Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCNA > Pt2 Routing and Switching v5.02 + v5.03 2016 > Flashcards

Pt2 Routing and Switching v5.02 + v5.03 2016 Flashcards

1
Q

A network technician has been asked to secure all switches in the campus network. The security requirements are for each switch to automatically learn and add MAC addresses to both the address table and the running configuration. Which port security configuration will meet these requirements?

auto secure MAC addresses

dynamic secure MAC addresses

static secure MAC addresses

sticky secure MAC addresses

A

sticky secure MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which three pairs of trunking modes will establish a functional trunk link between two Cisco switches? (Choose three.)

dynamic desirable – dynamic auto

dynamic auto – dynamic auto

access – dynamic auto

dynamic desirable – dynamic desirable

access – trunk

dynamic desirable – trunk

A

dynamic desirable – dynamic auto.
dynamic desirable – dynamic desirable.
dynamic desirable – trunk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Fill in the blank.

The OSPF Type 1 packet is the __ ___ packet.

A

hello

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which value represents the “trustworthiness” of a route and is used to determine which route to install into the routing table when there are multiple routes toward the same destination?

routing protocol

outgoing interface

metric

administrative distance

A

administrative distance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
Which type of router memory temporarily stores the running configuration file and ARP table?
flash
NVRAM
RAM
ROM
A

RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Fill in the blank.

The default administrative distance for a static route is ? .

A

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Fill in the blank.

Static routes are configured by the use of the global configuration command.

ANS: ?

A

ip route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Refer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR?

Router R3 will become the DR and router R1 will become the BDR.

Router R1 will become the DR and router R2 will become the BDR.

Router R4 will become the DR and router R3 will become the BDR.

Router R1 will become the DR and router R2 will become the BDR.

A

Router R4 will become the DR and router R3 will become the BDR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of an access list that is created as part of configuring IP address translation?

The access list permits or denies specific addresses from entering the device doing the translation.

The access list defines the private IP addresses that are to be translated.

The access list prevents external devices from being a part of the address translation.

The access list defines the valid public addresses for the NAT or PAT pool.

A

The access list defines the private IP addresses that are to be translated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.)

-ip access-group 5 out

-access-list standard VTY
permit 10.7.0.0 0.0.0.127

  • access-list 5 deny any
  • access-list 5 permit 10.7.0.0 0.0.0.31
  • ip access-group 5 in
  • access-class 5 in
A
  • access-list 5 permit 10.7.0.0 0.0.0.31.

- access-class 5 in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

While analyzing log files, a network administrator notices reoccurring native VLAN mismatches. What is the effect of these reoccurring errors?

The control and management traffic on the error-occurring trunk port is being misdirected or dropped.

Unexpected traffic on the error-occurring trunk port is being received.​

All traffic on the error-occurring trunk port is being misdirected or dropped.

All traffic on the error-occurring trunk port is being switched correctly regardless of the error.

A

The control and management traffic on the error-occurring trunk port is being misdirected or dropped.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which two characteristics describe the native VLAN? (Choose two.)

This VLAN is necessary for remote management of a switch.

Designed to carry traffic that is generated by users, this type of VLAN is also known as the default VLAN.

The native VLAN provides a common identifier to both ends of a trunk.

The native VLAN traffic will be untagged across the trunk link.

High priority traffic, such as voice traffic, uses the native VLAN.

A

The native VLAN provides a common identifier to both ends of a trunk.
The native VLAN traffic will be untagged across the trunk link.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Refer to the exhibit. The Branch Router has an OSPF neighbor relationship with the HQ router over the 198.51.0.4/30 network. The 198.51.0.8/30 network link should serve as a backup when the OSPF link goes down. The floating static route command ip route 0.0.0.0 0.0.0.0 S0/1/1 100 was issued on Branch and now traffic is using the backup link even when the OSPF link is up and functioning. Which change should be made to the static route command so that traffic will only use the OSPF link when it is up?
Add the next hop neighbor address of 198.51.0.8.
Change the administrative distance to 1.
Change the destination network to 198.51.0.5.
Change the administrative distance to 120.

A

Change the administrative distance to 120.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Refer to the exhibit. An attacker on PC X sends a frame with two 802.1Q tags on it, one for VLAN 40 and another for VLAN 12. What will happen to this frame?
SW-A will drop the frame because it is invalid.
SW-A will leave both tags on the frame and send it to SW-B, which will forward it to hosts on VLAN 40.
SW-A will remove both tags and forward the rest of the frame across the trunk link, where SW-B will forward the frame to hosts on VLAN 40.
SW-A will remove the outer tag and send the rest of the frame across the trunk link, where SW-B will forward the frame to hosts on VLAN 12.

A

SW-A will remove both tags and forward the rest of the frame across the trunk link, where SW-B will forward the frame to hosts on VLAN 40.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which statement is true about the difference between OSPFv2 and OSPFv3?
OSPFv3 routers use a different metric than OSPFv2 routers use.
OSPFv3 routers do not need to elect a DR on multiaccess segments.
OSPFv3 routers do not need to have matching subnets to form neighbor adjacencies.
OSPFv3 routers use a 128 bit router ID instead of a 32 bit ID.

