Mb/s (reference bandwidth) divided by the interface bandwidth. Delay, bandwidth, reliability, and load are used as a composite metric with EIGRP. K metrics are used to weight the calculation of the composite metric used with EIGRP. Bandwidth is used by OSPF, but only when used with the formula of 108/bandwidth.
2. You need to configure a new static route on the existing 20 routers. Which is the best way to do this? A. Copy and paste scripts built in Notepad++ into each router. B. Copy and paste scripts built in Excel into each router. C. Create a Python script to configure each router. D. Work with a partner so that both of you can double-check each other's work and cut the time in half.
Creating a Python script to configure each router is the best way to complete this task. You can automate the process and save time since the entry of the route is a repetitious process. Copying and pasting scripts from Notepad++ or Excel into each router will require you to log into each router. Doing this increases the chances of missing a router. You could also work with a partner and start at different ends of the list, but again, this approach introduces the possibility of errors and ties up two technicians.
5. Which is a common attack method used to overwhelm services with traffic from multiple Internet sources? A. Denial of service B. Distributed denial of service C. IP address spoofing D. Session hijacking
Distributed denial of service, or DDoS, is a common attack technique used to deny others of service. It is performed by overwhelming the service with bogus traffic. When it is performed from multiple hosts on the Internet, it is very difficult to prevent and stop. A denial of service (DoS) attack is typically carried out by one source and is relatively easy to mitigate. IP address spoofing is a tactic in which the source IP address is spoofed in a packet in an attempt to bypass security. Session hijacking is an attack in which a conversation between two hosts is hijacked by an attacker.
15. Which attack can be used on a native VLAN? A. Double tagging B. VLAN traversal C. Trunk popping D. Denial of service
Double tagging is an attack that can be used against the native VLAN. The attacker will tag the native VLAN on a frame and then tag another inside that frame for the VLAN that the attacker intends to compromise. When the switch receives the first frame, it removes the default VLAN tag and forwards it to other switches via a trunk port. When the other switch receives the frame with the second VLAN tag, it forwards it to the VLAN the attacker is targeting. VLAN traversal is not an attack; it is a term to describe a VLAN traversing a trunk link between two switches. Trunk popping is not a valid attack; it is not a term used in networking, and therefore, it is an invalid answer. A denial of service (DoS) attack is an attack in which an attempt to exhaust services resources is launched to knock a service offline.
12. Which statement describes dynamic VLANs? A. The access port is switched into the respective VLAN based upon user credentials. B. The access port is switched into the respective VLAN based upon the computer's IP address. C. The access port is switched into the respective VLAN based upon the computer's MAC address. D. The access port is switched into the respective VLAN based upon security ACLs.
Dynamic VLANs are deprecated, but you may still see them in operations. A switch configured with dynamic VLANs checks a VLAN Management Policy Server (VMPS) when clients plug in. The VMPS has a list of MAC addresses to their respective VLANs. It is now recommended that dynamic VLAN installations are converted to 802.1x. The access port cannot be controlled with a VMPS based upon user credentials. The access port is also not switched into the respective VLAN based upon the computer's IP address, because the IP address is normally associated based upon the VLAN. The access port cannot be switched into a respective VLAN based upon ACLs since ACLs are used to restrict layer 3 traffic and not layer 2 traffic.
28. You have a network with varied bandwidths and need to choose a dynamic routing protocol. Which would you choose for optimal performance? A. RIPv1 B. RIPv2 C. EIGRP D. BGP
EIGRP metrics are bandwidth, delay, load, reliability, and MTU, while RIP is a distance-vector protocol and only takes hop count into consideration for the metric. BGP is not suited for optimal performance since a large amount of resources need to be dedicated for the protocol.
12. Which statement describes the micro-segmentation that a switch provides? A. All of the ports on the switch create a single collision domain. B. Each port on the switch segments broadcasts. C. Each port on the switch creates its own collision domain. D. Each port on the switch creates an isolation for layer 2 broadcasts.
Each port on a switch creates its own collision domain. An increase in collision domains raises bandwidth since each port creates its own segment (micro-segmentation) and isolates possible collisions on other ports. All the ports on a hub will create a single collision domain, in which a signal from one computer can and will collide with another. Each port on the switch will not segment broadcasts unless each port is assigned a different VLAN, which is not common practice. Although each port on a switch will create a collision domain, it does not stop layer 2 broadcasts from being forwarded to all ports.
25. Which must be configured so that EIGRP can calculate the best route? A. Bandwidth B. Delay C. Reliability D. Load
Enhanced Interior Gateway Routing Protocol (EIGRP) uses bandwidth and delay by default for calculating routes. The bandwidth should be set to the actual bandwidth of the link so that routing protocols such as EIGRP can calculate the best route. Delay cannot be set because it is a variable of the interface based upon the delay of a packet traversing the interface. Reliability cannot be set because it is a variable of the interface based upon the reliability of the link. Load cannot be set because it is also a variable of the interface, based upon the load of the interface.
9. Which structured data format closely resembles HTML? A. YAML B. JSON C. CSV D. XML
Extensible Markup Language (XML) was adopted from HyperText Markup Language (HTML) as a storage method for systems to interchange data. YAML Ain't Markup Language (YAML) is a white space structured file that is also used to store data for the interchange of information. JavaScript Object Notation (JSON) is another structured storage method for data and was originally created for use with JavaScript and gained popularity with other languages. Comma-separated values (CSV) is a flat data storage method that is popular when lists of information must be passed from system to system.
