200-301 : Cisco Certified Network Associate (CCNA) : Part 01
-
You are the network administrator for your company and have configured Cisco Discovery Protocol (CDP) in your network. You recently noticed that when devices send large numbers of CDP neighbor announcements, some devices are crashing. You decide to disable CDP on the router.
Which command should you use to achieve the objective?
- no cdp run
- set cdp disable
- no cdp enable
- no cdp advertise-v2
Explanation:
You should use the no cdp run command to disable CDP on the router. Due to a known vulnerability regarding the handling of CDP by Cisco routers and switches when devices send large numbers of CDP neighbor announcements, some devices can crash or cause abnormal system behavior. To overcome this problem, you can disable CDP for the entire router by using the no cdp run command. You cannot use the set cdp disable command to disable CDP on the router. This command disables CDP on an entire Catalyst switch.
You cannot use the no cdp enable command to disable CDP on the router. This command disables CDP on a specific interface.
You cannot use the no cdp advertise-v2 command to disable CDP on the router. This command disables CDPv2 advertisements.Objective:
LAN Switching Fundamentals
Sub-Objective:
Configure and verify Layer 2 protocols -
Which is NOT a valid range for private IP addresses?
- 10.0.0.0 – 10.255.255.255
- 172.16.0.0 – 172.31.255.255
- 192.168.0.0 – 192.168.255.255
- 192.255.255.255-193.0.0.0
Explanation:
The range 192.255.255.255 – 193.0.0.0 is a valid public IP address range, not a private IP address range. The Internet Assigned Numbers Authority (IANA) has reserved the following three ranges for private Internet use:
10.0.0.0 – 10.255.255.255 (10.0.0.0/8)
172.16.0.0 – 172.31.255.255 (172.16.0.0/12)
192.168.0.0 – 192.168.255.255 (192.168.0.0/16)The Internet Assigned Numbers Authority (IANA) manages and distributes global public IP addresses. IANA also performs DNS root zone management. IANA operates with the help of International Engineering Task Force (IETF) and RFC Editor to manage IP address allocation and DNS root zone management. There are Regional Internet Registries (RIRs) through which IANA allocates local registrations of IP addresses to different regions of the world. Each RIR handles a specific region of the world.Objective:
Network Fundamentals
Sub-Objective:
Describe the need for private IPv4 addressing -
Which of the following protocols allow the root switch location to be optimized per VLAN? (Choose all that apply.)
- PVST+
- RSTP
- PVRST
- STP
Explanation:
Both Per VLAN Spanning Tree Plus (PVST+) and Per VLAN Rapid Spanning Tree (PVRST) protocols allow for a spanning tree instance for each VLAN, allowing for the location optimization of the root bridge for each VLAN. These are Cisco proprietary enhancements to the 802.1d and 802.1w standards, respectively. Rapid Spanning Tree Protocol (RSTP) is another name for the 802.1w standard. It supports only one instance of spanning tree. Spanning Tree Protocol (STP) is another name for the 802.1d standard. It supports only one instance of spanning tree.Objective:
LAN Switching Fundamentals
Sub-Objective:
Configure, verify, and troubleshoot STP protocols -
Your assistant just finished configuring a small test network as part of his training. The network is configured as shown in the diagram below:
When testing the configuration, you find that Host A in the diagram cannot ping Host B.
Which of the following pairs of connections are required to be in the same subnet for Host A to be able to ping Host B? (Choose all that apply.)
- The IP address of Host A and the IP address of the Fa0/0 interface of Router A
- The IP address of the Fa0/0 interface of Router A and the IP address of the Fa0/0 interface of Router B
- The IP address of Host A and the IP address of the Fa0/0 interface of Router B
- The IP address of Host A and the IP address of Switch A
- The IP address of the S 0/0 interface of Router A and the IP address of the S 0/0 interface of Router B
- The IP address of Host A and the IP address of Host B
- The IP address of Host B and the IP address of the Fa0/0 interface of Router B
Explanation:
The following pairs of connections are required to be in the same subnet:
the IP address of Host A and the IP address of the Fa0/0 interface of Router A
the IP address of the S 0/0 interface of Router A and the IP address of the S 0/0 interface of Router B
the IP address of Host B and the IP address of the Fa0/0 interface of Router BWhen troubleshooting a correctly labeled network diagram for IP addressing problems, one must start on one end and trace each link in one direction, ensuring at each step that the interfaces are in the same subnet. A switch simply passes the packet to the router; therefore, the IP address of the switch is not important. It performs its job even if it has no IP address. Moving from Host A to Host B, however, the following links must be in the same subnet:
The IP address of Host A and the IP address of the Fa0/0 interface of Router A
The IP address of the S0/0 interface of Router A and the IP address of the S0/0 interface of Router B
The IP address of Host B and the IP address of the Fa0/0 interface of Router BNeither of the switch addresses is important to the process.If all other routing issues are correct, it is also not required for Host A and Host B to be in the same subnet.
