NETWORKING: 02/01/2012

Friday, February 24, 2012

CCNA – Drag and Drop 5

Question 1

Drag the Cisco default administrative distance to the appropriate routing protocol or route (Not all options are used)

Answer:

+ RIP: 120
+ OSPF: 110
+ static route referencing IP address of next hop: 1
+ internal EIGRP route: 90
+ directly connected network: 0

Question 2

Drag the term on the left to its definition on the right (not all options are used)

Answer:

+ poison reverse: A router learns from its neighbor that a route is down and the router sends an update back to the neighbor with an infinite metric to that route
+ LSA: The packets flooded when a topology change occurs, causing network routers to update their topological databases and recalculate routes
+ split horizon: This prevents sending information about a routeback out the same interface that originally learned about the route
+ holddown timer: For a given period, this causes the router to ignore any updates with poorer metrics to a lost network

Question 3

Drag the description on the left to the correct router mode on the right

Answer:

+ user EXEC mode: limited to basic monitoring commands
+ privileged EXEC mode: provide access to all other router commands
+ global configuration mode: commands that affect the entire system
+ specific configuration mode: commands that affect interfaces/processes only
+ setup mode: interactive configuration dialog

Question 4

Drag each definition on the left to the matching term on the right

Answer:

+ cost: a configurable value based by default on the bandwidth of the interface
+ load: the amount of activity on a network resource
+ bandwidth: the data capacity of a link
+ hop count: the number of point-to-point links in a transmission path
+ reliability: usually refers to the bit error rate of each network link
+ delay: the amount of time required to move a packet from source to destination

CCNA – Drag and Drop 4

Question 1

Drag the function on the left to the matching security appliance or application on the right. (Not all functions are used)

Answer:

1) antispyware: detects software designed to capture sensitive information and removes it from the computer
2) antivirus: prevents known malicious programs from being installed on workstations
3) IDS: identifies malicious network traffic and alerts network personnel
4) firewall: filters traffic based on source and destination IP address or traffic type

Question 2

Drag the Frame Relay acronym on the left to match its definition on the right. (Not all acronyms are used)

Answer:

1) a router is this type of device: DTE
2) the most common type of virtual circuit: PVC
3) provides status messages between DTE and DCE devices: LMI
4) identifies the virtual connection between the DTE and the switch: DLCI

Question 3

The left describes some types of connections while the right describes some types of cables. Drag the items on the left to the proper locations.

Answer:

Explanation:

To specify when we use crossover cable or straight-through cable, we should remember:
Group 1: Router, Host(PC), Server
Group 2: Hub, Switch
One device in group 1 + One device in group 2: use straight-through cable
Two devices in the same group: use crossover cable
For example: we use straight-through cable to connect switch to router, switch to host, hub to host, hub to server… and we use crossover cable to connect switch to switch, switch to hub, router to router, host to host… ).
+ We can connect a modem to router auxiliary port using a rollover cable. Recall that the purpose of the router’s auxiliary port is for connecting to a modem and most Cisco routers have a second port on the back called the auxiliary port. We can use this port in case of a far-away router goes down, the administrator can have someone in the area go to the router, plug in a modem and access to the router remotely (if using the console port, we have to go to the site to work with that router).
+ We can connect a PC serial port to a switch/router console port through the RJ-45 to DB-9 or RJ-45 to DB-25 adapter (at the PC end), depending on the computer.

Question 4

The above provides some descriptions, while the below provides some routing protocols. Drag the above items to the proper locations.

Answer:

Explanation:

Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary routing protocol, so it is vendor-specific. By default, EIGRP internal routes have an administrative distance value of 90.
OSPF uses cost as its metric. By default, the cost of an interface is calculated based on bandwidth with the formula cost= 10000 0000/bandwith (in bps). OSPF elects a DR on each broadcast and nonbroadcast multiaccess networks (like Ethernet and Frame Relay environments, respectively). It doesn’t elect a DR on point-to-point link (like a serial WAN).

Question 5

As a CCNA candidate, you are required to have a firm understanding of the OSI model. At which layers of the OSI model do Wide Area Networks operate in? Please drag the items to the proper locations.

Answer:

Explanation

WAN operates in the two lowest layers which are Data Link and Physical layers.

CCNA – Drag and Drop 3

Question 1

Drag the security features on the left to the specific security risks they help protect against on the right. (Not all options are used)

Answer:

1) VTY password: remote access to device console
2) console password: access to the console 0 line
3) access-group: access to connected networks or resources
4) service password-encryption: viewing of passwords
5) enable secret: access to privileged mode
The unselected left-box – CHAP – is used to verify the identity of the peer by means of a three-way handshake.

Question 2

Refer to the exhibit. PC-A is sending packets to the FTP server. Consider the packets as they leave RA interface Fa0/0 forwards RB. Drag the correct frame and packet address to their places in the table.

Answer:

Source MAC: 0000.0C93.9999
Destination MAC: 0000.0C89.3333
Source IP: 172.16.21.7
Destination IP: 172.16.34.250

Explanation

Remember these rules:
The IP addresses (of source and destination) of a packet never change during the transportation through the network. For example if PC-A wants to send a packet to PC-Z then the source and destination IP addresses of the packet will be the IP addresses of PC-A and PC-Z no matter how many devices they go through.
The MAC addresses, conversely, will change while passing the devices. The source MAC address is the address of the last sender and the destination MAC address is the address of the next device.

Question 3

As a network administrator, you are required to configure the network security policy. And the policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy? Please choose appropriate commands and drag the items to the proper locations.

Answer:

Appropriate commands:
SW(config-if)# switchport port-security maximum 1
SW(config-if)# switchport port-security violation shutdown

Question 4

The left describes boot sequence, while the right describes the orders. Drag the items on the left to the proper locations.

Answer:

1) Step 1: The power on self test executes.
2) Step 2: The bootstrap loader in ROM executes.
3) Step 3: The IOS is located and loaded based on boot system commands in NVRAM.
4) Step 4: The configuration file is loaded from NVRAM.
5) Step 5: If no configuration file is located, the setup dialog initiates.

Explanation

When a router boots up, it performs a series of steps, called the boot sequence, to test the hardware and load the necessary software. The boot sequence consists of the following steps:
1) Power on self test (POST): tests the hardware to verify that all components of the device are operational and present.
2) The bootstrap loader in ROM executes: The bootstrap loader is a program in ROM that is used to find where a valid Cisco IOS image is located.
3) If a valid Cisco IOS image is located, it is loaded.
4) IOS loads configuration file. Once the IOS image is loaded, it will search for a valid startup configuration in NVRAM.
5) If a valid startup configuration file cannot be found, the router will load the System Configuration Dialog (sometimes called setup mode). This mode allows you to perform the initial configuration of the router.

Question 5

Drag and Drop question. Drag the items to the proper locations.
Routing has been configured on the local router with these commands:
Local(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1
Local(config)# ip route 10.1.0.0 255.255.255.0 192.168.2.2
Local(config)# ip route 10.1.0.0 255.255.0.0 192.168.3.3
Drag each destination IP address on the top to its correct next hop address at the bottom.

Answer:

Next hop 192.168.1.1:
+ 10.2.1.3
+ 10.6.8.4
Next hop 192.168.2.2:
+ 10.1.0.14
+ 10.1.0.123
Next hop 192.168.3.3:
+ 10.1.1.10
+ 10.1.4.6

Explanation

If we have many entries matching for next hop ip address then the router will choose the one with most specific path to send the packet. This is called the “longest match” rule, the route with the most bits in the mask set to “1″ will be chosen to route packet.

Question 6

If a Cisco router has learned about network 10.1.1.0 from multiple sources, the router will select and install only one entry into the routing table. Indicate the order of preference that the router will use by dragging the routes on the left to the order of preference category on the right.

