CCENT
IPv6
*128 bits in length, divided into eight 16-bit groups *Leading zeros can be omitted *Groups of 0 can be represented with a single 0 *A double colon (::) can only be used once per IPv6 Address
Memory Types, and what are their purpose?
ROM—Contains the POST and the bootstrap program for the router. The ROM chips also contain either a subset or the complete IOS. The fact that the IOS is available on the ROM enables you to recover from major disasters, such as the wiping out of your Flash RAM (discussed in the following paragraphs). NVRAM (nonvolatile RAM)—Stores the startup configuration file. NVRAM can be erased, and you can copy the running configuration on the router to NVRAM. The great thing about NVRAM is that it retains the information it holds even if the router is powered down. Flash RAM—Flash is a special kind of ROM that you can actually erase and reprogram. It is used to store the Cisco IOS that runs on your router. You also can store alternative versions of the Cisco IOS on the Flash. RAM—Similar to the dynamic memory you use on your PC, RAM provides the temporary storage of information and holds information such as the current routing table. RAM also holds the currently running router configuration.
Define RADIUS
Remote Authentication Dial-In User Service
Configuration Register
0x2142 - Ignores break, Boots into ROM if initial boot fails, 9600 console baud rate, Ignores the contents of Non-Volatile RAM (NVRAM) (ignores configuration). 0x2102 - Ignores break, Boots into ROM if initial boot fails, 9600 console baud rate default value for most platforms. Default setting, image loads from Flash
Define DoS Define DDoS
A denial-of-service (DoS) attack floods the target system with unwanted requests, causing the loss of service to users A Distributed Denial of Service attack (DDoS) occurs when multiple systems are used to flood the network and tax the resources of the target system.
Which options correctly list the addresses covered by the indicated address class? A. Class B—addresses beginning with 128-191, inclusive B. Class B—addresses beginning with 128-192, inclusive C. Class C—addresses beginning with 172-212, inclusive D. Class C—addresses beginning with 192-223, inclusive Select 2 answers.
A, D Three different address classes are used for normal IP addressing: Class A, Class B, and Class C. Class A addresses begin with 1-126, inclusively in their first octet; Class B addresses begin with 128-191, inclusively in their first octet; and Class C addresses begin with 192-223, inclusively in their first octet.
An IPv6 host is using stateless address autoconfiguration and EUI-64 to dynamically learn its global unicast IPv6 address. The host's MAC address is 0000.1111.1111. The only router attached to the same LAN has an IPv6 global unicast prefix of 2000:1234:5678:1234::/64. Which of the following are true about this host's global unicast IPv6 address? A. The host will learn about prefix 2000:1234:5678:1234::/64 using Neighbor Discovery Protocol. B. The host will use 0200:11FF:FE11:1111 as the last 4 quartets of its IPv6 address. C. The host will use 0200:1111:1111 as the last 3 quartets of its IPv6 address. D. The host will learn about prefix 2000:1234:5678:1234::/64 using DHCP. Select 2 answers.
A,B When using stateless autoconfiguration, a host learns of prefixes using NDP—specifically, NDP router solicitation (RS) and router advertisement (RA) messages. The host then creates the last 64 bits of the address using EUI-64 rules by splitting its 6-byte MAC address in half and adding hex FFFE (2 bytes) to the middle. EUI-64 also calls for flipping the seventh bit in the MAC address. In this case, hex 00 (the first byte) represents 00000000; inverting the 7th bit gives you 00000010, with the first two hex digits will be 02.
Which of the following are examples of common Internet access links? A. Leased line B. HDLC C. DSL D. PPP E. Cable Select 3 answers.
A,C,E Leased lines, DSL, and cable are all examples of common Internet access links. HDLC and PPP are Layer 2 encapsulation methods, not link types.
Which of the following are reserved private IP addresses, according to RFC 1918? A. 10.127.255.37 B. 169.254.128.222 C. 172.29.42.167 D. 127.10.172.192 E. 192.168.10.1 Select 3 answers.
A,C,E The RFC 1918 private network numbers are 10.0.0.0, Class Bs between 172.16.0.0 and 172.31.0.0 (inclusive), and all Class C networks that begin with 192.168. All addresses beginning with 127 are reserved, but not as valid private IP addresses.