16. Which is a false statement about firewalls? A. Firewalls can protect a network from external attacks. B. Firewalls are commonly deployed to protect a network from internal attacks. C. Firewalls can provide stateful packet inspection. D. Firewalls can control application traffic.
Firewalls are not commonly deployed to provide protection from internal attacks on internal resources. They are designed to protect networks from external attacks or attacks emanating from the outside or directed toward the Internet. Firewalls normally provide stateful packet inspection. Firewalls can also control application traffic by port number and higher-layer attributes.
18. What is the reason firewalls are considered stateful? A. Firewalls keep track of the zone states. B. Firewalls keep accounting on the state of packets. C. Firewalls track the state of a TCP conversation. D. Firewalls transition between defense states.
Firewalls keep track of the TCP conversation before and after the three-way handshake. This is done so that an attack on the TCP/UDP flow is not executed; in addition, DoS attacks can be thwarted, such as a SYN flood. Zone state is terminology that is used with firewalls; therefore, it is an incorrect answer. Firewalls do not protect by keeping statistics or accounting information for the state of packets. Firewalls do not transition between defense states.
15. According to best practices, what is the proper placement of a firewall? A. Only between the internal network and the Internet B. At key security boundaries C. In the DMZ D. Only between the DMZ and the Internet
Firewalls should always be placed at key security boundaries, which can be the Internet and your internal network. However, proper placement is not exclusive to the boundaries of the Internet and internal networks. For example, it could be placed between two internal networks, such as R&D and guest networks. The demilitarized zone (DMZ) is a segment of a firewall where Internet-facing services are placed. Firewalls are normally not placed only between the DMZ and the Internet because most networks have an internal network.
7. Which is a correct statement about frames and VLANs? A. Broadcast frames are sent to ports that are configured in different VLANs. B. Unicast frames that are not in the MAC address table are flooded to all ports in all VLANs. C. The ports that link switches together must be access links. D. Frames with a destination MAC that are not in the MAC address table are flooded to only ports in the respective VLAN.
Frames with MAC addresses that are not in the MAC address table are flooded only to the ports in the respective VLAN. Broadcast frames will not be sent outside of the VLAN they originate from because they cannot traverse a router. Unicast frames are not flooded to all ports in all VLANs; they are only flooded to all ports in the VLAN the frame has originated from. The ports that link switches together are usually trunk links so that multiple VLANs can traverse the connection.
9. Which is a common attack method used to attempt to gain access to a system using a false identity? A. Denial of service B. Distributed denial of service C. IP address spoofing D. Session hijacking
IP address spoofing is a common attack method used to attempt to gain access to a system by spoofing the originating IP address. A denial of service, or DoS, attack is typically carried out by one source and is relatively easy to mitigate. Distributed denial of service, or DDoS, is a common attack technique used to deny others of service. It is performed by overwhelming the service with bogus traffic. When it is performed from multiple hosts on the Internet, it is very difficult to prevent and stop. Session hijacking is an attack in which a conversation between two hosts is hijacked by an attacker.
23. What is the AD of internal EIGRP? A. 90 B. 100 C. 110 D. 120
Internal EIGRP has an administrative distance (AD) of 90. The AD of 100 is used for Interior Gateway Routing Protocol (IGRP). The administrative distance of 110 is used for Open Shortest Path First (OSPF). The administrative distance of the Routing Information Protocol (RIP) is 120.
30. You enter a show ip route command and see the following line. What does the [110/1] identify? O 192.168.3.0/24 [110/1] via 192.168.10.6, 00:58:55, Serial0/3/1 A. AD of 110 and a 100 Mb/s link B. AD of 110 and a 10 Mb/s link C. AD of 1 and a 110 Mb/s link D. AD of 110 and a 1 Gb/s link
It identifies the administrative distance (AD) of 110 for OSPF. The cost calculation is the reference bandwidth of 100 Mb/s divided by the link bandwidth. This calculation would result in a cost of 1. The calculation of the OSPF metric is 108/bandwidth, or 100,000,000/bandwidth. Therefore, a metric of 1 would equal 100,000,000/100,000,000, and all of the other answers are wrong.
1. Which method will allow you to use RFC 1918 addresses for Internet requests? A. CIDR B. Classful addressing C. NAT D. VPN
Network address translation (NAT) was created to slow the depletion of Internet addresses. It does this by translating RFC 1918 privatized addresses to one or many public IP addresses. It allows the packets to masquerade as the public IP address on the Internet until it is translated back to the private IP address. Classless Inter-Domain Routing (CIDR) is a notation used to express the network for a host. Classful addressing is the original addressing scheme for the Internet. Virtual private networks (VPNs) are used for remote access.
7. Which method can be used to stop ping sweep scans? A. Deploying host intrusion detection systems B. Deploying network intrusion detection systems C. Blocking RFC 1918 addresses at the perimeter D. Blocking ICMP echo requests and echo replies at the perimeter
Ping sweep scans are used by attackers to discover hosts on a network. The scan sends a flood of ICMP echo requests to the perimeter network and awaits echo replies. When ICMP is blocked at the perimeter, an attacker would not be able to scan the network via ICMP. Although deploying a host intrusion detection system (HIDS) and intrusion detection system (IDS) is a good idea, these systems will only notify you of a ping sweep scan and will not prevent it. Blocking RFC 1918 addresses at the perimeter is also a positive security measure. However, RFC 1918 addresses are not Internet routable, and this measure does not prevent an internal ping sweep scan.
