CCNA 200-301 Dumps Exam Questions and Answers PDF Free Download

Last Updated on March 3, 2021 by Admin

CCNA 200-301 Dumps Exam Questions and Answers PDF Free Download

 

QUESTION 1

You are the network administrator for your company and have configured Cisco Discovery Protocol (CDP) in your network. You recently noticed that when devices send large numbers of CDP neighbor announcements, some devices are crashing. You decide to disable CDP on the router.

Which command should you use to achieve the objective?

A.  no cdp run

B.  set cdp disable

C.  no cdp enable

D.  no cdp advertise-v2

 

Correct Answer: A Section: (none) Explanation

 

Explanation/Reference:

Explanation:

You should use the no cdp run command to disable CDP on the router. Due to a known vulnerability regarding the handling of CDP by Cisco routers and switches when devices send large numbers of CDP neighbor announcements, some devices can crash or cause abnormal system behavior. To overcome this problem, you can disable CDP for the entire router by using the no cdp run command.

 

You cannot use the set cdp disable command to disable CDP on the router. This command disables CDP on an entire Catalyst switch.

You cannot use the no cdp enable command to disable CDP on the router. This command disables CDP on a specific interface.

You cannot use the no cdp advertise-v2 command to disable CDP on the router. This command disables

CDPv2 advertisements.

 

Objective:

LAN Switching Fundamentals

Sub-Objective:

Configure and verify Layer 2 protocols

 

References:

Cisco > Support > Using Cisco Discovery Protocol

Cisco > Support > Technology Support > Network Management > Cisco’s Response to the CDP Issue > Document ID: 13621

 

QUESTION 2

Which is NOT a valid range for private IP addresses?

 

A.

10.0.0.0 10.255.255.255

B.

172.16.0.0 172.31.255.255

C.

192.168.0.0 192.168.255.255

D.

192.255.255.255-193.0.0.0

 

Correct Answer: D Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The range 192.255.255.255 193.0.0.0 is a valid public IP address range, not a private IP address range.

 

The Internet Assigned Numbers Authority (IANA) has reserved the following three ranges for private Internet use:

10.0.0.0 10.255.255.255 (10.0.0.0/8)

172.16.0.0 172.31.255.255 (172.16.0.0/12)

192.168.0.0 192.168.255.255 (192.168.0.0/16)

 

The Internet Assigned Numbers Authority (IANA) manages and distributes global public IP addresses. IANA also performs DNS root zone management. IANA operates with the help of International Engineering Task Force (IETF) and RFC Editor to manage IP address allocation and DNS root zone management. There are Regional Internet Registries (RIRs) through which IANA allocates local registrations of IP addresses to different regions of the world. Each RIR handles a specific region of the world.

 

Objective:

Network Fundamentals

Sub-Objective:

Describe the need for private IPv4 addressing

 

References: http://www.ietf.org/rfc/rfc1918.txt http://www.iana.org/

 

QUESTION 3

Which of the following protocols allow the root switch location to be optimized per VLAN? (Choose all that apply.)

 

A.  PVST+ B.  RSTP C.  PVRST D.  STP

 

Correct Answer: AC Section: (none) Explanation

 

Explanation/Reference:

Explanation:

Both Per VLAN Spanning Tree Plus (PVST+) and Per VLAN Rapid Spanning Tree (PVRST) protocols allow for a spanning tree instance for each VLAN, allowing for the location optimization of the root bridge for each VLAN. These are Cisco proprietary enhancements to the 802.1d and 802.1w standards, respectively.

 

Rapid Spanning Tree Protocol (RSTP) is another name for the 802.1w standard. It supports only one instance of spanning tree.

 

Spanning Tree Protocol (STP) is another name for the 802.1d standard. It supports only one instance of spanning tree.

 

Objective:

LAN Switching Fundamentals

Sub-Objective:

Configure, verify, and troubleshoot STP protocols

 

References:

Cisco Home > Support > Technology Support > LAN Switching

 

QUESTION 4

Your assistant just finished configuring a small test network as part of his training. The network is configured as shown in the diagram below:

 

 

 

When testing the configuration, you find that Host A in the diagram cannot ping Host B.

 

Which of the following pairs of connections are required to be in the same subnet for Host A to be able to ping

Host B? (Choose all that apply.)

 

A.  The IP address of Host A and the IP address of the Fa0/0 interface of Router A

B.  The IP address of the Fa0/0 interface of Router A and the IP address of the Fa0/0 interface of Router B C.  The IP address of Host A and the IP address of the Fa0/0 interface of Router B

D.  The IP address of Host A and the IP address of Switch A

E.  The IP address of the S 0/0 interface of Router A and the IP address of the S 0/0 interface of Router B F.  The IP address of Host A and the IP address of Host B

G.  The IP address of Host B and the IP address of the Fa0/0 interface of Router B

 

Correct Answer: AEG Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The following pairs of connections are required to be in the same subnet:

the IP address of Host A and the IP address of the Fa0/0 interface of Router A

the IP address of the S 0/0 interface of Router A and the IP address of the S 0/0 interface of Router B

the IP address of Host B and the IP address of the Fa0/0 interface of Router B

 

When troubleshooting a correctly labeled network diagram for IP addressing problems, one must start on one end and trace each link in one direction, ensuring at each step that the interfaces are in the same subnet. A switch simply passes the packet to the router; therefore, the IP address of the switch is not important. It performs its job even if it has no IP address.

 

Moving from Host A to Host B, however, the following links must be in the same subnet: The IP address of Host A and the IP address of the Fa0/0 interface of Router A

 

The IP address of the S0/0 interface of Router A and the IP address of the S0/0 interface of Router B The IP address of Host B and the IP address of the Fa0/0 interface of Router B

 

Neither of the switch addresses is important to the process.

If all other routing issues are correct, it is also not required for Host A and Host B to be in the same subnet. Objective:

Network Fundamentals

Sub-Objective:

Configure, verify, and troubleshoot IPv4 addressing and subnetting

 

References:

Cisco > Home > Support > Technology Support > IP > IP Routing > Design > Design Technotes > IP Addressing and Subnetting for New Users

 

 

QUESTION 5

DRAG DROP

Click and drag the components on the left to their corresponding layers of the Open Systems Interconnection

(OSI) model on the right.

 

Select and Place:

 

Correct Answer:

 

 

 

Section: (none) Explanation

 

Explanation/Reference:

Explanation:

File Transfer Protocol (FTP) and Telnet are services, which are implemented at the Application layer in the Open Systems Interconnection (OSI) model. The Application layer is responsible for interacting directly with the application. It provides application services, such as e-mail.

 

Motion Picture Experts Group (MPEG) and Tagged Image File Format (TIFF) are graphic image formats, which are implemented at the Presentation layer. The Presentation layer enables coding and conversion functions for application layer data. Data is formatted and encrypted at this layer. The Presentation layer converts data into a format which is acceptable to the Application layer.

 

The following are also OSI layers and their descriptions:

Session: Used to create, manage, and terminate sessions between communicating nodes. The Session layer handles the service requests and service responses which take place between different applications. Transport: Responsible for error-free and sequential delivery of data. This layer is used to manage data transmission between devices, a process known as flow control. The Transport layer protocols are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

Network: Used to define the network address or the Internet Protocol (IP) address, which is then used by the routers to make routing decisions.

Data Link: Ensures the reliable transmission of data across a network on the basis of Layer 2 addresses such as MAC addresses (Ethernet) or DLCIs (Frame relay).

Physical: Consists of hardware for sending and receiving data on a carrier. The protocols which work at the

Physical layer include Fast Ethernet, RS232 and Asynchronous Transfer Mode (ATM).

 

Objective:

Network Fundamentals

Sub-Objective:

Compare and contrast OSI and TCP/IP models

 

References:

Internetworking Technology Handbook > Internetworking Basics > OSI Model and Communication Between

Systems

 

 

QUESTION 6

 

Which two fields are present in the output of the show ip interface brief command? (Choose two.)

