Cisco 3 Midterm 2nd Semester

Module 4: What wild card mask will match networks 172.16.0.0 through 172.19.0.0? 0.3.255.255 0.252.255.255 0.0.255.255 0.0.3.255

0.3.255.255

Refer to the exhibit. Given the commands as shown, how many hosts on the internal LAN off R1 can have simultaneous NAT translations on R1? 244 1 255 10

1

What is the default router priority value for all Cisco OSPF routers? 0 255 10 1

1

What is the default router priority value for all Cisco OSPF routers? 1 10 0 255

1

Refer to the exhibit. From the perspective of R1, the NAT router, which address is the inside global address? 192.168.0.10 209.165.200.225 192.168.0.1 209.165.200.254

209.165.200.225

Refer to the exhibit. R1 is configured for static NAT. What IP address will Internet hosts use to reach PC1? 192.168.0.1 209.165.200.225 209.165.201.1 192.168.0.10

209.165.200.225

Refer to the exhibit. Which source address is being used by router R1 for packets being forwarded to the Internet? 198.51.100.3 10.6.15.2 209.165.200.225 209.165.202.141

209.165.200.225

Refer to the exhibit. NAT is configured on RT1 and RT2. The PC is sending a request to the webserver. What IPv4 address is the source IP address in the packet between RT2 and the webserver? 172.16.1.254 172.16.1.10 203.0.113.10 192.168.1.5 209.165.200.245 192.0.2.2

209.165.200.245

Refer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement? 5 deny 172.23.16.0 0.0.255.255 5 deny 172.23.16.0 0.0.15.255 15 deny 172.23.16.0 0.0.15.255 30 deny 172.23.16.0 0.0.15.255

5 deny 172.23.16.0 0.0.15.255

What is the format of the router ID on an OSPF-enabled router? A character string with no space A unique router hostname that is configured on the router An 8-bit number with a decimal value between 0 and 255 A 32-bit number formatted like an IPv4 address A unique phrase with no more than 16 characters

A 32-bit number formatted like an IPv4 address

Refer to the exhibit. Static NAT is being configured to allow PC 1 access to the webserver on the internal network. What two addresses are needed in place of A and B to complete the static NAT configuration? A = 209.165.201.2 AND B = 209.165.201.7 A = 10.1.0.13 AND B = 209.165.201.7 A = 209.165.201.2 AND B = 10.0.254.5 A = 10.1.0.13 AND B = 209.165.201.1

A = 10.1.0.13 AND B = 209.165.201.1

Refer to the exhibit. A network administrator is configuring a standard IPv4 ACL. What is the effect after the command no access-list 10 is entered? ACL 10 is removed from the running configuration. ACL 10 is disabled on Fa0/1. ACL 10 is removed from both the running configuration and the interface Fa0/1. ACL 10 will be disabled and removed after R1 restarts.

ACL 10 is removed from the running configuration

Refer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1? Access-list 1 permit 192.168.10.128 0.0.0.63 Access-list 1 permit 192.168.10.0 0.0.0.63 Access-list 1 permit 192.168.10.0 0.0.0.255 Access-list 1 permit 192.168.10.96 0.0.0.31

Access-list 1 permit 192.168.10.96 0.0.0.31

Which ACE will permit a packet that originates from any network and is destined for a web server at 192.168.1.1? Access-list 101 permit tcp host 192.168.1.1 any eq 80 Access-list 101 permit tcp any host 192.168.1.1 eq 80 Access-list 101 permit tcp any eq 80 host 192.168.1.1 Access-list 101 permit tcp host 192.168.1.1 eq 80 any

Access-list 101 permit tcp any host 192.168.1.1 eq 80

Refer to the exhibit. Write two ACLs that will permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface. Which statement below will NOT be used as one of those two ACLs. Access-list 5 permit 192.168.10.0 0.0.0.63 Access-list 1 permit 192.168.10.0 0.0.0.127 Access-list 3 permit 192.168.10.128 0.0.0.63 Access-list 5 permit 192.168.10.64 0.0.0.63

Access-list 3 permit 192.168.10.128 0.0.0.63

Which step in the link-state routing process is described by a router building a link-state database based on received LSAs? Building the topology table Selecting the router ID Executing the SPF algorithm Declaring a neighbor to be inaccessible