Objective:
Network Fundamentals
Sub-Objective:
Configure, verify, and troubleshoot IPv4 addressing and subnetting -
DRAG DROP
Click and drag the components on the left to their corresponding layers of the Open Systems Interconnection (OSI) model on the right.
Explanation:
File Transfer Protocol (FTP) and Telnet are services, which are implemented at the Application layer in the Open Systems Interconnection (OSI) model. The Application layer is responsible for interacting directly with the application. It provides application services, such as e-mail.Motion Picture Experts Group (MPEG) and Tagged Image File Format (TIFF) are graphic image formats, which are implemented at the Presentation layer. The Presentation layer enables coding and conversion functions for application layer data. Data is formatted and encrypted at this layer. The Presentation layer converts data into a format which is acceptable to the Application layer. The following are also OSI layers and their descriptions:
Session: Used to create, manage, and terminate sessions between communicating nodes. The Session layer handles the service requests and service responses which take place between different applications.
Transport: Responsible for error-free and sequential delivery of data. This layer is used to manage data transmission between devices, a process known as flow control. The Transport layer protocols are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
Network: Used to define the network address or the Internet Protocol (IP) address, which is then used by the routers to make routing decisions.
Data Link: Ensures the reliable transmission of data across a network on the basis of Layer 2 addresses such as MAC addresses (Ethernet) or DLCIs (Frame relay).
Physical: Consists of hardware for sending and receiving data on a carrier. The protocols which work at the Physical layer include Fast Ethernet, RS232 and Asynchronous Transfer Mode (ATM).Objective:
Network Fundamentals
Sub-Objective:
Compare and contrast OSI and TCP/IP models -
Which two fields are present in the output of the show ip interface brief command? (Choose two.)
- YES?
- Helper address
- OK?
- Method
- Proxy ARP
Explanation:
Sample output of the show ip interface brief command is as follows:Router# show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0 10.108.00.5 YES NVRAM up up Ethernet1 unassigned YES unset administratively down down Loopback0 10.108.200.5 YES NVRAM up up Serial0 10.108.100.5 YES NVRAM up up Serial1 10.108.40.5 YES NVRAM up up Serial2 10.108.100.5 YES manual up up Serial3 unassigned YES unset administratively down down
The following fields are present in the output of the show ip interface brief command:
OK?: If the value of this field is “yes”, it represents that the IP address is valid. If the value of this field is “No”, it represents an invalid IP address.
Method: This field can have one of the following values:
– RARP or SLARP: Reverse Address Resolution Protocol (RARP) or Serial Line Address Resolution Protocol (SLARP) request
– BOOTP: Bootstrap protocol
– TFTP: Configuration file obtained from TFTP server
– Manual: Manually changed by CLI command
– NVRAM: Configuration file in NVRAM
– IPCP: ip address negotiated command
– DHCP: ip address dhcp command
– unassigned: No IP address
– unset: Unset
– other: Unknown
– Interface: Refers to the type of interface.
– IP-Address: Refers to the IP address assigned to the interface.Status: Displays the interface status. Possible values in this field are as follows:
– up: Interface is administratively up.
– down: Interface is down.
– administratively down: Interface is administratively down.Protocol: An indicator of the operational status of the routing protocol for this interface.
YES? is not a valid field in the output of the show ip interface brief command.
Helper address and Proxy ARP fields are present in the output of the show ip interface command, not the show ip interface brief command.
Objective:
Network Fundamentals
Sub-Objective:
Configure, verify, and troubleshoot IPv4 addressing and subnetting -
Which two modes are Cisco Internetwork Operating System (IOS) operating modes? (Choose two.)