5. Which multicast address does RIPv2 use for advertising routes? A. 224.0.0.5 B. 224.0.0.9 C. 224.0.0.6 D. 224.0.0.2
RIPv2 uses the multicast address 224.0.0.9 to advertise routes. The multicast address 224.0.0.5 is used by OSPF for hello messages. The multicast address 224.0.0.6 is also used by OSPF for hello messages for designated routers (DRs) and backup designated routers (BDRs). The multicast address 224.0.0.2 is a special multicast group for all routers and it is not used by any particular routing protocol.
2. How are routers managed with interior gateway protocols? A. Routers are grouped into autonomous systems. B. Routing protocols are redistributed between ASs. C. All routers use the same interior routing protocol. D. All network IDs are advertised with the same autonomous system number.
Routers are grouped into the same autonomous system (AS). When they are within the same AS, they can exchange information such as routes to destination networks and converge their routing tables. Routing protocols are not normally redistributed between ASs because the network is usually managed as one AS. All routers do not necessarily use the same routing protocols; many different portions of the network can use different protocols. All network IDs are not advertised with the same autonomous system number. Routers are normally grouped into one AS logically, such as an organization. Inside that organization (AS), many different autonomous system numbers can be used.
7. Which routing protocol will not contain a topology of the network? A. EIGRP B. RIP C. OSPF D. BGP
Routing Information Protocol (RIP) does not contain a topology table. RIP compiles its table from multiple broadcasts or multicasts in the network from which it learns routes. However, it never has a full topological diagram of the network like OSPF, EIGRP, and BGP.
10. Which method would prevent tampering of data in transit? A. Access control lists (ACLs) B. Spoofing mitigation C. SSL D. Encryption of the data
Secure Sockets Layer (SSL) communications offer both encryption and authentication of the data via certificate signing. This would prevent tampering of the data end to end. Access control lists (ACLs) are used to control traffic by either allowing, denying, or logging traffic depending on specific conditions. Spoofing mitigation is the action of inspecting the source IP addresses of a packet to block packets from outside the network spoofing internal addresses. Encryption of the data alone will not prevent tampering; SSL provides encryption and authentication.
20. Why should servers be placed in the DMZ? A. To allow unrestricted access by Internet clients B. To allow access to the Internet and the internal network C. To allow the server to access the Internet D. To restrict the server to the Internet
Servers should be placed in the DMZ so they can access both the inside zone and the outside zone. This will allow a server, such as a web server, to allow client access from the Web (outside). Rules could also be applied so that the server (for example, a database server) could allow access to data from within the internal network (inside). Placing the servers into the DMZ will give you the flexibility to apply rules for external access on the Internet and rules for internal access on the internal network.
9. Static VLANs are being used on a switch's interface. Which of the following statements is correct? A. Nodes use a VLAN policy server. B. Nodes are assigned VLANs based on their MAC address. C. Nodes are unaware of the VLAN in which they are configured. D. All nodes are in the same VLAN.
Static VLANs are VLANs that have been manually configured vs. dynamic VLANs that are configured via a VLAN Membership Policy Server (VMPS). A node will not know which VLAN it is assigned to when it is statically set via the command switchport access vlan 3. Nodes use a VLAN Membership Policy Server (VMPS) if the VLAN is dynamically configured. Nodes are not assigned VLANs based on their MAC addresses when they are statically configured. All nodes are not necessarily in the same VLAN when static VLANs are being used.
19. When a static route is made, what is the default AD? A. AD of 1 B. AD of 0 C. AD of 2 D. AD of 255
Static routes are highly trusted routes, since an administrator created them. Therefore, they have the lowest administrative distance (AD) with a number of 1. The administrative of 0 is used for connected interfaces. The administrative distance of 2 is a wrong answer and does not map to a route source. The administrative distance of 255 is reserved for unknown sources and is entered into the route process.
10. You are examining a routing table and see the entry in the following exhibit. What does the 4 in the underlined number represent? R 172.16.2.0 [120/4] via 1.1.1.13, 00:13:24, FastEthernet0/1 A. The 4 represents the administrative distance. B. The 4 represents the protocol. C. The 4 represents the metric. D. The 4 represents the position in the routing table.
The 4 represents the metric for this route statement. Since this is a RIP entry, the metric is the number of hops for this particular route. The administrative distance is 120 in the exhibit. The protocol in the exhibit is RIP. The position in the routing table cannot be derived from a single statement in the routing table.
2. Which term describes the area accessible to the Internet yet protected by the corporate firewall? A. DMZ B. Perimeter C. Internal D. Trusted
The DMZ is an area that is protected by the corporate firewall. The DMZ area is in between the perimeter network and the internal network. However, it allows servers such as web servers, email servers, and application servers to be accessible via the Internet. The perimeter area, or perimeter network, is outside of the corporate firewall. The perimeter area generally holds equipment necessary for routing to the ISP. The internal area is the area or network inside of your organization. A trusted area is an area or network that has a high level of trust; generally your internal area is a trusted area.
6. Which component acts as a distribution switch for the physical data center? A. Top of Rack switch B. End of Row switch C. Core switch D. Virtual switch ^
The End of Row (EoR) switch acts as a distribution switch for the Top of Rack (ToR) switches. A ToR switch will sit at the top of the rack and create an access method for all the equipment in the rack. Core switch is a term used for the aggregation and core switching functions of all the distribution switches. Virtual switch is a term used for switching inside of a hypervisor, in which software switching occurs.
13. Which route statement is configured when an IP address of 203.80.53.22/19 is configured on an interface? A. S 203.80.16.0/19 is directly connected, Serial 0/0/0 B. S 203.80.32.0/19 is directly connected, Serial 0/0/0 C. S 203.80.48.0/19 is directly connected, Serial 0/0/0 D. S 203.80.53.22/19 is directly connected, Serial 0/0/0
The IP address of 203.80.53.22/19 belongs to the network of 203.80.32.0/19. No other answers are correct because they do not belong to the 203.80.32.0/19 network.
