Exam Cram

Question 1

Which of the following converts the four-wire BRI signals from an S/T interface into two-wire signals of a U interface? A. TE1 B. NT-2 C. NT-1 D. TE2 E. TA

Answer 1

The TA converts EIA/TIA-232 and other signals into BRI signals.

Question 2

True or false. The service password-encryption command encrypts all the passwords on the device with the exception of the enable secret, which uses a hash.

Answer 2

True.

Question 3

Which of the following is microcode used to test the basic functionality of the router hardware and determine the router hardware configuration? A. Bootstrap code B. ROMMON C. POST D. “Mini” IOS software file

Answer 3

Answer: D. The mini-IOS software file is a subset of the Cisco IOS for loading a new IOS image into flash and performing other maintenance operations.

Question 4

What command changes the duplex setting for an individual interface on a Catalyst switch? A. SW1#duplex full B. SW1#set duplex full C. SW1(config)#duplex full D. SW1(config)#set duplex full E. SW1(config-if)#duplex full F. SW1(config-if)#set duplex full

Answer 4

Answer: E. You make this configuration setting on a particular interface, thus the need to be in Interface Configuration mode.

Question 5

Which of the following designates a device such as a PC or router requiring a TA to adapt communication for BRI signals? A. TE1 B. NT-2 C. NT-1 D. TE2

Answer 5

Answer: D. TE2 is a device such as a PC or router that requires a TA to adapt communication for BRI signals.

Question 6

Which of the following is used to bring the router up during initialization and reads the configuration register to determine how to boot? A. Bootstrap code B. ROMMON C. POST D. “Mini” IOS software file

Answer 6

Answer: D. The mini-IOS software file is a subset of the Cisco IOS for loading a new IOS image into flash and performing other maintenance operations.

Question 7

Views are very useful in creating role-based rules as to which commands are authorized for execution. Examine the sequence of commands and choose all the correct statements from the list that follows them. CiscoISR(config)#aaa new-model CiscoISR#enable view Password: enablesecretpassword CiscoISR#config terminal Enter configuration commands, one per line. End with CNTL/Z. CiscoISR(config)#parser view ISP CiscoISR(config-view)#secret 0 hardtoguess CiscoISR(config-view)#commands exec include ping CiscoISR(config-view)#commands exec include all configure A. The aaa new-model command is required before a view can be created. B. The user who accesses the ISP view will require the password hardtoguess. C. The user who accesses the ISP view will be authorized to use the ping command. D. The user who accesses the ISP view will not be authorized to use the copy running-config startup-config command. E. None of the above.

Answer 7

The correct answers are A, B, C, and D. Answer D is also correct because after logging into the view, only the commands specified will be authorized to be executed.

Question 8

Which of the following contribute to congestion on an Ethernet network? (Choose two.) A. Creation of a new collision domain B. Creation of a new VLAN C. Addition of a hub to the network D. Use of switches in the network E. Amount of ARP or IPX SAP traffic

Answer 8

Answers: C and E. Hubs work on half-duplex mode. If more devices connect to a hub and are sending simultaneously, collisions occur. ARP and IPX SAP traffic is broadcast-based and also creates congestion in the network.

Question 9

Which of the following converts EIA/TIA-232, V.35, and other signals into BRI signals? A. TE1 B. NT-2 C. NT-1 D. TE2 E. TA

Answer 9

Answer: E. The TA converts EIA/TIA-232 and other signals into BRI signals.

Question 10

Which of the following is capable of loading a new IOS image into flash and performing other maintenance operations? A. Bootstrap code B. ROMMON C. POST D. “Mini” IOS software file

Answer 10

Answer: D. The mini-IOS software file is a subset of the Cisco IOS for loading a new IOS image into flash and performing other maintenance operations.

Question 11

With respect to AAA, access to the router is called remote ________ access and access through the router is called remote ________ access. (Pick the answer that fills in the blanks in the correct order.) A. Network, administrative B. Vty, packet C. Administrative, network D. Proxy, cut-through E. None of the above.