Building the topology table

Which step in the link-state routing process is described by a router building a link-state database based on received LSAs? Selecting the router ID Executing the SPF algorithm Declaring a neighbor to be inaccessible Building the topology table

Building the topology table

Which step in the link-state routing process is described by a router inserting best paths into the routing table? Choosing the best route Load balancing equal-cost paths Declaring a neighbor to be inaccessible Executing the SPF algorithm

Choosing the best route

Which step in the link-state routing process is described by a router inserting best paths into the routing table? Load balancing equal-cost paths Choosing the best route Executing the SPF algorithm Declaring a neighbor to be inaccessible

Choosing the best route

Which step does an OSPF-enabled router take immediately after establishing an adjacency with another router? Executes the SPF algorithm Exchanges link-state advertisements Builds the topology table Chooses the best path

Exchanges link-state advertisements

Which step does an OSPF-enabled router take immediately after establishing an adjacency with another router? Chooses the best path Exchanges link-state advertisements Builds the topology table Executes the SPF algorithm

Exchanges the link-state advertisements

Which step in the link-state routing process is described by a router flooding link-state and cost information about each directly connected link? Building the topology table Injecting the default route Selecting the router ID Exchanging link-state advertisements

Exchanging link-state advertisements

Which step in the link-state routing process is described by a router flooding link-state and cost information about each directly connected link? Building the topology table Selecting the router ID Injecting the default route Exchanging link-state advertisements

Exchanging link-state advertisements

Which step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination? Choosing the best route Executing the SPF algorithm Declaring a neighbor to be inaccessible Load balancing equal-cost paths

Executing the SPF algorithm

Which step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination? Load balancing equal-cost paths Choosing the best route Executing the SPF algorithm Declaring a neighbor to be inaccessible

Executing the SPF algorithm

What is the term used to describe a mechanism that takes advantage of a vulnerability? Vulnerability Exploit Threat Mitigation

Exploit

What type of ACL offers greater flexibility and control over network access? Named standard Extended Numbered standard Flexible

Extended

Refer to the exhibit. The company has provided IP phones to employees on the 192.168.10.0/24 network and the voice traffic will need priority over data traffic. What is the best ACL type and placement to use in this situation? Standard ACL outbound on R2 S0/0/0 Extended ACLs inbound on R1 G0/0 and G0/1 Extended ACL inbound on R3 S0/0/1 Extended ACL inbound on R1 G0/0

Extended ACL inbound on R1 G0/0

Refer to the exhibit. Only authorized remote users are allowed remote access to the company server 192.168.30.10. What is the best ACL type and placement to use in this situation? Extended ACL inbound on R2 WAN interface connected to the internet Extended ACL inbound on R2 S0/0/0 Extended ACL outbound on R2 WAN interface towards the internet Extended ACLs inbound on R1 G0/0 and G0/1

Extended ACL inbound on R2 WAN interface connected to the internet

Refer to the exhibit. Network 192.168.30.0/24 contains all of the company servers. Policy dictates that traffic from the servers to both networks 192.168.10.0 and 192.168.11.0 be limited to replies for original requests. What is the best ACL type and placement to use in this situation? Standard ACL inbound on R1 G0/0 Extended ACL inbound on R3 G0/0 Standard ACL inbound on R1 VTY lines Extended ACLs inbound on R1 G0/0 and G0/1

Extended ACL inbound on R3 G0/0

Refer to the exhibit. Many employees are wasting company time accessing social media on their work computers. The company wants to stop this access. What is the best ACL type and placement to use in this situation? Standard ACL inbound on R2 WAN interface connecting to the internet Extended ACLs inbound on R1 G0/0 and G0/1 Standard ACL inbound on R1 G0/0 Standard ACL inbound on R1 G0/1

Extended ACLs inbound on R1 G0/0 and G0/1

What commonly motivates cyber criminals to attack networks as compared to hacktivists or state-sponsored hackers? Political reasons Fame seeking Status among peers Financial gain

Financial gain

After modifying the router ID on an OSPF router, what is the preferred method to make the new router ID effective? HQ# clear ip ospf process HQ# copy running-config startup-config HQ# clear ip route * HQ# resume