A network engineer was tasked with helping build a new Cisco network. As part of this implementation, one of the requirements is to have a central database of authorized users that is used by the deployed network devices. Which protocols could the engineer use that would provide these capabilities? A. TACACS+ B. SSH C. AAA D. RADIUS Select 2 answers.
A,D Two common protocols are used for user authentication on a Cisco device: TACACS+ and RADIUS. TACACS+ is a proprietary protocol that is typically used only on Cisco devices. RADIUS is a standards-based protocol that can perform the same functions. The selection of which protocol to use depends on the implementation. As for the incorrect answers, AAA refers to the type of server used to store the username password pairs. SSH is the Secure Shell protocol used for transmitting encrypted data over a network.
Which of the following tasks are steps in password recovery on a Cisco IOS router? A. Use ROMmon to change the configuration register. B. Download the password recovery tool from Cisco.com. C. Open a case with TAC and get an RMA to send the device to Cisco. D. Copy the startup-config to the running-config. E. Power off the router. Select 3 answers.
A,D,E Password recovery entails several steps, including powering off the router, breaking into ROMmon, changing the configuration register to 0x2142, rebooting, going into privileged mode, copying the startup-config to the running-config, bringing up interfaces, changing the enable secret, changing the configuration register back to 0x2102, copying the running-config to the startup-config, and (optional) rebooting if time allows for verification. You do not need to download any special software for password recovery on a Cisco router. A TAC case may be required for if the technician cannot find the password or does not know the recovery process; however, you do not need to physically ship the device back to Cisco for password recovery.
To make it possible for all traffic to pass between PC1's LAN (VLAN 20) and PC2's LAN (VLAN 20), the link between SW1 and SW2 will be configured as a trunk. Which Cisco IOS command could be used on SW1's Gi0/1 interface to force it to actively attempt to trunk with SW2?
A. Four different switchport modes can be configured: access, trunk, dynamic desirable, and dynamic auto. They are configured with the switchport mode {access | trunk | dynamic {desirable | auto} command. The switchport mode access and switchport mode trunk commands statically configure a switchport as an access or a trunking port, respectively. The switchport mode dynamic desirable and switchport mode dynamic auto commands are used to configure a switchport to dynamically form a trunk. A switchport in desirable mode will actively attempt to form a trunk, whereas the auto mode will not form a trunk unless connected to another device that is configured as either dynamic desirable or as static trunk .
A customer support rep at the help desk is working a problem. The problem record mentions address 172.16.1.1 and mask 255.255.254.0. At a lunch-and-learn session yesterday, the rep heard the network engineering team say that they avoided VLSM, and used only a single subnet mask in network 172.16.0.0. Which of the following answers is accurate regarding this implementation of network 172.16.0.0 and its subnetting plan? A. The network supports up to 256 subnets B. The network supports up to 128 subnets C. Each subnet supports 126 hosts D. Each subnet supports 510 hosts E. The network supports up to 512 subnets F. Each subnet supports 254 hosts Select 2 answers.
B,D The information in the mask, plus the information implied by the address class, can be used to find the number of network bits, subnet bits, and host bits. These values in turn define the number of subnets that can be used with the subnetting design, and the number of host IP addresses per subnet. The address is in a class B network, and by definition, class B networks have 16 network bits, with the remaining 16 bits (on the right) being either subnet or host bits. The mask defines the dividing line between the subnet and host bits. With a mask of 255.255.254.0, which can be converted to /23. The prefix length (/23) is the sum of the network bits (16 in this case) and the subnet bits, so there must be 7 subnet bits. The number of host bits is simply 32 - prefix_length, or 9 in this case. The number of subnets in the network, assuming that single mask is used throughout, is 2^7 = 128. The number of hosts per subnet is 2^9 - 2 = 510.
Which of the following commands list at least three lines of output per neighbor that describe information about a neighboring Cisco device? A. show cdp traffic B. show cdp entry name C. show cdp D. show cdp interface [type number] E. show cdp neighbors F. show cdp neighbors detail Select 2 answers.
B,F The commands listed in the two correct answers list the same roughly 15 lines of information about a neighbor. The show cdp neighbors command lists only a single line of summary information. The other three answers list commands that list information about the operation of CDP, as opposed to the information learned by CDP.
