ACL/OSPF

Question 1

Which address is required in the command syntax of a standard ACL

Answer 1

source ip address

Question 2

Which statement describe a difference between the operation of inbound and outbounds

Answer 2

Inbound acl are processed before the packets are routed while outbound acls are processed after the routing is complete.

Question 3

Which three statements describes acl processing of packets

Answer 3

An implicit deny any rejects any packet that does not match any ACE
A packet can either be rejected or forwarding as directed by the ACE that is matched
Each statement is checked only until a match is detected or until a match is detected or until the end of the ACE list

Question 4

What single access list statement matches all of the following networks?

192. 168.16.0
193. 168.17.0
194. 168.18.0
195. 168.19.0

Answer 4

access-list 10 permit 192.168.16.0 0.0.3.255

Question 5

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task

Answer 5

Router1(config)# access-list 10 permit host 192.168.15.23

Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0

Question 6

If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?

Answer 6

8

Question 7

Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)

Answer 7

Filter unwanted traffic before it travels onto a low-bandwidth link.

Place extended ACLs close to the source IP address of the traffic.

Place standard ACLs close to the destination IP address of the traffic.

Question 8

On which router should the show access-lists command be executed?

Answer 8

on the router that has the ACL configured*

Question 9

What is the quickest way to remove a single ACE from a named ACL

Answer 9

Use the no keyword and the sequence number of the ACE to be removed.

Question 10

Which feature will require the use of a named standard ACL rather than a numbered standard ACL

Answer 10

the ability to add additional ACEs in the middle of the ACL without deleting and re-creating the list*

Question 11

An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?

Answer 11

R1(config-line)# access-class 1 in

Question 12

Which type of router connection can be secured by the access-class command

Answer 12

vty

Question 13

What is the effect of configuring an ACL with only ACEs that deny traffic?

Answer 13

The ACL will block all traffic.

Question 14

Which type of ACL statements are commonly reordered by the Cisco IOS as the first ACEs?

Answer 14

host

Question 15

A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction?

Answer 15

The ACL does not perform as designed.*

Question 16

When would a network administrator use the clear access-list counters command?

Answer 16

when troubleshooting an ACL and needing to know how many packets matched*

Question 17

Which routing protocol is designed to use areas to scale large hierarchical networks?

• RIP
• EIGRP
• OSPF
• BGP

Answer 17

• OSPF

Question 18

Which two routing protocols are classified as distance vector routing protocols? (Choose two.)

• OSPF
• EIGRP
• BGP
• IS-IS
• RIP

Answer 18

• EIGRP

- RIP

Question 19

After a network topology change occurs, which distance vector routing protocol can send an update message directly to a single neighboring router without unnecessarily notifying other routers?

• IS-IS
• RIPv2
• EIGRP
• OSPF
• RIPv1

Answer 19

• EIGRP

Question 20

Which feature provides secure routing updates between RIPv2 neighbors?

• unicast updates
• routing protocol authentication
• keepalive messages
• adjacency table

Answer 20

• routing protocol authentication

Question 21

What is maintained within an EIGRP topology table?

• all routes received from neighbors
• the hop count to all networks
• the area ID of all neighbors
• the state of all links on the network

Answer 21

• all routes received from neighbors

Question 22

What are two features of the OSPF routing protocol? (Choose two.)

• automatically summarizes networks at the classful boundaries
• has an administrative distance of 100
• calculates its metric using bandwidth
• uses Dijkstra’s algorithm to build the SPF tree
• used primarily as an EGP

Answer 22

• calculates its metric using bandwidth

- uses Dijkstra’s algorithm to build the SPF tree

Question 23

Which two protocols are link-state routing protocols? (Choose two.)

• RIP
• OSPF
• EIGRP
• BGP
• IS-IS
• IGP

Answer 23

• OSPF

- IS-IS

Question 24

Which routing protocol uses link-state information to build a map of the topology for computing the best path to each destination network?

+ OSPF
+ EIGRP
+ RIP
+ RIPng

Answer 24

+ OSPF

Question 25

Which two requirements are necessary before a router configured with a link-state routing protocol can build and send its link-state packets? (Choose two.)

• The router has determined the costs associated with its active links.
• The router has built its link-state database.
• The routing table has been refreshed.
• The router has established its adjacencies.
• The router has constructed an SPF tree.

Answer 25

• The router has determined the costs associated with its active links.
• The router has established its adjacencies.

Question 26

What happens when two link-state routers stop receiving hello packets from neighbors?

• They continue to operate as normal and are able to exchange packets.
• They consider the neighbor to be unreachable and the adjacency is broken.
• They create a default route to the adjacent router.
• They will flood their database tables to each other.