Answer:

1) First preference: S 10.1.1.0 is directly connected, Serial1
2) Second preference: S 10.1 1.0/24 [1/0] via 10.1.2.2
3) Third preference: D 10.1.1.0/24 [90/2172416] via 10.1.5.5, Serial0
4) Fourth preference: O 10.1.1.0/24 [ 110/789] via 10.1.3.1, Serial0
5) Fifth preference: R 10.1.1.0/24 [120/3] via 10.1.3.1, Senal0

Explanation

Administrative distance is the first criterion that a router uses to determine which routing protocol to use if two protocols provide route information for the same destination. It is a measure of the trustworthiness of the source of the routing information. The smaller the administrative distance value, the more reliable the protocol.
In this question, notice that the destination of all routes is 10.1.1.0/24 so we need to use Administrative distance of each routing protocol to specify the priority of each route. Below lists the Administrative Distance default values of popular routing protocols:
+ Directly connected: 0
+ Static route: 1
+ EIGRP (symbolize by “D”): 90
+ OSPF (symbolize by “O”): 110
+ RIP (symbolize by “R”): 120

CCNA – Drag and Drop 2

Question 1

The left describes OSI layers, while the right provides some terms. Drag the items on the right to the proper locations.

Answer:

Network Layer:
1) IP addresses
2) packets
3) routing
Transport Layer:
1) windowing
2) UDP
3) segments

Question 2

The above describes some categories, while the below provides their corresponding router output lines. Drag the above items to the proper locations.

Answer:

1) Port operational: Serial0/1 is up, line protocol is up
2) Layer 2 problem: Serial0/1 is up, line protocol is down
3) Layer 1 problem: Serial0/1 is down, line protocol is down
4) Port disabled: Serial0/1 is administrator down, line protocol is down

Explanation:

A simple way to find out which layer is having problem is to remember this rule: “the first statement is for Layer 1, the last statement is for Layer 2 and if Layer 1 is down then surely Layer 2 will be down too”, so you have to check Layer 1 before checking Layer 2. For example, from the output “Serial0/1 is up, line protocol is down” we know that it is a layer 2 problem because the first statement (Serial0/1 is up) is good while the last statement (line protocol is down) is bad. For the statement “Serial0/1 is down, line protocol is down”, both layers are down so the problem belongs to Layer 1.
There is only one special case with the statement “…. is administrator down, line protocol is down”. In this case, we know that the port is currently disabled and shut down by the administrators.

Question 3

A user is unable to connect to the Internet. Based on the layered approach to troubleshooting and beginning with the lowest layer. Follow the guide and drag the contents to relevant modules.

Answer:

1) Verify Ethernet cable connection: Step 1
2) Verify NIC operation: Step 2
3) Verify IP configuration: Step 3
4) Verify URL: Step 4

Explanation:

The question asks us to “begin with the lowest layer” so we have to begin with Layer 1: verify physical connection; in this case an Ethernet cable connection. For your information, “verify Ethernet cable connection” means that we check if the type of connection (crossover, straight-through, rollover…) is correct, the RJ45 headers are plugged in, the signal on the cable is acceptable…
Next we “verify NIC operation”. We do this by simply making a ping to the loopback interface 127.0.0.1. If it works then the NIC card (layer 1,2) and TCP/IP stack (layer 3) are working properly.
Verify IP configuration belongs to layer 3. For example, checking if the IP can be assignable for host, the PC’s IP is in the same network with the gateway…
Verifying the URL by typing in your browser some popular websites like google.com, microsoft.com to assure that the far end server is not down (it sometimes make we think we can’t access to the Internet). We are using a URL so this step belongs to layer 7 of the OSI model.

Question 4

The left describes the types of cables, while the right describes the purposes of the cables. Drag the items on the left to the proper locations. (Not all items can be used).

Answer:

1) straight-through: switch access port to router
2) crossover: switch to switch
3) rollover: PC COM port to switch

Explanation:

To remember which type of cable you should use, follow these tips:
- To connect two serial interfaces of 2 routers we use serial cable
– To specify when we use crossover cable or straight-through cable, we should remember:
Group 1: Router, Host, Server
Group 2: Hub, Switch
One device in group 1 + One device in group 2: use straight-through cable
Two devices in the same group: use crossover cable
For example: we use straight-through cable to connect switch to router, switch to host, hub to host, hub to server… and we use crossover cable to connect switch to switch, switch to hub, router to router, host to host… )

Question 5

The left describes the types of switch ports, while the right describes the features. Drag the options on the right to the proper locations.

Answer:

Access Port:
- Carries traffic for a single VLAN
– Uses a straight-through cable to connect a device
– Connects an end-user workstation to a switch
Trunk Port:
- Carries traffic for a multiple VLAN
– Uses 802.1q to identify traffic from different VLANs
– Facilitates interVLAN communications when connected to a Layer 3 device

Question 6

The above describes the Spanning-Tree Protocol port states, while the below describes their functions. Drag the above items to the proper locations.

Answer:

- Learning: populating the MAC address table but not forwarding data frames
– Forwarding: sending and receiving data frames
– Listening: preparing to forward data frames without populating the MAC address table
– Blocking: preventing the use of looped paths

CCNA – Drag and Drop

Question 1:

A dental firm is redesigning the network that connects its three locations. The administrator gave the networking team 192.168.164.0 to use for addressing the entire netwok. After subnetting the address, the team is ready to assign the addresses. The administrator plans to configure ip subnet-zero and use RIP v2 as the routing protocol. As a member of the networking team, you must address the network and at the same time conserver unused addresses for future growth. With those goals in mind, drag the host addresses on the left to the correct router interface. Once of the routers is partially configured. Move your mouse over a router to view its configuration. Not all of the host addresses on the left are necessary.

Answer:

Explanation:

In short, we should start calculating from the biggest network (with 16 hosts) to the smallest one using the formula 2ⁿ – 2 (n is the number of bits we need to borrow).Therefore:
16 hosts < 2⁵ – 2 (we need to borrow 5 bits -> /27)
11 hosts < 2⁴ – 2 (borrow 4 bits -> /28)
5 hosts < 2³ – 2 (borrow 3 bits -> /29)
From the available ip addresses, we see that each of them has only one suitable solution (they are 192.168.164.149/27,192.168.164.166/28 and 192.168.164.178/29)
The smallest network is the Floss S0/0 which only requires 2 hosts = 2² – 2 (need to borrow 2 bits ->/30). There are 2 suitable answers: 192.168.164.189/30 and 192.168.164.188/30 but notice that 192.168.164.188/30 is the network address so we can not use it (because 188 = 4 * 47) -> we have to choose 192.168.164.189 as the correct solution.
In fact, it is not the formal way to solve a VLSM question so I recommend you to review your CCNA book if you haven’t grasped it well yet.

Question 2:

In order to complete a basic switch configuration, drag each switch IOS command on the left to its purpose on the right

Answer:

1) enable
2) configure terminal
3) hostname
4) Interface vlan 1
5) no shutdown
6) ip address
7) ip default-gateway

Question 3:

The Missouri branch office router is connected through its s0 interface to the Alabama Headquarters router s1 interface. The Alabama router has two LANs. Missouri users obtain Internet access through the Headquarters router. The network interfaces in the topology are addressed as follows: Missouri: e0 – 192.168.35.17/28; s0 – 192.168.35.33/28; Alabama: e0 – 192.168.35.49/28; e1 – 192.168.35.65/28; s1 – 192.168.35.34/28. The accounting server has the address of 192.168.35.66/28. Match the access list conditions on the left with the goals on the right. (Not all options on the left are used.)

Answer:

1) deny ip 192.168.35.16 0.0.0.15 host 192.168.35.66
2) deny ip 192.168.35.55 0.0.0.0 host 192.168.35.66
3) permit ip 192.168.35.0 0.0.0.255 host 192.168.35.66

Explanation:

1) The wildcard mask of the command “deny ip 192.168.35.16 0.0.0.15 host 192.16.35.66″ is 0.0.0.15, which is equal to network mask of 255.255.255.240 = /28. So the access list will deny all traffic from network 192.168.35.16/28 from accessing host 192.16.35.66, which is the IP address of accounting server.
2) The command “deny ip 192.168.35.55 0.0.0.0 host 192.168.35.66″ will deny host 192.168.35.55, which is a user and belongs to interface e0 of Alabama router (192.168.35.49/28) from accessing accounting server.
3) Because there is an implicit “deny all” command at the end of each access list so the command “permit ip 192.168.35.0 0.0.0.255 host 192.168.35.66″ will only let network 192.168.35.0/24 access accounting server whilst prevent traffic from other networks.

Question 4:

A host with the address of 192.168.125.34/27 needs to be denied access to all hosts outside its own subnet. To accomplish this, complete the command in brackets, [access-list 100 deny protocol address mask any], by dragging the appropriate options on the left to their correct placeholders on the right.