A

OSPFv3 routers do not need to have matching subnets to form neighbor adjacencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are two ways of turning off DTP on a trunk link between switches? (Choose two.)
Change the native VLAN on both ports.
Configure attached switch ports with the nonegotiate command option.
Configure attached switch ports with the dynamic desirable command option.
Configure one port with the dynamic auto command option and the opposite attached switch port with the dynamic desirable command option.
Place the two attached switch ports in access mode.

A

Configure attached switch ports with the nonegotiate command option..
Place the two attached switch ports in access mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Why would an administrator use a network security auditing tool to flood the switch MAC address table with fictitious MAC addresses?
to determine if the switch is forwarding the broadcast traffic correctly
to determine which ports are functioning
to determine which ports are not correctly configured to prevent MAC address flooding
to determine when the CAM table size needs to be increased in order to prevent overflows

A

to determine which ports are not correctly configured to prevent MAC address flooding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A new network policy requires an ACL to deny HTTP access from all guests to a web server at the main office. All guests use addressing from the IPv6 subnet 2001:DB8:19:C::/64. The web server is configured with the address 2001:DB8:19:A::105/64. Implementing the NoWeb ACL on the interface for the guest LAN requires which three commands? (Choose three.)
permit tcp any host 2001:DB8:19:A::105 eq 80
deny tcp host 2001:DB8:19:A::105 any eq 80
deny tcp any host 2001:DB8:19:A::105 eq 80
permit ipv6 any any
deny ipv6 any any
ipv6 traffic-filter NoWeb in
ip access-group NoWeb in

A

deny tcp any host 2001:DB8:19:A::105 eq 80.

permit ipv6 any any

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

An OSPF router has three directly connected networks; 172.16.0.0/16, 172.16.1.0/16, and 172.16.2.0/16. Which OSPF network command would advertise only the 172.16.1.0 network to neighbors?
router(config-router)# network 172.16.1.0 0.0.255.255 area 0
router(config-router)# network 172.16.0.0 0.0.15.255 area 0
router(config-router)# network 172.16.1.0 255.255.255.0 area 0
router(config-router)# network 172.16.1.0 0.0.0.0 area 0

A

router(config-router)# network 172.16.1.0 0.0.255.255 area 0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Refer to the exhibit. Which type of route is 172.16.0.0/16?

child route
level 1 parent route
default route
ultimate route

A

level 1 parent route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q 
Refer to the exhibit. Which type of IPv6 static route is configured in the exhibit?
fully specified static route
recursive static route
directly attached static route
floating static route
A

recursive static route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which subnet mask would be used as the classful mask for the IP address 128.107.52.27?

  1. 0.0.0
  2. 255.0.0
  3. 255.255.0
  4. 255.255.224
A

255.255.0.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q 
Refer to the exhibit. A small business uses VLANs 8, 20, 25, and 30 on two switches that have a trunk link between them. What native VLAN should be used on the trunk if Cisco best practices are being implemented?
1
5
8
20
25
30
A

5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The buffers for packet processing and the running configuration file are temporarily stored in which type of router memory?

Flash
NVRAM
RAM
ROM

A

RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A network technician is configuring port security on switches. The interfaces on the switches are configured in such a way that when a violation occurs, packets with unknown source address are dropped and no notification is sent. Which violation mode is configured on the interfaces?

off
restrict
protect
shutdown

A

Protect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q 
A standard ACL has been configured on a router to allow only clients from the 10.11.110.0/24 network to telnet or to ssh to the VTY lines of the router. Which command will correctly apply this ACL?
access-group 11 in
access-class 11 in
access-list 11 in
access-list 110 in
A

access-group 11 in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Refer to the exhibit.

What address will summarize the LANs attached to routers 2-A and 3-A and can be configured in a summary static route to advertise them to an upstream neighbor?

  1. 0.0.0/24
  2. 0.0.0/23
  3. 0.0.0/22
  4. 0.0.0/21
A

10.0.0.0/21

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A security specialist designs an ACL to deny access to a web server from all sales staff. The sales staff are assigned addressing from the IPv6 subnet 2001:db8:48:2c::/64. The web server is assigned the address 2001:db8:48:1c::50/64. Configuring the WebFilter ACL on the LAN interface for the sales staff will require which three commands? (Choose three.)

permit tcp any host 2001:db8:48:1c::50 eq 80

deny tcp host 2001:db8:48:1c::50 any eq 80

deny tcp any host 2001:db8:48:1c::50 eq 80

permit ipv6 any any

deny ipv6 any any

ip access-group WebFilter in

ipv6 traffic-filter WebFilter in

A

deny tcp host 2001:db8:48:1c::50 any eq 80.
deny tcp any host 2001:db8:48:1c::50 eq 80.
deny ipv6 any any

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

To enable RIP routing for a specific subnet, the configuration command network 192.168.5.64 was entered by the network administrator. What address, if any, appears in the running configuration file to identify this network?

  1. 168.5.64
  2. 168.5.0
  3. 168.0.0

No address is displayed.

