CCNA2 Final

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which three statements accurately describe VLAN types? (Choose three).

- After the initial boot of an unconfigured switch, all ports are members of the default VLAN. - An 802.1Q trunk port, with a native VLAN assigned, supports both tagged and untagged traffic. - A management VLAN is any VLAN that is configured to access management features of the switch.

Which two characteristics are shared by both standard and extended ACLs? (Choose two.)

- Both include an implicit deny as a final entry. - Both can be created by using either a descriptive name or number. [Standard ACLs filter traffic based solely on a specified source IP address. Extended ACLs can filter by source or destination, protocol, or port. Both standard and extended ACLs contain an implicit deny as a final ACE. Standard and extended ACLs can be identified by either names or numbers.]

An administrator attempts to change the router ID on a router that is running OSPFv3 by changing the IPv4 address on the router loopback interface. Once the IPv4 address is changed, the administrator notes that the router ID did not change. What two actions can the administrator take so that the router will use the new IPv4 address as the router ID? (Choose two.)

- Clear the IPv6 OSPF process. - Reboot the router. [There are two methods that can be used to change the router ID of an OSPF router. The router can be rebooted or the OSPF process can be cleared.]

Which two methods can be used to provide secure management access to a Cisco switch? (Choose two.)

- Configure specific ports for management traffic on a specific VLAN. - Configure SSH for remote management. [It is a good security practice to implement SSH for remote management of a Cisco switch and to configure specific ports in a distinct management VLAN.]

Which two Layer 2 security best practices would help prevent VLAN hopping attacks? (Choose two.)

- Disable DTP autonegotiation on end-user ports. - Change the native VLAN number to one that is distinct from all user VLANs and is not VLAN 1. [Allowing end-user devices to negotiate trunk settings via DTP can lead to a VLAN hopping attack, so DTP autonegotiation should be disabled on access ports. Configuring a trunk link with a native VLAN that is also used for end-users can lead to VLAN hopping attacks as well. The native VLAN should be set to a VLAN that is not used anywhere else.]

Which statement describes the microsegmentation feature of a LAN switch?

- Each port forms a collision domain. [When a LAN switch with the microsegmentation feature is used, each port represents a segment which in turns forms a collision domain. If each port is connected with an end user device, there will be no collisions. However, if multiple end devices are connected to a hub and the hub is connected to a port on the switch, some collisions will occur in that particular segment, but not beyond it.]

Which three addresses could be used as the destination address for OSPFv3 messages? (Choose three.)

- FF02::6 - FE80::1 - FF02::5 [OSPFv6 messages can be sent to either the OSPF router multicast FF02::5, the OSPF DR/BDR multicast FF02::6, or the link-local address.]

Inter-VLAN communication is not occurring in a particular building of a school. Which two commands could the network administrator use to verify that inter-VLAN communication was working properly between a router and a Layer 2 switch when the router-on-a-stick design method is implemented? (Choose two.)

- From the switch, issue the show interfaces trunk command. - From the router, issue the show ip route command. [In order for inter-VLAN communication to occur between a Layer 2 switch and a router, trunking must be enabled on the port that connects the switch to the router, and the router must have active subinterfaces for each VLAN on the switch. Other commands that are helpful in this situation are the show ip interface brief command on the router and the show interfaces interface switchport command on the switch. The show interfaces trunk command would not be performed on a router. The show interfaces interface command would show information for only one router interface, not all of them as provided by the show ip route command. The show interfaces interface command does not provide trunk verification.]

Which two statements are true about using full-duplex Fast Ethernet? (Choose two.)

- Full-duplex Fast Ethernet offers 100 percent efficiency in both directions. - Performance is improved with bidirectional data flow.

What are two of the required steps to configure PAT? (Choose two.)

- Identify the inside interface. - Define a pool of global addresses to be used for overload translation. [The steps that are required to configure PAT are to define a pool of global addresses to be used for overload translation, to configure source translation by using the keywords interface and overload, and to identify the interfaces that are involved in the PAT.]

Which two statements are true regarding switch port security? (Choose two.)

- If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached. - Dynamically learned secure MAC addresses are lost when the switch reboots.

Which two statements are characteristics of routed ports on a multilayer switch? (Choose two.)​

- In a switched network, they are mostly configured between switches at the core and distribution layers. - They are not associated with a particular VLAN. [ Routed ports are physical ports that act similarly to a router interface. They are not associated with a particular VLAN, they do not support subinterfaces, and they are used for point-to-point links. In a switched network, they are mostly configured between switches at the core and distribution layers. To configure routed ports, the no switchport interface command has to be used on the appropriate ports.]

Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)

- Place extended ACLs close to the source IP address of the traffic. - Place standard ACLs close to the destination IP address of the traffic. - Filter unwanted traffic before it travels onto a low-bandwidth link. [Extended ACLs should be placed as close as possible to the source IP address, so that traffic that needs to be filtered does not cross the network and use network resources. Because standard ACLs do not specify a destination address, they should be placed as close to the destination as possible. Placing a standard ACL close to the source may have the effect of filtering all traffic, and limiting services to other hosts. Filtering unwanted traffic before it enters low-bandwidth links preserves bandwidth and supports network functionality. Decisions on placing ACLs inbound or outbound are dependent on the requirements to be met.]

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)

- Router1(config)# access-list 10 permit host 192.168.15.23 - Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0 [To permit or deny one specific IP address, either the wildcard mask 0.0.0.0 (used after the IP address) or the wildcard mask keyword host (used before the IP address) can be used.]

Which two commands should be implemented to return a Cisco 3560 trunk port to its default configuration? (Choose two.)

- S1(config-if)# no switchport trunk allowed vlan - S1(config-if)# no switchport trunk native vlan [In resetting a trunk port on a Cisco 3560 switch, the following changes occur: DTP is changed back to dynamic auto; the default native VLAN is reset to 1 via the no switchport trunk native vlan command; and the application of the no switchport trunk allowed vlan command means all VLANs will be allowed to traverse the trunk by default.]

What is the effect of the access control list wildcard mask 0.0.0.15? (Choose two.)

- The last four bits of a supplied IP address will be ignored. - The first 28 bits of a supplied IP address will be matched.

What are two reasons that will prevent two routers from forming an OSPFv2 adjacency? (Choose two.)

- mismatched subnet masks on the link interfaces - mismatched OSPF Hello or Dead timers [There may be several reasons why two routers running OSPF will fail to form an OSPF adjacency, including these: The subnet masks do not match, causing the routers to be on separate networks. OSPF Hello or Dead Timers do not match. OSPF network types do not match. There is a missing or incorrect OSPF network command. Mismatched IOS versions, the use of private IP addresses, and different types of interface ports used on a switch are not causes for an OSPF adjacency failing to form between two routers.]

Which three implicit access control entries are automatically added to the end of an IPv6 ACL? (Choose three.)

- permit icmp any any nd-na - permit icmp any any nd-ns - deny ipv6 any any [All IPv6 ACLs automatically include two implicit permit statements; permit icmp any any nd-ns and permit icmp any any nd-na. These statements allow the router interface to perform neighbor discovery operations. There is also an implicit deny ipv6 any any automatically included at the very end of any IPv6 ACL that blocks all IPv6 packets not otherwise permitted.]

Which two basic functions are performed by network security tools? (Choose two.)

- revealing the type of information an attacker is able to gather from monitoring network traffic - simulating attacks against the production network to determine any existing vulnerabilities [Network security tools should be used to measure the vulnerability of the current network. They perform two basic functions: security auditing and penetration testing. Security auditing reveals which sort of information an attacker can gather simply by monitoring network traffic. Penetration testing is a simulated attack against the network to determine how vulnerable it would be in a real attack.]

A network designer must provide a rationale to a customer for a design which will move an enterprise from a flat network topology to a hierarchical network topology. Which two features of the hierarchical design make it the better choice? (Choose two.)

- simpler deployment for additional switch equipment - easier to provide redundant links to ensure higher availability [A hierarchical design for switches helps network administrators when planning and deploying a network expansion, performing fault isolation when a problem occurs, and providing resiliency when traffic levels are high. A good hierarchical design has redundancy when it can be afforded so that one switch does not cause all networks to be down.]

Which two pieces of information are required when creating a standard access control list? (Choose two.)

- source address and wildcard mask - access list number between 1 and 99

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. How many IP addresses has the DHCP server leased and what is the number of DHCP pools configured? (Choose two.)

- three leases - one pool [The show ip dhcp binding command will display that the DHCP server has leased three IP addresses. The show running-config command will show that there is only one DHCP pool that is configured.]

What are two reasons a network administrator would segment a network with a Layer 2 switch? (Choose two.)

- to isolate traffic between segments - to enhance user bandwidth [A switch has the ability of creating temporary point-to-point connections between the directly-attached transmitting and receiving network devices. The two devices have full-bandwidth full-duplex connectivity during the transmission.]

A company has several networks with the following IP address requirements: IP phones - 50 PCs - 70 IP cameras - 10 wireless access points - 10 network printers - 10 network scanners - 2 Which block of addresses would be the minimum to accommodate all of these devices if each type of device was on its own network?