HQ# clear ip ospf process

Which type of hacker is motivated to protest against political and social issues? Script kiddie Vulnerability broker Hacktivist Cybercriminal

Hacktivist

What is the term used to describe gray hat hackers who publicly protest organizations or governments by posting articles, videos, leaking sensitive information, and performing network attacks? White hat hackers State-sponsored hacker Grey hat hackers Hacktivists

Hacktivists

To establish a neighbor adjacency two OSPF routers will exchange hello packets. Which two values in the hello packets must match on both routers? Router ID AND Router priority Hello interval AND Dead interval Dead interval AND Router ID Router priority AND List of neighbors

Hello interval AND Dead interval

To establish a neighbor adjacency two OSPF routers will exchange hello packets. Which two values in the hello packets must match on both routers? Router priority AND List of neighbors Router ID AND Router priority Dead interval AND Router ID Hello interval AND Dead interval

Hello interval AND Dead interval

Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? Most And All Any AND Some Host AND Any Lt AND Gt

Host AND Any

Which two packet filters could a network administrator use on an IPv4 extended ACL? Source TCP hello address and ICMP message type ICMP message type AND Destination UDP port number Destination UDP port number AND Computer type Source MAC address AND ICMP message type

ICMP message type AND Destination UDP port number

What indicates to a link-state router that a neighbor is unreachable? If the router no longer receives hello packets If the router no longer receives routing updates If the router receives an update with a hop count of 16 If the router receives an LSP with previously learned information

If the router no longer receives hello packets

What indicates to a link-state router that a neighbor is unreachable? If the router receives an LSP with previously learned information If the router no longer receives hello packets If the router receives an update with a hop count of 16 If the router no longer receives routing updates

If the router no longer receives hello packets

Which statement describes a difference between the operation of inbound and outbound ACLs? On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured. In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria. Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed. Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers.

Inbound ACLs are processes before the packets are routed while outbound ACLs are processed after the routing is completed

Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1? Inside local Outside global Inside global Outside local

Inside global

Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?​ Authentication Integrity Nonrepudiation Confidentiality

Integrity

Module 6: Refer to the exhibit. What has to be done in order to complete the static NAT configuration on R1? Interface S0/0/0 should be configured with the command ip nat outside . R1 should be configured with the command ip nat inside source static 209.165.200.1 192.168.11.11 . Interface Fa0/0 should be configured with the command no ip nat inside . R1 should be configured with the command ip nat inside source static 209.165.200.200 192.168.11.11 .

Interface S0/0/0 should be configured with the command ip nat outside

Module 3: Which statement accurately characterizes the evolution of threats to network security? Threats have become less sophisticated while the technical knowledge needed by an attacker has grown. Internal threats can cause even greater damage than external threats. Early Internet users often engaged in activities that would harm other users. Internet architects planned for network security from the beginning.

Internal threats can cause even greater damage than external threats

Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication? DoS attack ICMP attack Man-in-the-middle attack SYN flood attack

Man-in-the-middle attack

Refer to the exhibit. Employees on 192.168.11.0/24 work on critically sensitive information and are not allowed access off their network. What is the best ACL type and placement to use in this situation? Standard ACL inbound on R1 VTY lines Extended ACL inbound on R2 S0/0/0 Standard ACL inbound on R2 WAN interface connecting to the internet Standard ACL inbound on R1 G0/1

Standard ACL inbound on R1 G0/1

Refer to the exhibit. The network administrator has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement to use in this situation? Standard ACL inbound on R2 WAN interface connecting to the internet Standard ACL outbound on R1 G0/0 Extended ACL inbound on R3 G0/0 Standard ACL inbound on R1 VTY lines

Standard ACL inbound on R1 VTY lines

A network engineer has manually configured the hello interval to 15 seconds on an interface of a router that is running OSPFv2. By default, how will the dead interval on the interface be affected? The dead interval will now be 30 seconds. The dead interval will not change from the default value. The dead interval will now be 15 seconds. The dead interval will now be 60 seconds.

The dead interval will now be 60 seconds

A network engineer has manually configured the hello interval to 15 seconds on an interface of a router that is running OSPFv2. By default, how will the dead interval on the interface be affected? The dead interval will now be 30 seconds. The dead interval will not change from the default value. The dead interval will now be 60 seconds. The dead interval will now be 15 seconds.