7. Which element of YAML defines a key-value pair? A. Definition B. Mapping C. Lists D. Keys
The YAML Ain't Markup Language (YAML) markup language uses mapping to define keys and values as pairs. Definition is not a term used with YAML; therefore, option A is an invalid answer. Lists are keys with multiple values in the form of a list. Keys are categories that contain a value in the key-value pair.
9. When configuring dynamic NAT, why must you configure an access list? A. The access list allows incoming access from outside global addresses. B. The access list allows outgoing access from inside local addresses. C. The access list allows outgoing access from outside local addresses. D. The access list allows outgoing access from inside global addresses.
The access list is used to identify IP addresses that are allowed to pass through the NAT process; these are considered the inside local addresses. The access list does not restrict incoming access from the outside global. The access list does not restrict outgoing access from the outside local. The access list does not restrict outgoing access from the inside global.
10. A switch is configured with a single VLAN of 12 for all interfaces. All nodes autonegotiate at 100 Mb/s full-duplex. What is true if you add an additional VLAN to the switch? A. The switch will decrease its bandwidth due to overhead. B. The switch will increase its count of collision domains. C. The switch will now require a router. D. The switch will increase its bandwidth due to broadcast domains.
The addition of another VLAN will increase the effective bandwidth by adding additional broadcast domains. A router is required to route between VLANs. However, it will not be required if you are logically partitioning the switch via VLANs. The switch will not necessarily increase the count of collision domains.
5. Which management methodology is commonly used by developers for network automation? A. Lean and Agile B. Waterfall C. Kanban D. Scrum
The management methodology that is commonly used by developers for network automation is Lean and Agile. Agile focuses on an adaptive approach for simultaneous workflows, such as the configuration of a default route on several routers. The Waterfall management methodology is used for projects in a linear process that does not allow for going back to a prior phase. The Kanban management methodology is used to improve existing processes. Scrum is primarily focused on getting more work done more quickly.
24. What is the definition of route statement AD? A. The AD is a metric that routing protocols use to select the best route. B. The AD is a value assigned by network administrators for route selection. C. The AD is a rating of trust when multiple routes exist to the same destination. D. The AD is a value associated with the cost to the destination.
The administrative distance (AD) is a rating of trust between different routing protocols and route methods. This trust scale is important when multiple routes exist to the same destination. Directly connected routes have ADs with the highest level of trust. Route statements populated by the same dynamic routing protocol will be calculated for the best route upon their metric and not their administrative distance. The administrative distance is not assigned by the administrator for route selection. The administrative distance value is not associated with the cost to the destination, only the trust of a route statement.
26. You perform a show ip route on the router and see several routes with an AD of 90. Which routing protocol has generated these route statements? A. IGRP B. OSPF C. EIGRP D. RIP
The administrative distance (AD) of EIGRP is 90. The most common ADs are 90 for EIGRP, 100 for IGRP, 110 for OSPF, and 120 for RIP. The mnemonic of 90 Exotic Indian Oval Rubies will help you remember the order; then starting with EIGRP with a value of 90, increment the following values by 10.
20. What is the AD of RIP? A. AD of 90 B. AD of 100 C. AD of 110 D. AD of 120
The administrative distance of the Routing Information Protocol (RIP) is 120. The administrative distance of 90 is used for internal Enhanced Interior Gateway Routing Protocol (EIGRP). The administrative distance of 100 is used for Interior Gateway Routing Protocol (IGR). The administrative distance of 110 is used for Open Shortest.
19. Which of the following is a true statement about static access ports? A. An access port can carry VLANs via tagging. B. A client computer can request the VLAN to be placed in. C. A client computer cannot see any VLAN tagging information. D. A client computer can see the VLAN tagging information.
The client computer connected to an access port cannot see any VLAN tagging information. It is removed before the frame egresses the interface. An access port cannot carry VLAN tagging information because it is stripped. The client computer cannot request the VLAN that it wants to operate in. The administrator must manually configure the VLAN. A client computer cannot see the VLAN tagging information because it is stripped out as it egresses an access port.
10. Which command will wipe out all current NAT translations in the NAT table? A. Router#no ip nat translation B. Router#clear ip nat translation C. Router#clear ip nat translation * D. Router#clear ip nat
The command clear ip nat translation * will clear all IP NAT translations out of the NAT table. The asterisk is used as a wildcard for all addresses. You can alternatively specify a specific inside or outside NAT address. The command no ip nat translation is incorrect. The command clear ip nat translation is incorrect. The command clear ip nat is incorrect.
6. Which command will display an overview of the current number of active NAT translations on the router, as well as other overview information? A. Router#show ip nat translations B. Router#show ip nat summary C. Router#show ip nat status D. Router#show ip nat statistics
The command show ip nat statistics will display an overview of the number of active NAT translations on the router, as well as other statistical information for the NAT process. In addition, it will provide you with the current inside and outside interfaces. The command show ip nat translations will allow you to view the active NAT translations on the router. The command show ip nat summary is incorrect. The command show ip nat status is incorrect.
5. Which command will allow you to view the NAT translations active on the router? A. Router#show ip nat translations B. Router#show nat translations C. Router#debug ip nat translations D. Router#show translations nat
The command show ip nat translations will allow you to view the active NAT translations on the router. The command show nat translations is incorrect. The command debug ip nat translations will turn on debugging for NAT. The command show translations nat is incorrect.