172.16.0.0/24 [The network for the PCs would require a subnet mask of /25 in order to accommodate 70 devices. That network could use IP addresses 0 through 127. Phones require a subnet mask of /26 for 50 devices (addresses 128-191). Three /28 networks are needed in order to accommodate cameras, APs, and printers. The network scanner network can use a /30. A block of addresses with a mask of /24 will accommodate this site as the minimum amount needed.]

What is a valid summary route for IPv6 networks 2001:0DB8:ACAD:4::/64, 2001:0DB8:ACAD:5::/64, 2001:0DB8:ACAD:6::/64, and 2001:0DB8:ACAD:7::/64?

2001:0DB8:ACAD:0004::/62 [The IPv6 networks with the fourth octet of hex characters converted to binary are: 2001:0DB8:ACAD:0000000000000100::/64 2001:0DB8:ACAD:0000000000000101::/64 2001:0DB8:ACAD:0000000000000110::/64 2001:0DB8:ACAD:0000000000000111::/64 The common bits are 2001:0DB8:ACAD:00000000000001. Then add zeros to determine the network summarized address, giving 2001:0DB8:ACAD:0000000000000100. Convert this to hexadecimal and count the number of left-most matching bits. The summarized address will be 2001:0DB8:ACAD:0004::/62.]

How many classful networks are summarized by the static summary route ip route 192.168.32.0 255.255.248.0 S0/0/0?

8 [A summary route of 192.168.32.0 with a network prefix of /21 will summarize 8 routes. The network prefix has moved from the classful boundary of 24 to the left by 3 bits. These 3 bits identify that 8 networks are summarized. The networks that are summarized would be 192.168.32.0/24 through 192.168.39.0/24.]

If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?

8 [In calculating how many ACLs can be configured, use the rule of "three Ps": one ACL per protocol, per direction, per interface. In this case, 2 interfaces x 2 protocols x 2 directions yields 8 possible ACLs.]

What VLANs are allowed across a trunk when the range of allowed VLANs is set to the default value?

All VLANs will be allowed across the trunk.

Several key servers in an organization must be directly accessible from the Internet. What addressing policy should be implemented for these servers?

Assign static internal addresses and public external addresses to each of the servers.

Borderless networks

Borderless switched networks deploy devices hierarchically in specific layers or tiers, each with specific roles. Each layer can be viewed as a module whose services can be replicated or expanded as needed. This modularity allows the network to change and grow with user needs, provides a resilient structure to keep services "always on," and has the flexibility to share the traffic load across all network resources.

A network administrator is implementing DHCPv6 for the company. The administrator configures a router to send RA messages with M flag as 1 by using the interface command ipv6 nd managed-config-flag. What effect will this configuration have on the operation of the clients?

Clients must use all configuration information that is provided by a DHCPv6 server. [Under stateful DHCPv6 configuration, which is indicated by setting M flag as 1 (through the interface command ipv6 nd managed-config-flag), the dynamic IPv6 address assignments are managed by the DHCPv6 server. Clients must obtain all configuration information from a DHCPv6 server.]

Open the PT Activity. Perform the tasks in the activity instructions and then complete the task. What message is displayed on www.ciscoville.com?

Completion! [The correct configuration on R1 is: router ospf 10 network 192.168.2.0 0.0.0.255 area 0 network 10.0.10.0 0.0.0.3 area 0 The correct configuration on R2 is: router ospf 10 network 10.0.10.0 0.0.0.3 area 0 network 10.0.10.4 0.0.0.3 area 0 network 172.16.5.0 0.0.0.255 area 0]

Statement with subnet and wildcard

Converting the wildcard mask 0.0.3.255 to binary and subtracting it from 255.255.255.255 yields a subnet mask of 255.255.252.0. Using the host parameter in a wildcard mask requires that all bits match the given address. 192.168.15.65 is the first valid host address in a subnetwork beginning with the subnetwork address 192.168.15.64. The subnet mask contains 4 host bits, yielding subnets with 16 addresses. 192.168.15.144 is a valid subnetwork address in a similar subnetwork. Change the wildcard mask 0.0.0.15 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.240. 192.168.3.64 is a subnetwork address in a subnet with 8 addresses. Convert 0.0.0.7 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.248. That mask contains 3 host bits, and yields 8 addresses.

How will a router handle static routing differently if Cisco Express Forwarding is disabled?

Ethernet multiaccess interfaces will require fully specified static routes to avoid routing inconsistencies. [In most platforms running IOS 12.0 or later, Cisco Express Forwarding is enabled by default. Cisco Express Forwarding eliminates the need for the recursive lookup. If Cisco Express Forwarding is disabled, multiaccess network interfaces require fully specified static routes in order to avoid inconsistencies in their routing tables. Point-to-point interfaces do not have this problem, because multiple end points are not present. With or without Cisco Express Forwarding enabled, using an exit interface when configuring a static route is a viable option.]