A

192.168.5.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Refer to the exhibit. An ACL preventing FTP and HTTP access to the interval web server from all teaching assistants has been implemented in the Board Office. The address of the web server is 172.20.1.100 and all teaching assistants are assigned addresses in the 172.21.1.0/24 network. After implement the ACL, access to all servers is denied. What is the problem?

inbound ACLs must be routed before they are processed
the ACL is implicitly denying access to all the servers
named ACLs requite the use of port numbers
the ACL is applied to the interface using the wrong direction

A

named ACLs requite the use of port numbers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q 
Refer to the exhibit. Assuming that the routing tables are up to date and no ARP messages are needed, after a packet leaves H1, how many times is the L2 header rewritten in the path to H2?
1
2
3
4
5
6
A

2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A router learns of multiple toward the same destination. Which value in a routing table represents the trustworthiness of learned routes and is used by the router to determine which route to install into the routing table for specific situation?

Metric
Colour
Meter
Bread

A

Metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is the minimum configuration for a router interface that is participating in IPv6 routing?

Ipv6
OSPF
Link-access
To have only a link-local IPv6 address
Protocol
A

To have only a link-local IPv6 address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which two statements are true about half-duplex and full-duplex communications? (Choose two.)

Full duplex offers 100 percent potential use of the bandwidth.
Half duplex has only one channel.
All modern NICs support both half-duplex and full-duplex communication.
Full duplex allows both ends to transmit and receive simultaneously.
Full duplex increases the effective bandwidth.

A

Full duplex offers 100 percent potential use of the bandwidth..
Full duplex allows both ends to transmit and receive simultaneously.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Fill in the blank.
The acronym describes the type of traffic that has strict QoS requirements and utilizes a one-way overall delay less than 150 ms across the network. __?__

A

VoIP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which two commands should be implemented to return a Cisco 3560 trunk port to its default configuration? (Choose two.)

S1(config-if)# no switchport trunk allowed vlan
S1(config-if)# no switchport trunk native vlan
S1(config-if)# switchport mode dynamic desirable
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 1

A

S1(config-if)# no switchport trunk allowed vlan.

S1(config-if)# no switchport trunk native vlan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q 
Which command will enable auto-MDIX on a device?
S1(config-if)# mdix auto
S1# auto-mdix
S1(config-if)# auto-mdix
S1# mdix auto
S1(config)# mdix auto
S1(config)# auto-mdix
A

S1(config-if)# mdix auto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is the effect of issuing the passive-interface default command on a router that is configured for OSPF?

Routers that share a link and use the same routing protocol
It prevents OSPF messages from being sent out any OSPF-enabled interface.
All of above
Routers that share a link and use the same routing protocol

A

It prevents OSPF messages from being sent out any OSPF-enabled interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

A network administrator is implementing a distance vector routing protocol between neighbors on the network. In the context of distance vector protocols, what is a neighbor?

routers that are reachable over a TCP session
routers that share a link and use the same routing protocol
routers that reside in the same area
routers that exchange LSAs

A

routers that share a link and use the same routing protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Refer to the exhibit. A network administrator has just configured address translation and is verifying the configuration. What three things can the administrator verify? (Choose three.)
Address translation is working.
Three addresses from the NAT pool are being used by hosts.
The name of the NAT pool is refCount.
A standard access list numbered 1 was used as part of the configuration process.
Two types of NAT are enabled.
One port on the router is not participating in the address translation.

A

Address translation is working.
A standard access list numbered 1 was used as part of the configuration process..
Two types of NAT are enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Match the router memory type that provides the primary storage for the router feature. (Not all options are used.)
console access –Not Scored–

full operating system >

limited operating system >

routing table >

startup configuration file >

ROM
flash
RAM
NVRAM

A

FLASH
ROM
RAM
NVRAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Which two methods can be used to provide secure management access to a Cisco switch? (Choose two.)

Configure all switch ports to a new VLAN that is not VLAN 1.
Configure specific ports for management traffic on a specific VLAN.
Configure SSH for remote management.
Configure all unused ports to a “black hole.”
Configure the native VLAN to match the default VLAN.

A

Configure specific ports for management traffic on a specific VLAN.
Configure SSH for remote management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q 
Refer to the exhibit. Which highlighted value represents a specific destination network in the routing table?
0.0.0.0
10.16.100.128
10.16.100.2
110
791
A

10.16.100.128

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Refer to the exhibit. If RIPng is enabled, how many hops away does R1 consider the 2001:0DB8:ACAD:1::/64 network to be?

1

4

2

3

A

3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Refer to the exhibit. Host A has sent a packet to host B. What will be the source MAC and IP addresses on the packet when it arrives at host B?

Source MAC: 00E0.FE10.17A3
Source IP: 10.1.1.10

Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.1

Source MAC: 00E0.FE91.7799
Source IP: 192.168.1.1

Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.10

Source MAC: 00E0.FE10.17A3
Source IP: 192.168.1.1

A

Source MAC: 00E0.FE91.7799

Source IP: 10.1.1.10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which network design may be recommended for a small campus site that consists of a single building with a few users?

a network design where the access and distribution layers are collapsed into a single layer

a network design where the access and core layers are collapsed into a single layer

a collapsed core network design

a three-tier campus network design where the access, distribution, and core are all separate layers, each one with very specific functions

A

a collapsed core network design

47
Q

efer to the exhibit. A small business uses VLANs 2, 3, 4, and 5 between two switches that have a trunk link between them. What native VLAN should be used on the trunk if Cisco best practices are being implemented?