- User Privileged mode
- User EXEC mode
- Local configuration mode
- Global configuration mode
- NVRAM monitor mode
Explanation:
User EXEC mode and global configuration mode are the Cisco IOS operating modes. The following list shows the Cisco IOS operating modes along with their description:
– User EXEC mode: The commands in this mode are used to enable connections to remote devices and change the terminal settings for a short duration. User EXEC commands also enable you to perform basic tests and view system information.
– Global configuration mode: The commands in this mode enable you to make changes to the entire system.
– Privileged EXEC mode: The commands in this mode are used to configure operating parameters. This mode also provides access to the remaining command modes.
– Interface configuration mode: The commands in this mode allow you to change the operation for interfaces such as serial or Ethernet ports.
– ROM monitor: The commands in this mode are used to perform low-level diagnostics.All the other options are incorrect because they are not valid Cisco IOS operating modes.To enter privileged EXEC mode, you must enter the command enable on the router. You will then be prompted for the enable password, if one has been created.To enter global configuration mode, you must first enter privileged EXEC mode (see above) and then enter the command configure terminal (which can be abbreviated to config t), and the router will enter a mode that allows you to make global configuration changes.Objective:
Network Fundamentals
Sub-Objective:
Select the appropriate cabling type based on implementation requirements -
Which of the following accurately describes the purpose of a trunk?
- A trunk is used to carry traffic for a single VLAN and is typically used between switches.
- A trunk is used to carry traffic for a single VLAN and is typically used between a switch and an end-user device.
- A trunk is used to carry multiple VLANs and is typically used between switches.
- A trunk is used to carry multiple VLANs and is typically used between a switch and a server.
Explanation:
Trunk links are used between switches to allow communications between hosts that are in the same VLAN, but connected to different switches. Trunk links do not allow hosts in different VLANs to communicate, unless there is an additional trunk link connecting to a Layer 3 device, such as a router or a multilayer switch. Trunk links do allow a host in VLAN 10 on SwitchA to communicate with a host in VLAN 10 on SwitchB. Similarly, a host in VLAN 20 on SwitchA could also communicate with a host in VLAN 20 on SwitchB. A trunk link supports all VLANs by default, and frames that are not traveling on the native VLAN are “tagged” with the VLAN ID of the originating port before being sent over the trunk. The receiving switch reads the VLAN ID and forwards the frame to the appropriate host in the same VLAN. The other options are incorrect because trunk links do not carry data for a single VLAN, nor are trunks used between switches and hosts (such as workstations and servers).When a trunk link is extended to a router for the purpose of enabling routing between VLANs, the physical connection that the link connects to is usually subdivided logically into subinterfaces. Then each subinterface is given an IP address from the same subnet as the computers that reside on that VLAN. Finally, each computer in the VLAN will use the corresponding IP address on the matching subinterface of the router as its default gateway. In the example below, the switch has five VLANs created and some hosts connected to it. If hosts from different VLANs need to communicate, the link between the router and the switch must be a trunk link.
Furthermore, the physical link on the router must be subdivided into subinterfaces and addressed according to the legend shown for each subinterface in the diagram. For example, the configuration for VLAN 10 shown in the diagram would be as follows:
Router(config)# interface f0/0.10 Router(config-if)#encapsulation dot1q 10 Router(config-if)#ip address 192.168.10.254 255.255.255.0
Finally, each computer in VLAN 10 should have its default gateway set to 192.168.10.254.
Objective:
LAN Switching Fundamentals
Sub-Objective:
Describe and verify switching concepts -
Which Ethernet LAN contention or access method listens for a signal on the channel before transmitting data, and stops transmitting if a collision is detected?