How is the router ID for an OSPFv3 router determined?

How is the router ID for an OSPFv3 router determined? [Just like OSPF for IPv4, OSPFv3 uses a 32-bit dotted decimal number as the router ID. The ID can be manually configured or the router will use the highest IPv4 address on an active interface with preference given to the highest loopback interface IPv4 address, if one is configured.]

A Cisco switch currently allows traffic tagged with VLANs 10 and 20 across trunk port Fa0/5. What is the effect of issuing a switchport trunk allowed vlan 30 command on Fa0/5?

It allows only VLAN 30 on Fa0/5. [The switchport trunk allowed vlan 30 command allows traffic that is tagged with VLAN 30 across the trunk port. Any VLAN that is not specified in this command will not be allowed on this trunk port.]

A client is using SLAAC to obtain an IPv6 address for its interface. After an address has been generated and applied to the interface, what must the client do before it can begin to use this IPv6 address?

It must send an ICMPv6 Neighbor Solicitation message to ensure that the address is not already in use on the network. [Stateless DHCPv6 or stateful DHCPv6 uses a DHCP server, but Stateless Address Autoconfiguration (SLAAC) does not. A SLAAC client can automatically generate an address that is based on information from local routers via Router Advertisement (RA) messages. Once an address has been assigned to an interface via SLAAC, the client must ensure via Duplicate Address Detection (DAD) that the address is not already in use. It does this by sending out an ICMPv6 Neighbor Solicitation message and listening for a response. If a response is received, then it means that another device is already using this address.]

Which OPSF packet contains the different types of link-state advertisements?

LSU [Link-state update (LSU) packets contain different types of link-state advertisements (LSAs). The LSUs are used to reply to link-state requests (LSRs) and to announce new information.]

InterVLAN routing methods

Layer 3 with routed ports, Layer 3 with SVIs, and router-on-a-stick are inter-VLAN routing methods that differ from each other in hardware capabilities.

Consider the following command: ip route 192.168.10.0 255.255.255.0 10.10.10.2 5 How would an administrator test this configuration?

Manually shut down the router interface used as a primary route. [A floating static is a backup route that only appears in the routing table when the interface used with the primary route is down. To test a floating static route, the route must be in the routing table. Therefore, shutting down the interface used as a primary route would allow the floating static route to appear in the routing table.]

What is the effect of entering the network 192.168.10.1 0.0.0.0 area 0 command in router configuration mode?

OSPF advertisements will include the network on the interface with the IPv4 address 192.168.10.1. [The command enables OSPF routing on a specific interface. Using a quad zero wildcard mask identifies the interface. OSPF will advertise the network that is on that specific interface. Configuring a passive interface requires the use of the passive-interface command in router configuration mode.]

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. Which event will take place if there is a port security violation on switch S1 interface Fa0/1?

Packets with unknown source addresses will be dropped. [The violation mode can be viewed by issuing the show port-security interface <int>command. Interface FastEthernet 0/1 is configured with the violation mode of protect. If there is a violation, interface FastEthernet 0/1 will drop packets with unknown MAC addresses.]

link state routing protocols advantage disadvantage

Place the options in the following order: [+] event-driven updates [+] building a topological map [+] fast convergence [#] bandwidth consumption [#] memory usage [#] CPU processing time [+] Order does not matter within this group. [#] Order does not matter within this group. [Link-state routing protocols have their advantages and disadvantagea. The advantages are that each router builds a topological map; there is fast convergence; and the LSPs are sent only when there is a change in topology. The disadvantages are the requirements of router and bandwidth resources because of the complexity of the link-state routing protocols.]

A network administrator is configuring a static NAT on the border router for a web server located in the DMZ network. The web server is configured to listen on TCP port 8080. The web server is paired with the internal IP address of 192.168.5.25 and the external IP address of 209.165.200.230. For easy access by hosts on the Internet, external users do not need to specify the port when visiting the web server. Which command will configure the static NAT?

R1(config)# ip nat inside source static tcp 192.168.5.25 8080 209.165.200.230 80 [The IOS command for port forwarding configuration in global configuration mode is as follows: ip nat inside source {static {tcp | udp local-ip local-port global-ip global-port} Where local-ip is the inside local address, local-port is the port on which the web server listens.]

When a router receives a packet, it examines the destination address of the packet and looks in the __________ table to determine the best path to use to forward the packet.

Routing [A router maintains a table, called the routing table, which contains all of its best paths to various destination networks.]