1

2

3

4

5

6

11

A

5

48
Q

A router learns of multiple routes toward the same destination. Which value in a routing table represents the trustworthiness of learned routes and is used by the router to determine which route to install into the routing table for this specific situation?

routing protocol

outgoing interface

metric

administrative distance

A

administrative distance

49
Q

Which value in a routing table represents trustworthiness and is used by the router to determine which route to install into the routing table when there are multiple routes toward the same destination?

administrative distance

metric

outgoing interface

routing protocol

A

administrative distance

50
Q

The network address 172.18.9.128 with netmask 255.255.255.128 is matched by which wildcard mask?

  1. 0.0.31
  2. 0.0.255
  3. 0.0.127
  4. 0.0.63
A

0.0.0.127

51
Q

Which three addresses could be used as the destination address for OSPFv3 messages? (Choose three.)

FF02::5

FF02::6

FF02::A

2001:db8:cafe::1

FF02::1:2

FE80::1

A

FF02::5
FF02::6
FE80::1

52
Q

Refer to the exhibit. What is the OSPF cost to reach the West LAN 172.16.2.0/24 from East?​

65

A

65

53
Q

A network administrator is configuring an ACL with the command access-list 10 permit 172.16.32.0 0.0.15.255. Which IPv4 address matches the ACE?

  1. 16.20.2
  2. 16.26.254
  3. 16.47.254
  4. 16.48.5
A

172.16.47.254

54
Q

Refer to the exhibit. A new network policy requires an ACL denying FTP and Telnet access to a Corp file server from all interns. The address of the file server is 172.16.1.15 and all interns are assigned addresses in the 172.18.200.0/24 network. After implementing the ACL, no one in the Corp network can access any of the servers. What is the problem?

Inbound ACLs must be routed before they are processed.

The ACL is implicitly denying access to all the servers.

Named ACLs require the use of port numbers.

The ACL is applied to the interface using the wrong direction.

A

Inbound ACLs must be routed before they are processed.

The ACL is implicitly denying access to all the servers.

55
Q

Which two statements are correct if a configured NTP master on a network cannot reach any clock with a lower stratum number?

The NTP master will claim to be synchronized at the configured stratum number.
An NTP server with a higher stratum number will become the master.
Other systems will be willing to synchronize to that master using NTP.
The NTP master will be the clock with 1 as its stratum number.
The NTP master will lower its stratum number.

A

The NTP master will claim to be synchronized at the configured stratum number.
Other systems will be willing to synchronize to that master using NTP.

56
Q

A network engineer has created a standard ACL to control SSH access to a router. Which command will apply the ACL to the VTY lines?

access-group 11 in
access-class 11 in
access-list 11 in
access-list 110 in

A

access-class 11 in

57
Q

A network administrator is configuring a new Cisco switch for remote management access. Which three items must be configured on the switch for the task? (Choose three.)

vty lines
VTP domain
loopback address
default gateway
default VLAN
IP address
A

loopback address.
default VLAN.
IP address

58
Q

A network administrator configures a router to provide stateful DHCPv6 operation. However, users report that workstations do not receive IPv6 addresses within the scope. Which configuration command should be checked to ensure that statefull DHCPv6 is implemented?

The dns-server line is included in the ipv6 dhcp pool section.
The ipv6 nd managed-config-flag is entered for the interface facing the LAN segment.
The ipv6 nd other-config-flag is entered for the interface facing the LAN segment.
The domain-name line is included in the ipv6 dhcp pool section.

A

The dns-server line is included in the ipv6 dhcp pool section.

59
Q

A company has an internal network of 172.16.25.0/24 for their employee workstations and a DMZ network of 172.16.12.0/24 to host servers. The company uses NAT when inside hosts connect to outside network. A network administrator issues the show ip nat translations command to check the NAT configurations. Which one of source IPv4 addresses is translated by R1 with PAT?

  1. 0.0.31
  2. 16.12.5
  3. 16.12.33
  4. 168.1.10
  5. 16.25.35
A

172.16.25.35

60
Q

Which characteristic describes cut-through switching?

Error-free fragments are forwarded, so switching occurs with lower latency.
Frames are forwarded without any error checking.
Only outgoing frames are checked for errors.
Buffering is used to support different Ethernet speeds.

A

Frames are forwarded without any error checking.