Answer 11

The correct answer is C.

Question 12

Which of the following are required for a switch to be managed remotely via Telnet from another IP subnet? (Choose two.) A. An IP address on the switch B. A routing protocol C. Full-duplex connections D. A default gateway on the switch E. A static route from the switch to a router

Answer 12

Answers: A and D. For an administrator to remotely manage a switch, an IP address must be assigned, and a default gateway must be set for return traffic.

Question 13

One of the switches in your network fails, but you have redundant UTP cabling to another switch in place. Assuming that the default convergence parameters have not been altered, how long before your backup switch will be able to forward frames on all segments? A. Immediately B. 10 seconds C. 40 seconds D. 50 seconds

Answer 13

Answer: D. Spanning-Tree Protocol (STP) ensures that there are no loops in your redundant switched network. When a port or switch fails, STP converges through four stages, taking approximately 50 seconds to do so.

Question 14

You want to view the IOS image that is currently stored in flash. What command displays the image? A. show ios B. show flash C. ls flash D. list flash

Answer 14

Answer: B. The show flash command lists the contents of flash memory, including the IOS image file stored there

Question 15

What are the three main task areas for setting up external AAA? Choose from the following list: A. Set up users (server). B. Configure the AAA network (client and server). C. Install AAA 802.1X supplicant support in SDM (client). D. Identify traffic to which AAA will be applied (client). E. Choose digital certificates to authenticate the AAA server to the client (and vice versa).

Answer 15

The correct answers are A, B, and D.

Question 16

Which of the following reference points refers to the connection between a non–ISDN-compatible device and a terminal adapter? A. R B. S C. T D. U

Answer 16

Answer: A. The R reference point refers to the connection between a non–ISDN-compatible device and a terminal adapter.

Question 17

In Spanning-Tree Protocol, what describes the state at which the root bridge has been elected and all ports are either in their blocked or forwarding state? A. Stable B. Blocking C. Converged D. Static

Answer 17

Answer: C. When STP is merely monitoring the switched network and all ports are in their appropriate blocking or forwarding state, it is known as a converged network.

Question 18

What command displays information stored in RAM? A. show ram B. show running-config C. show startup-config D. list ram

Answer 18

Answer: B. The show running-config command displays the current running configuration of the router, which is kept in RAM.

Question 19

With respect to secure management and reporting, traffic can flow either ________, meaning that it is separate from the production network, or ________, meaning that the traffic flows across the production network. (Pick the answer that fills in the blanks in the correct order.) A. Extranet, intranet B. Intranet, extranet C. Internet, intranet D. Out-of-band, in-band E. In-band, out-of-band

Answer 19

The correct answer is D. The other answers use terminology that doesn’t apply in this context.

Question 20

Which of the following reference points refers to the point that connects into the NT-2, or customer-switching device? A. R B. S C. T D. U

Answer 20

Answer: B. S refers to the point that connects into the NT-2 or customer-switching device.

Question 21

Which of the following statements are true regarding full-duplex communication? (Choose two.) A. Full-duplex provides greater bandwidth than half-duplex. B. Full-duplex is faster than half-duplex token ring. C. Full-duplex has more collisions than half-duplex. D. Full-duplex requires point-to-point connections

Answer 21

Answers: A and D. Full-duplex provides separate transmit and receive circuits, thus effectively doubling the total bandwidth. Because of this behavior, it requires point-to-point connections.

Question 22

What are the Cisco AutoSecure features that SDM Security Audit does not implement? (Choose all that apply.) A. Disabling NTP B. Configuring AAA C. Setting Selective Packet Discard (SPD) values D. Enabling TCP intercepts E. Configuring anti-spoofing ACLs on outside-facing interfaces F. All of the above.

Answer 22

The correct answer is F. The auto secure [no-interact] command, though roughly equivalent, has some more functionality than the Cisco SDM Security Audit feature. Use the no-interact option of the command to make auto secure work more like the One-step lockdown feature of the SDM.