Which route is the best match for a packet entering a router with a destination address of 10.16.0.2?

S 10.16.0.0/24 [1/0] via 192.168.0.9

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. Why is the ACL not working?

The ACL is applied to the wrong interface. [The ACL is currently applied to the unused Fa0/0 interface. The server is attached to the same network to which the R1 Fa0/1 interface is attached. The ACL should be applied to this interface to protect the server.]

An administrator created and applied an outbound Telnet extended ACL on a router to prevent router-initiated Telnet sessions. What is a consequence of this configuration?

The ACL will not work as desired because an outbound ACL cannot block router-initiated traffic. [Standard and extended access control lists apply to packets that travel through a router. They are not designed to block packets that originate from within the router. An outbound Telnet extended ACL does not prevent router-initiated Telnet sessions.]

EEE 802.1Q standard header

The IEEE 802.1Q standard header includes a 4-byte VLAN tag: Type - A 2-byte value called the tag protocol ID (TPID) value. User priority - A 3-bit value that supports level or service implementation. Canonical Format Identifier (CFI) - A 1-bit identifier that enables Token Ring frames to be carried across Ethernet links. VLAN ID (VID) - A 12-bit VLAN identification number that supports up to 4096 VLAN IDs.

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. What problem is causing PC-A to be unable to communicate with the Internet?

The NAT interfaces are not correctly assigned. [The output of show ip nat statistics shows that the inside interface is FastEthernet0/0 but that no interface has been designated as the outside interface. This can be fixed by adding the command ip nat outside to interface Serial0/0/0.]

When does a switch use frame filtering?

The destination MAC address is for a host on the same network segment as the source of the traffic. [When the source and destination MAC addresses are on the same network segment, forwarding is not necessary. The switch filters the frame in order to eliminate unnecessary traffic between network segments. This is frame filtering.]

What happens to switch ports after the VLAN to which they are assigned is deleted?

The ports stop communicating with the attached devices. [The affected ports must be reconfigured for an active VLAN.]

Which two requirements are necessary before a router configured with a link-state routing protocol can build and send its link-state packets? (Choose two.)

The router has established its adjacencies. The router has determined the costs associated with its active links. [Once a router has established its adjacencies, it can build its link-state packets (LSPs) that contain the link-state information, including the link cost. A router can only build a link-state after it has received link-state packets from adjacent routers. It then constructs its SPF tree from the least cost routes to remote networks which are used to populate its routing table.]

What is a characteristic of legacy inter-VLAN routing?

The router requires one Ethernet link for each VLAN. [Multiple VLANs are supported with legacy inter-VLAN routing, but each VLAN requires its own Ethernet router link. Ethernet ports are limited on a router. That is why the router-on-a-stick model evolved. The user VLAN should never be the same number as the management VLAN and using a Layer 3 switch as a router is a modern technique, not a legacy one.]

What happens to a static route entry in a routing table when the outgoing interface associated with that route goes into the down state?

The static route is removed from the routing table. [When the interface associated with a static route goes down, the router will remove the route because it is no longer valid.]

What is a disadvantage of NAT?

There is no end-to-end addressing. [Many Internet protocols and applications depend on end-to-end addressing from the source to the destination. Because parts of the header of the IP packets are modified, the router needs to alter the checksum of the IPv4 packets. Using a single public IP address allows for the conservation of legally registered IP addressing schemes. If an addressing scheme needs to be modified, it is cheaper to use private IP addresses.]

What is a disadvantage of using dynamic routing protocols?

They send messages about network status insecurely across networks by default. [By default, dynamic routing protocols forward messages across a network without authenticating the receiver or originator of traffic. Static routes increase in configuration complexity as the network grows larger and are more suitable for smaller networks. Static routes also require manual intervention when a network topology changes or links become disabled.]

Under which two circumstances would a router usually be configured as a DHCPv4 client? (Choose two.)

This is an ISP requirement. The router is intended to be used as a SOHO gateway. [SOHO routers are frequently required by the ISP to be configured as DHCPv4 clients in order to be connected to the provider.]

How is traffic routed between multiple VLANs on a multilayer switch?

Traffic is routed via internal VLAN interfaces. [Multilayer switches can perform inter-VLAN routing by the use of internal VLAN interfaces. External physical interfaces can receive traffic but are not necessary for routing functions. When routing between VLANs, any broadcast traffic that is received on a VLAN would remain on ports that are members of that VLAN. Subinterfaces are not usable for inter-VLAN routing on multilayer switches.]

Which command displays the encapsulation type, the voice VLAN ID, and the access mode VLAN for the Fa0/1 interface?