61
Q 
A network administrator is configuring port security on a Cisco switch. The company security policy specifies that when a violation occurs, packets with unknown source addresses should be dropped and no notification should be sent. Which violation mode should be configured on the interfaces?
off
restrict
protect
shutdown
A

protect

62
Q

What are two reasons that will prevent two routers from forming an OSPFv2 adjacency? (Choose two.)

mismatched subnet masks on the link interfaces

a mismatched Cisco IOS version that is used

use of private IP addresses on the link interfaces

one router connecting to a FastEthernet port on the switch and the other connecting to a GigabitEthernet port

mismatched OSPF Hello or Dead timers

A

mismatched OSPF Hello or Dead timers.

mismatched subnet masks on the link interfaces

63
Q

which type of traffic is designed for a native VLAN?

management
user-generated
un tagged
tagged

A

un tagged

64
Q 
A company security policy requires that all MAC addressing be dynamically learned and added to both the MAC address table and the running configuration on each switch. Which port security configuration will accomplish this?
auto secure MAC addresses
dynamic secure MAC addresses
static secure MAC addresses
sticky secure MAC addresses
A

sticky secure MAC addresses

65
Q

Refer to the exhibit. An ACL preventing FTP and HTTP access to the interval web server from all teaching assistants has been implemented in the Board Office. The address of the web server is 172.20.1.100 and all teaching assistants are assigned addresses in the 172.21.1.0/24 network. After implement the ACL, access to all servers is denied. What is the problem?
inbound ACLs must be routed before they are processed
the ACL is implicitly denying access to all the servers
named ACLs requite the use of port numbers
the ACL is applied to the interface using the wrong direction

A

named ACLs requite the use of port numbers

66
Q

What are two features of a link-state routing protocol? (Choose two.)
The database information for each router is obtained from the same source.
Routers send triggered updates in response to a change.
Routers create a topology of the network by using information from other routers.
Paths are chosen based on the lowest number of hops to the designated router.
Routers send periodic updates only to neighboring routers.

A

Routers send triggered updates in response to a change.

Routers create a topology of the network by using information from other routers.

67
Q 
Which summary IPv6 static route statement can be configured to summarize only the routes to networks 2001:db8:cafe::/58 through 2001:db8:cafe:c0::/58?
ipv6 route 2001:db8:cafe::/54 S0/0/0
  ipv6 route 2001:db8:cafe::/60 S0/0/0
  ipv6 route 2001:db8:cafe::/62 S0/0/0
  ipv6 route 2001:db8:cafe::/56 S0/0/0
A

ipv6 route 2001:db8:cafe::/56 S0/0/0

68
Q 
When a Cisco switch receives untagged frames on a 802.1Q trunk port, which VLAN ID is the traffic switched to by default?
data VLAN ID
  native VLAN ID
  unused VLAN ID
  management VLAN ID
A

native VLAN ID

69
Q

A college marketing department has a networked storage device that uses the IP address 10.18.7.5, TCP port 443 for encryption, and UDP port 4365 for video streaming. The college already uses PAT on the router that connects to the Internet. The router interface has the public IP address of 209.165.200.225/30. The IP NAT pool currently uses the IP addresses ranging from 209.165.200.228-236. Which configuration would the network administrator add to allow this device to be accessed by the marketing personnel from home?

ip nat pool mktv 10.18.7.5 10.18.7.5

ip nat inside source static tcp 10.18.7.5 443 209.165.200.225 443
ip nat inside source static udp 10.18.7.5 4365 209.165.200.225 4365

ip nat inside source static tcp 209.165.200.225 443 10.18.7.5 443
ip nat inside source static udp 209.165.200.225 4365 10.18.7.5 4365

No additional configuration is necessary.

ip nat outside source static 10.18.7.5 209.165.200.225

A

ip nat inside source static tcp 10.18.7.5 443 209.165.200.225 443

70
Q

Refer to the exhibit. How did the router obtain the last route that is shown?

The ip address interface configuration mode command was used in addition to the network routing protocol configuration mode command.
The ipv6 route command was used.
the ip route command was used.
Another router in the same organization provided the default route by using a dynamic routing protocol.

A

Another router in the same organization provided the default route by using a dynamic routing protocol.

71
Q

Refer to the exhibit. A Layer 3 switch routes for three VLANs and connects to a router for Internet connectivity. Which two configurations would be applied to the switch? (Choose two.)

(config)# interface gigabitethernet 1/1
(config-if)# no switchport

(config-if)# ip address 192.168.1.2 255.255.255.252
(config)# interface vlan 1
(config-if)# ip address 192.168.1.2 255.255.255.0
(config-if)# no shutdown

(config)# interface gigabitethernet1/1
(config-if)# switchport mode trunk

(config)# interface fastethernet0/4
(config-if)# switchport mode trunk

(config)# ip routing

A

(config)# ip routing

(config)# interface gigabitethernet 1/1
(config-if)# no switchport

72
Q

A network contains multiple VLANs spanning multiple switches. What happens when a device in VLAN 20 sends a broadcast Ethernet frame?
Only devices in VLAN 20 see the frame.
Devices in VLAN 20 and the management VLAN see the frame.
Only devices that are connected to the local switch see the frame.
All devices in all VLANs see the frame.

A

Only devices in VLAN 20 see the frame.

73
Q 
Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)
  computer type
  source TCP hello address
  ICMP message type
  destination UDP port number 
  destination MAC address
A

ICMP message type

destination UDP port number

74
Q

Refer to the exhibit. R1 was configured with the static route command ip route 209.165.200.224 255.255.255.224 S0/0/0 and consequently users on network 172.16.0.0/16 are unable to reach resources on the Internet. How should this static route be changed to allow user traffic from the LAN to reach the Internet?
Add an administrative distance of 254.
Change the destination network and mask to 0.0.0.0 0.0.0.0
Change the exit interface to S0/0/1.
Add the next-hop neighbor address of 209.165.200.226.