Question 23

Your configuration register boot field is set to 0x0. What is the effect on how the router boots? A. It uses ROM monitor mode. B. It automatically boots from ROM. C. It examines NVRAM for boot system commands. D. It automatically boots from RAM.

Answer 23

Answer: A. A configuration register value of 0x0 in the boot field causes the router to use ROM monitor mode, so A is the correct response.

Question 24

Which of the following reference points refers to the connection between the NT-1 and the ISDN network owned by the telephone company? A. R B. S C. T D. U

Answer 24

Answer: D. This reference point refers to the connection between the NT-1 and ISDN network owned by the telephone company.

Question 25

Which of the following is Cisco’s definition of a firewall? A. A firewall is a system or a group of systems that enforce an access control policy between two networks. B. A firewall is a stateful device that analyzes the state of a connection built across it and opens and closes ports in support of secure communication. C. A firewall is a device that filters packets, both in the ingress and egress direction, based on static packet header content. D. A firewall is software deployed on an end system to protect a specific application. E. None of the above.

Answer 25

he correct answer is A. Curiously, Cisco’s definition of a firewall is the vaguest of all of them. Essentially, anything that manages access by analyzing flows between two or more networks constitutes a firewall.

Question 26

Your configuration register boot field is set to 0x2. What is the effect on how the router boots? A. It uses ROM monitor mode. B. It automatically boots from ROM. C. It examines NVRAM for boot system commands. D. It automatically boots from RAM.

Answer 26

Answer: C. A configuration register value of 0x2 in the boot field causes the router to examine NVRAM for boot system commands.

Question 27

You want to adjust the likelihood of your switch becoming the root bridge in your Spanning-Tree network. What command accomplishes this? A. Switch(config)# spanning-tree root B. Switch(config)# spanning-tree mac-address 0000.0000.0001 C. Switch(config)# spanning-tree priority 65000 D. Switch(config)# spanning-tree vlan 1 priority 4096

Answer 27

Answer: D. Adjusting your spanning-tree priority to a lower number reduces the switch Bridge ID. This makes it more likely to become the root of the spanning-tree network. The lower the switch Bridge ID, the more likely the chance of becoming the root.

Question 28

Which of the following designations indicates that the NT-1 is built in? A. TE1 B. NT-2 C. S/T D. U E. TA

Answer 28

Answer: D. U indicates that the NT-1 is built in.

Question 29

You have noticed that the amount of broadcast traffic has increased in your environment. A junior network administrator suggests that the company purchase switches with greater port density. Will this solution solve the problem? A. Yes, with more ports, the number of broadcasts will decrease. B. Yes, with more ports, the switch will be able to forward broadcasts more efficiently. C. No, with more ports, you will add to the amount of broadcast traffic. D. No, with more ports, you will forward broadcasts only to switches, causing CPU utilization to increase on the switches.

Answer 29

Answer: C. By default, Layer 2 switches cannot stop broadcasts, and floods them out all ports except the port on which the broadcast was received.

Question 30

What are the two parameters that have to be configured before RSA keys can be generated to support SSH on the router? A. Hostname, domain name B. Enable secret, SSH transport on the vtys C. Enable password, SSH transport on physical interfaces D. Hostname, default gateway E. Encryption key protocol, hashing method

Answer 30

Answer A is correct. The device’s hostname and domain name must be configured, as these provide material for the public/private RSA key pair (see also Chapter 6, “Introducing Cryptographic Services”), which is required for the Secure Sockets Layer (SSL) encryption that SSH uses.

Question 31

Your configuration register boot field is set to 0x1. What is the effect on how the router boots? A. It uses ROM monitor mode. B. It automatically boots from ROM. C. It examines NVRAM for boot system commands. D. It automatically boots from RAM.

Answer 31

Answer: C. A configuration register value of 0x2 in the boot field causes the router to examine NVRAM for boot system commands.