The dead interval will now be 60 seconds

What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when implemented inbound on the f0/0 interface? Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations. All TCP traffic is permitted, and all other traffic is denied. All traffic from 172.16.4.0/24 is permitted anywhere on any port. The command is rejected by the router because it is incomplete.

Traffic originating from 172.16.40/24 is permitted to all TCP port 80 destinations

A technician is tasked with using ACLs to secure a router. When would the technician use the access-class 20 in the configuration option or command? To secure remote administrative access to the router To apply a standard ACL to an interface To secure management traffic into the router To remove a configured ACL

To secure remote administrative access to the router

What is a benefit of multiarea OSPF routing? Automatic route summarization occurs by default between areas. Topology changes in one area do not cause SPF recalculations in other areas. Routers in all areas share the same link-state database and have a complete picture of the entire network. A backbone area is not required.

Topology changes in one are do not cause SPF recalculations in other areas

What is a benefit of multiarea OSPF routing? Topology changes in one area do not cause SPF recalculations in other areas. Automatic route summarization occurs by default between areas. A backbone area is not required. Routers in all areas share the same link-state database and have a complete picture of the entire network.

Topology changes in one area do not cause SPF recalculations in other areas

What is the quickest way to remove a single ACE from a named ACL? Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router. Use the no keyword and the sequence number of the ACE to be removed. Use the no access-list command to remove the entire ACL, then recreate it without the ACE. Create a new ACL with a different number and apply the new ACL to the router interface.

Use the no keyword and the sequence number of the ACE to be removed

In an OSPF network when are DR and BDR elections required? When all the routers in an OSPF area cannot form adjacencies When the two adjacent neighbors are in two different networks When the two adjacent neighbors are interconnected over a point-to-point link When the routers are interconnected over a common Ethernet network

When the routers are interconnected over a common Ethernet network

In an OSPF network when are DR and BDR elections required? When all the routers in an OSPF area cannot form adjacencies When the two adjacent neighbors are interconnected over a point-to-point link When the routers are interconnected over a common Ethernet network When the two adjacent neighbors are in two different networks

When the routers are interconnected over a common Ethernet network

Consider the following access list. access-list 100 permit ip host 192.168.10.1 any access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo access-list 100 permit ip any any Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests. AND Only Layer 3 connections are allowed to be made from the router to any other network device. A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned. AND Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests. Only Layer 3 connections are allowed to be made from the router to any other network device. AND Devices on the 192.168.10.0/24 network can successfully ping devices on the 192.168.11.0 network. Only Layer 3 connections are allowed to be made from the router to any other network device. AND Only the network device assigned the IP address 192.168.10.1 is allowed to access the router.

A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned. AND Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests.

What is a ping sweep? A network scanning technique that indicates the live hosts in a range of IP addresses. A software application that enables the capture of all network packets that are sent across a LAN. A query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain. A scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services.

A network scanning technique that indicates the live hosts in a range of IP addresses

If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it? A different public key DH A digital certificate A private key

A private key

Refer to the exhibit. An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface Fa0/0. Which conclusion can be drawn from this configuration?​ An extended ACL must be used in this situation. Only traffic from the 172.16.4.0/24 subnet is blocked, and all other traffic is allowed.​ The ACL should be applied outbound on all interfaces of R1. The ACL should be applied to the FastEthernet 0/0 interface of R1 inbound to accomplish the requirements. All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.

All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet

Refer to the exhibit. A network administrator configures an ACL on the router. Which statement describes the result of the configuration? An SSH connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16. A Telnet connection is allowed from a workstation with IP 172.16.45.16 to a device with IP 192.168.25.18. An SSH connection is allowed from a workstation with IP 172.16.45.16 to a device with IP 192.168.25.18. A Telnet connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16.

An SSH connection is allowed from a workstation with IP 192.168.25.18 to a device IP 172.16.45.16

Refer to the exhibit. The student on the H1 computer continues to launch an extended ping with expanded packets at the student on the H2 computer. The school network administrator wants to stop this behavior but still allows both students access to web-based computer assignments. What would be the best plan for the network administrator? Apply an inbound extended ACL on R1 Gi0/0. Apply an outbound standard ACL on R2 S0/0/1. Apply an outbound extended ACL on R1 S0/0/1. Apply an inbound extended ACL on R2 Gi0/1. Apply an inbound standard ACL on R1 Gi0/0.