11. Which command will allow you to verify routes line by line in a subset of the general route statement? A. Router#show ip route 160.45.23.0 255.255.255.0 longer-prefixes B. Router#show ip route 160.45.23.0 255.255.255.0 C. Router#show ip route bgp D. Router#show ip route
The command show ip route 160.45.23.0 255.255.255.0 longer-prefixes will detail all of the specific routes contained in the route for 16.45.23.0/24. The command show ip route 160.45.23.0 255.255.255.0 will show the specific route of 160.45.23.0/24. The command show ip route bgp is not a valid command. The command show ip route will show the entire route table.
6. Which command(s) will delete a VLAN? A. Switch(config)#vlan database Switch(config-vlan)#no vlan 9 B. Switch(config)#vlan database Switch(config-vlan)#delete vlan 9 C. Switch(config)#no vlan 9 D. Switch(config)#vlan 9 delete
The command to delete VLAN 9 is no vlan 9 configured from a global configuration prompt. The command no vlan 9 configured from a VLAN prompt is incorrect. The command delete vlan 9 is incorrect. The command vlan 9 delete is incorrect.
20. You have been tasked to configure an interface with a VLAN ID of 8 and support a VoIP phone on VLAN 6. Which commands would achieve the goal? A. Switch(config-if)#switchport vlan 8 Switch(config-if)#switchport vlan 6 voip B. Switch(config-if)#switchport mode access vlan 8 Switch(config-if)#switchport voice vlan 6 C. Switch(config-if)#switchport access vlan 8 Switch(config-if)#switchport voice vlan 6 D. Switch(config-if)#switchport access vlan 8 voice 6
The command used to configure an access port for VLAN 8 is switchport access vlan 8, and the command to configure the VOIP phone is switchport voice vlan 6. The command combination of switchport vlan 8 and switchport vlan 6 voip is incorrect. The command combination of switchport mode access vlan 8 and switchport voice vlan 6 is incorrect. The command switchport access vlan 8 voice 6 is incorrect.
3. What is the maximum hop count for RIP? A. 15 hops B. 100 hops C. 255 hops D. 16 hops
The maximum hop count for RIP is 15. A hop count over 15 hops is considered unroutable or unreachable, so the other options are incorrect.
16. You have created a VLAN for the Research department. Now you need to configure an interface on the switch for the newly created VLAN. Which command will configure the interface for the respective VLAN? A. Switch(config-if)#switchport vlan research B. Switch(config-if)#switchport access vlan research C. Switch(config-if)#switchport access vlan 9 D. Switch(config-if)#switchport vlan 9
The correct command is switchport access vlan 9. This command entered into the interface configuration prompt for the respective interface will place that interface in VLAN 9. When you're configuring an interface for a VLAN, only the VLAN number can be used; therefore, the commands switchport vlan research and switchport access vlan research are incorrect. The command switchport vlan 9 is incorrect.
14. When firewalls are placed in a network, which zone contains Internet-facing services? A. Outside zone B. Enterprise network zone C. Demilitarized zone D. Inside zone
The demilitarized zone (DMZ) is where Internet-facing servers/services are placed. The outside zone is where the public Internet connection is connected and it is the least trusted. The enterprise network zone is considered the inside zone. The inside zone is considered to be the highest trusted network because it is the internal network that you control.
5. What is the extended VLAN range? A. VLAN 1002 to 4096 B. VLAN 1006 to 4096 C. VLAN 1006 to 4094 D. VLAN 1006 to 4092
The extended VLAN range is VLAN 1006 to 4094. The normal usable VLAN range for Cisco is 1 through 1001. VLANS 1002 to 1005 are reserved for Fiber Distributed Data Interface (FDDI) and Token Ring and cannot be deleted.
3. Which is a benefit to converting a network from a flat layer 2 network to a routed layer 3 VLAN-enabled network? A. Increased collision domains for increased bandwidth B. Reduced complexity of design and operations C. Flexibility of user management and design D. Decreased number of broadcast domains for increased bandwidth
The flexibility of design for workgroups of clients, servers, services, etc. and the ongoing management of moving and adding people is a benefit of a routed VLANenabled network. Migrating from a flat layer 2 network to a routed layer 3 network will not increase collision domains for increased bandwidth. When you add a layer 3 routed infrastructure to your flat layer 2 network, the network complexity of design and operation will increase. You will increase the number of broadcast domains for increased bandwidth when you add multiple routed VLANs.
4. When dealing with firewalls, the term trusted network is used to describe what? A. Internal network B. The Internet C. The DMZ D. A network with SSL
The internal network is defined by the firewall. Anything protected by the firewall on the internal network is considered to be the trusted network. The Internet is an untrusted network, because it is outside of your control and outside of your organization. The DMZ area is in between the perimeter network and the internal network. A network with SSL encryption is not considered trusted; it is considered encrypted. A network with SSL can travel over an untrusted network such as the Internet.
12. Examining the show ip route statement in the exhibit, which will be the next hop for a destination address of 192.168.1.5? Router #show ip route [outpost cut] 192.168.1.0/24 is subnetted, 1 subnets C 192.168.1.0/24 is directed connected, serial 0/0 O 192.168.1.0/24 [110/421356] via 172.26.1.200, 00:00:33, Ethernet 0 R 192.168.1.0/24 [90/2] via 172.16.1.100, 00:00:16, Ethernet 0 A. The gateway 172.16.1.200 B. The exit interface Serial 0/0 C. The gateway 172.16.1.100 D. The exit interface Ethernet0
The network of 192.168.1.0/24 is directly connected via Serial 0/0. The packet will be delivered out the exit interface of Serial 0/0. The administrative distance (AD) is the lowest on directly connected routes. The gateway address of 172.16.1.200 would only be valid if the example in the exhibit was only using OSPF. The gateway of 172.16.1.100 would only be valid if the example in the exhibit was only using RIP. The exit interface of Ethernet0 is valid for OSPF and RIP routing.