Which command displays the encapsulation type, the voice VLAN ID, and the access mode VLAN for the Fa0/1 interface? [The show interfaces switchport command displays the following information for a given port: Switchport Administrative Mode Operational Mode Administrative Trunking Encapsulation Operational Trunking Encapsulation Negotiation of Trunking Access Mode VLAN Trunking Native Mode VLAN Administrative Native VLAN tagging Voice VLAN]

What would be the first step in calculating a summarized route for 5 networks?

Write all network numbers in binary. [The three steps for summarizing are as follows: 1. Write the network numbers in binary. A shortened version of this method is to write the octet where the network numbers start being different. 2. Determine how many bits match perfectly within the binary network numbers. This will be the subnet mask. 3. Convert the perfectly matched binary network bits to decimal. Do not forget to change all the unmatched bits to zero.]

A router is configured to participate in multiple routing protocol: RIP, EIGRP, and OSPF. The router must send a packet to network 192.168.14.0. Which route will be used to forward the traffic?

a 192.168.14.0 /26 route that is learned via RIP [Before the administrative distance of a route is compared, the route with the most specific best match is utilized. The 192.168.14.0 /26 network contains the best match to the destination IP address of 192.168.14.20 and thus the 192.168.14.0 /26 RIP route is utilized over the EIGRP and OSFP routes, regardless of administrative distance.]

A network administrator configures the border router with the command R1(config)# ip nat inside source list 4 pool corp. What is required to be configured in order for this particular command to be functional?

a NAT pool named corp that defines the starting and ending public IP addresses [In order for the ip nat inside source list 4 pool corp command to work, the following procedure needs to be used beforehand: Create an access list that defines the private IP addresses affected by NAT. Establish a NAT pool of starting and ending public IP addresses by using the ip nat pool command. Use the ip nat inside source list command to associate the access list with the NAT pool. Apply NAT to internal and external interfaces by using the ip nat inside and ip nat outside commands.]

Which network design may be recommended for a small campus site that consists of a single building with a few users?

a collapsed core network design [In some cases, maintaining a separate distribution and core layer is not required. In smaller campus locations where there are fewer users who are accessing the network or in campus sites that consist of a single building, separate core and distribution layers may not be needed. In this scenario, the recommendation is the alternate two-tier campus network design, also known as the collapsed core network design.]

What is an advantage of using dynamic routing protocols instead of static routing?

ability to actively search for new routes if the current path becomes unavailable​ [Dynamic routing has the ability to search and find a new best path if the current path is no longer available. The other options are actually the advantages of static routing.]

Which configuration would be appropriate for a small business that has the public IP address of 209.165.200.225/30 assigned to the external interface on the router that connects to the Internet?

access-list 1 permit 10.0.0.0 0.255.255.255 ip nat inside source list 1 interface serial 0/0/0 overload [With the command, ip nat inside source list 1 interface serial 0/0/0 overload, the router is configured to translate internal private IP addresses in the range of 10.0.0.0/8 to a single public IP address, 209.165.200.225/30. The other options will not work, because the IP addresses defined in the pool, 192.168.2.0/28, are not routable on the Internet.]

What single access list statement matches all of the following networks? 192.168.16.0 192.168.17.0 192.168.18.0 192.168.19.0

access-list 10 permit 192.168.16.0 0.0.3.255 [The ACL statement access-list 10 permit 192.168.16.0 0.0.3.255 will match all four network prefixes. All four prefixes have the same 22 high order bits. These 22 high order bits are matched by the network prefix and wildcard mask of 192.168.16.0 0.0.3.255.]

What is a basic function of the Cisco Borderless Architecture distribution layer?

aggregating Layer 3 routing boundaries [One of the basic functions of the distribution layer of the Cisco Borderless Architecture is to perform routing between different VLANs. Acting as a backbone and aggregating campus blocks are functions of the core layer. Providing access to end user devices is a function of the access layer.]

An administrator has determined that the traffic from a switch that corresponds to a VLAN is not being received on another switch over a trunk link. What could be the problem?

allowed VLANs on trunks [The list of allowed VLANs on a trunk is configured by the administrator by issuing the switchport trunk allowed vlan command.]

Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?

an implicit permit of neighbor discovery packets [One of the major differences between IPv6 and IPv4 ACLs are two implicit permit ACEs at the end of any IPv6 ACL. These two permit ACEs allow neighbor discovery operations to function on the router interface.]

What is the default DTP mode on Cisco 2960 and 3560 switches?

dynamic auto [The default DTP mode on Cisco 2960 and 3560 switches is dynamic auto. Dynamic desirable is the default DTP mode on Cisco 2950 and 3550 switches.]