Answer:

1) ip
2) 192.168.125.34
3) 0.0.0.0
Full command: access-list 100 deny ip 192.168.125.34 0.0.0.0

Question 5:

Drag and drop the network user application to the appropriate description of its primary use (not all options are used)

Answer:

1) web browser
2) instant message
3) e-mail
4) database
5) collaboration

Question 6:

This topology contains 3 routers and 1 switch. Complete the topology.

Drag the appropriate device icons to the labeled Device

Drag the appropriate connections to the locations labeled Connections.
Drag the appropriate IP addresses to the locations labeled IP address

(Hint: use the given host addresses and Main router information)
To remove a device or connection, drag it away from the topology.
Use information gathered from the Main router to complete the configuration of any additional routers. No passwords are required to access the Main router . The config terminal command has been disabled for the HQ router. The router does not require any configuration.
Configure each additional router with the following

Configure the interfaces with the correct IP address and enable the interfaces.

Set the password to allow console access to consolepw
Set the password to allow telnet access to telnetpw
Set the password to allow privilege mode access to privpw

Note: Because routes are not being added to the configurations, you will not be able to ping through the internetwork.
All devices have cable autosensing capabilities disabled.
All hosts are PC’s

Answer:

CCNA – NAT and PAT Questions

Question 1

Refer to the exhibit. What does the (*) represent in the output?

02:16:29: NAT: s=10.10.0.2->1.2.4.2, d=1.2.4.1 [51607]
02:16:29: NAT: s=1.2.4.1, d=1.2.4.2->10.10.0.2 [55227]
62:16:29: NAT*: s=10.10.0.2->1.2.4.2, d=1.2.4.1 [51608]
02:16:29: NAT*: s=10.10.0.2->1.2.4.2, d=1.2.4.1 [51609]

A. Packet is destined for a local interface to the router.
B. Packet was translated, but no response was received from the distant device.
C. Packet was not translated, because no additional ports are available.
D. Packet was translated and fast switched to the destination.

Answer: D

Explanation

The above output is from the “debug ip nat” command. In this output, the first two lines show the Domain Name System (DNS) request and reply debugging output.
In the first line (DNS request):
s=10.10.0.2->1.2.4.2: source of the IP address (10.10.0.2) and how it is being translated (to 1.2.4.2)
d=1.2.4.1: destination address of the packet
[51607]: the IP identification number of the packet
In the second line (DNS reply):
s=1.2.4.1: source of the reply
d=1.2.4.2->10.10.0.2: how the destination is being translated
The remaining lines show debugging output from a Telnet connection from a host on the inside of the network to a host on the outside of the network. All Telnet packets, except for the first packet, were translated in the fast path, as indicated by the asterisk (*).
Note: If the connection is already established, the security appliance does not need to re-check packets and the packets are sent to the Fast Path.

Question 2

Refer to the exhibit. What command sequence will enable PAT from the inside to outside network?

ip nat pool isp-net 1.2.4.10 1.2.4.240 netmask 255.255.255.0
!
interface ethernet 1
description ISP Connection
ip address 1.2.4.2 255.255.255.0
ip nat outside
!
interface ethernet 0
description Ethernet to Firewall eth0
ip address 10.10.0.1 255.255.255.0
ip nat inside
!
access-list 1 permit 10.0.0.0 0.255.255.255

A. (config)# ip nat pool isp-net 1.2.4.2 netmask 255.255.255.0 overload
B. (config-if)# ip nat outside overload
C. (config)# ip nat inside source list 1 interface ethernet1 overload
D. (config-if)# ip nat inside overload

Answer: C

Explanation

The command “ip nat inside source list 1 interface ethernet1 overload” means:
“ip nat”: use NAT
“inside”: NAT from inside to outside
“source list 1″: the source addresses can be found in access list 1
“interface ethernet1″: NAT out of this interface
“overload”: use NAT overload (PAT)

Question 3

Refer to the exhibit. A junior network engineer has prepared the exhibited configuration file. What two statements are true of the planned configuration for interface fa0/1? (Choose two)

A. The two FastEthernet interfaces will require NAT configured on two outside serial interfaces.
B. Address translation on fa0/1 is not required for DMZ Devices to access the Internet.
C. The fa0/1 IP address overlaps with the space used by s0/0.
D. The fa0/1 IP address is invalid for the IP subnet on which it resides.
E. Internet hosts may not initiate connections to DMZ Devices through the configuration that is shown.

Answer: B E

Explanation

Both inside FastEthernet interfaces can use only one outside interface to go to the Internet -> A is not correct.
DMZ devices use IP addresses in the range of 128.107.1.128/25 which are public IP addresses so they don’t need address translation to access the Internet -> B is correct.
The fa0/1 interface’s IP address is 128.107.1.254 255.255.255.128 (range from 128.107.1.128 to 128.107.1.255) while the IP address of s0/0 is 128.107.1.1 255.255.255.252 (ranges from 128.107.1.0 to 128.107.1.4) so they are not overlapped with each other -> C is not correct.
DMZ devices are in the range of 128.107.1.128/25 (from 128.107.1.128 to 128.107.1.255) and fa0/1 IP address (128.107.1.254) is a valid IP address on this subnet -> D is not correct.
DMZ devices (and other internal hosts) are using dynamic PAT, which is a type of dynamic NAT. With dynamic NAT, translations do not exist in the NAT table until the router receives traffic that requires translation. In other words, if DMZ devices communicate with outside hosts first, dynamic translation works fine. But if outside hosts communicate with DMZ devices first, no translation is created in NAT table and the packets will be dropped. This is the reason why “Internet hosts may not initiate connections to DMZ Devices through the configuration that is shown” -> E is correct.

Question 4

Refer to the exhibit. What statement is true of the configuration for this network?

A. The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.
B. Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown.
C. The number 1 referred to in the ip nat inside source command references access-list number 1.
D. ExternalRouter must be configured with static routers to network 172.16.2.0/24

Answer: C

Explanation

The “list 1″ refers to the access-list number 1.

Question 5

What are two benefits of using NAT? (choose two)
A. NAT protects network security because private networks are not advertised.
B. NAT accelerates the routing process because no modifications are made on the packets.
C. Dynamic NAT facilitates connections from the outside of the network.
D. NAT facilitates end-to-end communication when IPsec is enable.
E. NAT eliminates the need to re-address all host that require external access.
F. NAT conserves addresses through host MAC-level multiplexing.

Answer: A E

Explanation

By not reveal the internal Ip addresses, NAT adds some security to the inside network -> A is correct.
NAT has to modify the source IP addresses in the packets -> B is not correct.
Connection from the outside of the network through a “NAT” network is more difficult than a more network because IP addresses of inside hosts are hidden -> C is not correct.
In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> D is not correct.
By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-address the inside hosts -> E is correct.
NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowing many private IP addresses to use the same public IP address to go to the Internet -> F is not correct.

Question 6

Which two statements about static NAT translations are true? (choose two)
A. They are always present in the NAT table.
B. They allow connection to be initiated from the outside.
C. They can be configured with access lists, to allow two or more connections to be initiated from the outside.
D. They require no inside or outside interface markings because addresses are statically defined.

Answer: A B

Explanation

With static NAT, translations exist in the NAT translation table as soon as you configure static NAT command(s), and they remain in the translation table until you delete the static NAT command(s).
With dynamic NAT, translations do not exist in the NAT table until the router receives traffic that requires translation. Dynamic translations have a timeout period after which they are purged from the translation table.
-> A is correct.
Because static NAT translations are always present in the NAT table so outside hosts can initiate the connection without being dropped -> B is correct.
Static translations can not be configured with access lists. To configure static NAT, we only need to specify source IP, NAT IP, inside interface & outside interface.
-> C is not correct.
We have to specify which is the inside and outside interface -> D is not correct.
For your information, below is an example of configuring static NAT:
R0(config)#int f0/0
R0(config-if)#ip nat inside
R0(config-if)#int f0/1
R0(config-if)#ip nat outside
R0(config)#ip nat inside source static 10.0.0.1 200.0.0.2

Question 7

Refer to the exhibit. Which statement about packet addresses are true during data exchange when host A makes Web-request to WWW Server, considering that there is NAT overload scheme for data passing from Corp LAN hosts to outside networks in use?