18. You need to create a route for 205.34.54.85/29 with the next hop being 205.34.55.2. Which command would create this route? A. Router(config)#ip route 205.34.54.85/24 205.34.55.2 B. Router(config)#ip route 205.34.54.85 255.255.255.248 205.34.55.2 C. Router(config)#ip route 205.34.54.85 255.255.255.240 205.34.55.2 D. Router(config)#ip route 205.34.55.2 255.255.255.248 205.34.54.85
The network of 205.34.54.85/29 is written out as 205.34.54.85 255.255.255.248. The next hop is 205.34.55.2, so the command would be ip route 205.34.54.85 255.255.255.248 205.34.55.2. The command ip route 205.34.54.85/24 205.34.55.2 is invalid because it is not normally entered with a CIDR notation. The command ip route 205.34.54.85 255.255.255.240 205.34.55.2 is invalid because the network mask is wrong when written out in dotted-decimal format. The command ip route 205.34.55.2 255.255.255.248 205.34.54.85 is invalid because the next hop and the network are in the wrong place on the command.
8. What is the normal range of VLANs that can be modified on a Cisco switch with default configuration? A. VLAN 1 to 1002 B. VLAN 1 to 1001 C. VLAN 2 to 1002 D. VLAN 2 to 1001
The normal range of VLANs on a default Cisco switch is VLAN 1 to 1001. However, VLAN 1 cannot be modified, so option D is the correct answer. All other options are incorrect.
2. What is the normal range for VLANs before you must use extended VLAN IDs? A. VLAN 1 through 1001 B. VLAN 1 through 1002 C. VLAN 1 through 1005 D. VLAN 2 through 1002
The normal usable VLAN range for Cisco is 1 through 1001. VLANS 1002 to 1005 are reserved for Fiber Distributed Data Interface (FDDI) and Token Ring and cannot be deleted. The extended VLAN range is 1006 to 4096 used for Ethernet VLANs only.
3. Which is the number one motivating factor to use network automation? A. Reduce the number of changes to be made B. Reduce the complications that arise from changes C. Reduce the human error factor D. Reduce the planning time for the changes
The number one motivating factor to use network automation is to reduce the human error factor when creating bulk changes. Network automation will not reduce the number of changes to be made. As an example, an updated ACL on all the routers will still need to be updated on all the routers. Network automation also does not reduce the complications that arise from changes; it actually increases them. Network automation also increases the planning time for changes. A network automation script can change everything rapidly; if it's wrong, it can even lead to an outage of services.
15. You are examining a routing table and see the entry in the following exhibit. What does the underlined number represent? R 172.16.2.0 [120/4] via 1.1.1.13, 00:13:24, FastEthernet 0/1 A. The number represents the current time. B. The number represents the delay in microseconds of the connection. C. The number represents the time the route has been in the routing table. D. The number represents the time the interface has been up.
The number represents the time the route had been in the routing table and signifies when the route had last been updated. This route is populated via a dynamic routing protocol; when the protocol updates the route, it will be reset to zero. The time represented in this exhibit is not the current time. The delay is not represented in the form of time; it is normally a component of the metric. The route statement will not display the amount of time an interface or route has been up.
1. Which term describes the outside of the corporate firewall? A. DMZ B. Perimeter C. Internal D. Trusted
The perimeter area, or perimeter network, is outside of the corporate firewall. The perimeter area generally holds equipment necessary for routing to the ISP. The DMZ is in between the perimeter network and the internal network. The internal area is the area or network inside of your organization. A trusted area is an area or network that has a high level of trust; generally your internal area is a trusted area.
8. Which is a correct statement when hubs are replaced with switches? A. The replacement increases collision domains. B. The replacement decreases collision domains. C. The replacement increases broadcast domains. D. The replacement decreases broadcast domains.
The replacement of hubs with switches increases collision domains and effectively increases bandwidth. The replacement of switches with hubs can decrease the number of collision domains, creating a much larger collision domain. The replacement of hubs with switches has no effect on broadcast domains. Broadcast domains would only be affected if a router was introduced.
27. Which statement is true when there are multiple route statements from different routing protocols for the same destination network? A. The route is chosen with the highest AD. B. The route chosen has the lowest metric. C. The route is chosen with the lowest AD. D. The route chosen has the highest metric.
The routing protocol with the lowest administrative distance (AD) is always chosen. Within that protocol, if there are multiple routes to the same network, then the lowest metric is chosen. The route is chosen with the lowest administrative distance, not the highest administrative distance. The route with the lowest metric will be selected as the best route, but only when within the same routing protocol. The route with the highest metric will not be selected as the best route.
1. Which is a reason for using a dynamic routing protocol? A. You have a network with only a few routers and subnets per branch. B. You have a network with only a few VLANs and one router. C. You have a network with a large number of VLANs and only one router. D. You have a network with a few subnets and many routers.
The scalability of routes between routers should always be considered when choosing a static routing design vs. a dynamic routing design. A few subnets over many routers creates a lot of work when a new subnet is created and static routing is being used. However, when one router is being used, the administrative overhead is low.