Fill in the blank. Do not abbreviate. Type a command to exclude the first fifteen useable IP addresses from a DHCPv4 address pool of the network 10.0.15.0/24. Router(config)# ip dhcp____ _____

excluded-address 10.0.15.1 10.0.15.15 [The ip dhcp excluded-address command must be followed by the first and the last addresses to be excluded.]

Which type of static route typically uses the distance parameter in the ip route global configuration command?

floating static route [Because a floating static route is not designed to be used as a primary route, its configuration requires a higher administrative distance than the usual default value of 1. When set higher than the administrative distance for the current routing protocol, the distance parameter allows the route to be used only when the primary route fails. All other forms of static routes have specific uses as primary routes.]

pen the PT Activity. Perform the tasks in the activity instructions and then answer the question. Fill in the blank. Do not use abbreviations. Which command is missing on the Layer 3 switch to restore the full connectivity between PC1 and the web server? (Note that typing no shutdown will not fix this problem.)

ip address 192.168.20.1 255.255.255.0 [On the Layer 3 switch, an SVI has to be explicitly created for each VLAN. PC1 belongs to VLAN 10, which is already created on the Layer 3 switch and with an IP address assigned. The web server belongs to VLAN 20. The interface vlan 20 command was already entered on the Layer 3 switch, but with no IP address assigned to it. So the ip address 192.168.20.1 255.255.255.0 command has to be entered in the interface vlan 20 interface mode.​ To test the connectivity between the PC1 and the web server, access PC1, select the Desktop tab, click on the Web Browser application and enter on the URL box "www.webserver.com". A message "Congratulations! You've got it!​" will be displayed.​]

Which set of commands will configure a router as a DHCP server that will assign IPv4 addresses to the 192.168.100.0/23 LAN while reserving the first 10 and the last addresses for static assignment?

ip dhcp excluded-address 192.168.100.1 192.168.100.10 ip dhcp excluded-address 192.168.101.254 ip dhcp pool LAN-POOL-100 network 192.168.100.0 255.255.254.0 default-router 192.168.100.1 [The /23 prefix is equivalent to a network mask of 255.255.254.0. The network usable IPv4 address range is 192.168.100.1 to 192.168.101.254 inclusive. The commands dhcp pool, ip default-gateway, and ip network are not valid DHCP configuration commands.]

Which OSPF component is identical in all routers in an OSPF area after convergence?

link-state database [Each OSPF router views the network differently as the root of a unique SPF tree. Each router builds adjacencies based on its own position in the topology. Each routing table in the area is developed individually through the application of the SPF algorithm. The link-state database for an area, however, must reflect the same information for all routers.]

What is meant by the term "best match" when applied to the routing table lookup process?

longest match [The best match in the routing table is the match that has the most number of far left matching bits. This is the longest, or best match.]

In a routing table which route can never be an ultimate route?

parent route [A level 1 parent route is a level 1 network that is subnetted. It cannot be an ultimate route because an ultimate route contains the IP address of the next hop or the exit interface.]

Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?

permit tcp any host 2001:DB8:10:10::100 eq 25 [The IPv6 access list statement, permit tcp any host 2001:DB8:10:10::100 eq 25, will allow IPv6 packets from any host to the SMTP server at 2001:DB8:10:10::100. The source of the packet is listed first in the ACL, which in this case is any source, and the destination is listed second, in this case the IPv6 address of the SMTP server. The port number is last in the statement, port 25, which is the well-known port for SMTP.]

Open the PT activity. Perform the tasks in the activity instructions and then answer the question. Which ping command completed successfully?

ping 192.168.25.9 [Configure SW0 with these commands: interface Vlan10 ip address 192.168.63.2 255.255.255.0 ip default-gateway 192.168.63.1]

A network administrator is implementing a distance vector routing protocol between neighbors on the network. In the context of distance vector protocols, what is a neighbor?

routers that share a link and use the same routing protocol [In the context of distance vector routing protocols, a neighbor router is a directly connected router, via any type of link, that is running the same routing protocol as the router to which the neighbor is attached. This allows two routers to form a neighbor relationship using the distance vector routing protocol. Routers can share updates, routing tables, and hello messages on a shared link.]

Which three IOS troubleshooting commands can help to isolate problems with a static route? (Choose three.)

show ip route show ip interface brief ping [The ping, show ip route, and show ip interface brief commands provide information to help troubleshoot static routes. Show version does not provide any routing information. The tracert command is used at the Windows command prompt and is not an IOS command. The show arp command displays learned IP address to MAC address mappings contained in the Address Resolution Protocol (ARP) table.]

Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco?

shutdown [Unlike router Ethernet ports, switch ports are enabled by default. Cisco recommends disabling any port that is not used. The ip dhcp snooping command globally enables DHCP snooping on a switch. Further configuration allows defining ports that can respond to DHCP requests. The switchport port-security command is used to protect the network from unidentified or unauthorized attachment of network devices.]

An administrator wants to use a network security auditing tool on a switch to verify which ports are not protected against a MAC flooding attack. For the audit to be successful, what important factor must the administrator consider?

the aging-out period of the MAC address table [Timing is an important factor in the performance of a successful audit. Different switches support varying numbers of MAC addresses in the MAC table. It can be difficult to determine the ideal number of spoofed MAC addresses to send to the switch. A network administrator also has to contend with the age-out period of the MAC address table. If the spoofed MAC addresses start to age out while a network audit is being performed, valid MAC addresses start to populate the MAC address table, and thus limit the reliability of the data that can be monitored with a network auditing tool.]

In a basic VLAN hopping attack, which switch feature do attackers take advantage of?

the default automatic trunking configuration [The default automatic trunking configuration feature on most switches allows an attacker to configure a system to spoof a switch, thereby gaining access to the network. VLAN hopping can be attempted through switch spoofing or double tagging.]

DHPv6 descriptions

the following order: [+] enabled in RA messages with the ipv6 nd other-config-flag command [+] clients send only DHCPv6 INFORMATION-REQUEST messages to the server [+] enabled on the client with the ipv6 address autoconfig command [#] the M flag is set to 1 in RA messages [#] uses the address command to create a pool of addresses for clients [#] enabled on the client with the ipv6 address dhcp command [+] Order does not matter within this group. [#] Order does not matter within this group.

A small company has a web server in the office that is accessible from the Internet. The IP address 192.168.10.15 is assigned to the web server. The network administrator is configuring the router so that external clients can access the web server over the Internet. Which item is required in the NAT configuration?

the ip nat inside source command to link the inside local and inside global addresses [A static NAT configuration is necessary for a web server that is accessible from the Internet. The configuration is achieved via an ip nat inside source static <inside local> <inside global> command under the global configuration mode. An IP address pool and an ACL are necessary when configuring dynamic NAT and PAT. The keyword overload is used to configure PAT.]

What command will enable a router to begin sending messages that allow it to configure a link-local address without using an IPv6 DHCP server?

the ipv6 unicast-routing command [To enable IPv6 on a router you must use the ipv6 unicast-routing global configuration command or use the ipv6 enable interface configuration command. This is equivalent to entering ip routing to enable IPv4 routing on a router when it has been turned off. Keep in mind that IPv4 is enabled on a router by default. IPv6 is not enabled by default.]

A company uses the SLAAC method to configure IPv6 addresses for the employee workstations. Which address will a client use as its default gateway?​

the link-local address of the router interface that is attached to the network [When a PC is configured to use the SLAAC method for configuring IPv6 addresses, it will use the prefix and prefix-length information that is contained in the RA message, combined with a 64-bit interface ID (obtained by using the EUI-64 process or by using a random number that is generated by the client operating system), to form an IPv6 address. It uses the link-local address of the router interface that is attached to the LAN segment as its IPv6 default gateway address.]

What is the reason why the DHCPREQUEST message is sent as a broadcast during the DHCPv4 process?

to notify other DHCP servers on the subnet that the IP address was leased [The DHCPREQUEST message is broadcast to inform other DHCP servers that an IP address has been leased.]

What is a function of the switch boot loader?

to provide an environment to operate in when the switch operating system cannot be found [The switch boot loader environment is presented when the switch cannot locate a valid operating system. The boot loader environment provides a few basic commands that allows a network administrator to reload the operating system or provide an alternate location of the operating system.]

In which situation would a technician use the show interfaces switch command?

when packets are being dropped from a particular directly attached host [The show interfaces command is useful to detect media errors, to see if packets are being sent and received, and to determine if any runts, giants, CRCs, interface resets, or other errors have occurred. Problems with reachability to a remote network would likely be caused by a misconfigured default gateway or other routing issue, not a switch issue. The show mac address-table command shows the MAC address of a directly attached device.]

In which configuration would an outbound ACL placement be preferred over an inbound ACL placement?

when the ACL is applied to an outbound interface to filter packets coming from multiple inbound interfaces before the packets exit the interface [An outbound ACL should be utilized when the same ACL filtering rules will be applied to packets coming from more than one inbound interface before exiting a single outbound interface. The outbound ACL will be applied on the single outbound interface.]


Ensembles d'études connexes

Social studies Test French and Indian War:

View Set

NURS 3 - Mod 8 Monitoring the newborn (Maternity) EAQ's

View Set

ISIN 121 - Final Exam Study Guide

View Set