A. Source 234.15.27.226:3015 and destination 234.15.27.225:80
B. Source 200.15.239.128:3015 and destination 192.168.10.34:80
C. Destination 192.168.10.11:3015 and source 200.15.239.128:80
D. Source 192.168.10.34:80 and destination 192.168.10.254:3015
E. Destination 234.15.27.225:3015 and source 200.15.239.128:80

Answer: E

Explanation

From A to Corp router:
+ Source: 192.168.10.34: 3015 & Destination: 200.15.239.128:80
From Corp to WWW Server:
+ Source: 234.15.27.225:3015 & Destination: 200.15.239.128:80
From WWW Server to Corp:
+ Source: 200.15.239.128:80 & Destination: 234.15.27.225:3015
From Corp to Host A:
+ Source: 192.168.10.254:80 & Destination: 192.168.10.34:3015
So the only correct answer is E (from WWW server to Corp)

CCNA – DHCP Questions

Question 1

Refer to the exhibit. Which rule does the DHCP server use when there is an IP address conflict?

A. The address is removed from the pool until the conflict is resolved.
B. The address remains in the pool until the conflict is resolved.
C. Only the IP detected by Gratuitous ARP is removed from the pool.
D. Only the IP detected by Ping is removed from the pool.
E. The IP will be shown, even after the conflict is resolved.

Answer: A

Question 2

How dose a DHCP server dynamically assign IP address to host?
A. Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
B. Addresses are assigned for a fixed period of time. At the end of period, a new quest for an address must be made, and another address is then assigned.
C. Addresses are leased to host. A host will usually keep the same address by periodically contacting the DHCP sever to renew the lease.
D. Addresses are permanently assigned so that the host uses the same address at all times.

Answer: C

Question 3

Which two tasks does the Dynamic Host Configuration Protocol perform? (Choose two)
A. Set the IP gateway to be used by the network.
B. Perform host discovery used DHCPDISCOVER message.
C. Configure IP address parameters from DHCP server to a host.
D. Provide an easy management of layer 3 devices.
E. Monitor IP performance using the DHCP server.
F. Assign and renew IP address from the default pool.

Answer: C F

Question 4

Which statement is correct regarding the operation of DHCP?
A. A DHCP client uses a ping to detect address conflicts.
B. A DHCP server uses a gratuitous ARP to detect DHCP clients.
C. A DHCP client uses a gratuitous ARP to detect a DHCP server.
D. If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.
E. If an address conflict is detected, the address is removed from the pool for an amount of time configurable by the administrator.
F. If an address conflict is detected, the address is removed from the pool and will not be reused until the server is rebooted.

Answer: D

Explanation

An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict.

Saturday, February 18, 2012

CCNA – Security Questions

Question 1

Which component of VPN technology ensures that data can be read only by its intended recipient?
A. data integrity
B. encryption
C. key exchange
D. authentication

Answer: D

Explanation

First you need to understand what these terms mean:
Data integrity: verifying that the packet was not changed as the packet transited the Internet
Encryption: conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people
Authentication: the process of determining whether someone or something is, in fact, who or what it is declared to be. Authentication can take place at both sides, the sender and the receiver.
Key exchange: is any method in cryptography by which cryptographic keys are exchanged between users, allowing use of a cryptographic algorithm.
So in this question we realize that only authentication involves in the end user while others are about processing data -> D is correct.

Question 2

What can be done to secure the virtual terminal interfaces on a router? (Choose two)
A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.

Answer: D E

Explanation

It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces -> A is not correct.
We can not physically secure a virtual interface because it is “virtual” -> B is not correct.
To apply an access list to a virtual terminal interface we must use the “access-class” command. The “access-group” command is only used to apply an access list to a physical interface -> C is not correct; E is correct.
The most simple way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login -> D is correct.

Question 3

The enable secret command is used to secure access to which CLI mode?
A. user EXEC mode
B. global configuration mode
C. privileged EXEC mode
D. auxiliary setup mode

Answer: C

Question 4

Which type of attack is characterized by flood of packet that requesting a TCP connection to a server?
A. denial of service
B. brute force
C. reconnaissance
D. Trojan horse

Answer: A

Question 5

Which IPsec security protocol should be used when confidentiality is required?
A. AH
B. MD5
C. PSK
D. ESP

Answer: D

Explanation

IPsec is a pair of protocols, Encapsulating Security Payload (ESP) and Authentication Header (AH), which provide security services for IP datagrams.
ESP can provide the properties authentication, integrity, replay protection, and confidentiality of the data (it secures everything in the packet that follows the IP header).
AH provides authentication, integrity, and replay protection (but not confidentiality) of the sender.

Question 6

What algorithm technology must be used for ensuring data integrity when dataflow goes over VPN tunnel? (Choose two)
A. RSA
B. DH-1
C. DH-2
D. HMAC-MD5
E. HMAC-SHA1

Answer: D E

Explanation

Data integrity ensures data has not been altered in the transmission. A data-integrity algorithm adds a hash to the message to guarantee the integrity of the message.
A Hashed Message Authentication Code (HMAC) is a data-integrity algorithm that ensures the integrity of the message. Two popular algorithms a VPN gateway uses for verifying integrity of data are HMAC-Message Digest 5 (HMAC-MD5) and HMAC-Secure Hash Algorithm 1 (HMAC-SHA1)
+ HMAC-MD5 uses a 128-bit shared-secret key of any size. The variable-length message and shared-secret key are combined and run through the HMAC-MD5 hash algorithm. The output is a 128-bit hash. The hash is appended to the original message and is forwarded to the remote end.
+ HMAC-SHA-1 uses a secret key of any size. The variable-length message and the shared-secret key are combined and run through the HMAC-SHA-1 hash algorithm. The output is a 160-bit hash. The hash is appended to the original message and is forwarded to the remote end.
Diffie-Hellman Group 1 (DH-1) & Diffie-Hellman Group 2 (DH-2) are two encryption algorithms for VPN, not data integrity algorithms.
RSA is also an encryption algorithm, not data integrity algorithm.
(Reference: Implementing Cisco IOS Network Security IINS)

Question 7

What are two security appliances that can be installed in a network? (Choose two)
A. ATM
B. IDS
C. IOS
D. IOX
E. IPS
F. SDM

Answer: B E

Explanation

Intrusion detection system (IDS) and intrusion prevention system (IPS) solutions form an integral part of a robust network defense solution.
IDS monitors network and system activities for malicious activities or policy violations and produces reports to a Management Station.
IPS provides policies and rules for network traffic along with an intrusion detection system for alerting system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted.
The key to differentiating an IDS from an IPS is that an IPS responds immediately and does not allow any malicious traffic to pass, whereas an IDS allows malicious traffic to pass before it can respond.
(Reference: Implementing Cisco IOS Network Security IINS)
Note: Asynchronous Transfer Mode (ATM) is a layer 2 WAN transport protocol. It encodes data into small, fixed-sized cells consisting of 48 bytes of payload and 5 bytes of cell header -> A is not correct
Cisco Router and Security Device Manager (SDM) is a Web-based device-management tool for Cisco routers that can help you configure a router via a web browser -> In general, it only helps simplify the network management, router configuration so it is not a security appliance -> F is not correct.

Question 8

Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?
A. Cisco IOS IPsec/SSL VPN client
B. Cisco VPN Client
C. ISDN terminal adapter
D. Cisco Adaptive Security Appliance

Answer: D

Explanation

An example of IPsec site-to-site VPN is your corporation has departments in many countries which need to communicate with each other. A popular solution is site-to-site (LAN-to-LAN) VPN to create private networks through the Internet. But as we know, Internet is not a safe environment for important data to be transferred. That is the reason why we need IPsec, a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
Cisco Adaptive Security Appliance (ASA) supports IPsec, that’s all I can say! If you wish to learn more about the configuration, please read http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a9a7a3.shtml

Question 9

Refer to the exhibit. What is the result of setting the no login command?

Router#config t
Router(config)#line vty 0 4
Router(config-line)#password c1sc0
Router(config-line)#no login

A. This is a virtually limitless supply of IP addresses
B. Telnet access requires a new password at first login
C. Telnet access requires a password
D. Telnet access is denied

Answer: No correct answer

Explanation

There is a mistake in this question because this configuration will let someone telnet to that router without the password (so the line “password c1sco” is not necessary).
If we want to deny telnet we can configure like this:
Router(config)#line vty 0 4
Router(config-line)#no password (if the password is set before)
Router(config-line)#login
With this configuration, when someone tries to telnet to this router, a message “Password required, but none set” is displayed.

Question 10

What is the effect of using the service password-encryption command?
A. Only passwords configured after the command has been entered will be encrypted.
B. Only the enable password will be encrypted.
C. Only the enable secret password will be encrypted
D. It will encrypt the secret password and remove the enable secret password from the configuration.
E. It will encrypt all current and future passwords.

Answer: E

Explanation

The secret password (configured by the command “enable secret “) is always encrypted even if the “service password-encryption” command is not used. Moreover, the secret password is not removed from the configuration with this command, we still see it in encrypted form in the running-config -> D is not correct.
The “enable password ” does not encrypt the password and can be viewed in clear text in the running-config. By using the “service password-encryption” command, that password is encrypted (both current and future passwords) -> A is not correct, E is correct.
Answer B – Only the enable password will be encrypted seems to be correct but it implies the secret password will not be encrypted and stay in clear text, which is not correct.
For your information, the secret password is encrypted with MD5 one-way hash algorithm which is harder to break than the encryption algorithm used by the “service password-encryption” command.

Question 11

Which command sets and automatically encrypts the privileged enable mode password?
A. enable password c1sco
B. secret enable c1sco
C. password enable c1sco
D. enable secret c1sco

Answer: D

CCNA – EIGRP Questions

Question 1

Refer to the exhibit, when running EIGRP what is required for R1 to exchange routing updates with R3?

A – AS numbers must be changed to match on all the routers
B – Loopback interfaces must be configured so a DR is elected
C – The no auto-summary command is needed on R1 and R3
D – R2 needs to have two network statements, one for each connected network

Answer: A

Question 2:

As a Cisco technician, you need to know EIGRP protocol very well. Which of the following is true about EIGRP successor routes? (Choose two)
A – A successor route is used by EIGRP to forward traffic to a destination
B – Successor routes are stored in the neighbor table following the discovery process
C – Successor routes are flagged as “active” in the routing table
D – A successor route may be backed up by a feasible successor route

Answer: A D

Explanation:

B is not correct because neighbor table only contains a list of directly connected EIGRP routers that have an adjacency with this router, it doesn’t contain successor routes.
C is not correct because successor routes are not flagged as “active”, they are always the best route to reach remote networks and are always used to send packets.
A and D are correct because successor route is the best and primary route to a remote network. It is stored in the routing table and topology table. If this route fails, a backup route (called feasible successor route) in the topology table will be used to route traffic to a destination.

Question 3:

Which two statements are true regarding EIGRP? (Choose two)
A – Passive routes are in the process of being calculated by DUAL
B – EIGRP supports VLSM, route summarization, and routing update authentication
C – EIGRP exchanges full routing table information with neighboring routers with every update
D – If the feasible successor has a higher advertised distance than the successor route, it becomes the primary route
E – A query process is used to discover a replacement for a failed route if a feasible successor is not identified from the current routing information

Answer: B E

Explanation:

Diffusing Update Algorithm (DUAL) is the algorithm for selecting and maintaining the best path to each remote network. DUAL tracks all the routes advertised by neighbors and selects routes based on feasible successors. It inserts lowest cost paths into the routing table (these routes are known as primary routes or successor routes) -> A is not correct.
EIGRP is still a distance-vector protocol, but has certain features that belong to link-state algorithms (like OSPF) than distance-vector algorithms. For example, EIGRP sends a partial routing table update, which includes just routes that have been changed, not the full routing table like distance-vector algorithms -> C is not correct.
The feasible successor route will become the primary route when its advertised distance is lower than the feasible distance of the successor route. The feasible successor route can be used in the event that the successor route goes down. Notice that the feasible successor route does not get installed in the routing table but is kept in the topology table as a backup route -> D is not correct.
“Support VLSM, route summarization, and routing update authentication” are the features of EIGRP -> B is correct.
When a route fails and has no feasible successor, EIGRP uses a distributed algorithm called Diffusing Update Algorithm (DUAL) to discover a replacement for a failed route. When a new route is found, DUAL adds it to the routing table -> E is correct.

Friday, February 17, 2012

CCNA – OSPF Questions 2

Question 1

Refer to the exhibit. Which two statements are true about the loopback address that is configured on RouterB? (Choose two)

A. It ensures that data will be forwarded by RouterB.
B. It provides stability for the OSPF process on RouterB.
C. It specifies that the router ID for RouterB should be 10.0.0.1.
D. It decreases the metric for routes that are advertised from RouterB.
E. It indicates that RouterB should be elected the DR for the LAN.

Answer: B C

Explanation

A loopback interface never comes down even if the link is broken so it provides stability for the OSPF process (for example we use that loopback interface as the router-id) -> B is correct.
The router-ID is chosen in the order below:
+ The highest IP address assigned to a loopback (logical) interface.
+ If a loopback interface is not defined, the highest IP address of all active router’s physical interfaces will be chosen.
-> The loopback interface will be chosen as the router ID of RouterB -> C is correct.

Question 2

Which characteristics are representative of a link-state routing protocol? (Choose three)
A. provides common view of entire topology
B. exchanges routing tables with neighbors
C. calculates shortest path
D. utilizes event-triggered updates
E. utilizes frequent periodic updates

Answer: A C D

Explanation

Each of routers running link-state routing protocol learns paths to all the destinations in its “area” so we can say A is correct although it is a bit unclear.
Link-state routing protocols generate routing updates only (not the whole routing table) when a change occurs in the network topology so B is not correct.
Link-state routing protocol like OSPF uses Dijkstra algorithm to calculate the shortest path -> C is correct.
Unlike Distance vector routing protocol (which utilizes frequent periodic updates), link-state routing protocol utilizes event-triggered updates (only sends update when a change occurs) -> D is correct but E is not correct.

Question 3

The internetwork infrastructure of company XYZ consists of a single OSPF area as shown in the graphic. There is concern that a lack of router resources is impeding internetwork performance.
As part of examining the router resources the OSPF DRs need to be known.
All the router OSPF priorities are at the default and the router IDs are shown with each router.
Which routers are likely to have been elected as DR? (Choose two)
A. Corp-1
B. Corp-2
C. Corp-3
D. Corp4
E. Branch-1
F. Branch-2

Answer: D F

Explanation

There are 2 segments on the topology above which are separated by Corp-3 router. Each segment will have a DR so we have 2 DRs.
To select which router will become DR they will compare their router-IDs. The router with highest (best) router-ID will become DR. The router-ID is chosen in the order below:
+ The highest IP address assigned to a loopback (logical) interface.
+ If a loopback interface is not defined, the highest IP address of all active router’s physical interfaces will be chosen.
In this question, the IP addresses of loopback interfaces are not mentioned so we will consider IP addresses of all active router’s physical interfaces. Router Corp-4 (10.1.40.40) & Branch-2 (10.2.20.20) have highest “active” IP addresses so they will become DRs.

Question 4

A network associate has configured OSPF with the command:
City(config-router)# network 192.168.12.64 0.0.0.63 area 0
After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF.
Which three of the interfaces shown in the exhibit will participate in OSPF according to this configuration statement? (Choose three)
A. FastEthernet0/0
B. FastEthernet0/1
C. Serial0/0
D. Serial0/1.102
E. Serial0/1.103
F. Serial0/1.104

Answer: B C D

Explanation

The “network 192.168.12.64 0.0.0.63″ equals to network 192.168.12.64/26. This network has:
+ Increment: 64 (/26= 1111 1111.1111 1111.1111 1111.1100 0000)
+ Network address: 192.168.12.64
+ Broadcast address: 192.168.12.127
Therefore all interface in the range of this network will join OSPF -> B C D are correct.

Question 5

When running OSPF, what would cause router A not to form an adjacency with router B?

A. The loopback addresses are on different subnets.
B. The values of the dead timers on the routers are different.
C. Route summarization is enabled on both routers.
D. The process identifier on router A is different than the process identifier on router

Answer: B

Explanation

To form an adjacency (become neighbor), router A & B must have the same Hello interval, Dead interval and AREA number.

Question 6

Refer to the exhibit. The network is converged. After link-state advertisements are received from Router_A, what information will Router_E contain in its routing table for the subnets 208.149.23.64 and 208.149.23.96?

A. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, FastEthernet0/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, FastEthernet0/0
B. 208.149.23.64[110/1] via 190.173.23.10, 00:00:00:07, Serial1/0
208.149.23.96[110/3] via 190.173.23.10, 00:00:00:16, FastEthernet0/0
C. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, FastEthernet0/0
D. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, Serial1/0

Answer: A

Explanation

Router_E learns two subnets subnets 208.149.23.64 and 208.149.23.96 via Router_A through FastEthernet interface. The interface cost is calculated with the formula 10⁸ / Bandwidth. For FastEthernet it is 10⁸ / 100 Mbps = 10⁸ / 10,000,000,000 = 1. Therefore the cost is 12 (learned from Router_A) + 1 = 13 for both subnets -> B is not correct.
The cost through T1 link is much higher than through T3 link (T1 cost = 10⁸ / 1.544 Mbps = 64; T3 cost = 10⁸/ 45 Mbps = 2) so surely OSPF will choose the path through T3 link -> Router_E will choose the path from Router_A through FastEthernet0/0, not Serial1/0 -> C & D are not correct.
In fact, we can quickly eliminate answers B, C and D because they contain at least one subnet learned from Serial1/0 -> they are surely incorrect.

Question 7

Refer to the exhibit. Given the output for this command, if the router ID has not been manually set, what router ID will OSPF use for this RouterD?
RouterD# show ip interface brief

A. 10.1.1.2
B. 10.154.154.1
C. 172.16.5.1
D. 192.168.5.316

Answer: C

Explanation

The highest IP address of all loopback interfaces will be chosen -> Loopback 0 will be chosen as the router ID.

Question 8

Which commands are required to properly configure a router to run OSPF and to add network 192.168.16.0/24 to OSPF area 0? (choose two)
A. Router(config)#router ospf 1
B. Router(config)#router ospf 0
C. Router(config)#router ospf area 0
D. Router(config-router)#network 192.168.16.0 0.0.0.255 area 0
E. Router(config-router)#network 192.168.16.0 0.0.0.255 0
F. Router(config-router)#network 192.168.16.0 255.255.255.0 area 0

Answer: A D

Explanation

In the router ospf
command, the ranges from 1 to 65535 so o is an invalid number -> A is correct but B is not correct. To configure OSPF, we need a wildcard in the “network” statement, not a subnet mask. We also need to assgin an area to this process -> D is correct.

Question 9

Which parameter or parameters are used to calculate OSPF cost in Cisco routers?
A. Bandwidth, Delay and MTU
B. Bandwidth
C. Bandwidth and MTU
D. Bandwidth, MTU, Reliability, Delay and Load

Answer: B

The well-known formula to calculate OSPF cost is
Cost = 10⁸ / Bandwidth
so B is the correct answer.

Question 10

Refer to the exhibit. Why are two OSPF designated routers identified on Core-Router?

Neighbor_ID	Pri	State	Dead Time	Address	Interface
208.149.23.194	1	Full/DR	00:00:33	190.172.32.10	Ethernet1
208.149.23.60	1	Full/BDR	00:00:33	190.172.32.10	Ethernet0
208.149.23.130	1	Full/DR	00:00:39	190.172.32.10	Ethernet0

A. Core-Router is connected more than one multi-access network
B. The router at 208.149.23.130 is a secondary DR in case the primary fails.
C. Two router IDs have the same OSPF priority and are therefore tied for DR election
D. The DR election is still underway and there are two contenders for the role.

Answer: A

Explanation

OSPF elects one DR per multi-access network. In the exhibit there are two DR so there must have more than one multi-access network.

Question 11

What is the default maximum number of equal-cost paths that can be placed into the routing of a Cisco OSPF router?
A. 16
B. 2
C. unlimited
D. 4

Answer: D

Explanation

The default number of equal-cost paths that can be placed into the routing of a Cisco OSPF router is 4. We can change this default value by using “maximum-paths” command:
Router(config-router)#maximum-paths 2
Note: Cisco routers support up to 6 equal-cost paths

Question 12

What is the OSPF default frequency, in seconds, at which a Cisco router sends hello packets on a multiaccess network?
A. 10
B. 40
C. 30
D. 20

Answer: A

Explanation

On broadcast multiacess and point-to-point links, the default is 10 seconds. On NBMA, the default is 30 seconds.

Question 13

What is the default administrative distance of OSPF?
A. 120
B. 100
C. 90
D. 110

Answer: D

Question 14

What information does a router running a link-state protocol use to build and maintain its topological database? (Choose two)
A. hello packets
B. SAP messages sent by other routers
C. LSAs from other routers
D. beacons received on point-to-point links
E. routing tables received from other link-state routers
F. TTL packets from designated routers

Answer: A C

CCNA – OSPF Questions

Question 1

Which of the following statements below best describe the process identifier that is used to run OSPF on a router? (Choose two)
A – It is an optional parameter required only if multiple OSPF processes are running on the router
B – It is locally significant
C – It is needed to identify a unique instance of an OSPF database
D – All routers in the same OSPF area must have the same process ID if they are to exchange routing information

Answer: B C

Question 2:

Why R1 can’t establish an OSPF neighbor relationship with R3 according to the following graphic? (Choose two)

A – Configure EIGRP on these routers with a lower administrative distance
B – All routers should be configured for backbone Area 1
C – R1 and R3 have been configured in different areas
D – The hello and dead interval timers are not configured the same values on R1 and R3

Answer: C D

Explanation:

A is not correct because configure EIGRP on these routers (with a lower administrative distance) will force these routers to run EIGRP, not OSPF.
B is not correct because the backbone area of OSPF is always Area 0.
C and D are correct because these entries must match on neighboring routers:
- Hello and dead intervals
– Area ID (Area 0 in this case)
– Authentication password
– Stub area flag

Question 3:

Which items are correct about the routing protocol OSPF? (Choose three)
A – Support VLSM
B – Increase routing overhead on the network
C – Confine network instability to one area of the network
D – Allow extensive control of routing updates

Answer: A C D

Explanation:

Routing overhead is the amount of information needed to describe the changes in a dynamic network topology. All routers in an OSPF area have identical copies of the topology database and the topology database of one area is hidden from the rest of the areas to reduce routing overhead because fewer routing updates are sent and smaller routing trees are computed and maintained (allow extensive control of routing updates and confine network instability to one area of the network).

Question 4:

Which three features are of OSPF routing protocol? (Choose three)
A – Converge quickly
B – OSPF is a classful routing protocol
C – Identify the best route by use of cost
D – Before exchanging routing information, OSPF routers find out neighbors

Answer: A C D

Question 5:

OSPF routing uses the concept of areas. What are the characteristics of OSPF areas? (Chose three)
A – Each OSPF area requires a loopback interface to be configured
B – Areas may be assigned any number from 0 to 65535
C – Area 0 is called the backbone area
D – Hierarchical OSPF networks do not require multiple areas
E – Multiple OSPF areas must connect to area 0
F – Single area OSPF networks must be configured in area 1

Answer: B C E

Explanation:

I used to think the answers should be C D E and here is my explanation:
OSPF can use an active interface for its router ID, so a loopback interface is not a must -> A is incorrect.
OSPF Area is a 32-bit number so we can use up to 2³² – 1 = 4294967296 – 1 (since Area 0 is the first area). Remember that only process ID is a 16-bit number and ranges from 1 to 65535 -> B is incorrect.
F is incorrect too because single area OSPF netwoks must be configured in Area 0, which is called the backbone area.
For answer D, it is a bit hard to guess what they want to say about “hierarchical” but we should understand “Hierarchical OSPF networks” as “OSPF networks”. D is correct bercause we can only have one area (area 0 – the backbone area) for our networks.
But TT commented on 01-11-2010:
Especially to note on choice B, D, and E:
Choice B: we all know that The areas can be any number from 0 to 4.2 billion and 1 to 65,535 for the Process ID. As choice B specifies ‘area’ (be aware, it’s not saying ‘process id), there is no reason to say that we cannot assign numbers from 0 to 65535 for area # (it is using ‘may be’, not ‘have to be’ or ‘ought to be’). Hence, we do not worry about assigning ’0′.
Choice E: as Area 0 is the backbone, we all understand that any areas in a OSPF network have to be connected to it. And actually this is implicitly saying that multiple areas form a hierarchical OSPF network, as Area 0 being a root and others being its leaves.
Choice D: when it specifies ‘Hierarchical’, at least 2 areas should be required to form such topology (of course that includes Area 0)
Although Choice B is not an absolutely accurate statement since it not only can be assigned up to 65535, it is still a correct answer. And again, it specifies ‘area’, not ‘process id’, so ’0′ can be included. Finally, it would be meaningless to call OSPF a hierarchical network if no more than one area is present.
—————————————————————————————————-
I reviewed the question and think it is a more suitable solution with choice B than choice D, surely it is a tricky question!

