ENSA 6

Question 1

Refer to the exhibit. An administrator first configured an extended ACL as shown by the output of the show access-lists command. The administrator then edited this access-list by issuing the commands below.

Router(config)# ip access-list extended 101
Router(config-ext-nacl)# no 20
Router(config-ext-nacl)# 5 permit tcp any any eq 22
Router(config-ext-nacl)# 20 deny udp any any
Which two conclusions can be drawn from this new configuration?​ (Choose two.)

TFTP packets will be permitted.​

Ping packets will be permitted.

Telnet packets will be permitted.

SSH packets will be permitted.

All TCP and UDP packets will be denied.​

Answer 1

Ping packets will be permitted.

SSH packets will be permitted.

Explanation: After the editing, the final configuration is as follows:
Router# show access-lists
Extended IP access list 101
5 permit tcp any any eq ssh
10 deny tcp any any
20 deny udp any any
30 permit icmp any any
So, only SSH packets and ICMP packets will be permitted.​

Question 2

Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?

a less-structured approach based on an educated guess

an approach comparing working and nonworking components to spot significant differences

a structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified

an approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified

Answer 2

a less-structured approach based on an educated guess

Question 3

Refer to the exhibit. Many employees are wasting company time accessing social media on their work computers. The company wants to stop this access. What is the best ACL type and placement to use in this situation?

extended ACL outbound on R2 WAN interface towards the internet

standard ACL outbound on R2 WAN interface towards the internet

standard ACL outbound on R2 S0/0/0

extended ACLs inbound on R1 G0/0 and G0/1

Answer 3

extended ACLs inbound on R1 G0/0 and G0/1

Question 4

Refer to the exhibit. An administrator is trying to configure PAT on R1, but PC-A is unable to access the Internet. The administrator tries to ping a server on the Internet from PC-A and collects the debugs that are shown in the exhibit. Based on this output, what is most likely the cause of the problem?

The inside and outside NAT interlaces have been configured backwards

The inside global address is not on the same subnet as the ISP

The address on Fa0/0 should be 64.100.0.1.

The NAT source access list matches the wrong address range.

Answer 4

The inside global address is not on the same subnet as the ISP

Explanation: The output of debug ip nat shows each packet that is translated by the router. The “s” is the source IP address of the packet and the “d” is the destination. The address after the arrow (“->”) shows the translated address. In this case, the translated address is on the 209.165.201.0 subnet but the ISP facing interface is in the 209.165.200.224/27 subnet. The ISP may drop the incoming packets, or might be unable to route the return packets back to the host because the address is in an unknown subnet.

Question 5

Why is QoS an important issue in a converged network that combines voice, video, and data communications?

Data communications must be given the first priority.

Voice and video communications are more sensitive to latency.

Legacy equipment is unable to transmit voice and video without QoS.

Data communications are sensitive to jitter.

Answer 5

Voice and video communications are more sensitive to latency.

Explanation: Without any QoS mechanisms in place, time-sensitive packets, such as voice and video, will be dropped with the same frequency as email and web browsing traffic.

Question 6

Which statement describes a VPN?

VPNs use logical connections to create public networks through the Internet.

VPNs use open source virtualization software to create the tunnel through the Internet.

VPNs use dedicated physical connections to transfer data between remote users.

VPNs use virtual connections to create a private network through a public network.

Answer 6

VPNs use virtual connections to create a private network through a public network.

Explanation: A VPN is a private network that is created over a public network. Instead of using dedicated physical connections, a VPN uses virtual connections routed through a public network between two network devices.

Question 7

In which OSPF state is the DR/BDR election conducted?

ExStart

Init

Two-Way

Exchange

Answer 7

Two-Way

Question 8

Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?

Cisco Secure Mobility Clientless SSL VPN

Frame Relay

remote access VPN using IPsec

Cisco AnyConnect Secure Mobility Client with SSL

site-to-site VPN

Answer 8

site-to-site VPN

Explanation: The site-to-site VPN is an extension of a classic WAN network that provides a static interconnection of entire networks. Frame Relay would be a better choice than leased lines, but would be more expensive than implementing site-to-site VPNs. The other options refer to remote access VPNs which are better suited for connecting users to the corporate network versus interconnecting two or more networks.

Question 9

What is the final operational state that will form between an OSPF DR and a DROTHER once the routers reach convergence?

loading

established

full

two-way

Answer 9

full

Question 10

Refer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR?

Router R3 will become the DR and router R1 will become the BDR.

Router R4 will become the DR and router R3 will become the BDR.

Router R1 will become the DR and router R2 will become the BDR.

Router R3 will become the DR and router R2 will become the BDR.

Answer 10

Router R3 will become the DR and router R1 will become the BDR.

Explanation: OSPF elections of a DR are based on the following in order of precedence:

highest pritority from 1 -255 (0 = never a DR)
highest router ID
highest IP address of a loopback or active interface in the absence of a manually configured router ID. Loopback IP addresses take higher precedence than other interfaces.
In this case routers R3 and R1 have the highest router priority. Between the two, R3 has the higher router ID. Therefore, R3 will become the DR and R1 will become the BDR

Question 11

Refer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR? Case 2

Router R2 will become the DR and router R4 will become the BDR.

Router R1 will become the DR and router R3 will become the BDR.

Router R4 will become the DR and router R3 will become the BDR.

Router R3 will become the DR and router R2 will become the BDR.