 

A.  YES?

B.  Helper address

C.  OK?

D.  Method

E.  Proxy ARP

 

Correct Answer: CD Section: (none) Explanation

 

Explanation/Reference:

Explanation:

Sample output of the show ip interface brief command is as follows:

 

Router#  show  ip  interface  brief

Interface  IP-Address  OK?  Method  Status  Protocol

Ethernet0  10.108.00.5  YES  NVRAM  up  up

Ethernet1  unassigned  YES  unset  administratively down  down

Loopback0  10.108.200.5  YES  NVRAM  up  up

Serial0  10.108.100.5  YES  NVRAM  up  up

Serial1  10.108.40.5  YES  NVRAM  up  up

Serial2  10.108.100.5  YES  manual  up  up

Serial3  unassigned  YES  unset  administratively down  down

 

The following fields are present in the output of the show ip interface brief command:

 

OK?: If the value of this field is “yes”, it represents that the IP address is valid. If the value of this field is “No”, it represents an invalid IP address.

Method: This field can have one of the following values:

RARP or SLARP: Reverse Address Resolution Protocol (RARP) or Serial Line Address Resolution Protocol

(SLARP) request

BOOTP: Bootstrap protocol

TFTP: Configuration file obtained from TFTP server Manual: Manually changed by CLI command NVRAM: Configuration file in NVRAM

IPCP: ip address negotiated command DHCP: ip address dhcp command unassigned: No IP address

unset: Unset other: Unknown

Interface: Refers to the type of interface.

IP-Address: Refers to the IP address assigned to the interface.

 

Status: Displays the interface status. Possible values in this field are as follows:

up: Interface is administratively up. down: Interface is down.

administratively down: Interface is administratively down.

 

Protocol: An indicator of the operational status of the routing protocol for this interface. YES? is not a valid field in the output of the show ip interface brief command.

Helper address and Proxy ARP fields are present in the output of the show ip interface command, not the show ip interface brief command.

 

Objective:

Network Fundamentals

 

Sub-Objective:

Configure, verify, and troubleshoot IPv4 addressing and subnetting

 

References:

Cisco > Cisco IOS IP Addressing Command Reference > show ip interface

 

QUESTION 7

Which two modes are Cisco Internetwork Operating System (IOS) operating modes? (Choose two.)

 

A.  User Privileged mode

B.  User EXEC mode

C.  Local configuration mode D.  Global configuration mode E.  NVRAM monitor mode

 

Correct Answer: BD Section: (none) Explanation

 

Explanation/Reference:

Explanation:

User EXEC mode and global configuration mode are the Cisco IOS operating modes. The following list shows the Cisco IOS operating modes along with their description:

User EXEC mode: The commands in this mode are used to enable connections to remote devices and change the terminal settings for a short duration. User EXEC commands also enable you to perform basic tests and view system information.

Global configuration mode: The commands in this mode enable you to make changes to the entire system. Privileged EXEC mode: The commands in this mode are used to configure operating parameters. This mode also provides access to the remaining command modes.

Interface configuration mode: The commands in this mode allow you to change the operation for interfaces such as serial or Ethernet ports.

ROM monitor: The commands in this mode are used to perform low-level diagnostics.

 

All the other options are incorrect because they are not valid Cisco IOS operating modes.

 

To enter privileged EXEC mode, you must enter the command enable on the router. You will then be prompted for the enable password, if one has been created.

 

To enter global configuration mode, you must first enter privileged EXEC mode (see above) and then enter the command configure terminal (which can be abbreviated to config t), and the router will enter a mode that allows you to make global configuration changes.

 

Objective:

Network Fundamentals

Sub-Objective:

Select the appropriate cabling type based on implementation requirements

 

References:

Cisco Documentation > RPM Installation and Configuration > IOS and Configuration Basics > Cisco IOS Modes of Operation

 

QUESTION 8

Which of the following accurately describes the purpose of a trunk?

 

A.  A trunk is used to carry traffic for a single VLAN and is typically used between switches.

B.  A trunk is used to carry traffic for a single VLAN and is typically used between a switch and an end-user device.

C.  A trunk is used to carry multiple VLANs and is typically used between switches.

 

D.  A trunk is used to carry multiple VLANs and is typically used between a switch and a server.

 

Correct Answer: C Section: (none) Explanation

 

Explanation/Reference:

Explanation:

Trunk links are used between switches to allow communications between hosts that are in the same VLAN, but connected to different switches. Trunk links do not allow hosts in different VLANs to communicate, unless

there is an additional trunk link connecting to a Layer 3 device, such as a router or a multilayer switch. Trunk links do allow a host in VLAN 10 on SwitchA to communicate with a host in VLAN 10 on SwitchB. Similarly, a host in VLAN 20 on SwitchA could also communicate with a host in VLAN 20 on SwitchB. A trunk link supports all VLANs by default, and frames that are not traveling on the native VLAN are “tagged” with the VLAN ID of the originating port before being sent over the trunk. The receiving switch reads the VLAN ID and forwards the frame to the appropriate host in the same VLAN.

 

The other options are incorrect because trunk links do not carry data for a single VLAN, nor are trunks used between switches and hosts (such as workstations and servers).

 

When a trunk link is extended to a router for the purpose of enabling routing between VLANs, the physical connection that the link connects to is usually subdivided logically into subinterfaces. Then each subinterface is given an IP address from the same subnet as the computers that reside on that VLAN. Finally, each computer in the VLAN will use the corresponding IP address on the matching subinterface of the router as its default gateway. In the example below, the switch has five VLANs created and some hosts connected to it. If hosts from different VLANs need to communicate, the link between the router and the switch must be a trunk link.

 

 

Furthermore, the physical link on the router must be subdivided into subinterfaces and addressed according to the legend shown for each subinterface in the diagram. For example, the configuration for VLAN 10 shown in the diagram would be as follows:

 

Router(config)# interface f0/0.10

Router(config-if)#encapsulation dot1q 10

Router(config-if)#ip address 192.168.10.254 255.255.255.0

Finally, each computer in VLAN 10 should have its default gateway set to 192.168.10.254. Objective:

LAN Switching Fundamentals

Sub-Objective:

Describe and verify switching concepts

 

References:

 

QUESTION 9

Which Ethernet LAN contention or access method listens for a signal on the channel before transmitting data, and stops transmitting if a collision is detected?

 

A. CSMA/CA B. CSMA/CD C. CSMA/CB D.  CSMA/CS

 

Correct Answer: B Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The Carrier Sense Multiple Access Collision Detection (CSMA/CD) contention method verifies that a channel is clear before transmitting, and stops transmitting data when it detects a collision on the channel in use.

 

Carrier Sense Multiple Access (CSMA) is the channel access mechanism used by Ethernet LANs. CSMA defines when and how to access the channel to transmit data. There are two variants of CSMA: CSMA with Collision Avoidance (CSMA/CA) and CSMA/CD.

 

With CSMA/CD, the transmitting station waits to detect channel traffic before sending the first packet over the channel. If the channel happens to be idle, the station transmits its packets. Despite the process of checking the channel before transmitting, it is still possible for two stations to transmit at once, resulting in collisions. If a collision occurs, the transmitting stations perform a retransmission. This retransmission uses a back-off algorithm by which a station waits for a random amount of time before retransmitting. As soon there is a collision on the network, the transmitting station stops transmitting and waits for a random interval of time before attempting the transmission again.

 

You should not select CSMA/CA. With Carrier Sense Multiple Access Collision Avoidance (CSMA/CA), the transmitting station listens for a signal on the channel, then only transmits when the channel is idle. If the channel is busy, it waits a random amount of time before re-attempting transmission. CSMA/CA protocol is used in 802.11-based wireless LANs, while CSMA/CD is used in Ethernet LANs. Collisions are more often avoided with CSMA/CA than with CSMA/CD because sending stations signal non-sending stations to “wait” a specific amount of time and then check for clearance again before sending. The cost of these mechanisms is reduced throughput.