Question 6:

Part of the OSPF network is shown below:

Configuration exhibit:
R1 routing commands:
ip route 0.0.0.0 0.0.0.0 serial0/0
router ospf 1
network 172.16.100.0 0.0.0.3 area 0
network 172.16.100.64 0.0.0.63 area 0
network 172.16.100.128 0.0.0.31 area 0
default-information originate
You work as a network technician, study the exhibits carefully. Assume that all router interfaces are operational and correctly configured. In addition, assume that OSPF has been correctly configured on router R2. How will the default route configured on R1 affect the operation of R2?
A – Any packet destined for a network that is not directly connected to router R2 will be dropped immediately
B – Any packet destined for a network that is not directly connected to router R1 will be dropped
C – Any packet destined for a network that is not directly connected to router R2 will be dropped immediately because of the lack of a gateway on R1
D – The network directly connected to a router R2 will not be able to communicate with the 172.16.100.0, 172.16.100.28 and 172.16.100.64 subnetworks.
E – Any packet destined for a network that is not referenced in the routing table of router R2 will be directed to R1. R1 will then send that packet back to R2 and a routing loop will occur

Answer: E

Explanation:

First, notice that the more-specific routes will always be favored over less-specific routes regardless of the administrative distance set for a protocol. In this case, because we use OSPF for three networks (172.16.100.0 0.0.0.3, 172.16.100.64 0.0.0.63, 172.16.100.128 0.0.0.31) so the packets destined for these networks will not be affected by the default route.
The default route configured on R1 “ip route 0.0.0.0 0.0.0.0 serial0/0″ will send any packet whose destination network is not referenced in the routing table of router R1 to R2, it doesn’t drop anything so answers A, B and C are not correct. D is not correct too because these routes are declared in R1 and the question says that “OSPF has been correctly configured on router R2″, so network directly connected to router R2 can communicate with those three subnetworks.
As said above, the default route configured on R1 will send any packet destined for a network that is not referenced in its routing table to R2; R2 in turn sends it to R1 because it is the only way and a routing loop will occur.

CCNA – RIP Questions

Question 1

Which statement about RIPng is true?
A. RIPng allows for routes with up to 30 hops.
B. RIPng is enabled on each interface separately.
C. RIPng uses broadcasts to exchange routes.
D. There can be only one RIPng process per router.

Answer: B

Explanation

RIPng is similar to RIPv2 but is used for IPv6. But unlike RIPv1 and RIPv2, RIPng is enabled on each interface separately. For example:
Router(config)#ipv6 unicast-routing (Enables the forwarding of IPv6 unicast datagrams globally on the router)
Router(config)#interface fa0/0
Router(config-if)#ipv6 rip 9tut enable (9tut is the process name of this RIPng)

Question 2

What are two characteristics of RIPv2? (Choose two)
A. classful routing protocol
B. variable-length subnet masks
C. broadcast addressing
D. manual route summarization
E. uses SPF algorithm to compute path

Answer: B D

Question 3

Refer to the exhibit. Which (config-router) command will allow the network represented on the interface to be advertised by RIP?

router rip
version 2
no auto summary
!
interface ethernet0
ip address 10.12.6.1 255.255.0.0

A. redistribute ethernet0
B. network ethernet0
C. redistribute 10.12.0.0
D. network 10.12.0.0

Answer: D

Question 4

Refer to the exhibit. What information can be gathered from the output?

RouterA#debug ip rip
RIP protocol debugging is on00:34:32: RIP: sending v2 flash update to 224.0.0.9 via FastEthernet8/0 (172.16.1.1)
00:34:32: RIP: build flash update entries
00:34:32: 10.10.1.0/24 via 0.0.0.6, metric 1, tag 0
00:34:32: RIP: sending v2 flash update to 224.0.0.9 via Loopback (10.10.1.1)
00:34:32: RIP: build flash update entries
00:34:32: 10.0.0.0/8 via 0.6.0.0, metric 2, tag 0
00:34:32: 172.16.1.0/24 via 0.0.0.0, metric 1, tag 0
00:34:32: RIP: ignored v2 packet from 16.10.1.1 (sourced from one of our addresses)
06:34:33: RIP: received v2 update from 172.16.1.2 on FastEthernet0/6
66:34:33: 16.6.0.0/8 via 6.0.6.6 in 1 hops
66:34:44: RIP: sending v2 update to 224.6.6.9 via FastEthernet0/0 (172.16.1.1)
66:34:44: RIP: build update entries
66:34:44: 10.10.1.0/24 via 0.0.0.0, metric 1, tag 0

A. One router is running RIPv1.
B. RIP neighbor is 224.0.0.9.
C. The network contains a loop.
D. Network 10.10.1.0 is reachable.

Answer: D

Question 5

Which series of commands will configure router R1 for LAN-to-LAN communication with router R2? The enterprise network address is 192.1.1.0/24 and the routing protocol in use is RIP. (Choose three)

A.
R1 (config)# interface ethernet 0
R1 (config-if)# ip address 192.1.1.129 255.255.255.192
R1 (config-if)# no shutdown
B.
R1 (config)# interface ethernet 0
R1(config-if)#ip address 192.1.1.97 255.255.255.192
R1 (config-if)# no shutdown
C.
R1 (config)# interface serial 0
R1 (config-if)# ip address 192.1.1.4 255.255.255.252
R1 (config-if)# clock rate 56000
D.
R1 (config)# interface serial 0
R1(config-if)#ip address 192.1.1.6 255.255.255.252
R1 (config-it)# no shutdown
E.
R1 (config)# router rip
R1 (config-router)# network 192.1.1.4
R1 (config-router)# network 192.1.1.128
F.
R1 (config)# router rip
R1 (config-router)# version 2
R1 (config-router)# network 192.1.1.0

Answer: A D F

Explanation

First we notice that the ip address of the E0 interface of R2 is 192.1.1.65/26, which has:
+ Increment: 64 (/26 = 1111 1111.1111 1111.1111 1111.1100 0000)
+ Network address: 192.1.1.64
+ Broadcast address: 192.1.1.127
Therefore, the ip address of the E0 interface of R1 cannot belong to this range or the network cannot operate correctly.
In answer A, the ip address of E0 interface of R1 is 192.1.1.129, which does not belong in this range -> A is correct.
In answer B, E0 interface of R1 has the ip address of 192.1.1.97, which belongs in this range -> B is not correct.
The s0 interface of R1 must belong to the same network of s0 interface of R2, which has:
+ Increment: 4 (/30 = 1111 1111.1111 1111.1111 1111.1111 1100)
+ Network address: 192.1.1.4
+ Broadcast address: 192.1.1.7
The ip 192.1.1.5 has been used by s0 of R2 so the only suitable ip address of s0 of R1 is 192.1.1.6 -> C is wrong but D is correct.
Now the last thing we must do is enabling RIP. Because e0 interface of R1 and e0 interface of R2 have the same major network (192.1.1.0/24) so we must use RIP version 2 to support discontiguous network -> F is correct.
For answer E, if we configure 2 networks
R1 (config-router)# network 192.1.1.4
R1 (config-router)# network 192.1.1.128
then these networks will be automatically summarized as 192.1.1.0 network.

Question 6

Refer to the exhibit. Two routers have just been configured by a new technician. All interfaces are up. However, the routers are not sharing their routing tables. What is the problem?

A. Split horizon is preventing Router2 from receiving routing information from Router1.
B. Router1 is configured for RIP version 2, and Router2 is configured for RIP version 1.
C. Router1 has an ACL that is blocking RIP version 2.
D. There is a physical connectivity problem between Router1 and Router2.
E. Router1 is using authentication and Router2 is not.

Answer: B

Explanation

As we can see from the output, Router2 is sending v1 update and ignoring v2 update from neighbor so we can conclude Router2 is running RIPv1. Its neighbor, Router1 (ip address of 192.168.2.1), is running RIPv2.
Notice that router running RIPv2 can “understand” RIPv1 update but router running RIPv1 cannot understand RIPv2 update

Question 7

What is the default routing update period for RIPv2?
A. 15 seconds
B. 30 Seconds
C. 180 Seconds
D. 240 Seconds

Answer: B

Question 8

Refer to the exhibit. The network manager is evaluating the efficiency of the current network design. RIPv2 is enabled on all Layer 3 devices in the network. What network devices participate in passing traffic from the PC at 10.10.1.7 to File Server at 10.20.1.6 in the order that they will forward traffic from source to destination?