Apply an inbound extended ACL on R1 Gi0/0

What is the term used to describe unethical criminals who compromise computer and network security for personal gain, or for malicious reasons? Vulnerability broker Black hat hackers Hacktivists Script kiddies

Black hat hackers

Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack? DNS HTTP or HTTPS ICMP DHCP

DHCP

In which type of attack is falsified information used to redirect users to malicious Internet sites? ARP cache poisoning Domain generation DNS amplification and reflection DNS cache poisoning

DNS cache poisoning

Which type of OSPFv2 packet contains an abbreviated list of the LSDB of a sending router and is used by receiving routers to check against the local LSDB? Link-state request Database description Link-state update Link-state acknowledgment

Database description

Which type of OSPFv2 packet contains an abbreviated list of the LSDB of a sending router and is used by receiving routers to check against the local LSDB? Link-state request Link-state update Database description Link-state acknowledgment

Database description

In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? Session hijacking DoS MITM Address spoofing

DoS

What is a disadvantage when both sides of communication use PAT? The security of the communication is negatively impacted. The flexibility of connections to the Internet is reduced. End-to-end IPv4 traceability is lost. Host IPv4 addressing is complicated.

End-to-end IPv4 traceability is lost

Which step in the link-state routing process is described by a router sending Hello packets out all of the OSPF-enabled interfaces? Electing the designated router Exchanging link-state advertisements Injecting the default route Establishing neighbor adjacencies

Establishing neighbor adjacencies

Which step in the link-state routing process is described by a router sending Hello packets out all of the OSPF-enabled interfaces? Injecting the default route Establishing neighbor adjacencies Electing the designated router Exchanging link-state advertisements

Establishing neighbor adjacencies

When an OSPF network is converged and no network topology change has been detected by a router, how often will LSU packets be sent to neighboring routers? Every 10 minutes Every 60 minutes Every 30 minutes Every 5 minutes

Every 30 minutes

When an OSPF network is converged and no network topology change has been detected by a router, how often will LSU packets be sent to neighboring routers? Every 5 minutes Every 60 minutes Every 30 minutes Every 10 minutes

Every 30 minutes

OSPF state is NOT involved when two routers are forming an adjacency? Two-way Down ExStart Init

ExStart

Which OSPF state is NOT involved when two routers are forming an adjacency? ExStart Init Down Two-way

ExStart

What is the purpose of the overload keyword in the ip nat inside source list 1 pool NAT_POOL overload command? It allows a pool of inside global addresses to be used by internal hosts. It allows external hosts to initiate sessions with internal hosts. It allows many inside hosts to share one or a few inside global addresses. It allows a list of internal hosts to communicate with a specific group of external hosts.

It allows many inside hosts to share one or a few inside global addresses

What is the best description of Trojan horse malware? It is the most easily detected form of malware. It appears as useful software but hides malicious code. It is software that causes annoying but not fatal computer problems. It is malware that can only be distributed over the Internet.

It appears as useful software but hides malicious code

What is a feature of an IPS? It has no impact on latency. It is primarily focused on identifying possible incidents. It can stop malicious packets. It is deployed in offline mode.

It can stop malicious packets

In an OSPFv2 configuration, what is the effect of entering the command network 192.168.1.1 0.0.0.0 area 0 ? It tells the router which interface to turn on for the OSPF routing process. It enables OSPF on all interfaces on the router. It allows all 192.168.1.0 networks to be advertised. It changes the router ID of the router to 192.168.1.1.

It tells the router which interface to turn on for the OSPF routing process

Which OSPF data structure is identical on all OSPF routers that share the same area? Forwarding database Adjacency database Link-state database Routing table

Link-state database

Which OSPF data structure is identical on all OSPF routers that share the same area? Link-state database Adjacency database Routing table Forwarding database

Link-state database

Refer to the exhibit. A network administrator has configured R2 for PAT. Why is the configuration incorrect? The static NAT entry is missing. NAT-POOL2 is bound to the wrong ACL. The ACL does not define the list of addresses to be translated. The overload keyword should not have been applied.