- CSMA/CA
- CSMA/CD
- CSMA/CB
- CSMA/CS
Explanation:
The Carrier Sense Multiple Access – Collision Detection (CSMA/CD) contention method verifies that a channel is clear before transmitting, and stops transmitting data when it detects a collision on the channel in use. Carrier Sense Multiple Access (CSMA) is the channel access mechanism used by Ethernet LANs. CSMA defines when and how to access the channel to transmit data. There are two variants of CSMA: CSMA with Collision Avoidance (CSMA/CA) and CSMA/CD. With CSMA/CD, the transmitting station waits to detect channel traffic before sending the first packet over the channel. If the channel happens to be idle, the station transmits its packets. Despite the process of checking the channel before transmitting, it is still possible for two stations to transmit at once, resulting in collisions. If a collision occurs, the transmitting stations perform a retransmission. This retransmission uses a back-off algorithm by which a station waits for a random amount of time before retransmitting. As soon there is a collision on the network, the transmitting station stops transmitting and waits for a random interval of time before attempting the transmission again. You should not select CSMA/CA. With Carrier Sense Multiple Access – Collision Avoidance (CSMA/CA), the transmitting station listens for a signal on the channel, then only transmits when the channel is idle. If the channel is busy, it waits a random amount of time before re-attempting transmission. CSMA/CA protocol is used in 802.11-based wireless LANs, while CSMA/CD is used in Ethernet LANs. Collisions are more often avoided with CSMA/CA than with CSMA/CD because sending stations signal non-sending stations to “wait” a specific amount of time and then check for clearance again before sending. The cost of these mechanisms is reduced throughput.CSMA/CB and CSMA/CS are invalid Ethernet contention methods, and are therefore incorrect options.
Objective:
LAN Switching Fundamentals
Sub-Objective:
Describe and verify switching concepts -
What will be the effects of executing the following set of commands? (Choose all that apply.)
router(config)# router eigrp 44 router (config-router)# network 10.0.0.0 router (config-router)# network 192.168.5.0
- EIGRP will be enabled in AS 44
- EIGRP instance number 44 will be enabled
- EIGRP will be activated on the router interface 10.0.0.2/8
- EIGRP will be activated on the router interface 192.168.5.9/24
- EIGRP will be activated on the router interface 10.0.5.8/16
- EIGRP will be activated on the router interface 192.168.6.1/24
Explanation:
The effects of executing this set of commands will be that Enhanced Interior Gateway Routing Protocol (EIGRP) will be enabled in Autonomous System (AS) 44 and will be active on the router interfaces 10.0.0.2/8,192.168.5.9/24, and 10.0.5.8/16.The router eigrp 10 command is used to enable EIGRP on a router. The network 10.0.0.0 and network 192.168.5.0 commands are used to activate EIGRP over any interfaces that fall within the major networks 10.0.0.0 and 192.168.5.0, or within any subnets of these classful networks. The network commands in EIGRP configuration ignore any subnet-specific information by default. Since the IP address 10.0.5.8.9/24 is in a subnet of the Class A IP network 10.0.0.0, and only the first octet (byte) of a Class A IP address represents the major (classful) network, the remaining bytes are ignored by the network command.EIGRP instance number 44 will not be enabled. The number 44 in the command does not represent an instance of EIGRP; it represents an autonomous system (AS) number. The autonomous-system parameter of the router eigrp command (router eigrp 44) specifies the autonomous system number. To ensure that all the routers in a network can communicate with each other, you should specify the same autonomous system number on all routers.EIGRP will not be activated on the router interface 192.168.6.1/24. This interface does not exist within the Class C network 192.198.5.0 or Class A network 10.0.0.0, or within any of their subnets.Objective:
Routing Fundamentals
Sub-Objective:
Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub) -
Users on the LAN are unable to access the Internet. How would you correct the immediate problem?
Router# show ip interface brief
Interface IP-Address OK? Method Status Protocol FastEthernet 0/0 unassigned YES unset down down FastEthernet 0/1 172.16.1.254 YES NVRAM up up Serial0/0 200.16.4.25 YES NVRAM administratively down down Serial0/1 unassigned YES unset down down
- Configure a bandwidth on the serial interface.
- Perform a no shutdown command on the serial interface.
- Configure a private IP address on the Fastethernet0/0 LAN interface.
- Change the IP address on the serial interface.
Explanation:
The output indicates that the serial interface leading to the Internet is administratively down. All router interfaces are disabled by default due to the presence of a shutdown command in the running configuration. The no shutdown command removes this configuration, and the interface becomes active. The command sequence is:Router(config)# interface serial0/0 Router(config-if)# no shutdown
Although it was not the problem in the scenario, the S0/0 interface could also cause an error if it is configured as shown in this output:
Interface IP-Address OK? Method Status ProtocolSerial0/0 200.16.4.25 YES NVRAM up down
In this example, the S0/0 interface has been enabled, and while there is Layer 1 connectivity (the Status column), Layer 2 is not functioning (the Protocol column). There are two possible reasons for this result:
– Interface S0/0 is not receiving a clock signal from the CSU/DSU (if one is present).
– The encapsulation type configured on S0/0 does not match the type configured on the other end of the link (if the other end is a router).Configuring a bandwidth on the serial interface is incorrect because the output indicates the interface is administratively down, which does not pertain to bandwidth.
Configuring a private IP address on the Fastethernet0/0 LAN interface is incorrect because the output indicates the problem is with the disabled serial interface.
The IP address on the serial interface may or may not be valid, but it is not the immediate cause of the connectivity problem. The serial interface is disabled.
Objective:
LAN Switching Fundamentals
Sub-Objective:
Troubleshoot interface and cable issues (collisions, errors, duplex, speed) -
When a packet is forwarded through a network from one host to another host, which of the following fields in the Ethernet frame will change at every hop?
- Source IP address
- Destination MAC address
- Source port number
- Destination IP address
Explanation:
When an Ethernet frame is forwarded through the network, both the source and destination MAC addresses will change at every hop. The source and destination IP addresses and source and destination port numbers MUST remain the same for proper routing to occur, for the proper delivery to the destination service, and for the proper reception of responses to the sending device. By contrast, the MAC addresses used at each hop must be those of the physical interfaces involved in the Layer 2 forwarding at each hop. As a simple illustration of this process, IP addresses and MAC addresses are assigned to two computers and three routers shown in the diagram. The network is arranged as shown below:
The IP addresses and the MAC addresses of each device are shown below:
There will be four handoffs to get this packet from WKS1 to WKS2. The following table shows the destination IP addresses and destination MAC addresses used at each handoff.
As you can see, the destination IP address in the packet does not change, but the MAC address in the frame changes at each handoff.
Objective:
LAN Switching Fundamentals
Sub-Objective:
Interpret Ethernet frame format -
Which Cisco IOS Cisco Discovery Protocol (CDP) command displays the IP address of the directly connected Cisco devices?
- show cdp
- show cdp devices
- show cdp traffic
- show cdp neighbors detail
Explanation:
The show cdp neighbors detail command displays the IP address of the directly connected Cisco devices. CDP is a Layer 2 (Data Link layer) protocol that finds information about neighboring network devices. CDP does not use Network layer protocols to transmit information because it operates at the Data Link layer. For this reason, IP addresses need not even be configured on the interfaces for CDP to function. The only requirement is that the interfaces be enabled with the no shutdown command. An example of the output of the show cdp neighbors detail command is as follows:
The show cdp devices command is incorrect because this is not a valid Cisco IOS command.
The show cdp command is incorrect because this command is used to view the global CDP information. It lists the default update and holdtime timers, as in the following sample output:
Atlanta# show cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled
The show cdp traffic command is incorrect because this command displays traffic information between network devices collected by the CDP, as in the following example:
Birmingham# show cdp traffic Total packets output: 652, Input: 214 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid: 0, Fragmented: 0 CDP version 1 advertisements output: 269, Input: 50 CDP version 2 advertisements output: 360, Input: 25
Objective:
Infrastructure Management
Sub-Objective:
Use Cisco IOS tools to troubleshoot and resolve problems -
Your assistant is interested in gathering statistics about connection-oriented operations.
Which of the following should be done to enhance the accuracy of the information gathered?
- configure an IP SLA responder on the destination device
- configure an IP SLA responder on the source device
- schedule the operation on the destination device
- add the verify-data command to the configuration of the operation
Explanation:
Any IP SLA operations accuracy can be enhanced by configure an IP SLA responder on the destination device. It is important to note that only Cisco devices support the configuration as a responder. You do not configure an IP SLA responder on the source device. You schedule the operation on the source device and the destination device is the one that is configured as a responder. You do not schedule the operation on the destination device. You schedule the operation on the source device and the destination device is the one that is configured as a responder. Adding the verify-data command to the configuration of the operation will not enhance the accuracy of the information gathered. When data verification is enabled, each operation response is checked for corruption. Use the verify-data command with caution during normal operations because it generates unnecessary overhead.Objective:
Infrastructure Management
Sub-Objective:
Troubleshoot network connectivity issues using ICMP echo-based IP SLA -
You are the network administrator for your company. You have installed a new router in your network. You want to establish a remote connection from your computer to the new router so it can be configured. You are not concerned about security during the remote connection.