Question 32

Which of the following components is supplied by the end user in the United States and by the provider in Europe? A. TE1 B. NT-2 C. NT-1 D. TE2 E. TA

Answer 32

Answer: C. The NT-1 is supplied by the end user in the United States and by the provider in Europe.

Question 33

Which of the following PDUs does a Layer 2 switch process? A. Bits B. Frames C. Packets D. Segments

Answer 33

Answer: B. The Protocol Data Units (PDUs) that operate at Layer 2 of the OSI Model are called frames.

Question 34

For the following names of Cisco log severity levels, fill in their level.

1. Errors
2. Informational
3. Alerts
4. Emergencies
5. Debugging
6. Warnings
7. Notifications
8. Critical

Answer 34

1. Errors - 3
2. Informational - 6
3. Alerts - 1
4. Emergencies - 0
5. Debugging - 7
6. Warnings - 4
7. Notifications - 5
8. Critical - 2

Question 35

What command displays information stored in NVRAM? A. show ram B. sho running-config C. show startup-config D. list ram

Answer 35

Answer: C. The show startup-config command lists the contents of NVRAM and the configuration used on startup.

Question 36

Which of the following reference points refers to the outbound connection from the NT-2 to the ISDN network? A. R B. S C. T D. U

Answer 36

Answer: D. This reference point refers to the connection between the NT-1 and ISDN network owned by the telephone company.

Question 37

What are the three duplex settings available on a Catalyst switch? (Choose three.) A. Full B. Auto C. Half D. Control

Answer 37

Answers: A, B, and C. The correct command is duplex [full/half/auto].

Question 38

Fill in the blanks. Interface ACLs are still relevant and can be used to complement Zone-Based Policy Firewall (ZPF) policies. Inbound ACLs are applied ________ ZPF policies and outbound ACLs are applied ________ ZPF policies.

Answer 38

The correct answers are before and after, respectively. If there is an inbound ACL on an interface that is also part of a zone, the packet is tested on the ACL first, and if permitted is then tested on the ZPF policy. Similarly, if there is an outbound ACL on an interface, the packet is first tested on the ZPF policy, and if it is permitted, it is then tested on the outbound interface ACL.

Question 39

What command should you enter to modify the value of the configuration register? A. config register B. configure register C. config-register D. conf-register

Answer 39

Answer: C. The config-register command followed by the register setting is the correct syntax to use for setting the configuration register.

Question 40

You need to specify the type of ISDN switch you are using to configure ISDN BRI. You are using a National ISDN-1. Which command is correct? A. switch-type ni1 B. switch-type basic-ni1 C. isdn switch-type ni1 D. isdn switch-type basic-ni1

Answer 40

Answer: D. the correct format to specify a national ISDN-1 switch is isdn switch-type basic-ni1.

Question 41

What command changes the duplex setting for an individual interface on a Catalyst switch? A. ExamCram2#duplex full B. ExamCram2#set duplex full C. ExamCram2 (config)#duplex full D. ExamCram2 (config)#set duplex full E. ExamCram2 (config-if)#duplex full F. ExamCram2 (config-if)#set duplex full

Answer 41

Answer: E. You make this configuration setting on a particular interface, thus the need to be in Interface Configuration mode.

Question 42

True or false. Assuming that the IOS router is also the VPN endpoint, encrypted packets are tested on an inbound ACL twice. True False

Answer 42

True. If a packet is encrypted, it will first be tested on the inbound ACL to determine whether encrypted packets are allowed. If it is allowed, the packet is decrypted before it is again tested on the inbound ACL.

Question 43

You need to confirm the value set in your configuration register before you restart your router. What command should you issue? A. show running-config B. show startup-config C. show reg D. show version

Answer 43

Answer: D. The show version command displays the configuration register setting.

Question 44

Which of the following is a series of characters that identifies you to the switch at the central office? A. UID B. SID C. SPID D. Terminal ID

Answer 44

Answer: C. This is the service profile identifier (SPID) assigned by the provider.