Which Cisco IOS command would be used to reveal whether port security restrict mode has discarded any frames and the last source MAC address? A. show interface interface switchport B. show port-security interface interface C. show port-security D. show switchport security
B. Both the show port-security and show port-security interface interface commands can be used to display the port security violation counters of an interface. When an interface is configured to use either the restrict violation mode, the show port-security interface interface command displays the counter of the number of discarded frames, as well as the last source MAC address seen on an interface. This command can be helpful in troubleshooting which device is sending the frames that are being dropped.
Your customer is having a connectivity problem with his Cisco network and has asked for your assistance. He provided a topology diagram and has given you user mode access through an SSH connection. What could be used to verify that the topology diagram provided is accurate? A. PING B. CDP C. 802.1q D. LLDP
B. Cisco Discovery Protocol (CDP) can be used to either confirm or fix the documentation shown in a network diagram. Confirming that the network is actually cabled to match the network diagram is a good idea before troubleshooting. LLDP is similar in function to CDP and is supported by Cisco and other vendors but is not on by default, and therefore is likely not to be available for verifying the topology diagram. PING is a good tool for connectivity testing, but from user mode (without recording options), it doesn't allow verification of the logical path between devices in the network. 802.1q is a protocol used for trunks and wouldn't be useful in verifying all the devices in a topology diagram (especially those connections that didn't involve any type of trunk).
Which of the following are characteristics of 802.1Q? A. Cisco proprietary B. Supported by IP Phones C. Does not encapsulate a normal Ethernet frame before forwarding, but instead inserts a header after the destination and source MAC addresses D. Supported by 2960 switches E. Uses the concept of a native VLAN F. Encapsulates a normal Ethernet frame before forwarding it over a trunk Select 4 answers.
Baseball Cats DoggyDoggy Elf 802.1Q inserts a header after the address and type fields of a normal Ethernet frame
The status of a LAN switch interface shows err-disabled. Which of the following would have caused this status? A. No cable attached B. Administratively shut-down port C. Port security violation D. Incorrect cable attached E. Access-port assignment to nonexistent VLAN
C. If port security is configured on a switch port, and there is a violation of those port security parameters (such as more than the allowed number of source MAC addresses), the default behavior is to place the port into an err-disable state. All the other answers would not cause this err-disable state. Administratively shut down would show the state of disabled. Incorrect or bad cabling will likely show a state of nonconnect. An access-port assigned to a VLAN that doesn't exist wouldn't show a status of err-disable.
Which layer of the OSI Reference Model defines end-to-end delivery of packets? A. The Session layer B. The Link layer C. The Network layer D. The Transport layer E. The Ozone layer
C. The OSI Session layer is responsible for starting, controlling, and ending sessions. The OSI Transport layer deals with error recovery, segmentation of large application data blocks for transport, and the reassembly of segmented application data. The OSI Network layer defines the end-to-end routing of data. The similarly-named TCP/IP Network Interface layer, also called the Network Access layer, defines the lowest layer of the TCP/IP model when it is shown as a 4-layer model. (The TCP/IP Link layer, also sometimes called the Network Interface or Network Access layer, may be broken into the Data Link and Physical layers to match the terms used by OSI.) The Ozone layer is a protective shield designed to protect against various forms of radiation.
Which type of error is purposefully triggered when using the traceroute command? A. ICMP Redirect B. ICMP Information Reply C. ICMP TTL Exceeded D. ICMP Destination Unreachable
C. The traceroute command (and its other sister alternatives) relies on the triggering of the ICMP TTL exceeded message (TTL= Time to Live). This message is used on each of the hops across the path to the destination; the reason is that the traceroute command purposefully sets the TTL (starting at 1 and then 2, 3, and so on) to force it to count down to 0 at each of the hops.
Your VLSM subnetting plan first divided class A network 10.0.0.0 into subnets using mask /24. Next, you plan to further subnet some of the /24 subnets to make several smaller subnets. The first such subnet you plan to further subdivide is subnet 10.20.20.0/24, now subnetting that address range with mask /27. What is the subnet address of the 8th subnet inside this range? A. 10.20.20.100 B. 10.20.20.128 C. 10.20.20.192 D. 10.20.20.224
D With a /27 mask, or 255.255.255.224, the magic number is 32. That is, each successive subnet ID will be 32 more than the previous subnet ID. Beginning with 10.20.20.0, the subnet IDs within the range 10.20.20.0/24, which includes addresses from 10.20.20.0 - 10.20.20.255, are: 10.20.20.0, 10.20.20.32, 10.20.20.64, 10.20.20.96, 10.20.20.128, 10.20.20.160, 10.20.20.192, and 10.20.20.224. The last of these is the 8th subnet.