Which Cisco IOS command should you use to accomplish the task?
- ssh
- telnet
- terminal
- virtual
Explanation:
The telnet command should be used to establish a remote connection from your computer to the router. The syntax of the command is as follows:telnet {{hostname | IP_address mask interface_name} | {IPv6_address interface_name} | {timeoutnumber}}The following parameters are used with the telnet command:
hostname: Specifies the name of the host.
interface_name: Specifies the name of the network interface to which you need to telnet.
IP_address: Specifies the IP address of the host.
IPv6_address: Specifies the IPv6 address associated to the host.
timeout number: Specifies the number of minutes that a telnet session can be idle.The following features are the key characteristics of Telnet:
– It is a client server protocol.
– It uses TCP port number 23.
– It is used to establish a remote connection over the internet or Local Area Network (LAN).
– Telnet does not encrypt any data sent over the connection; that is, the data travels in clear text.
– A Cisco router supports five simultaneous telnet sessions, by default. These lines are called vty 0-4.
– A successful Telnet connection requires that the destination device be configured to support Telnet connections, which means it must be configured with a Telnet password.
– The telnet command can also be used to test application layer connectivity to a device.The ssh command is incorrect because this command is used to remotely establish a secure connection between two computers over the network.
The terminal command is incorrect because this command is used to change console terminal settings.
The virtual command is incorrect because this command is used along with the http and telnet parameters to configure a virtual server.
Objective:
Infrastructure Management
Sub-Objective:
Configure and verify device management -
You are configuring a WAN connection between two offices. You cannot ping between the routers in a test. The Serial0 interface on RouterA is connected to the Serial1 interface on RouterB.
The commands you have executed are shown below. What is the problem with the configuration?
- The passwords are incorrectly configured
- The usernames are incorrectly configured
- The wrong interface has been configured
- The encapsulation is incorrect on RouterA
- The encapsulation is incorrect on RouterB
- The authentication types do not match
Explanation:
The two routers are connected using Serial0 on RouterA and Serial1 on RouterB. However, the configuration commands were executed on interface Serial0 on RouterB. So although the configuration itself is completely correct, it is configured on the wrong interface.The passwords are correct. The passwords should match on both routers. In this case, they are both set to lie. If even one character does not match, including character casing, the authentication and the connection will fail. The usernames are correct. The username should be set to the host name of the peer router. In this case, RouterA’s username is set to RouterB and RouterB’s username is set to RouterA, which is correct. The encapsulations are correct. They are both set to PPP, which is the correct type of encapsulation when using authentication.The authentication types do match. They are both set to CHAP. It is possible to configure two authentication methods, with the second used as a fallback method in cases where the other router does not support the first type. The command below would be used to enable CHAP with PAP as a fallback method:
RouterB(config-if)#ppp authentication chap pap
Objective:
WAN Technologies
Sub-Objective:
Configure and verify PPP and MLPPP on WAN interfaces using local authentication -
Which Cisco 2950 switch command or set of commands would be used to create a Virtual LAN (VLAN) named MARKETING with a VLAN number of 25?
-
switch(config)# vtp domain MARKETING 25
-
switch(config)# vlan 25 switch(config-vlan)# name MARKETING
-
switch(config-if)# vlan 25 name MARKETING
-
switch(config)# vtp 25 switch(config-vtp)# name MARKETING
Explanation:
The following commands would create a VLAN named MARKETING with a VLAN number of 25:switch(config)# vlan 25 switch(config-vlan)# name MARKETING
The steps to add anew VLAN are as follows:
1. Create the new VLAN
2. Name the VLAN
3. Add the desired ports to the VLANVLANs on current Cisco switches are configured in global configuration mode. The VLAN is first created with the vlan # command, and then optionally named with the name vlan-name command. Interfaces are added to VLANs using either the interface or interface range commands.