A. Switch, Switch2
B. Switch, Switch2, Router2, Switch2
C. Switch1, Router1, Switch1, Switch2
D. Switch1, Router1, Router2, Switch2

Answer: D

Explanation

The PC and File Server are in different VLANs so surely traffic from PC to File Server must go through Router1 but which path will the packet go next, through Router 2 or Switch1? Well, it is a hard question to answer.
As many comments said “the connection between R1 and Switch is Blue, so that means its under Vlan 10, and R2 to Switch 2 is red. The two routers do not have subinterfaces and are not running router on a stick basing on the color of the links” so D should be the correct answer.
Just for your information, I keep this explanation (which supports answer C) but in the exam you should choose D as your answer!
I haven’t had tested it yet but I guess that because there is a VLAN 20 on Switch 1 so Router1 will try to send that packet back to Switch1. If the link between Switch1 and Switch2 is a trunk link then the returned packet will also be sent to this link. Switch 2 receives that packet and it sends to the File Server at VLAN20. So the path will be Switch1 -> Router1 -> Switch1 -> Switch2.
There are some debates about this question but if the routers are properly configured then the packets can go from Switch1 -> Router1 -> Router2 -> Switch2 (D answer) so D can be a correct answer.

Question 9

Refer to the exhibit. Router A has interfaces with addresses 192.168.1.1 and 172.16.1.1. Router B, which is connected to router A over a serial link, has interfaces with address 172.16.1.2 and 10.1.1.2.

Which sequence of commands will configure RIPv2 on router B?
A.
B( config)# router rip
B(config-router)#version 2
B(config-router)# network 172.16.0.0
B(config-router)# network 10.0.0.0
B(config-router)# end
B.
B(config)# router rip 2
B(config-router)# network 172.16.0.0
B(config-router)# network 10.0.0.0
B(config-router)# end
C.
B(config)# router rip
B(config-router)#version 2
B(config-router)# network 172.16.0.0
B(config-router)#network 192.168.1.0
B(config-router)#end
D.
B(config)# router rip version 2
B(config-router)# network 172.16.0.0
B(config-router)# network 10.0.0.0
B(config-router)#end

Answer: A

Question 10

Refer to the exhibit. S0/0 on R1 is configured as a multipoint interface to communicate with R2 and R3 in this hub-and-spoke Frame Relay topology.
While testing this configuration, a technician notes that pings are successful from hosts on the 172.16.1.0/24 network to hosts on both the 172.16.2.0/25 and 172.16.2.128/25 networks. However, pings between hosts on the 172.16.2.0/25 and 172.16.2.128/25 networks are not successful. What could explain this connectivity problem?

A. The ip subnet-zero command has been issued on the R1 router.
B. The RIP v2 dynamic routing protocol cannot be used across a Frame Relay network.
C. Split horizon is preventing R2 from learning about the R3 networks and R3 from learning about the R2 networks.
D. The 172.16.2.0/25 and 172.16.2.128/25 networks are overlapping networks that can be seen by R1, but not between R2 and R3.
E. The 172.16.3.0/29 network used on the Frame Relay links is creating a discontiguous network between the R2 and R3 router subnetworks.

Answer: C

Explanation

The “ip subnet-zero” allows the use of the first subnet but it doesn’t cause this problem and we don’t have that first subnet (like 172.16.0.0/24) so we can’t confirm if the “ip subnet-zero” was used or not -> A is not correct.
Frame-Relay can use RIPv2 with no problem if we configure it correctly -> B is not correct.
In the exhibit above we notice that the s0/0 interface of R1 has not been divided into sub-interfaces so the split horizon will prevent updates from R2 to R3 and vice versa. The split horizon rule states “A router never sends information about a route back in same direction which is original information came”. In this case R2 send an update to S0/0 of R1 so R1 cannot send that update back on S0/0 -> R3 will not learn about networks of R2 (and vice versa) -> C is correct.
172.16.2.0/25 and 172.16.2.128/25 networks are not overlapping networks. They are two different sub-networks -> D is not correct.
RIPv2 is a classless routing protocol so it supports VLSM and discontiguous networks -> E is not correct.

Question 11

Refer to the exhibit. After a RIP route is marked invalid on Router_1, how much time will elapse before that route is removed from the routing table?

Router_1# show ip protocols
Routing Protocol is “rip”
Sending updates every 30 seconds, next due in 8 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list foe all interfaces is not set
Incoming update filter list for all interfaces is not set
Router 1#

A. 30 seconds
B. 60 seconds
C. 90 seconds
D. 180 seconds
E. 240 seconds

Answer: B

Question 12

Refer to the graphic. Host 1 cannot receive packets from Host 2. Assuming that RIP v1 is the routing protocol in use, what is wrong with the IP configuration information shown? (Choose two)

A. The fa0/1 interface of router R2 has been assigned a broadcast address.
B. The fa0/1 network on router R2 overlaps with the LAN attached to R1.
C. Host 2 has been assigned the incorrect subnet mask.
D. Host 1 has been configured with the 255.255.248.0 subnet mask.
E. Host 2 on router R2 is on a different subnet than its gateway.

Answer: B C

Explanation

The fa0/1 interface of R2 is assigned an IP address of 10.1.40.255/20. It seems to be a broadcast address but it is not. If we calculate the range of this network we will understand why:
Network 10.1.40.255/20
Increment: 16 (/20 = 1111 1111.1111 1111.1111 0000.0000 0000)
Network address: 10.1.32.0
Broadcast address: 10.1.47.255
-> 10.1.40.255/20 is an usable host address -> A is not correct.
The IP address of host 1 (10.1.32.48) belongs to the range of interface fa0/1 on R2 as shown above -> B is correct.
In the topology above, all subnet masks are /20 (255.255.240.0) excepting the subnet mask of Host 2 (255.255.252.0) so C can be incorrect.
The subnet mask of Host 1 is 255.255.240.0, not 255.255.248.0 -> D is not correct.
Host 2 is not on a different subnet than its gateway even if the subnet mask 255.255.252.0 is used. Let’s analyze the range of Host 2 network:
Network 10.1.40.96/22
Increment: 4
Network address: 10.1.40.0
Broadcast address: 10.1.43.255
Its gateway (10.1.40.255) is still belongs to this range -> E is not correct.
Note: In this question, C is the best suitable answer after eliminating A, D, E answers. But in fact Host 2 can ping its gateway because they are on the same subnet.

Question 13

What two things will a router do when running a distance vector routing protocol? (Choose two)
A. Send periodic updates regardless of topology changes.
B. Send entire routing table to all routers in the routing domain.
C. Use the shortest-path algorithm to the determine best path.
D. Update the routing table based on updates from their neighbors.
E. Maintain the topology of the entire network in its database.

Answer: A D

Question 14

Use the output from the router shown in the graphic above to determine which of the following are correct. (Choose two)
A. Router John uses a link-state routing protocol.
B. Router John will receive routing updates on the Serial0/0 interface.
C. Router John will receive routing updates on the Serial0/1 interface.
D. Router John will send routing updates out the Serial0/0 interface.
E. Router John will send routing updates out the FastEthernet0/0 interface.
F. Router John will send routing updates out the Serial0/1 interface.

Answer: B D

Question 15

What can be determined from the line of show ip route output shown in the exhibit? (Choose two)
R 10.10.10.8 [120/2] via 10.10.10.6,00:00:25, Serial0/1
A. The next routing update can be expected in 35 seconds.
B. The IP address 10.10.10.6 is configured on S0/1.
C. The IP address 10.10.10.8 is configured on S0/1.
D. This route is using the default administrative distance.
E. The 10.10.10.8 network is two hops away from this router.

Answer: D E

Explanation

From the output, we can see 2 parameters [120/2]. The first is the administrative distance of the routing protocol being used. In this case it is RIP (symbolized by the letter “R”). Because 120 is also the default administrative distance value of RIP -> D is correct.
In RIP, the metric is hop count so “2″ means the network 10.10.10.8 is two hops (routers) away from this router.