CSMA/CB and CSMA/CS are invalid Ethernet contention methods, and are therefore incorrect options. Objective:

LAN Switching Fundamentals

Sub-Objective:

Describe and verify switching concepts

 

References:

Cisco Documentation > Internetwork Troubleshooting Handbook > Troubleshooting Ethernet

Cisco > Tech Notes > Troubleshooting Ethernet Collisions > Document ID: 12768

Cisco > Technology Support > Ethernet > Carrier Sense Multi-Access/Collision Detection (CSMA/CD)

 

QUESTION 10

What will be the effects of executing the following set of commands? (Choose all that apply.)

 

router(config)#  router  eigrp  44

router  (config-router)# network  10.0.0.0

router  (config-router)# network  192.168.5.0

 

A.  EIGRP will be enabled in AS 44

B.  EIGRP instance number 44 will be enabled

C.  EIGRP will be activated on the router interface 10.0.0.2/8

D.  EIGRP will be activated on the router interface 192.168.5.9/24

E.  EIGRP will be activated on the router interface 10.0.5.8/16

F.  EIGRP will be activated on the router interface 192.168.6.1/24

 

Correct Answer: ACDE Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The effects of executing this set of commands will be that Enhanced Interior Gateway Routing Protocol

(EIGRP) will be enabled in Autonomous System (AS) 44 and will be active on the router interfaces

10.0.0.2/8,192.168.5.9/24, and 10.0.5.8/16.

 

The router eigrp 10 command is used to enable EIGRP on a router. The network 10.0.0.0 and network

192.168.5.0 commands are used to activate EIGRP over any interfaces that fall within the major networks

10.0.0.0 and 192.168.5.0, or within any subnets of these classful networks. The network commands in EIGRP configuration ignore any subnet-specific information by default. Since the IP address 10.0.5.8.9/24 is in a subnet of the Class A IP network 10.0.0.0, and only the first octet (byte) of a Class A IP address represents the major (classful) network, the remaining bytes are ignored by the network command.

 

EIGRP instance number 44 will not be enabled. The number 44 in the command does not represent an instance of EIGRP; it represents an autonomous system (AS) number. The autonomous-system parameter of the router eigrp command (router eigrp 44) specifies the autonomous system number. To ensure that all the routers in a network can communicate with each other, you should specify the same autonomous system number on all routers.

 

EIGRP will not be activated on the router interface 192.168.6.1/24. This interface does not exist within the

Class C network 192.198.5.0 or Class A network 10.0.0.0, or within any of their subnets.

 

Objective:

Routing Fundamentals

Sub-Objective:

Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)

 

References:

Cisco > Support > Cisco IOS Software > Configuring EIGRP > Enabling EIGRP

CCNA ICND2 Official Exam Certification Guide (Cisco Press, ISBN 1-58720-181-X), Chapter 10: EIGRP, pp.

389-390.

 

QUESTION 11

Users on the LAN are unable to access the Internet. How would you correct the immediate problem?

 

 

 

Router#  show  ip  interface  brief

 

Interface IP-Address OK? Method Status Protocol FastEthernet 0/0 unassigned YES unset down down FastEthernet  0/1  172.16.1.254  YES  NVRAM  up  up

Serial0/0  200.16.4.25  YES  NVRAM  administratively down  down

Serial0/1  unassigned  YES  unset  down  down

 

A.  Configure a bandwidth on the serial interface.

B.  Perform a no shutdown command on the serial interface.

C.  Configure a private IP address on the Fastethernet0/0 LAN interface. D.  Change the IP address on the serial interface.

 

Correct Answer: B Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The output indicates that the serial interface leading to the Internet is administratively down. All router interfaces are disabled by default due to the presence of a shutdown command in the running configuration. The no shutdown command removes this configuration, and the interface becomes active. The command sequence is:

Router(config)# interface serial0/0

Router(config-if)# no shutdown

 

Although it was not the problem in the scenario, the S0/0 interface could also cause an error if it is configured as shown in this output:

Interface IP-Address OK? Method Status Protocol

 

Serial0/0 200.16.4.25 YES NVRAM up down

 

In this example, the S0/0 interface has been enabled, and while there is Layer 1 connectivity (the Status column), Layer 2 is not functioning (the Protocol column). There are two possible reasons for this result:

Interface S0/0 is not receiving a clock signal from the CSU/DSU (if one is present).

The encapsulation type configured on S0/0 does not match the type configured on the other end of the link

(if the other end is a router).

 

Configuring a bandwidth on the serial interface is incorrect because the output indicates the interface is

 

administratively down, which does not pertain to bandwidth.

 

Configuring a private IP address on the Fastethernet0/0 LAN interface is incorrect because the output indicates the problem is with the disabled serial interface.

 

The IP address on the serial interface may or may not be valid, but it is not the immediate cause of the connectivity problem. The serial interface is disabled.

 

Objective:

LAN Switching Fundamentals

Sub-Objective:

Troubleshoot interface and cable issues (collisions, errors, duplex, speed)

 

References:

Cisco > Support > Administrative Commands > shutdown

 

QUESTION 12

When a packet is forwarded through a network from one host to another host, which of the following fields in the Ethernet frame will change at every hop?

 

A.  Source IP address

B.  Destination MAC address

C.  Source port number

D.  Destination IP address

 

Correct Answer: B Section: (none) Explanation

 

Explanation/Reference:

Explanation:

When an Ethernet frame is forwarded through the network, both the source and destination MAC addresses will change at every hop.

 

The source and destination IP addresses and source and destination port numbers MUST remain the same for proper routing to occur, for the proper delivery to the destination service, and for the proper reception of responses to the sending device. By contrast, the MAC addresses used at each hop must be those of the physical interfaces involved in the Layer 2 forwarding at each hop.

 

As a simple illustration of this process, IP addresses and MAC addresses are assigned to two computers and three routers shown in the diagram. The network is arranged as shown below:

 

 

 

The IP addresses and the MAC addresses of each device are shown below:

 

 

There will be four handoffs to get this packet from WKS1 to WKS2. The following table shows the destination

IP addresses and destination MAC addresses used at each handoff.

 

 

As you can see, the destination IP address in the packet does not change, but the MAC address in the frame changes at each handoff.

 

Objective:

LAN Switching Fundamentals

Sub-Objective:

Interpret Ethernet frame format

 

References:

MAC address changes for every new network

 

QUESTION 13

Which Cisco IOS Cisco Discovery Protocol (CDP) command displays the IP address of the directly connected

Cisco devices?

 

A.  show cdp

B.  show cdp devices

C.  show cdp traffic

D.  show cdp neighbors detail

 

Correct Answer: D Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The show cdp neighbors detail command displays the IP address of the directly connected Cisco devices. CDP is a Layer 2 (Data Link layer) protocol that finds information about neighboring network devices. CDP does not use Network layer protocols to transmit information because it operates at the Data Link layer. For this reason, IP addresses need not even be configured on the interfaces for CDP to function. The only requirement is that the interfaces be enabled with the no shutdown command. An example of the output of the show cdp

neighbors detail command is as follows:

 

 

The show cdp devices command is incorrect because this is not a valid Cisco IOS command.

 

The show cdp command is incorrect because this command is used to view the global CDP information. It lists the default update and holdtime timers, as in the following sample output:

 

Atlanta# show cdp

Global CDP information:

Sending CDP packets every 60 seconds

 

Sending a holdtime value of 180 seconds

Sending CDPv2 advertisements is enabled

 

The show cdp traffic command is incorrect because this command displays traffic information between network devices collected by the CDP, as in the following example:

 

Birmingham# show cdp traffic

Total packets output: 652, Input: 214

Hdr syntax: 0, Chksum error: 0, Encaps failed: 0

No memory: 0, Invalid: 0, Fragmented: 0

CDP version 1 advertisements output: 269, Input: 50

CDP version 2 advertisements output: 360, Input: 25

 

Objective:

Infrastructure Management

Sub-Objective:

Use Cisco IOS tools to troubleshoot and resolve problems

 

References:

Cisco > Cisco IOS Network Management Command Reference > schema through show event manager session cli username > show cdp neighbors detail

 

QUESTION 14

Your assistant is interested in gathering statistics about connection-oriented operations.