The switch(config)# vtp domain MARKETING 25 command will not create a VLAN. This command creates a VLAN Trunking Protocol (VTP) domain. VTP is a means of synchronizing VLANs between switches, not a method of manually creating VLANs.
The vlan 25 name command is deprecated, and is not supported on newer Cisco switches. Even on switches that support the command, this answer is incorrect because the vlan 25 name command was issued in VLAN database mode, rather than interface mode.
Objective:
LAN Switching Fundamentals
Sub-Objective:
Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches -
-
What command would be used to verify trusted DHCP ports?
- show mls qos
- show ip dhcp snooping
- show ip trust
- show ip arp trust
Explanation:
The command show ip dhcp snooping is used to verify trusted DHCP ports. This command is used to verify which ports are intended to have DHCP servers connected to them. DHCP snooping creates an IP address to MAC address database that is used by Dynamic ARP Inspection (DAI) to validate ARP packets. It compares the MAC address and IP address in ARP packets, and only permits the traffic if the addresses match. This eliminates attackers that are spoofing MAC addresses. DHCP snooping is used to define ports as trusted for DHCP server connections. The purpose of DHCP snooping is to mitigate DHCP spoofing attacks. DHCP snooping can be used to determine what ports are able to send DHCP server packets, such as DHCPOFFER, DHCPACK, and DHCPNAK. DHCP snooping can also cache the MAC address to IP address mapping for clients receiving DHCP addresses from a valid DHCP server. MLS QOS has no bearing on DHCP services, so show mls qos is not correct.The other commands are incorrect because they have invalid syntax.
Objective:
Infrastructure Security
Sub-Objective:
Describe common access layer threat mitigation techniques -
R1 and R2 are connected as shown in the diagram and are configured as shown in output in the partial output of the show run command.
The command ping R2 fails when executed from R1. What command(s) would allow R1 to ping R2 by name?
-
R1(config)#int S1 R1(config-if)#no ip address 192.168.5.5 R1(config-if)# ip address 192.168.5.9 255.255.255.252
-
R1(config)#no ip host R1 R1(config)# ip host R2 192.168.5.6 255.255.255.252
-
R1(config)#no hostname R2 R1(config)# hostname R1
-
R2(config)#int S1 R1(config-if)#no ip address 192.168.5.5 R1(config-if)# ip address 192.168.5.9 255.255.255.0
Explanation:
Both routers have been configured with the ip host command. This command creates a name to IP address mapping, thereby enabling the pinging of the device by address. On R1, the mapping is incorrect and needs to be corrected. Currently it is configured as ip host R1 192.168.5.6. It is currently mapping its own name to the IP address of R2.To fix the problem, you should remove the incorrect IP address mapping and create the correct mapping for R2, as follows:R1(config)#no ip host R1 R1(config)# ip host R2 192.168.5.6 255.255.255.252
Once this is done, the ping on R2 will succeed.
The IP address of the S1 interface on R1 does not need to be changed to 192.168.5.9 /30. In fact, if that is done the S1 interface on R1 and the S1 interface in R2 will no longer be in the same network. With a 30-bit mask configured, the network they are currently in extends from 192.168.5.4 – 192.168.5.7. They are currently set to the two usable addresses in that network, 192.168.5.5 and 192.168.5.6.
The hostnames of the two routers do need to be set correctly using the hostname command for the ping to function, but they are correct now and do not need to be changed.
The subnet mask of the S1 interface on R2 does not need to be changed to 255.255.255.0. The mask needs to match that of R1, which is 255.255.255.252.
Objective:
Infrastructure Services
Sub-Objective:
Troubleshoot client connectivity issues involving DNS -
-
You network team is exploring the use of switch stacking.
Which of the following statements is NOT true of switch stacking?
- The master switch is the only switch with full access to the interconnect bandwidth
- Switches are connected with special cable
- The stack has a single IP address
- Up to nine switches can be added to the stack
Explanation:
All switches in the stack have full access to the interconnect bandwidth, not just the master switch. The master switch is elected from one of the stack members. It automatically configures the stack with the currently running IOS image and a single configuration file. The switches are connected with special cables that form a bidirectional closed loop path. The stack has a single management IP address and is managed as a unit. Up to nine switches can be in a stack.Objective:
LAN Switching Fundamentals
Sub-Objective:
Describe the benefits of switch stacking and chassis aggregation