NAT-POOL2 is bound to the wrong ACL

Refer to the exhibit. The NAT configuration applied to the router is as follows: ERtr(config)# access-list 1 permit 10.0.0.0 0.255.255.255 ERtr(config)# ip nat pool corp 209.165.201.6 209.165.201.30 netmask 255.255.255.224 ERtr(config)# ip nat inside source list 1 pool corp overload ERtr(config)# ip nat inside source static 10.10.10.55 209.165.201.4 ERtr(config)# interface gigabitethernet 0/0 ERtr(config-if)# ip nat inside ERtr(config-if)# interface serial 0/0/0 ERtr(config-if)# ip nat outside Based on the configuration and the output shown, what can be determined about the NAT status within the organization? Static NAT is working, but dynamic NAT is not. Dynamic NAT is working, but static NAT is not. Not enough information is given to determine if both static and dynamic NAT are working. NAT is working.

Not enough information is given to determine if both static and dynamic NAT are working

Refer to the exhibit. A network administrator has just configured address translation and is verifying the configuration. Which statement CANNOT be verified by this output? Two types of NAT are enabled. One port on the router is not participating in the address translation. Address translation is working. A standard access list numbered 1 was used as part of the configuration process.

One port on the router is not participating in the address translation

What is the term used to describe a guarantee that the message is not a forgery and does actually come from whom it states? Risk Mitigation Exploit Origin authentication

Origin authentication

In NAT terms, what address type refers to the globally routable IPv4 address of a destination host on the internet? Inside local Inside global Outside global Outside local

Outside global

Refer to the exhibit. Based on the output that is shown, what type of NAT has been implemented? Dynamic NAT with a pool of two public IP addresses PAT using an external interface Static NAT with one entry Static NAT with a NAT pool

PAT using an external interface

Refer to the exhibit. An administrator first configured an extended ACL as shown by the output of the show access-lists command. The administrator then edited this access-list by issuing the commands below. Router(config)# ip access-list extended 101 Router(config-ext-nacl)# no 20 Router(config-ext-nacl)# 5 permit tcp any any eq 22 Router(config-ext-nacl)# 20 deny udp any anyWhich two conclusions can be drawn from this new configuration?​ Ping packets will be permitted. AND SSH packets will be permitted. All TCP and UDP packets will be denied.​ AND TFTP packets will be permitted.​ Telnet packets will be permitted. AND All TCP and UDP packets will be denied.​ Ping packets will be permitted. AND Telnet packets will be permitted.

Ping packets will be permitted. AND SSH packets will be permitted.

What is considered a best practice when configuring ACLs on VTY lines? Place identical restrictions on all VTY lines. Apply the ip access-group command inbound. Use only extended access lists. Remove the VTY password since the ACL restricts access to trusted users.

Place identical restrictions on all VTY lines

What does NAT overloading use to track multiple internal hosts that use one inside global address? IP addresses Autonomous system numbers Port numbers MAC addresses

Port numbers

What type of address is 10.100.34.34? Public Private

Private

What type of address is 10.131.48.7? Private Public

Private

What type of address is 192.168.7.98? Private Public

Private

What type of address is 128.107.240.239? Public Private

Public

What type of address is 198.133.219.148? Public Private

Public

What type of address is 64.100.190.189? Public Private

Public

Refer to the exhibit. The Gigabit interfaces on both routers have been configured with subinterface numbers that match the VLAN numbers connected to them. PCs on VLAN 10 should be able to print to the P1 printer on VLAN 12. PCs on VLAN 20 should print to the printers on VLAN 22. What interface and in what direction should you place a standard ACL that allows printing to P1 from data VLAN 10, but stops the PCs on VLAN 20 from using the P1 printer? R1 S0/0/0 and Outbound R2 S0/0/1 and Outbound R1 Gi0/1.12 AND Outbound R2 Gi0/1.20 and Inbound R1 Gi0/1.12 AND Inbound

R1 Gi0/1.12 AND Outbound

Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which command will NOT be used to achieve this using best ACL placement practices? R2(config)# interface fastethernet 0/0 R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1 Correct! R2(config)# interface fastethernet 0/1 R2(config-if)# ip access-group 101 in