Answer 26

They consider the neighbor to be unreachable and the adjacency is broken.

Question 27

Which two events will trigger the sending of a link-state packet by a link-state routing protocol? (Choose two.)

• the router update timer expiring
• a link to a neighbor router has become congested
• a change in the topology
• the initial startup of the routing protocol process
• the requirement to periodically flood link-state packets to all neighbors

Answer 27

• a change in the topology

- the initial startup of the routing protocol process

Question 28

What is the first step taken by a newly configured OSPF router in the process of reaching a state of convergence?

• It builds the topological database.
• It floods LSP packets to neighboring routers.
• It learns about directly connected links in an active state.
• It exchanges hello messages with a neighboring router.

Answer 28

• It learns about directly connected links in an active state.

Question 29

Which two components of an LSP enable an OSPF router to determine if the LSP that is received contains newer information than what is in the current OSPF router link-state database? (Choose two.)

• query
• sequence numbers
• acknowledgements
• hellos
• aging information

Answer 29

• sequence numbers

- aging information

Question 30

Which statement is an incorrect description of the OSPF protocol?

• Multiarea OSPF helps reduce the size of the link-state database.
• OSPF builds a topological map of the network.
• When compared with distance vector routing protocols, OSPF utilizes less memory and less CPU processing power.
• OSPF has fast convergence.

Answer 30

• When compared with distance vector routing protocols, OSPF utilizes less memory and less CPU processing power.

Question 31

What is a disadvantage of deploying OSPF in a large single area routing environment?

• OSPF uses multicast updates.
• OSPF uses excessive LSP flooding.
• OSPF uses a topology database of alternate routes.
• OSPF uses a metric of bandwidth and delay.

Answer 31

• OSPF uses excessive LSP flooding.

Question 32

Match the features of link-state routing protocols to their advantages and disadvantages. (Not all options are used.)

• bandwidth consumption
• event-driven updates
• using hop count as metric
• building a topological map
• memory usage
• fast convergence
• sending updates with broadcast
• CPU processing time

Answer 32

Advantage

• event-driven updates
• building a topological map
• fast convergence

Disadvantage

• bandwidth consumption
• memory usage
• CPU processing time

Question 33

what is OSPF?

Answer 33

Open Shortest Path First uses a link-state algorithm to build and calculate the shortest path to all known destinations. Each router in an OSPF area contains an identical link-state database, which is a list of each of the router-usable interfaces and reachable neighbors.OSPF is a link-state protocol based on the open standard. At a high level, OSPF
operation consists of three main elements: neighbor discovery, link-state information
exchange, and best-path calculation.
To calculate the best path, OSPF uses the shortest path first (SPF) or Dijkstra’s algorithm. OSPF was developed by the Internet Engineering Task Force (IETF) to overcome the
limitations of distance vector routing protocols. One of the main reasons why OSPF is
largely deployed in today’s enterprise networks is the fact that it is an open standard; OSPF offers a large level of scalability and fast convergence. Despite its relatively simple
configuration in small and medium-size networks, OSPF implementation and troubleshooting
in large-scale networks can at times be challenging.

Question 34

what are the RFC of OSPF?

Answer 34

Version 1 of the protocol is described in the RFC 1131. The current version used for IPv4, Version 2, is specified in RFCs 1247 and 2328. OSPF Version 3, which is used in IPv6 networks, is specified in RFC 5340.

Question 35

what are the key features of OSPF?

Answer 35

• Independent transport: OSPF works on top of IP and uses protocol number 89. It
does not rely on the functions of the transport layer protocols TCP or UDP.
• Efficient use of updates: When an OSPF router first discovers a new neighbor, it
sends a full update with all known link-state information. All routers within an OSPF area must have identical and synchronized link-state information in their OSPF link-state databases. When an OSPF network is in a converged state and a new link
comes up or a link becomes unavailable, an OSPF router sends only a partial update to
all its neighbors. This update will then be flooded to all OSPF routers within an area.
• Metric: OSPF uses a metric that is based on the cumulative costs of all outgoing
interfaces from source to destination. The interface cost is inversely proportional to
the interface bandwidth and can be also set up explicitly.
• Update destination address: OSPF uses multicast and unicast, rather than broadcast,
for sending messages. The IPv4 multicast addresses used for OSPF are 224.0.0.5 to
send information to all OSPF routers and 224.0.0.6 to send information to DR/BDR
routers. The IPv6 multicast addresses are FF02::5 for all OSPFv3 routers and FF02::6
for all DR/BDR routers. If the underlying network does not have broadcast capabilities,
you must establish OSPF neighbor relationships using a unicast address. For
IPv6, this address will be a link-local IPv6 address.
• VLSM support: OSPF is a classless routing protocol. It supports variable-length subnet
masking (VLSM) and discontiguous networks. It carries subnet mask information
in the routing updates.
• Manual route summarization: You can manually summarize OSPF interarea routes
at the Area Border Router (ABR), and you have the possibility to summarize OSPF
external routes at the Autonomous System Boundary Router (ASBR). OSPF does
not know the concept of autosummarization.
• Authentication: OSPF supports clear-text, MD5, and SHA authentication.