Answer 11

Router R1 will become the DR and router R3 will become the BDR.

Question 12

Which type of server would be used to keep a historical record of messages from monitored network devices?

DNS

print

DHCP

syslog

authentication

Answer 12

syslog

Explanation: A syslog server is used as a centralized location for logged messages from monitored network devices.

Question 13

When QoS is implemented in a converged network, which two factors can be controlled to improve network performance for real-time traffic? (Choose two.)

packet addressing

delay

jitter

packet routing

link speed

Answer 13

delay

jitter

Explanation: Delay is the latency between a sending and receiving device. Jitter is the variation in the delay of the received packets. Both delay and jitter need to be controlled in order to support real-time voice and video traffic.

Question 14

In which step of gathering symptoms does the network engineer determine if the problem is at the core, distribution, or access layer of the network?

Determine ownership.

Determine the symptoms.

Narrow the scope.

Document the symptoms.

Gather information.

Answer 14

Narrow the Scope

Explanation: In the “narrow the scope” step of gathering symptoms, a network engineer will determine if the network problem is at the core, distribution, or access layer of the network. Once this step is complete and the layer is identified, the network engineer can determine which pieces of equipment are the most likely cause.

Question 15

What protocol sends periodic advertisements between connected Cisco devices in order to learn device name, IOS version, and the number and type of interfaces?

CDP

SNMP

NTP

LLDP

Answer 15

CDP

Question 16

An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?

0.0.0.127

0.0.0.31

0.0.3.255

0.0.0.63

Answer 16

0.0.3.255

Question 17

Refer to the exhibit. An administrator configures the following ACL in order to prevent devices on the 192.168.1.0 subnet from accessing the server at 10.1.1.5:

access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.1.1.5
access-list 100 permit ip any any

Where should the administrator place this ACL for the most efficient use of network resources?

inbound on router A Fa0/0

outbound on router B Fa0/0

outbound on router A Fa0/1

inbound on router B Fa0/1

Answer 17

inbound on router A Fa0/0

Question 18

Which type of OSPFv2 packet is used to forward OSPF link change information?

link-state acknowledgment

link-state update

hello

database description

Answer 18

link-state update

Question 19

What protocol synchronizes with a private master clock or with a publicly available server on the internet?

MPLS

CBWFQ

TFTP

NTP

Answer 19

NTP

Question 20

Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN?

dynamic multipoint VPN

SSL VPN

IPsec virtual tunnel interface

GRE over IPsec

Answer 20

GRE over IPsec

Question 21

An OSPF router has three directly connected networks; 10.0.0.0/16, 10.1.0.0/16, and 10.2.0.0/16. Which OSPF network command would advertise only the 10.1.0.0 network to neighbors?

router(config-router)# network 10.1.0.0 0.0.255.255 area 0

router(config-router)# network 10.1.0.0 0.0.15.255 area 0

router(config-router)# network 10.1.0.0 255.255.255.0 area 0

router(config-router)# network 10.1.0.0 0.0.0.0 area 0

Answer 21

router(config-router)# network 10.1.0.0 0.0.255.255 area 0

Explanation: To advertise only the 10.1.0.0/16 network the wildcard mask used in the network command must match the first 16-bits exactly. To match bits exactly, a wildcard mask uses a binary zero. This means that the first 16-bits of the wildcard mask must be zero. The low order 16-bits can all be set to 1.

Question 22

Refer to the exhibit. Which sequence of commands should be used to configure router A for OSPF?

router ospf 1
network 192.168.10.0 area 0

router ospf 1
network 192.168.10.0

router ospf 1
network 192.168.10.64 255.255.255.192
network 192.168.10.192 255.255.255.252

router ospf 1
network 192.168.10.64 0.0.0.63 area 0
network 192.168.10.192 0.0.0.3 area 0

Answer 22

router ospf 1
network 192.168.10.64 0.0.0.63 area 0
network 192.168.10.192 0.0.0.3 area 0

Question 23

An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.254.0. What wildcard mask would the administrator use in the OSPF network statement?

0.0.7.255

0.0.1.255

0.0.3.255

0.0.15.255

Answer 23

0.0.1.255

Question 24

How does virtualization help with disaster recovery within a data center?

improvement of business practices

supply of consistent air flow

support of live migration

guarantee of power

case 2

Less energy is consumed.

Server provisioning is faster.

Hardware at the recovery site does not have to be identical to production equipment.

Power is always provided.

Answer 24

support of live migration

case 2:
Hardware at the recovery site does not have to be identical to production equipment.

Explanation: Live migration allows moving of one virtual server to another virtual server that could be in a different location that is some distance from the original data center.

Question 25

How does virtualization help with disaster recovery within a data center?

Hardware does not have to be identical.

(Other case) Hardware at the recovery site does not have to be identical to production equipment.

Power is always provided.

Less energy is consumed.

Server provisioning is faster.

Answer 25

Hardware does not have to be identical.

(Other case) Hardware at the recovery site does not have to be identical to production equipment.

Explanation: Disaster recovery is how a company goes about accessing applications, data, and the hardware that might be affected during a disaster. Virtualization provides hardware independence which means the disaster recovery site does not have to have the exact equipment as the equipment in production. Server provisioning is relevant when a server is built for the first time. Although data centers do have backup generators, the entire data center is designed for disaster recovery. One particular data center could never guarantee that the data center itself would never be without power.