Which of the following should be done to enhance the accuracy of the information gathered? A.  configure an IP SLA responder on the destination device

B.  configure an IP SLA responder on the source device

C.  schedule the operation on the destination device

D.  add the verify-data command to the configuration of the operation

 

Correct Answer: A Section: (none) Explanation

 

Explanation/Reference:

Explanation:

Any IP SLA operations accuracy can be enhanced by configure an IP SLA responder on the destination device. It is important to note that only Cisco devices support the configuration as a responder.

 

You do not configure an IP SLA responder on the source device. You schedule the operation on the source device and the destination device is the one that is configured as a responder.

 

You do not schedule the operation on the destination device. You schedule the operation on the source device and the destination device is the one that is configured as a responder.

 

Adding the verify-data command to the configuration of the operation will not enhance the accuracy of the information gathered. When data verification is enabled, each operation response is checked for corruption. Use the verify-data command with caution during normal operations because it generates unnecessary overhead.

 

 

Objective:

Infrastructure Management

Sub-Objective:

Troubleshoot network connectivity issues using ICMP echo-based IP SLA

 

References:

 

 

 

You are the network administrator for your company. You have installed a new router in your network. You want to establish a remote connection from your computer to the new router so it can be configured. You are not concerned about security during the remote connection.

Which Cisco IOS command should you use to accomplish the task? A.  ssh

B.  telnet

C.  terminal

D.  virtual

 

Correct Answer: B Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The telnet command should be used to establish a remote connection from your computer to the router. The syntax of the command is as follows:

 

telnet {{hostname | IP_address mask interface_name} | {IPv6_address interface_name} |

{timeoutnumber}}

 

The following parameters are used with the telnet command:

hostname: Specifies the name of the host.

interface_name: Specifies the name of the network interface to which you need to telnet. IP_address: Specifies the IP address of the host.

IPv6_address: Specifies the IPv6 address associated to the host.

timeout number: Specifies the number of minutes that a telnet session can be idle.

 

The following features are the key characteristics of Telnet: It is a client server protocol.

It uses TCP port number 23.

It is used to establish a remote connection over the internet or Local Area Network (LAN). Telnet does not encrypt any data sent over the connection; that is, the data travels in clear text.

A Cisco router supports five simultaneous telnet sessions, by default. These lines are called vty 0-4. A successful Telnet connection requires that the destination device be configured to support Telnet connections, which means it must be configured with a Telnet password.

The telnet command can also be used to test application layer connectivity to a device.

 

The ssh command is incorrect because this command is used to remotely establish a secure connection between two computers over the network.

 

The terminal command is incorrect because this command is used to change console terminal settings.

 

The virtual command is incorrect because this command is used along with the http and telnet parameters to configure a virtual server.

 

Objective:

Infrastructure Management

Sub-Objective:

Configure and verify device management

 

References:

Cisco > Cisco IOS Terminal Services Command Reference > telnet

 

 

QUESTION 16

You are configuring a WAN connection between two offices. You cannot ping between the routers in a test. The Serial0 interface on RouterA is connected to the Serial1 interface on RouterB.

 

The commands you have executed are shown below. What is the problem with the configuration?

 

 

A.  The passwords are incorrectly configured B.  The usernames are incorrectly configured C.  The wrong interface has been configured D.  The encapsulation is incorrect on RouterA E.  The encapsulation is incorrect on RouterB F.  The authentication types do not match

 

Correct Answer: C Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The two routers are connected using Serial0 on RouterA and Serial1 on RouterB. However, the configuration commands were executed on interface Serial0 on RouterB. So although the configuration itself is completely correct, it is configured on the wrong interface.

 

The passwords are correct. The passwords should match on both routers. In this case, they are both set to lie. If even one character does not match, including character casing, the authentication and the connection will fail.

 

The usernames are correct. The username should be set to the host name of the peer router. In this case, RouterA’s username is set to RouterB and RouterB’s username is set to RouterA, which is correct.

 

The encapsulations are correct. They are both set to PPP, which is the correct type of encapsulation when using authentication.

 

The authentication types do match. They are both set to CHAP. It is possible to configure two authentication methods, with the second used as a fallback method in cases where the other router does not support the first type. The command below would be used to enable CHAP with PAP as a fallback method:

 

RouterB(config-if)#ppp authentication  chap  pap

 

Objective:

WAN Technologies

Sub-Objective:

Configure and verify PPP and MLPPP on WAN interfaces using local authentication

 

References:

Cisco > Home > Support > Technology Support > WAN > Point-To-Point Protocol (PPP) > Design > Design

 

 

 

Which Cisco 2950 switch command or set of commands would be used to create a Virtual LAN (VLAN) named

MARKETING with a VLAN number of 25?

 

A.  switch(config)# vtp domain MARKETING 25

B.  switch(config)# vlan 25

switch(config-vlan)# name MARKETING

C.  switch(config-if)# vlan 25 name MARKETING D.  switch(config)# vtp 25

switch(config-vtp)# name MARKETING

 

Correct Answer: B Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The following commands would create a VLAN named MARKETING with a VLAN number of 25:

switch(config)# vlan 25

switch(config-vlan)# name MARKETING

 

The steps to add anew VLAN are as follows:

1.  Create the new VLAN

2.  Name the VLAN

3.  Add the desired ports to the VLAN

 

VLANs on current Cisco switches are configured in global configuration mode. The VLAN is first created with the vlan # command, and then optionally named with the name vlan-name command. Interfaces are added to VLANs using either the interface or interface range commands.

 

The switch(config)# vtp domain MARKETING 25 command will not create a VLAN. This command creates a VLAN Trunking Protocol (VTP) domain. VTP is a means of synchronizing VLANs between switches, not a method of manually creating VLANs.

 

The vlan 25 name command is deprecated, and is not supported on newer Cisco switches. Even on switches that support the command, this answer is incorrect because the vlan 25 name command was issued in VLAN database mode, rather than interface mode.

 

Objective:

LAN Switching Fundamentals

Sub-Objective:

Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

 

References:

Cisco > Support > LAN Switching > Virtual LANS / VLAN Trunking Protocol (VLANS/VTP) > Configure > Configuration Examples and Technotes > Configuring VLAN Trunk Protocol (VTP) > Document ID: 98154

 

QUESTION 18

What command would be used to verify trusted DHCP ports?

 

A.  show mls qos

B.  show ip dhcp snooping

C.  show ip trust

D.  show ip arp trust

 

Correct Answer: B

 

 

Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The command show ip dhcp snooping is used to verify trusted DHCP ports. This command is used to verify which ports are intended to have DHCP servers connected to them.

 

DHCP snooping creates an IP address to MAC address database that is used by Dynamic ARP Inspection (DAI) to validate ARP packets. It compares the MAC address and IP address in ARP packets, and only permits the traffic if the addresses match. This eliminates attackers that are spoofing MAC addresses.

 

DHCP snooping is used to define ports as trusted for DHCP server connections. The purpose of DHCP snooping is to mitigate DHCP spoofing attacks. DHCP snooping can be used to determine what ports are able to send DHCP server packets, such as DHCPOFFER, DHCPACK, and DHCPNAK. DHCP snooping can also cache the MAC address to IP address mapping for clients receiving DHCP addresses from a valid DHCP server.

MLS QOS has no bearing on DHCP services, so show mls qos is not correct. The other commands are incorrect because they have invalid syntax. Objective:

Infrastructure Security

Sub-Objective:

Describe common access layer threat mitigation techniques

 

References:

Cisco > Cisco IOS IP Addressing Services Command Reference > DHCP Commands > show ip dhcp snooping

 

QUESTION 19

R1 and R2 are connected as shown in the diagram and are configured as shown in output in the partial output of the show run command.

 

 

 

 

 

The command ping R2 fails when executed from R1. What command(s) would allow R1 to ping R2 by name?