Question 36

what is the IP protocol number used by OSPF?

Answer 36

OSPF works on top of IP and uses protocol number 89. It does not rely on the functions of the transport layer protocols TCP or UDP.

Question 37

why do ospf uses areas?

Answer 37

If you run OSPF in a simple network, the number of routers and links are relatively
small, and best paths to all destinations are easily deduced. However, the information
necessary to describe larger networks with many routers and links can become quite
complex. SPF calculations that compare all possible paths for routes can easily turn into
a complex and time-consuming calculation for the router.
One of the main methods to reduce this complexity and the size of the link-state
information database is to partition the OSPF routing domain into smaller units called
areas

Question 38

OSPF uses a two-layer area hierarchy, what are these?

Answer 38

Backbone area, transit area or area 0: Two principal requirements for the backbone area are that it must connect to all other nonbackbone areas and this area must be always contiguous; it is not allowed to have split up the backbone area. Generally, end users are not found within a backbone area.
• Nonbackbone area: The primary function of this area is to connect end users and resources. Nonbackbone areas are usually set up according to functional or geo-
graphic groupings. Traffic between different nonbackbone areas must always pass
through the backbone area.

Question 39

OSPF routers has different names based on their roles, what are these?

Answer 39

• ABR: A router that has interfaces connected to at least two different OSPF areas, including the backbone area. ABRs contain LSDB information for each area, make
route calculation for each area and advertise routing information between areas.
• ASBR: ASBR is a router that has at least one of its interfaces connected to an OSPF area and at least one of its interfaces connected to an external non-OSPF domain.
• Internal router: A router that has all its interfaces connected to only one OSPF area. This router is completely internal to this area.
• Backbone router: A router that has at least one interface connected to the back- bone area.

Question 40

OSPF network design restriction, what is this?

Answer 40

If more than one area is configured, known as
multi-area OSPF, one of these areas must be area 0. This is called the backbone area.The backbone has to be at the center of all other areas, and other areas have to be connected to the backbone. The main reason is that OSPF expects all areas to inject routing
information into the backbone area, which distributes that information into other areas. Another important requirement for the backbone area is that it must be contiguous. In other words, splitting up area 0 is not allowed.

Question 41

what are the five ospf message types?

Answer 41

• Type 1: Hello packet: Hello packets are used to discover, build, and maintain OSPF
neighbor adjacencies. To establish adjacency, OSPF peers at both sides of the link
must agree on some parameters contained in the Hello packet to become OSPF
neighbors.
• Type 2: Database Description (DBD) packet: When the OSPF neighbor adjacency
is already established, a DBD packet is used to describe LSDB so that routers can
compare whether databases are in sync.
• Type 3: Link-State Request (LSR) packet: When the database synchronization pro-
cess is over, the router might still have a list of LSAs that are missing in its database.
The router will send an LSR packet to inform OSPF neighbors to send the most
recent version of the missing LSAs.
• Type 4: Link-State Update (LSU) packet: There are several types of LSUs, known as
LSAs. LSU packets are used for the flooding of LSAs and sending LSA responses to
LSR packets. It is sent only to the directly connected neighbors who have previously
requested LSAs in the form of LSR packet. In case of flooding, neighbor routers are
responsible for re-encapsulation of received LSA information in new LSU packets.
• Type 5: Link-State Acknowledgment (LSAck) packet: LSAcks are used to make
flooding of LSAs reliable. Each LSA received must be explicitly acknowledged.
Multiple LSAs can be acknowledged in a single LSAck packet.

Question 42

what are the things that are needed to match and those doesn’t for an OSPF to establish neighborship?

Answer 42

must match :
area number
hello timers
MTU
area types

must not match :
process-id

Question 43

how do you enable the OSPF Process?

Answer 43

router ospf [process-id]

Question 44

how many areas can you configure it an interface?

Answer 44

only one.

Question 45

what happen when the address ranges specified for different areas overlap?