R2(config)# interface fast Ethernet 0/1

Module 2: What is used to facilitate hierarchical routing in OSPF? The use of multiple areas The election of designated routers Frequent SPF calculations Autosummarization

The use of multiple areas

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? permit 192.168.15.23 0.0.0.0 AND Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255 Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0 AND Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255 Router1(config)# access-list 10 permit host 192.168.15.23 AND Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0 Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255 AND Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0

Router(config)# access-list 10 permit host 192.168.15.23 AND Router(config)# access-list 10 permit 192.168.15.23 0.0.0.0

A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0 AND Router(config)# access-list 95 permit any Router(config)# access-list 95 deny any AND Router(config)# access-list 95 172.16.0.0 255.255.255.255 Router(config)# access-list 95 host 172.16.0.0 AND Router(config)# access-list 95 172.16.0.0 255.255.255.255 Router(config)# access-list 95 deny any AND Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255

Router(config)# access-list 95 deny any AND Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255

What does the CLI prompt change to after entering the command ip access-list standard aaa from global configuration mode? Router(config-router)# Router(config-line)# Correct! Router(config-std-nacl)# Router(config-if)# Router(config)#

Router(config-std-nacl)#

In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections? SYN flood attack Session hijacking attack Reset attack Port scan attack

SYN flood attack

A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? Social engineering Spam Anonymous keylogging DDoS

Social engineering

What is the term used to describe the same pre-shared key or secret key, known by both the sender and receiver to encrypt and decrypt data? Symmetric encryption algorithm Data integrity Risk Mitigation

Symmetric encryption algorithm

Refer to the exhibit. A new network policy requires an ACL denying FTP and Telnet access to a Corp file server from all interns. The address of the file server is 172.16.1.15 and all interns are assigned addresses in the 172.18.200.0/24 network. After implementing the ACL, no one in the Corp network can access any of the servers. What is the problem? The ACL is implicitly denying access to all the servers. Named ACLs require the use of port numbers. Inbound ACLs must be routed before they are processed. The ACL is applied to the interface using the wrong direction.

The ACL is implicitly denying access to all the servers

Refer to the exhibit. A network administrator has configured the OSPF timers to the values that are shown in the graphic. What is the result of having those manually configured timers? The R1 dead timer expires between hello packets from R2. R1 automatically adjusts its own timers to match the R2 timers. The hello timer on R2 expires every ten seconds. The neighbor adjacency has formed.

The R1 dead timer expires between hello packets from R2

Refer to the exhibit. A network administrator has configured the OSPF timers to the values that are shown in the graphic. What is the result of having those manually configured timers? The hello timer on R2 expires every ten seconds. The neighbor adjacency has formed. The R1 dead timer expires between hello packets from R2. R1 automatically adjusts its own timers to match the R2 timers.

The R1 dead timer expires between hello packets from R2

Refer to the exhibit. The named ACL "Managers" already exists on the router. What will happen when the network administrator issues the commands that are shown in the exhibit? The commands are added at the beginning of the existing Managers ACL. The network administrator receives an error that states that the ACL already exists. The commands overwrite the existing Managers ACL. The commands are added at the end of the existing Managers ACL.

The commands are added at the end of the existing Managers ACL

Refer to the exhibit. Which statement is correct based on the output as shown in the exhibit? The output is the result of the show ip nat statistics command. The host with the address 209.165.200.235 will respond to requests by using a source address of 192.168.10.10. The host with the address 209.165.200.235 will respond to requests by using a source address of 209.165.200.235. Traffic with the destination address of a public web server will be sourced from the IP of 192.168.1.10.

The host with the address 209.165.200.235 will respond to requests by using a source address of 192.168.10.10

What two addresses are specified in a static NAT configuration? The outside global and the outside local The inside global and the outside local The inside local and the inside global The inside local and the outside global

The inside local and the inside global

Refer to the exhibit. What can be determined from this output? Because there are no matches for line 10, the ACL is not working. The ACL is missing the deny ip any any ACE. The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101. The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.

The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101

Refer to the exhibit. A network administrator has configured ACL 9 as shown. Users on the 172.31.1.0 /24 network cannot forward traffic through router CiscoVille. What is the most likely cause of the traffic failure? The sequence of the ACEs is incorrect. The permit statement specifies an incorrect wildcard mask. The established keyword is not specified. The port number for the traffic has not been identified with the eq keyword.