In a VLSM subnetting plan, another engineer has created many subnets using a /24 mask, including the currently-unused subnet 10.20.20.0/24. The other engineer had assigned this subnet to you, to subdivide further for a small project. You need to choose one mask to use to subdivide the original subnet, to accommodate 8 subnets and 30 hosts per subnet. What mask would you choose? A. 255.255.255.252 B. 255.255.255.192 C. 255.255.255.254 D. 255.255.255.224
D. 255.255.255.224, or /27, adds 3 subnet bits to the original /24 mask, and leaves 5 host bits. As a result, it creates 2 raised to the 3 subnets (8), and 2 raised to the 5 minus 2 (30) host addresses. Masks shown in the other options all create too few subnets or too few host addresses to match the requirements.
What is used in IPv6 for a local device to learn the Layer 2 Ethernet address of a device that is on a remote, nonlocal VLAN? A. NDP B. ARP C. OSPFv3 D. None of the other answers are correct E. Neighbor Discovery Protocol
D. Devices in IPv6 only need to learn the Layer 2 Ethernet address of a neighbor that is directly connected, and only if they need to communicate with each other on that local network. If the device you are trying to connect to is remote, you will forward the packet to your default gateway's Layer 2 address. For the incorrect answers... ARP is an IPv4 method to learn a local device's Layer 2 address and isn't used in IPv6. NDP (Neighbor Discovery Protocol) is used to learn local neighbors' Layer 2 Ethernet addresses when needed. OSPFv3 is a routing protocol used in IPv6 but isn't the method used for learning the Layer 2 address of a neighbor in the same local network.
There is a reserved address range between Class A and Class B address ranges. What is this reserved range used for? A. Multicast B. Broadcast C. Anycast D. Loopback
D. The Class A range goes from 1.0.0.0 through 126.255.255.255 (inclusively), while the Class B range goes from 128.0.0.0 through 191.255.255.255 (inclusively). The range between them is 127.0.0.0/8, which is used for loopback (for example, 127.0.0.1 is the address that is typically used for local loopback).
Which command could be configured on R1 to automatically calculate an IPv6 address from a prefix learned from the ISP router? A. IPv6 address dynamic B. IPv6 address autoconfig neighbor C. IPv6 address slaac D. IPv6 address autoconfig
D. The ipv6 address autoconfig command is used to have an interface calculate its IPv6 address using Stateless address autoconfiguration (SLAAC). When using SLAAC, the IPv6 host will either receive a Neighbor Discovery Protocol - Router Advertisement (RA) or solicit a router to send one using a Neighbor Discovery Protocol - Router Solicitation (RS). This advertisement is used to learn the IPv6 prefix that is being used on a link. The IPv6 host (in this case R1) can then use this prefix and utilize EUI-64 to form the host-ID to form a complete IPv6 address to use on a link.
What is the name of the Cisco IOS CLI exec mode that allows a user to run more powerful commands? A. User mode B. Configuration mode C. Boot mode D. Enable mode
D. The two Cisco IOS exec modes are user mode and enable mode (privileged mode). When a device is initially accessed via console, Telnet, or SSH, the user will be placed into user mode. However, to run more powerful commands, the user must access enable mode using the enable command.
A user sits at her PC at her desk inside an Enterprise network. She opens a web browser and connects to a website that sits on the Internet. Which of the following answers is most true about the applications and functions used as a result of this user's actions? A. UDP is used as part of the process of transferring files from the web server to the user's web browser. B. UDP is used as part of the process of resolving the website's name into the default gateway's MAC address. C. The transfer of files uses the FTP protocol. D. The user's PC sends at least two messages to the server before requesting the specific web page.
D. Web browsers connect to web servers by referencing the URI of the web server. The client must find the hostname part of the URI and then find the IP address (not the MAC address) used by the server, typically by using a DNS request. The browser then uses HTTP to get the contents of the web page, with HTTP using TCP. The browser must initiate a TCP connection to the server, which requires a three-way initialization handshake, with two of those messages going from the user's PC to the server.
Define IOS
Internetwork Operating System
SLAAC
Stateless Address AutoConfiguration calculates IPv6 address
Define TACACS Define XTACACS Define TACACS+
Terminal Access Controller Access-Control System Extended TACACS Terminal Access Controller Access-Control System Plus (most current)