8. Which routing loop avoidance method is used by routers to prevent routing updates from exiting an interface in which they have been learned? A. Routing to infinity B. Route poisoning C. Holddowns D. Split horizon
The split horizon method prevents routing updates from exiting an interface in which they have been learned. This stops false information from propagating in the network, which can cause a routing loop. Routing to infinity is a way of advertising a downed route as unreachable because of the number of hops. Route poisoning is similar to routing to infinity as it advertises a downed route as over the routable hop count. Holddowns can help stabilize a network by holding off changes until a specific amount of time has passed.
9. Which is a function of a layer 2 switch? A. Forwarding the data based upon logical addressing B. Repeating the electrical signal to all ports C. Learning the MAC address by examining the destination MAC addresses D. Determining the forwarding interfaces based upon the destination MAC address and Tables
The switch learns MAC addresses based upon incoming ports and examination of the source MAC address. It will build a MAC address table for future lookups. It then determines forwarding interfaces based upon the destination MAC address contained in the frame. Forwarding of data is based upon physical addresses "burned" into the network interface card (NIC) called MAC addresses. Repeating electrical signals to all ports describes how a dumb hub would operate. MAC addresses are learned by the source MAC address on incoming frames to the switch, not the destination frames.
4. You have configured a new VLAN 9 and applied it to the interface. However, you find that the computer still remains in VLAN 1. What is the problem? Refer to the following exhibit. Switch#sh run Building configuration... [output cut] ! interface FastEthernet0/2 switchport access vlan 9 switchport mode trunk switchport nonegotiate spanning-tree portfast ! A. The switch port is configured with switchport nonegotiate. B. The switch port is configured as a trunk and dot1q trunking is intervening. C. The switch port is configured as a trunk and the native VLAN is VLAN 1. D. Spanning-tree PortFast is configured and defaulting to VLAN 1.
The switch port is configured as a trunk, but since the computer was originally in VLAN 1 and the native VLAN of the interface is VLAN 1 by default, all traffic untagged was directed to the native VLAN. The command switchport nonegotiate will prevent the switch port from generating Dynamic Trunking Protocol (DTP) packets but will not prevent it from statically being assigned as a trunk link. The switch port will not form a trunk because the client is not configured to tag packets with 802.1q VLANs. Spanningtree prevents switching loops and does not assist in tagging packets or directing data onto VLANs.
17. You are installing a VoIP phone on the same interface as an existing computer. Which command will allow the VoIP phone to switch traffic onto its respective VLAN? A. Switch(config-if)#switchport voice vlan 4 B. Switch(config-if)#switchport vlan voice 4 C. Switch(config-if)#switchport voip vlan 4 D. Switch(config-if)#switchport access vlan 4 voice
The switchport voice vlan 4 command will configure the interface to switch traffic with a CoS value of 5 (set by the phone) to the voice VLAN of 4. The command switchport vlan voice 4 is incorrect. The command switchport voip vlan 4 is incorrect. The command switchport access vlan 4 voice is incorrect.
4. What is the term that is used to describe the framework responsible for assisting in network automation? A. NetOps B. DevOps C. SysOps D. SecOps
The term DevOps is used to describe the framework responsible for assisting in network automation. It is usually written in conjunction with network operations, but it is considered a development function using the DevOps framework. The term NetOps refers to the network operation team's responsibility. The term SysOps is used to describe the control of network systems such as DNS, Active Directory (AD), and DHCP, just to name a few. The term SecOps refers to the security operation as it pertains to the network.
14. In the following exhibit, what does the top line of the output represent? Router# s hip route [output cut] 10.0.0.0/8 is variably submitted, 3 subnets, 2 masks C 10.0.0.0/16 is directly connected, serial 0/2/0 L 10.0.0.0/32 is directly connected, serial 0/2/0 S 10.0.0.0/16 [1/0] via 192.168.4.2 A. The 10.0.0.0/8 is a route in the routing table. B. The 10.0.0.0/8 is a summarization of the routes in the table. C. The 10.0.0.0/8 is the router's network address. D. The 10.0.0.0/8 has been populated from another router.
The top line in the exhibit is the summarization of all three routes below. This is also called a supernet, since it is the opposite of a subnet and groups networks together rather than dividing them. It groups the networks that are independently routable into one statement, summarizing them. The 10.0.0.0/8 is not a route in the routing table; the routes are grouped under this summarization. The 10.0.0.0/8 is a network address and therefore cannot be the router's network address. The 10.0.0.0/8 is not populated from another router directly; it is summarized from the routes learned from other routers.
1. You are trying to reprovision a switch in a different part of your network. However, you still see the old VLANs configured from the old network. How can you rectify the problem? A. Upgrade the IOS. B. Type erase startup-config, confirm it, and reload. C. Type clear vlan, confirm it, and reload. D. Delete the vlan.dat, confirm it, and reload.
The vlan.dat is the database for VLANs configured on a switch either manually or through VTP. It is persistent even if config.text (startup-configuration) is deleted. You must manually delete the vlan.dat. Upgrading the IOS will not delete the vlan.dat. Typing erase startup-config, confirming it, and reloading will not remove the current vlan.dat. Typing clear vlan will not remove the current vlan.dat.
11. A rouge wireless access point (WAP) is created with the same SSID as the corporate SSID. The attacker has employees connect to the SSID and watches the information as it's relayed to the original SSID. What type of attack is described here? A. Smurf attack B. Compromised key attack C. Sniffer attack D. Man in the middle attack
This attack is called a man in the middle attack. The attacker sits in the middle of communications and relays it back while capturing it and possibly modifying it. A Smurf attack is an attack where a number of computers are told to respond to a victim IP address via a spoofed packet. A compromised key attack involves a key pair that has been tampered with or copied, such as SSL or SSH key pairs. A sniffer attack is a passive attack where an attacker will collect packets with a network sniffer for later playback or analysis.