The sequence of the ACEs is incorrect

Refer to the exhibit. A network administrator is viewing the output from the command show ip nat translations. Which statement correctly describes the NAT translation that is occurring on router RT2?​ The traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by means of static NAT. The traffic from a source IPv4 address of 192.0.2.88 is being translated by router RT2 to reach a destination IPv4 address of 192.168.254.253. The traffic from a source IPv4 address of 192.168.2.20 is being translated by router RT2 to reach a destination IPv4 address of 192.0.2.254. The traffic from a source IPv4 public address that originates traffic on the internet would be able to reach private internal IPv4 addresses​.

The traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by means of static NAT

Refer to the exhibit. An administrator has configured a standard ACL on R1 and applied it to interface serial 0/0/0 in the outbound direction. What happens to traffic leaving interface serial 0/0/0 that does not match the configured ACL statements? The resulting action is determined by the destination IP address. The source IP address is checked and if a match is not found, traffic is routed out interface serial 0/0/1. The traffic is dropped. The resulting action is determined by the destination IP address and port number.

The traffic is dropped

Module 1: What is used to facilitate hierarchical routing in OSPF? The election of designated routers The use of multiple areas Autosummarization Frequent SPF calculations

The use of multiple areas

In what way are zombies used in security attacks? They are infected machines that carry out a DDoS attack. They are maliciously formed code segments used to replace legitimate applications. They target specific individuals to gain corporate or personal information. They probe a group of machines for open ports to learn which services are running.

They are infected machines that carry out a DDoS attack

Module 5: Which statement describes a characteristic of standard IPv4 ACLs? They can be created with a number but not with a name. They filter traffic based on source IP addresses only. They can be configured to filter traffic based on both source IP addresses and source ports. They are configured in the interface configuration mode.

They filter traffic based on source IP addresses only

What is the term used to describe a potential danger to a company's assets, data, or network functionality? Threat Asset Vulnerability Exploit

Threat

A technician is tasked with using ACLs to secure a router. When would the technician use the ESTABLISHED configuration option or command? To add a text entry for documentation purposes To display all restricted traffic To allow specified traffic through an interface To allow returning reply traffic to enter the internal network

To allow returning reply traffic to enter the internal network

A technician is tasked with using ACLs to secure a router. When would the technician use the ip access-group 101 in the configuration option or command? To secure administrative access to the router To display all restricted traffic To apply an extended ACL to an interface To verify the ACL applied on the interface

To apply an extended ACL to an interface

A technician is tasked with using ACLs to secure a router. When would the technician use the 40 deny host 192.168.23.8 configuration option or command? To apply an extended ACL to an interface To create an entry in a numbered ACL To remove an ACL from an interface To secure management traffic into the router

To create an entry in a numbered ACL

A technician is tasked with using ACLs to secure a router. When would the technician use the HOST configuration option or command? To allow specified traffic through an interface To add a text entry for documentation purposes To insert a comment into the packet header To identify a single IP address

To identify a single IP address

A technician is tasked with using ACLs to secure a router. When would the technician use the ANY configuration option or command? To identify one specific IP address To identify any IP address To restrict specific traffic access through an interface To insert a comment into the packet header

To identify any IP address

What is the reason for a network engineer to alter the default reference bandwidth parameter when configuring OSPF? To increase the speed of the link To enable the link for OSPF routing To more accurately reflect the cost of links greater than 100 Mb/s To force that specific link to be used in the destination route

To more accurately reflect the cost of links greater than 100 Mb/s

A technician is tasked with using ACLs to secure a router. When would the technician use the DENY configuration option or command? To restrict specific traffic access through an interface To generate and send an informational message whenever the ACE is matched To identify one specific IP address To display all restricted traffic

To restrict specific traffic access through an interface

Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet? access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80 AND access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23 access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 AND access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23 access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1 AND access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet​​ access-list 103 deny tcp host 192.168.10.0 any eq 23 AND access-list 103 permit tcp host 192.168.10.1 eq 80

access-list 103 permit tcp 192.168.10.0.0 0.0.0.255 host 172.17.80.1 eq 80 AND access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23