A

Change the destination network and mask to 0.0.0.0 0.0.0.0

75
Q

How is the router ID for an OSPFv3 router determined?

the highest IPv6 address on an active interface
the highest EUI-64 ID on an active interface
the highest IPv4 address on an active interface
the lowest MAC address on an active interface

A

the highest IPv4 address on an active interface

76
Q

Two employees in the Sales department work different shifts with their laptop computers and share the same Ethernet port in the office. Which set of commands would allow only these two laptops to use the Ethernet port and create violation log entry without shutting down the port if a violation occurs?

switchport mode access
switchport port-security

switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict

switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky

switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation protect

A

switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict

77
Q

Which two factors are important when deciding which interior gateway routing protocol to use? (Choose two.)

  speed of convergence
  scalability
  ISP selection
  the autonomous system that is used
  campus backbone architecture
A

speed of convergence

scalability

78
Q

Which two statements are characteristics of routed ports on a multilayer switch? (Choose two.)
In a switched network, they are mostly configured between switches at the core and distribution layers.
They support subinterfaces, like interfaces on the Cisco IOS routers.
The interface vlan command has to be entered to create a VLAN on routed ports.
They are used for point-to-multipoint links.
They are not associated with a particular VLAN.

A

In a switched network, they are mostly configured between switches at the core and distribution layers.
They are not associated with a particular VLAN.

79
Q 
A network administrator is adding ACLs to a new IPv6 multirouter environment. Which IPv6 ACE is automatically added implicitly at the end of an ACL so that two adjacent routers can discover each other?
  permit ip any host ip_address
  permit icmp any any nd-na
  permit ip any any
  deny ip any any
A

permit icmp any any nd-na

80
Q 
Refer to the exhibit. The Gigabit interfaces on both routers have been configured with subinterface numbers that match the VLAN numbers connected to them. PCs on VLAN 10 should be able to print to the P1 printer on VLAN 12. PCs on VLAN 20 should print to the printers on VLAN 22. What interface and in what direction should you place a standard ACL that allows printing to P1 from data VLAN 10, but stops the PCs on VLAN 20 from using the P1 printer? (Choose two.)
  outbound
  R2 S0/0/1
  R1 S0/0/0
  inbound
  R1 Gi0/1.12
  R2 Gi0/1.20
A

outbound

R1 Gi0/1.12

81
Q

Which statement describes a route that has been learned dynamically?
It is automatically updated and maintained by routing protocols.
It is unaffected by changes in the topology of the network.
It has an administrative distance of 1.
It is identified by the prefix C in the routing table.

A

It is automatically updated and maintained by routing protocols.

82
Q

A network administrator is explaining to a junior colleague the use of the lt and gt keywords when filtering packets using an extended ACL. Where would the lt or gt keywords be used?

in an IPv6 extended ACL that stops packets going to one specific destination VLAN
in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device
in an IPv4 named standard ACL that has specific UDP protocols that are allowed to be used on a specific server
in an IPv6 named ACL that permits FTP traffic from one particular LAN getting to another LAN

A

in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device

83
Q

On a switch that is configured with multiple VLANs, which command will remove only VLAN 100 from the switch?
Switch(config)# no vlan 100
Switch(config-if)# no switchport access vlan 100
Switch(config-if)# no switchport trunk allowed vlan 100
Switch# delete flash:vlan.dat

A

Switch(config)# no vlan 100

84
Q

A router needs to be configured to route within OSPF area 0. Which two commands are required to accomplish this? (Choose two.)

RouterA(config-router)# network 192.168.2.0 255.255.255.0 0
RouterA(config-router)# network 192.168.2.0 0.0.0.255 0
RouterA(config)# router ospf 1
RouterA(config-router)# network 192.168.2.0 0.0.0.255 area 0
RouterA(config)# router ospf 0

A

RouterA(config)# router ospf 1

RouterA(config-router)# network 192.168.2.0 0.0.0.255 area 0

85
Q

What is a function of the distribution layer?

interconnection of large-scale networks in wiring closets
network access to the user
fault isolation
high-speed backbone connectivity

A

interconnection of large-scale networks in wiring closets

86
Q

Which three requirements are necessary for two OSPFv2 routers to form an adjacency? (Choose three.)

The link interface subnet masks must match.
The two routers must include the inter-router link network in an OSPFv2 network command.
The OSPFv2 process ID must be the same on each router.
The OSPF hello or dead timers on each router must match.
The OSPFv2 process is enabled on the interface by entering the ospf process area-id command.
The link interface on each router must be configured with a link-local address.

A

The link interface subnet masks must match.
The two routers must include the inter-router link network in an OSPFv2 network command.
The OSPF hello or dead timers on each router must match.