 

A.  R1(config)#int S1

R1(config-if)#no ip address 192.168.5.5

R1(config-if)# ip address 192.168.5.9 255.255.255.252

B.  R1(config)#no ip host R1

R1(config)# ip host R2 192.168.5.6 255.255.255.252

C.  R1(config)#no hostname R2

R1(config)# hostname R1

D.  R2(config)#int S1

R1(config-if)#no ip address 192.168.5.5

R1(config-if)# ip address 192.168.5.9 255.255.255.0

 

Correct Answer: B Section: (none) Explanation

 

Explanation/Reference:

Explanation:

Both routers have been configured with the ip host command. This command creates a name to IP address mapping, thereby enabling the pinging of the device by address. On R1, the mapping is incorrect and needs to be corrected. Currently it is configured as ip host R1 192.168.5.6. It is currently mapping its own name to the IP address of R2.

 

To fix the problem, you should remove the incorrect IP address mapping and create the correct mapping for

R2, as follows:

 

R1(config)#no  ip  host  R1

R1(config)#  ip  host  R2  192.168.5.6  255.255.255.252

 

Once this is done, the ping on R2 will succeed.

 

 

The IP address of the S1 interface on R1 does not need to be changed to 192.168.5.9 /30. In fact, if that is done the S1 interface on R1 and the S1 interface in R2 will no longer be in the same network. With a 30-bit mask configured, the network they are currently in extends from 192.168.5.4 192.168.5.7. They are currently set to the two usable addresses in that network, 192.168.5.5 and 192.168.5.6.

 

The hostnames of the two routers do need to be set correctly using the hostname command for the ping to function, but they are correct now and do not need to be changed.

 

The subnet mask of the S1 interface on R2 does not need to be changed to 255.255.255.0. The mask needs to match that of R1, which is 255.255.255.252.

 

Objective: Infrastructure Services Sub-Objective:

Troubleshoot client connectivity issues involving DNS

 

References:

Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services, Release 12.3>IP Addressing and

Services Commands: idle through ip local-proxy-arp>ip host

 

QUESTION 20

You network team is exploring the use of switch stacking.

 

Which of the following statements is NOT true of switch stacking?

 

A.  The master switch is the only switch with full access to the interconnect bandwidth

B.  Switches are connected with special cable

C.  The stack has a single IP address

D.  Up to nine switches can be added to the stack

 

Correct Answer: A Section: (none) Explanation

 

Explanation/Reference:

Explanation:

All switches in the stack have full access to the interconnect bandwidth, not just the master switch. The master switch is elected from one of the stack members. It automatically configures the stack with the currently

running IOS image and a single configuration file.

 

The switches are connected with special cables that form a bidirectional closed loop path. The stack has a single management IP address and is managed as a unit.

Up to nine switches can be in a stack.

 

Objective:

LAN Switching Fundamentals

Sub-Objective:

Describe the benefits of switch stacking and chassis aggregation

 

References:

Products & Services > Switches > Campus LAN Switches Access > Cisco Catalyst 3750 Series Switches > Data Sheets and Literature > White Papers > Cisco StackWise and StackWise Plus Technology

 

QUESTION 21

RouterA and RouterB, which connect two locations, are unable to communicate. You run the show running- configuration command on both router interfaces, RouterA and RouterB. The following is a partial output:

 

 

 

 

Based on the information given in the output, what are two likely causes of the problem? (Choose two.)

 

A.  The IP address defined is incorrect.

B.  Both routers cannot have a clock rate defined.

C.  Both routers cannot have an identical clock rate. D.  The Layer 2 framing is misconfigured.

E.  At least one of the routers must have the ip mroute-cache command enabled.

 

Correct Answer: AB Section: (none) Explanation

 

Explanation/Reference:

Explanation:

Two possible causes of the problem are that the IP addresses are incorrect as defined, or that both routers have a defined clock rate. The IP addresses on the routers are in different subnets. The IP addresses need to be changed to fall in the same subnet.

 

Both routers cannot have a clock rate configured. Only routers with a DCE cable connected should have a clock rate, which provides synchronization to the router connected to the DTE cable. In a point-to-point serial connection, the DCE cable connects to the DTE cable, providing a communication path between the two routers. If both computers have a clock rate configured, the routers will not communicate.

 

A matching clock rate is not the problem. The clock rates between two routers should match. The router connected to the DCE cable will provide the clock rate to the router connected to the DTE cable, resulting in matching clock rates.

 

The Layer 2 encapsulation refers to the Data Link protocol used on the link. In this case, the protocol is Point to Point Protocol (PPP), which is configured correctly on both ends as indicated by the matching encapsulation ppp statements in the output. The connection would be prevented from working if one of the routers were missing this setting (which would be indicated by the absence of the encapsulation ppp statement in its output), or if a different Layer 2 encapsulation type were configured, such as High-Level Data Link Control (HDLC).

 

The ip mroute-cache command is used to fast-switch multicast packets and would not cause the problem in this scenario.

 

Objective:

Network Fundamentals

Sub-Objective:

 

 

Configure, verify, and troubleshoot IPv4 addressing and subnetting

 

References:

Cisco > Internetworking Technology Handbook > Point to Point Protocol (PPP)

Cisco > Support > Product Support > Cisco IOS Software Releases 11.1 > Configure > Feature Guides > Clock Rate Command Enhancements Feature Module > clock rate

 

QUESTION 22

Which of the following should be a characteristic of the core layer in the Cisco three-layer hierarchical model?

 

A.  redundant components B.  emphasis on high speed C.  PoE

D.  QoS

 

Correct Answer: B Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The core layer of the Cisco three-layer hierarchical network design model places an emphasis on high speed. Items such as access control lists (ACLs) and Quality of Service (QoS) should NOT be implemented on this level, as those types of service will slow the high-speed switching process desired at this level.

 

The three layers of the hierarchical design model are the access layer, the distribution layer, and the core (backbone) layer. The core layer connects to every building block in the modular network, so it must emphasize speed and resilience.

Quality of service and ACLs are implemented on the distribution layer. Layer 3 support is required at this level. Redundant hardware components and Power over Ethernet (PoE) are characteristics of the access layer. This

is the layer where user devices are connected to the network. Layer 2 Port security is also implemented at this

layer.

 

Objective:

Network Fundamentals

Sub-Objective:

Compare and contrast collapsed core and three-tier architectures

 

References:

Cisco >Home > Solutions > Enterprise > Programs for Enterprise > Design Zone > Design Zone for Campus > Design Guides > Campus Network for High Availability Design Guide > Hierarchical Network Design Model

 

QUESTION 23

Which of the following commands will set the line speed of a serial connection that connects to a Channel

Service Unit /Digital Service Unit (CSU/DSU) at 56 Kbps?

 

A.  service-module 56000 clock rate speed

B.  service-module 56k clock rate speed

C.  bandwidth 56k

D.  bandwidth 56000

 

Correct Answer: B Section: (none) Explanation

 

Explanation/Reference:

 

 

Explanation:

The command service-module 56k clock rate speed will configure the network line speed for a 4-wire, 56/64- kbps CSU/DSU module.

 

The command service-module 56000 clock rate speed is incorrect because the speed must be stated in the form 56k (for Kbps), rather than 56000.

 

The bandwidth command is used to limit the amount of bandwidth used by an application when utilizing Quality of Service (QOS). It does not set the line speed of a serial connection that connects to a Channel Service Unit / Digital Service Unit CSU/DSU. Therefore, both the bandwidth 56k and the bandwidth 56000 commands are incorrect.

 

Objective:

WAN Technologies

Sub-Objective:

Describe WAN access connectivity options

 

References:

Cisco IOS Interface and Hardware Component Configuration Guide, Release 12.4T > Part 2: Serial Interfaces

> Configuring Serial Interfaces > 2-Wire and 4-Wire, 56/64-kbps CSU/DSU Service Module Configuration Task

List > Setting the Network Line Speed

 

QUESTION 24

You are discovering that there are differences between the configuration of EIGRP for IPv6 and EIGRP for

IPv4. Which statement is true with regard to the difference?

 

A.  A router ID is required for both versions

B.  A router ID must be configured under the routing process for EIGRP for IPv4

C.  AS numbers are not required in EIGRP for IPv6

D.  AS numbers are not required in EIGRP for IPv4

 

Correct Answer: A Section: (none) Explanation

 

Explanation/Reference:

Explanation:

Both versions of EIGRP require a router ID. The difference is that with EIGRP for IPv6, you must configure a router ID under the routing process if there are no IPv4 addresses on the router. In EIGRP for IPv4, the router can select one of the configured IPv4 addresses as the router ID.

 

A router ID can be configured under the routing process for EIGRP for IPv4, but it is not required. In EIGRP for

IPv4, the router can select one of the configured Pv4 addresses as the router ID.

AS numbers are required in both versions of EIGRP. Objective:

Routing Fundamentals

Sub-Objective:

Configure, verify, and troubleshoot EIGRP for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub)

 

References:

Home > Articles > Cisco Certification > CCNA Routing and Switching > C > Cisco ICND2 Foundation Learning

Guide: Implementing an EIGRP Solution > Implementing EIGRP for IPv6

 

QUESTION 25

Which of the following techniques is NOT used by distance vector protocols to stop routing loops in a network?

 

 

A.  Split horizon

B.  Spanning Tree Protocol (STP) C.  Holddowns

D.  Route poisoning

 

Correct Answer: B Section: (none) Explanation

 

Explanation/Reference:

Explanation:

Spanning Tree Protocol (STP) is not used by distance vector protocols to stop routing loops in a network. STP

is used to prevent switching loops in a switched network.

 

Routing loops can occur due to slow convergence and inconsistent routing tables, and can cause excessive use of bandwidth or complete network failure. An example of a routing table problem would be incorrectly configured static default routes. Suppose that Router A is connected to Router B, and the addresses of the interfaces on each end of the link connecting the two routers are as follows:

 

Router A 192.168.5.1/24

Router B 192.168.5.2/24

 

A partial output of the routing tables of the two routers is shown below. Router B hosts the connection to the

Internet.

 

routerA#  show  ip  route

Gateway  of  last  resort  is  192.168.5.2  to  network  0.0.0.0

<Output  omitted>

 

routerB#  show  ip  route

Gateway  of  last  resort  is  192.168.5.1  to  network  0.0.0.0

<<output  omitted>>

 

From the limited information shown above, you can see that Router A is pointing to Router B for the default route, and Router B is pointing to Router A for the default route. This will cause a routing loop for any traffic that is not in their routing tables. For example, if a ping were initiated to the address 103.5.6.8 and that address was not in the routing tables of Routers A and B, the most likely message received back would NOT be “destination unreachable” but “TTL expired in transit.” This would be caused by the packet looping between the two routers until the TTL expired.

 

The following techniques are used by distance vector protocols to stop routing loops in a network:

Split horizon stops routing loops by preventing route update information from being sent back over the same interface on which it arrived.

Holddown timers prevent regular update messages from reinstating a route that is unstable. The holddown timer places the route in a suspended, or “possibly down” state in the routing table and regular update messages regarding this route will be ignored until the timer expires.

Route poisoning “poisons” a failed route by increasing its cost to infinity (16 hops, if using RIP). Route poisoning is combined with triggered updates to ensure fast convergence in the event of a network change.

 

Objective:

Routing Fundamentals

Sub-Objective:

Compare and contrast distance vector and link-state routing protocols

 

References:

Cisco > Articles > Network Technology > General Networking > Dynamic Routing Protocols

 

QUESTION 26

You are creating a configuration to use on a switch. The configuration must enable you to remotely manage the

 

 

switch.

Which of the following command sets is correct? (Assume the commands are executed at the correct prompt.) A.  interface  vlan  1

ip  address  192.168.20.244  255.255.255.240

no  shutdown

exit

ip  default-gateway  192.168.20.241

line  vty  0  15

password  cisco

login

exit

B.  interface  fastethernet  0/1

ip  address  192.168.20.244  255.255.255.240

no  shutdown

exit

ip  default-gateway  192.168.20.241

line  vty  0  15

password  cisco

login

exit

C.  interface  vlan  1

ip  address  192.168.20.244  255.255.255.240

no  shutdown

exit

ip  route  192.168.20.241

line  vty  0  15

login

exit

D.  interface  vlan  1

ip  address  192.168.20.244  255.255.255.240

no  shutdown

exit

ip  default-gateway  192.168.20.241

line  con  0  15

password  cisco

login

exit

E.  interface  vlan  1

ip  address  192.168.20.244  255.255.255.240

no  shutdown

exit

ip  default-gateway  192.168.20.27

line  vty  0  15

password  cisco

login

exit

F.  interface  vlan  1

ip  address  192.168.20.244  255.255.255.240

shutdown

exit

ip  default-gateway  192.168.20.241

line  vty  0  15

password  cisco

login

exit

 

Correct Answer: A Section: (none) Explanation

 

 

Explanation/Reference:

Explanation:

The following command set is correct:

 

interface  vlan  1

ip  address  192.168.20.244  255.255.255.240

no  shutdown

exit

ip  default-gateway  192.168.20.241

line  vty  0  15

password  cisco

login

exit

 

It sets an IP address for VLAN 1, which is the management VLAN. Next, it sets a default gateway that is in the same network with the IP address. It correctly enables the interface, sets a required password on the VTY lines, and sets the switch to prompt for the password.

 

Switches do not need IP addresses unless you want to remotely manage the devices. When an IP address is assigned to a switch for this purpose, it is not applied to a physical interface. It is applied to the VLAN 1 interface, which is the management VLAN by default.

 

The following command set is incorrect because it applies the IP address to the fastethernet 0/1 interface, rather than the management VLAN. When you set an IP address for the switch, you do so on the management VLAN, not one of the physical interfaces.

 

interface  fastethernet  0/1

ip  address  192.168.20.244  255.255.255.240

no  shutdown

exit

ip  default-gateway  192.168.20.241

line  vty  0  15

password  cisco

login

exit

 

The following command set is incorrect because it does not set a password on the VTY lines, which is required to connect with Telnet unless you include the no login command.

 

interface  vlan  1

ip  address  192.168.20.244  255.255.255.240

no  shutdown

exit

ip  default-gateway  192.168.20.241

line  con  0  15

login

exit

 

The following command set is incorrect because it sets the password in the console line rather than the VTY

lines.

 

interface  vlan  1

ip  address  192.168.20.244  255.255.255.240

no  shutdown

exit

ip  default-gateway  192.168.20.241

line  con  0  15

password  cisco

login

exit

 

 

The following command set is incorrect because the address for VLAN1 and the gateway are not in the same subnet. With a 28-bit mask the interval is 16, which means the network that the gateway is in is the

192.168.20.16/28 network and VLAN 1 is in the 192.1683.20.240/28 network.

 

interface  vlan  1

ip  address  192.168.20.244  255.255.255.240

no  shutdown

exit

ip  default-gateway  192.168.20.27

line  vty  0  15

password  cisco

login

exit

 

The following command set is incorrect because the VLAN 1 interface has been disabled with the shutdown command.

 

interface  vlan  1

ip  address  192.168.20.244  255.255.255.240

shutdown

exit

ip  default-gateway  192.168.20.241

line  vty  0  15

password  cisco

login

exit

 

Objective:

Infrastructure Management

Sub-Objective:

Configure and verify device management

 

References:

Home>Support>Product Support>End-of-Sale and End-of-life Products>Cisco Catalyst 6000 Series Switches>Troubleshoot and Alerts> Troubleshooting TechNotes>Configuring a Management IP Address on Catalyst 4500/4000, 5500/5000, 6500/6000, and Catalyst Fixed Configuration Switches

 

QUESTION 27

What command should you use to quickly view the HSRP state of the switch for all HSRP groups of which the switch is a member?

 

A.  switch# show standby brief

B.  switch# show ip interface brief

C.  switch# show hsrp

D.  switch# show standby

 

Correct Answer: A Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The command show standby brief should be used to quickly view the HSRP state of a switch for all HSRP groups of which it is a member. The summary information it provides includes the group number, priority, state, active device address, standby address, and group address.

 

The command show standby can be used to display detailed information about HSRP groups of which a switch is a member. This command would not provide a quick view. This command displays information about HSRP on all configured interfaces and for all HSRP groups. It also displays hello timer information and the expiration timer for the standby switch.