15. Which is a benefit of implementing VLANs with a layer 3 router? A. VLANs can span multiple switches. B. Implementing routed VLANs will decrease the broadcast domains. C. ACLs can be employed to secure VLANs. D. All of the above.
When layer 3 (routed VLANs) is implemented, it allows for a more secure network with the use of ACLs applied to the VLAN interface. A single VLAN spanning multiple switches is a benefit of implementing VLANs and not routed VLANs. When you implement VLANs, you will increase the number of broadcast domains.
A. RouterA(config-router)#passive interface serial 0/3/0 RouterB(config-router)#passive interface serial 0/3/0 B. RouterA(config)#ip route 192.168.4.0 255.255.255.0 serial 0/3/1 RouterB(config)#ip route 192.168.1.0 255.255.255.0 serial 0/3/1 C. RouterA(config-router)#cost 2 serial 0/3/0 RouterB(config-router)#cost 2 serial 0/3/0 D. RouterA(config-if)#metric 2 serial 0/3/0 RouterB(config-if)#metric 2 serial 0/3/0 ^
To route packets over the higher-speed link, you would need to configure a static route for both Router A and Router B. If these links went down, then the lower-speed link would become active. This is due to administrative distance. Configuring passive interfaces on Router A and Router B will only restrict the two routers from trading their route tables between each other. Setting the cost on the interface will not affect the routing with RIPv2. You cannot set the metric of 2 for each of the routers; it is an invalid command.
13. You have changed the name of VLAN 3, and you now want to check your change. Which command will you enter to verify the name change? A. Switch#show vlans B. Switch#show interface vlan 3 C. Switch#show run D. Switch#show vlan id 3
To verify a VLAN name change, you would use the command show vlan id 3. This would only show you the one VLAN configured in the database. The command show vlans is incorrect because the command is not plural; it is singular, show vlan. It will give you a complete listing of all VLANs. Performing a show interface vlan 3 would not display the friendly name. The command show run will not display the VLAN database, unless the switch is configured in transparent mode.
11. What is a direct benefit of adding VLANs? A. An increase of broadcast domains while decreasing collision domains B. An increase of broadcast domains while increasing collision domains C. A decrease of broadcast domains while decreasing collision domains D. A decrease of broadcast domains while increasing collisions domains
When adding VLANs, you immediately increase the number of broadcast domains. At the same time, you increase collision domains. If a switch had 12 ports and they all negotiated at 100 Mb/s half-duplex (one collision domain), when a VLAN is added you will automatically create two collision domains while adding an additional broadcast domain.
16. In the following exhibit is a copy of the running-config. What is the next hop for a destination address of 192.168.4.85? Router# show run ! [output cut] Ip route 0.0.0.0 0.0.0.0 serial 0/2/0 Ip route 192.168.4.0 255.255.255.0 serial 0/0/1 Ip route 192.168.5.0 255.255.255.0 192.168.4.2 Ip route 10.20.0.0 255.255.0.0 192.168.4.2 Ip route 192.168.0.0 255.255.0.0 198.22.34.3 A. Interface Serial 0/2/0 B. IP address 192.168.4.2 C. Interface Serial 0/0/1 D. IP address 198.22.34.3
When routers select the next hop, the rule of most specific first is always used. Since there are three routes to 192.168.4.0/24 (including the gateway of last resort), the most specific of 192.168.4.0/24 via Serial 0/0/1 is selected. The interface Serial 0/2/0 would only be right if the destination address was not in the other route statements. The IP address of 192.168.4.2 would only be right if the destination address was in the 192.168.5.0/24 network. The IP address of 198.22.34.3 would only be right if the destination address was in the 192.168.0.0/16 network and no other specific routes existed.
14. Which of the following is a true statement if you have changed the MTU on a VLAN to support jumbo frames? A. If a normal MTU of 1528 is used, the switch will not forward the traffic. B. Once jumbo frames are configured, nothing more needs to be done. Clients will autodetect the new MTU and use jumbo frames. C. Changing the MTU is an easy and effective method for raising speed. D. For jumbo frames to be effective, all devices on the VLAN, including switches, must support them.
When the MTU is changed on the VLAN, it has little consequence to normal MTU communications. However, if you are going to utilize the new MTU for something like iSCSI, it must be supported end to end or it can actually decrease performance. All switching equipment between the two end devices must support jumbo frames. Clients will not auto-detect the new MTU in IPv4 and use jumbo frames; the client normally must be configured to use the new MTU. Configuring the MTU can be difficult because you must make sure that all devices end to end support the new MTU.
11. What is the maximum wire speed of a single port on a 48-port Gigabit Ethernet switch? A. 1,000 Mb/s B. 2 Gb/s C. 48 Gb/s D. 96 Gb/s
Wire speed of a single port on a 48-port gigabit switch would be 1 Gb/s, or 1,000 Mb/s. Theoretically, a port can transmit and receive simultaneously 1 Gb/s, but wire speed refers to a single direction. The wire speed of the entire switch (backplane) could be 48 Gb/s for a 48-port Gigabit Ethernet switch, although the backplane is usually oversubscribed on access layer switching.
10. Which data format is structured by white space? A. YAML B. JSON C. XML D. CSV
YAML Ain't Markup Language (YAML) is a white space structured file that is also used to store data for the interchange of information. JavaScript Object Notation (JSON) is structured with curly and square brackets. Extensible Markup Language (XML) was adopted from HyperText Markup Language (HTML), which uses opening and closing tags. Comma-separated values (CSV) is a flat data storage method that uses commas to delimit the fields of information held on each line.