87
Q

Which three pieces of information does a link-state routing protocol use initially as link-state information for locally connected links? (Choose three.)
the cost of that link
the type of network link
the link bandwidth
the link next-hop IP address
the link router interface IP address and subnet mask

A

the cost of that link
the type of network link.
the link router interface IP address and subnet mask

88
Q

Refer to the exhibit. R1 has been configured as shown. However, PC1 is not able to receive an IPv4 address. What is the problem?
R1 is not configured as a DHCPv4 server.
A DHCP server must be installed on the same LAN as the host that is receiving the IP address.
The ip address dhcp command was not issued on the interface Gi0/1.
The ip helper-address command was applied on the wrong interface

A

The ip helper-address command was applied on the wrong interface.

89
Q

What best describes the operation of distance vector routing protocols?
They use hop count as their only metric.
They send their routing tables to directly connected neighbors.
They flood the entire network with routing updates.
They only send out updates when a new network is added.

A

They send their routing tables to directly connected neighbors.

90
Q

A network administrator is using the router-on-a-stick method to configure inter-VLAN routing. Switch port Gi1/1 is used to connect to the router. Which command should be entered to prepare this port for the task?
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# spanning-tree vlan 1
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# spanning-tree portfast
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# switchport mode trunk
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# switchport access vlan 1

A

Switch(config)# interface gigabitethernet 1/1

Switch(config-if)# switchport mode trunk

91
Q

Which three advantages are provided by static routing? (Choose three.)
The path a static route uses to send data is known.
No intervention is required to maintain changing route information.
Static routing does not advertise over the network, thus providing better security.
Static routing typically uses less network bandwidth and fewer CPU operations than dynamic routing does.
Configuration of static routes is error-free.
Static routes scale well as the network grows.

A

The path a static route uses to send data is known.
Static routing does not advertise over the network, thus providing better security.
Static routing typically uses less network bandwidth and fewer CPU operations than dynamic routing does.

92
Q

Which information does a switch use to populate the MAC address table?
the destination MAC address and the outgoing port
the source MAC address and the incoming port
the source and destination MAC addresses and the incoming port
the source MAC address and the outgoing port
the source and destination MAC addresses and the outgoing port
the destination MAC address and the incoming port

A

the source MAC address and the incoming port

93
Q

Refer to the exhibit. A network administrator is configuring a router as a DHCPv6 server. The administrator issues a show ipv6 dhcp pool command to verify the configuration. Which statement explains the reason that the number of active clients is 0?
The IPv6 DHCP pool configuration has no IPv6 address range specified.
The state is not maintained by the DHCPv6 server under stateless DHCPv6 operation.
The default gateway address is not provided in the pool.
No clients have communicated with the DHCPv6 server yet.

A

The state is not maintained by the DHCPv6 server under stateless DHCPv6 operation.

94
Q

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
What is the problem preventing PC0 and PC1 from communicating with PC2 and PC3?
The routers are using different OSPF process IDs.
The serial interfaces of the routers are in different subnets.
No router ID has been configured on the routers.
The gigabit interfaces are passive.

A

The serial interfaces of the routers are in different subnets.

95
Q

Which command will create a static route on R2 in order to reach PC B?

R1(config)# ip route 172.16.2.0 255.255.255.0 172.16.2.254
R1(config)# ip route 172.16.2.0 255.255.255.0 172.16.3.1
R1(config)# ip route 172.16.2.1 255.255.255.0 172.16.3.1
R1(config)# ip route 172.16.3.0 255.255.255.0 172.16.2.254

A

R1(config)# ip route 172.16.2.0 255.255.255.0 172.16.3.1

96
Q

A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry?

  1. 0.0.127
  2. 0.0.255
  3. 0.1.255
  4. 0.255.255
A

0.0.1.255

97
Q

What happens immediately after two OSPF routers have exchanged hello packets and have formed a neighbor adjacency?
They request more information about their databases.
They negotiate the election process if they are on a multiaccess network.
They exchange DBD packets in order to advertise parameters such as hello and dead intervals.
They exchange abbreviated lists of their LSDBs

A

They exchange abbreviated lists of their LSDBs

98
Q

What is the purpose of setting the native VLAN separate from data VLANs?
The native VLAN is for routers and switches to exchange their management information, so it should be different from data VLANs.
A separate VLAN should be used to carry uncommon untagged frames to avoid bandwidth contention on data VLANs.
The native VLAN is for carrying VLAN management traffic only.
The security of management frames that are carried in the native VLAN can be enhanced

A

A separate VLAN should be used to carry uncommon untagged frames to avoid bandwidth contention on data VLANs.

99
Q 
Which command, when issued in the interface configuration mode of a router, enables the interface to acquire an IPv4 address automatically from an ISP, when that link to the ISP is enabled? 
  ip helper-address
  ip address dhcp
  ip dhcp pool
  service dhcp
A

ip address dhcp

100
Q 
Which two commands can be used to verify the content and placement of access control lists? (Choose two.)
  show processes
  show cdp neighbor
  show access-lists
  show ip route
  show running-config
A

show access-lists

show running-config

101
Q

What summary static address would be configured on R1 to advertise to R3?