 

 

The command show ip interface brief is useful in that lists the interfaces and displays the basic IP configuration of each. This output would include the IP address of the interface and the state of the interface, but not HSRP information.

The command show hsrp is not a valid command due to incorrect syntax. Objective:

Infrastructure Services

Sub-Objective:

Configure, verify, and troubleshoot basic HSRP

 

References:

Cisco > Cisco IOS IP Application Services Command Reference > show standby

Cisco > Cisco IOS IP Application Services Configuration Guide, Release 12.4 > Part 1: First Hop Redundancy

Protocols > Configuring HSRP

 

QUESTION 28

When packets are transmitted from one host to another across a routed segment, which two addresses are changed? (Choose two.)

 

A.  source IP address

B.  source MAC address

C.  destination IP address

D.  destination MAC address

 

Correct Answer: BD Section: (none) Explanation

 

Explanation/Reference:

Explanation:

When packets move from one LAN segment to another LAN segment across a router, the source and destination Media Access Control (MAC) addresses in the packet change.

 

Packets destined for a remote network must be forwarded by a router that is typically the sending host’s default gateway. The IP address of the remote host is inserted into the packet, while the MAC address of the default gateway is inserted as the Layer 2 address. This ensures that the packet is received by the default gateway. The router then examines the destination IP address, performs a route lookup, and forwards the packet toward the destination, inserting its MAC address as the source MAC address. If the next hop is another router, then the destination MAC address is replaced with the next router’s MAC address. This process is repeated by each router along the path (inserting its own MAC address as the source MAC address and inserting the MAC address of the next router interface as the destination MAC address) until the packet is received by the remote host’s default gateway. The destination gateway then replaces the destination MAC address with the host’s MAC address and forwards the packet.

 

In the diagram below, when the host located at the IP address 10.0.1.3 sends data to the host located at IP address 10.1.1.3, the Layer 2 and Layer 3 destination addresses will be bb.bb.bb.bb.bb.bb and 10.1.1.3, respectively. Note that the Layer 2 destination address matches the host’s default gateway and not the address of the switch or the destination host.

 

 

 

 

It is incorrect to state that the source IP address or the destination IP address change when packets transfer from one host to another across a routed segment. The Internet Protocol (IP) addresses within the packets do not change because this information is needed to route the packet, including any data returned to the sender.

 

Data return to the sending host is critically dependent on the destination having a default gateway configured and its router having a route back to the sender. If either is missing or configured incorrectly, a return is not possible. For example, when managing a switch remotely with Telnet, the switch cannot be located on the other side of a router from the host being used to connect if the switch does not have a gateway configured. In this case, there will no possibility of a connection being made because the switch will not have a return path to the router.

 

Objective:

Routing Fundamentals

Sub-Objective:

Describe the routing concepts

 

References:

Cisco Documentation > Internetworking Technology Handbook > Routing Basics

 

QUESTION 29

You are connecting a new computer to Switch55. The new computer should be placed in the Accounting

VLAN. You execute the show vlan command and get the following output:

 

 

Examine the additional network diagram.

 

 

 

 

What action should you take to place the new computer in the Accounting VLAN and allow for inter-VLAN

routing?

 

A.  Connect the new computer to Fa0/1

B.  Connect the new computer to Fa0/14

C.  Connect the new computer to Fa0/5

D.  Configure a dynamic routing protocol on the router interface

 

Correct Answer: C Section: (none) Explanation

 

Explanation/Reference:

Explanation:

Switchport Fa0/5 can be used to place the computer in the Accounting VLAN.

 

The diagram indicates that a router has been configured as a “router-on-a-stick” to perform inter-VLAN routing between VLANs 10, 20, 30 and 40. The show vlan output indicates that interfaces Fa0/5, Fa0/15, and Fa0/6 have been assigned to VLAN 20, the Accounting VLAN:

 

20  accounting  active  Fa0/5,  Fa0/6,  Fa0/15

 

Switchports Fa0/1 and Fa0/14 are both in the default VLAN, as indicated by the portion of the output describing the switch ports that are unassigned and therefore still residing in the default VLAN:

 

1  default  active  Fa0/1,  Fa0/2,  Fa0/3, Fa0/7,  Fa0/8,  Fa0/9,

Fa0/14,  Fa0/16,  Fa0/23, Fa0/19,  Fa0/20,  Fa0/23

 

It is not necessary to configure a dynamic routing protocol on the router. Since the router is directly connected to all four subinterfaces and their associated networks, the networks will automatically be in the router’s routing table, making inter-VLAN routing possible.

 

Objective:

LAN Switching Fundamentals

Sub-Objective:

Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

 

References:

 

 

Cisco > Support > Cisco IOS LAN Switching Command Reference > show vlan

Cisco Networking Essentials 2nd Edition, by Troy McMillan (ISBN 1119092159). Sybex, 2015. Chapter 15: Configuring Inter-VLAN Routing

 

QUESTION 30

What two devices can be connected to a router WAN serial interface that can provide clocking? (Choose two.)

 

A.  CSU/DSU B.  switch

C.  modem

D.  hub

 

Correct Answer: AC Section: (none) Explanation

 

Explanation/Reference:

Explanation:

A router DTE interface must receive a clock rate from the DCE end and the rate can be provided by either a CSU/DSU or a modem. Therefore, the connection between the local router and the service provider can be successfully completed by adding either of these devices between the service provider and the local router.

 

Switches and hubs are neither capable of providing the clock rate nor able to complete the connection between the local router and the service provider.

 

Objective:

Network Fundamentals

Sub-Objective:

Describe the impact of infrastructure components in an enterprise network

 

References:

Cisco Documentation > Internetworking Technology Handbook > Introduction to WAN Technologies

 

QUESTION 31

You are a network administrator for your organization. Your organization has two Virtual LANs, named Marketing and Production. All Cisco 2950 switches in the network have both VLANs configured on them. Switches A, C, F, and G have user machines connected for both VLANs, whereas switches B, D, and E have user machines connected for the Production VLAN only. (Click the Exhibit(s) button to view the network diagram.)

 

You receive a request to configure Fast Ethernet port 0/2 on Switch B for a user computer in the Marketing

VLAN. VLAN numbers for the Marketing and Production VLANs are 15 and 20, respectively.

Which Cisco 2950 switch command should you use to configure the port? A.  SwitchB(config-if)#switchport trunk vlan 15

B.  SwitchB(config)#switchport access vlan 15

C.  SwitchB(config-if)#switchport access vlan 15

D.  SwitchB(config-if)#switchport trunk vlan 15, 20

 

Correct Answer: C Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The SwitchB(config-if)#switchport access vlan 15 command should be used to enable the port for the

Marketing VLAN in access link mode. You must first enter the interface configuration mode by using the

 

 

following command: SwitchB(config)#interface fast 0/2

When executing the command switchport access vlan vlan #, if the VLAN number does NOT match that of the correct VLAN, the host connected to this port will not be in the correct VLAN. If the VLAN number doesn’t exist, the host will not be able to communicate with any resources on the LAN.

 

User machines are always connected to an access link. A trunk link is used to span multiple VLANs from one switch to another or from a switch to a router. For inter- VLAN routing to function, the port that is connected to the router must be configured as a trunk port. To configure a port into trunk mode, you should use the following command:

 

SwitchB(config-if)#switchport mode trunk

 

The SwitchB(config)#switchport access vlan 15 command is incorrect because the router is in global configuration mode. The switchport command is applied in the interface configuration mode.

 

All other options are incorrect because the access parameter should be used with the switchport command. The trunk parameter is used to add allowed VLANs on the trunk. The correct command syntax is:

 

switchport  trunk  {{allowed  vlan  vlan-list}  |  {native  vlan  vlan-id}  |  {pruning vlan  vlan-list}}

 

Objective:

LAN Switching Fundamentals

Sub-Objective:

Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

 

References:

 

QUESTION 32

Which Cisco Internetwork Operating System (IOS) command is used to view the number of Enhanced Interior

Gateway Routing Protocol (EIGRP) packets that are sent and received?

 

A.  show eigrp neighbors

B.  show ip eigrp interfaces

C.  show ip eigrp packets

D.  show ip eigrp traffic

E.  show ip route

F.  show ip eigrp topology

 

Correct Answer: D Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The show ip eigrp traffic command is used to view the number of EIGRP packets that are sent and received. The syntax of the command is:

 

Router# show ip eigrp traffic [autonomous-system-number]

 

The autonomous-system-number parameter is optional. The output of the command is as follows:

 

Router#  show  ip  eigrp  traffic

 

IP-EIGRP  Traffic  Statistics  for  process  78

Hellos  sent/received:  2180/2005

 

 

Updates  sent/received:  70/21

Queries  sent/received:  3/1

Replies  sent/received:  0/3

Acks  sent/received:  22/11

 

The show ip eigrp neighbors command is incorrect because it does not show the number of packets sent or received. It does show IP addresses of the devices with which the router has established an adjacency, as well as the retransmit interval and the queue count for each neighbor, as shown below:

 

Router#  show  ip  eigrp  neighbors

IP-EIGRP  Neighbors  for  process  49

Address  Interface  Holdtime  Uptime  Q  Seq  SRTT  RTO

(secs)  (h:m:s)  Count  Num  (ms)  (ms)

146.89.81.28  Ethernet1  13  0:00:41  0  11  4  20

146.89.80.28  Ethernet0  12  0:02:01  0  10  12  24

146.89.80.31  Ethernet0  11  0:02:02  0  4  5  20

 

The show ip eigrp interfaces command is incorrect because this command is used to view information about the interfaces configured for EIGRP.

 

The show ip eigrp packets command is incorrect because it is not a valid Cisco IOS commands.

 

The show ip route command will not display EIGRP packets that are sent and received. It is used to view the routing table. When connectivity problems occur between subnets, this is the logical first command to execute. Routers must have routes to successfully send packets to remote subnets. Using this command is especially relevant when the underlying physical connection to the remote network has been verified as functional, but routing is still not occurring.

 

The show ip eigrp topology command is incorrect because it does not show the number of packets sent or received. This command displays all successor and feasible successor routes (if they exist) to each network. If you are interested in that information for only a specific destination network, you can specify that as shown in the output below. When you do, the command output displays all possible routes, including those that are not feasible successors:

 

 

In the above output, four routers are providing a route to the network specified in the command. However, only one of the submitted routes satisfies the feasibility test. This test dictates that to be a feasible successor, the advertised distance of the route must be less than the feasible distance of the current successor route.

 

 

The current successor route has a FD of 41152000, as shown in the first section of the output. In the values listed for each of the four submitted routes, the first number is the feasible distance and the second is the advertised distance. Only the route received from 10.0.0.2 (second section) with FD/AD values of

53973240/120256 satisfies this requirement, and thus this route is the only feasible successor route present in the topology table for the network specified in the command.

 

Objective:

Routing Fundamentals

Sub-Objective:

Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)

 

References:

Cisco > Cisco IOS IP Routing Protocols Command Reference > Routing Information Protocol Commands >

show ip eigrp traffic

 

QUESTION 33

You are configuring a PPP connection between two routers, R1 and R2. The password for the connection will be poppycock. When you are finished you execute the show run command on R1 to verify the configuration.

 

Which of the following examples of partial output of the show run command from R1 represents a correct configuration of PPP on R1?

 

A.  enable  password  griswald hostname  R1

username  R1  password  poppycock interface  serial  0/0

ip  address  192.168.5.5  255.255.255.0 encapsulation  ppp

ppp  authentication  chap

B.  enable  password  griswald hostname  R1

username  R1  password  poppycok interface  serial  0/1

ip  address  192.168.5.5  255.255.255.0 encapsulation  ppp

ppp  authentication  chap

C.  enable  password  griswald hostname  R1

username  R2  password  poppycock interface  serial  0/0

ip  address  192.168.5.5  255.255.255.0 encapsulation  ppp

ppp  authentication  chap

D.  enable  password  griswald hostname  R1

username  R1  password  griswald interface  serial  0/0

ip  address  192.168.5.5  255.255.255.0 encapsulation  ppp

ppp  authentication  chap

 

Correct Answer: C Section: (none) Explanation

 

Explanation/Reference:

Explanation:

The correct configuration is as follows:

 

 

enable  password  griswald hostname  R1

username  R2  password  poppycock interface  serial  0/0

ip  address  192.168.5.5  255.255.255.0 encapsulation  ppp

ppp  authentication  chap

 

The key settings that are common problems are as follows:

 

The username is set to the hostname of the other router (in this case, R2) The password is set poppycock which must be the same in both routers

 

The following set is incorrect because the username is set to the local hostname (R1) and not the hostname of the other router (R2):

 

enable  password  griswald hostname  R1

username  R1  password  poppycock interface  serial  0/0

ip  address  192.168.5.5  255.255.255.0 encapsulation  ppp

ppp  authentication  chap

 

The following set is incorrect because the password is misspelled. It should be poppycock, not poppycok.

 

enable  password  griswald hostname  R1

username  R1  password  poppycok interface  serial  0/0

ip  address  192.168.5.5  255.255.255.0 encapsulation  ppp

ppp  authentication  chap

 

The following set is incorrect because the password is set to the enable password of the local router (R1)

rather than the agreed upon PPP password, which is poppycock.

 

enable  password  griswald hostname  R1

username  R1  password  griswald interface  serial  0/0

ip  address  192.168.5.5  255.255.255.0 encapsulation  ppp

ppp  authentication  chap

 

Objective:

WAN Technologies

Sub-Objective:

Configure and verify PPP and MLPPP on WAN interfaces using local authentication

 

References:

Cisco > Home > Support > Technology Support > WAN > Point-to-Point Protocol (PPP) > Design > Design

TechNotes > Understanding and Configuring PPP CHAP Authentication

 

QUESTION 34

Which statement is NOT true regarding Internet Control Message Protocol (ICMP)?

 

A.  ICMP can identify network problems. B.  ICMP is documented in RFC 792.

C.  ICMP provides reliable transmission of data in an Internet Protocol (IP) environment.

 

 

D.  An ICMP echo-request message is generated by the ping command.

 

Correct Answer: C Section: (none) Explanation

 

Explanation/Reference:

Explanation:

ICMP does NOT provide reliable transmission of data in an Internet Protocol (IP) environment. The

Transmission Control Protocol (TCP) is used to provide reliable transmission of data in an IP environment.

 

The following statements are TRUE regarding ICMP:

 

ICMP can identify network problems. ICMP is documented in RFC 792.

An ICMP echo-request message is generated by the ping command.

An ICMP echo-reply message is an indicator that the destination node is reachable.

ICMP is a network-layer protocol that uses message packets for error reporting and informational messages.

 

Objective:

Network Fundamentals

Sub-Objective:

Compare and contrast TCP and UDP protocols

 

References:

Cisco > Internetworking Technology Handbook > Internet Protocols (IP) > Internet Control Message Protocol

(ICMP)

 

QUESTION 35

What is the valid host address range for the subnet 172.25.4.0 /23?

 

A.  172.25.4.1 to 172.25.5.254

B.  172.25.4.10 to 172.25.5.210

C.  172.25.4.35 to 172.25.5.64

D.  172.25.4.21 to 172.25.5.56

 

Correct Answer: A Section: (none) Explanation

 

Explanation/Reference:

Explanation:

For the subnet 172.25.4.0, the valid host range will start at 172.25.4.1 and end at 172.25.5.254.

 

To determine the valid range of addresses in a subnet, one must determine the subnet number or network ID

and the broadcast address of the subnet and all valid addresses will lie within those boundaries.

 

In this case:

Network address: 172.25.0.0

Subnet mask in decimal: 255.255.254.0 (/23 indicates 23 bit in the mask) Subnet mask in binary: 11111111.11111111.11111110.00000000

 

The formulas to calculate the number of subnets and hosts are: Number of subnets = 2number-of-subnet-bits

Number of hosts per subnet = 2number-of-host-bits 2

 

In this scenario:

 

 

Number of