Answer 45

If the address ranges specified for different areas overlap, IOS will adopt the first area in the network command list and ignore subsequent overlapping portions. To avoid conflicts, you must pay special attention to ensure that address ranges do not overlap.

Question 46

what is an OSPF Router ID and how can you configure it?

Answer 46

The OSPF router ID is a fundamental parameter for the OSPF process. For the OSPF process to start, Cisco IOS must be able to identify a unique OSPF router ID. Similar to EIGRP, the OSPF router ID is a 32-bit value expressed as an IPv4 address. At least one primary IPv4 address on an interface in the up/up state must be configured for a router to be able to choose router ID; otherwise, an error message is logged, and the OSPF process does not start.

router-id [ip-address]

Question 47

how can you verify what router-id the router is using?

Answer 47

R2# show ip protocols

Question 48

when ospf learn routes, it will be distinguished as what types?

Answer 48

OSPF clearly distinguishes
two types of routes: intra-area routes and interarea routes. Intra-area routes
are routes that are originated and learned in the same local area. Code for the intra-area
routes in the routing table is O. The second type is interarea routes, which originate in
other areas and are inserted into the local area to which your router belongs. Code for
the interarea routes in the routing table is O IA. Interarea routes are inserted into other
areas on the ABR.

Question 49

By default, OSPF will advertise any subnet configured on the loopback
interface as /32 host route, how can you change this?

Answer 49

ip ospf network point-to-point

Question 50

what is the default OSPF interface priority?

Answer 50

Every broadcast and NBMA OSPF-enabled interface is assigned a
priority value between 0 and 255. By default, in Cisco IOS, the OSPF interface priority
value is 1 and can be manually changed by using the ip ospf priority interface command.

Question 51

what is an OSPF hello and dead timers?

Answer 51

Similar to EIGRP, OSPF uses two timers to check neighbor reachability: the hello and
dead intervals. The values of hello and dead intervals are carried in OSPF Hello packets
and serve as a keepalive message, with the purpose of acknowledging the presence of the
router on the segment. The hello interval specifies the frequency of sending OSPF Hello
packets in seconds. The OSPF dead timer specifies how long a router waits to receive a
Hello packet before it declares a neighbor router as down.

Question 52

what is the default value of OSPF hello and dead timers?

Answer 52

The default value of the OSPF hello interval on broadcast multiaccess (Ethernet) and
point-to-point links is 10 seconds, and the default value of the dead interval is four times
hello (40 seconds). Default values of the OSPF hello and dead timers on all other OSPF
network types, including nonbroadcast (NBMA) like Frame Relay on the Serial 2/0 interface,
are 30 seconds and 120 seconds, respectively.

Question 53

what is the command to change the default hello and dead timer?

Answer 53

R1(config-if)# ip ospf hello-interval [value]
R1(config-if)# ip ospf dead-interval [value]

When you configure the hello interval, the default value of the dead interval is automatically adjusted to four times the hello interval.

Question 54

what command confirms that full OSPF adjacency is established. The output also shows additional information about neighbor router ID, DR/BDR roles, and how long the neighbor session has been established ?

Answer 54

show ip ospf neighbor detail

Question 55

what is the default timer on an OSPF point to point links?

Answer 55

The default OSPF hello and dead timers on point-to-point links are 10 seconds and 40 seconds, respectively

Question 56

what does Forward Address: 0.0.0.0 means?

Answer 56

The zero forwarding

address tells the rest of the routers in the OSPF domain that ASBR itself is the gateway to get to the external routes.

Question 57

how does OSPF chose the best path?

Answer 57

When SPF is trying to determine the best path toward a known destination, it compares total costs of specific paths against each other. The paths with the lowest costs are selected as the best paths. The OSPF cost is an indication of the overhead to send packets over an interface.

Question 58

what is the OSPF best route formula?

Answer 58

Cost = Reference bandwidth / Interface bandwidth

The cost value is a 16-bit positive number between 1 and 65,535, where a lower value is
a more desirable metric. Reference bandwidth is set to 100 Mbps by default. The metric is only relevant on an outbound path; route decisions are not made
for inbound traffic. The OSPF cost is recomputed after every bandwidth change, and the
Dijkstra’s algorithm determines the best path by adding all link costs along a path.The metric is only relevant on an outbound path; route decisions are not made
for inbound traffic. The OSPF cost is recomputed after every bandwidth change, and the
Dijkstra’s algorithm determines the best path by adding all link costs along a path.

Question 59

what two major problems does route summarization solves?

Answer 59

• Large routing tables

* Frequent LSA flooding throughout the autonomous system