  1. 168.0.0/24
  2. 168.0.0/23
  3. 168.0.0/22
  4. 168.0.0/21
A

192.168.0.0/22

102
Q 
Which type of router memory temporarily stores the running configuration file and ARP table?
  flash
  NVRAM
  RAM
  ROM
A

NVRAM

103
Q

What is the purpose of an access list that is created as part of configuring IP address translation?
The access list permits or denies specific addresses from entering the device doing the translation.
The access list defines the private IP addresses that are to be translated.
The access list prevents external devices from being a part of the address translation.
The access list defines the valid public addresses for the NAT or PAT pool.

A

The access list defines the private IP addresses that are to be translated.

104
Q

While analyzing log files, a network administrator notices reoccurring native VLAN mismatches. What is the effect of these reoccurring errors?
The control and management traffic on the error-occurring trunk port is being misdirected or dropped.
Unexpected traffic on the error-occurring trunk port is being received.​
All traffic on the error-occurring trunk port is being misdirected or dropped.
All traffic on the error-occurring trunk port is being switched correctly regardless of the error.

A

The control and management traffic on the error-occurring trunk port is being misdirected or dropped.

105
Q

Which two characteristics describe the native VLAN? (Choose two.)

This VLAN is necessary for remote management of a switch.
Designed to carry traffic that is generated by users, this type of VLAN is also known as the default VLAN.
The native VLAN provides a common identifier to both ends of a trunk.
The native VLAN traffic will be untagged across the trunk link.
High priority traffic, such as voice traffic, uses the native VLAN.

A

The native VLAN provides a common identifier to both ends of a trunk.
The native VLAN traffic will be untagged across the trunk link.

106
Q

Refer to the exhibit. An attacker on PC X sends a frame with two 802.1Q tags on it, one for VLAN 40 and another for VLAN 12. What will happen to this frame?
SW-A will drop the frame because it is invalid.
SW-A will leave both tags on the frame and send it to SW-B, which will forward it to hosts on VLAN 40.
SW-A will remove both tags and forward the rest of the frame across the trunk link, where SW-B will forward the frame to hosts on VLAN 40.
SW-A will remove the outer tag and send the rest of the frame across the trunk link, where SW-B will forward the frame to hosts on VLAN 12.

A

SW-A will remove both tags and forward the rest of the frame across the trunk link, where SW-B will forward the frame to hosts on VLAN 40.

107
Q

A new network policy requires an ACL to deny HTTP access from all guests to a web server at the main office. All guests use addressing from the IPv6 subnet 2001:DB8:19:C::/64. The web server is configured with the address 2001:DB8:19:A::105/64. Implementing the NoWeb ACL on the interface for the guest LAN requires which three commands? (Choose two.)
permit tcp any host 2001:DB8:19:A::105 eq 80
deny tcp host 2001:DB8:19:A::105 any eq 80
deny tcp any host 2001:DB8:19:A::105 eq 80
permit ipv6 any any
deny ipv6 any any
ipv6 traffic-filter NoWeb in
ip access-group NoWeb in

A

deny tcp any host 2001:DB8:19:A::105 eq 80

permit ipv6 any any

108
Q

Which subnet mask would be used as the classful mask for the IP address 192.135.250.27?

  1. 0.0.0
  2. 255.0.0
  3. 255.255.0
  4. 255.255.224
A

255.255.255.0

109
Q 
A standard ACL has been configured on a router to allow only clients from the 10.11.110.0/24 network to telnet or to ssh to the VTY lines of the router. Which command will correctly apply this ACL?
  access-group 11 in
  access-class 11 in
  access-list 11 in
  access-list 110 in
A

access-group 11 in

110
Q

A security specialist designs an ACL to deny access to a web server from all sales staff. The sales staff are assigned addressing from the IPv6 subnet 2001:db8:48:2c::/64. The web server is assigned the address 2001:db8:48:1c::50/64. Configuring the WebFilter ACL on the LAN interface for the sales staff will require which three commands? (Choose three.)
permit tcp any host 2001:db8:48:1c::50 eq 80
deny tcp host 2001:db8:48:1c::50 any eq 80
deny tcp any host 2001:db8:48:1c::50 eq 80
permit ipv6 any any
deny ipv6 any any
ip access-group WebFilter in
ipv6 traffic-filter WebFilter in

A

deny tcp host 2001:db8:48:1c::50 any eq 80
deny tcp any host 2001:db8:48:1c::50 eq 80
deny ipv6 any any

111
Q 
Refer to the exhibit. Which highlighted value represents a specific destination network in the routing table?
  0.0.0.0
  10.16.100.128
  10.16.100.2
  110
  791
A

10.16.100.128

112
Q 
Refer to the exhibit. Host A has sent a packet to host B. What will be the source MAC and IP addresses on the packet when it arrives at host B? 
Source MAC: 00E0.FE10.17A3
Source IP: 10.1.1.10 
Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.1 
Source MAC: 00E0.FE91.7799
Source IP: 192.168.1.1 
Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.10 
Source MAC: 00E0.FE10.17A3
Source IP: 192.168.1.1
A

Source MAC: 00E0.FE91.7799

Source IP: 10.1.1.10

113
Q 
Refer to the exhibit. A small business uses VLANs 2, 3, 4, and 5 between two switches that have a trunk link between them. What native VLAN should be used on the trunk if Cisco best practices are being implemented?
  1
  2
  3
  4
  5
  6
  11
A

5

CCNA (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions