Random Topics Flashcards
A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)
A. The network administrator can apply port security to dynamic access ports.
B. The network administrator can apply port security to EtherChannels.
C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
D. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.
E. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.
Correct Answer: CD
Which interface counter can you use to diagnose a duplex mismatch problem?
A. no carrier
B. late collisions
C. giants
D. CRC errors
E. deferred
F. runts
b
Which switching method duplicates the first six bytes of a frame before making a switching decision?
A. fragment-free switching
B. store-and-forward switching
C. cut-through switching
D. ASIC switching
C
Which logging command can enable administrators to correlate syslog messages with millisecond precision?
A. no logging console
B. logging buffered 4
C. no logging monitor
D. service timestamps log datetime mscec
E. logging host 10.2.0.21
D
Which two spanning-tree port states does RSTP combine to allow faster convergence? (Choose two.)
A. blocking
B. learning
C. forwarding
D. discarding
E. listening AE
Which feature can you implement to reserve bandwidth for VoIP calls across the call path?
A. PQ
B. CBWFQ
C. round robin
D. RSVP
D
Which three statements about link-state routing are true? (Choose three.)
A. OSPF is a link-state protocol.
B. Updates are sent to a broadcast address.
C. It uses split horizon.
D. Routes are updated when a change in topology occurs.
E. RIP is a link-state protocol.
F. Updates are sent to a multicast address by default.
ADF
Which command can you enter to determine whether a switch is operating in trunking mode?
A. show ip interface brief
B. show vlan
C. show interfaces
D. show interface switchport
D
What are three benefits of implementing VLANs? (Choose three.)
A. A higher level of network security can be reached by separating sensitive data traffic from other network traffic.
B. A more efficient use of bandwidth can be achieved allowing many physical groups to use the same network infrastructure.
C. A more efficient use of bandwidth can be achieved allowing many logical networks to use the same network infrastructure.
D. Broadcast storms can be mitigated by decreasing the number of broadcast domains, thus increasing their size.
E. Port-based VLANs increase switch-port use efficiency, thanks to 802.1Q trunks.
F. VLANs make it easier for IT staff to configure new logical groups, because the VLANs all belong to the same broadcast domain.
G. Broadcast storms can be mitigated by increasing the number of broadcast domains, thus reducing their size.
ACG
Which command can you enter to view the ports that are assigned to VLAN 20?
A. Switch#show ip interface vlan 20
B. Switch#show vlan id 20
C. Switch#show ip interface brief
D. Switch#show interface vlan 20
B
In which two formats can the IPv6 address fd15:0db8:0000:0000:0700:0003:400F:572B be written? (Choose two.)
A. fd15:0db8:0000:0000:700:3:400F:527B
B. fd15::db8::700:3:400F:527B
C. fd15:db8:0::700:3:4F:527B
D. fd15:0db8::7:3:4F:527B
E. fd15:db8::700:3:400F:572B
AE
When an interface is configured with PortFast BPDU guard, how does the interface respond when it receives a BPDU?
A. It continues operating normally.
B. It goes into a down/down state.
C. It becomes the root bridge for the configured VLAN.
D. It goes into an errdisable state.
D
What are three characteristics of the TCP protocol? (Choose three.)
A. It uses a single SYN-ACK message to establish a connection.
B. The connection is established before data is transmitted.
C. It ensures that all data is transmitted and received by the remote device.
D. It supports significantly higher transmission speeds than UDP.
E. It requires applications to determine when data packets must be retransmitted.
F. It uses separate SYN and ACK messages to establish a connection.
BCF
Scenario -
Refer to the topology. Your company has decided to connect the main office with three other remote branch offices using point-to-point serial links.
You are required to troubleshoot and resolve OSPF neighbor adjacency issues between the main office and the routers located in the remote branch offices.
Use appropriate show commands to troubleshoot the issues and answer all four questions.
An OSPF neighbor adjacency is not formed between R3 in the main office and R4 in the Branch1 office. What is causing the problem?
A. There is an area ID mismatch.
B. There is a Layer 2 issue; an encapsulation mismatch on serial links.
C. There is an OSPF hello and dead interval mismatch.
D. The R3 router ID is configured on R4.
A
Scenario -
Refer to the topology. Your company has decided to connect the main office with three other remote branch offices using point-to-point serial links.
You are required to troubleshoot and resolve OSPF neighbor adjacency issues between the main office and the routers located in the remote branch offices.
Use appropriate show commands to troubleshoot the issues and answer all four questions.
An OSPF neighbor adjacency is not formed between R3 in the main office and R5 in the Branch2 office. What is causing the problem?
A. There is an area ID mismatch.
B. There is a PPP authentication issue; a password mismatch.
C. There is an OSPF hello and dead interval mismatch.
D. There is a missing network command in the OSPF process on R5. C
The only difference we can see here is the line “ip ospf hello-interval 50″ on R3. This command sets the number of seconds R3 waits before sending the next hello packet out this interface. In this case after configuring this command, R3 will send hello packets to R5 every 50 seconds. But the default value of hello-interval is
10 seconds and R5 is using it. Therefore we can think of a hello interval mismatch problem here. You can verify with the “show ip ospf interface <interface>" command on each router.</interface>
C
Scenario -
Refer to the topology. Your company has decided to connect the main office with three other remote branch offices using point-to-point serial links.
You are required to troubleshoot and resolve OSPF neighbor adjacency issues between the main office and the routers located in the remote branch offices.
Use appropriate show commands to troubleshoot the issues and answer all four questions.
R1 does not form an OSPF neighbor adjacency with R2. Which option would fix the issue?
A. R1 ethernet0/1 is shutdown. Configure no shutdown command.
B. R1 ethernet0/1 configured with a non-default OSPF hello interval of 25; configure no ip ospf hello-interval 25
C. R2 ethernet0/1 and R3 ethernet0/0 are configured with a non-default OSPF hello interval of 25; configure no ip ospf hello-interval 25
D. Enable OSPF for R1 ethernet0/1; configure ip ospf 1 area 0 command under ethernet0/1. B
Continue checking their connected interfaces with the “show running-config” command:
B
Scenario -
Refer to the topology. Your company has decided to connect the main office with three other remote branch offices using point-to-point serial links.
You are required to troubleshoot and resolve OSPF neighbor adjacency issues between the main office and the routers located in the remote branch offices.
Use appropriate show commands to troubleshoot the issues and answer all four questions.
An OSPF neighbor adjacency is not formed between R3 in the main office and R6 in the Branch3 office. What is causing the problem?
A. There is an area ID mismatch.
B. There is a PPP authentication issue; the username is not configured on R3 and R6.
C. There is an OSPF hello and dead interval mismatch.
D. The R3 router ID is configured on R6. D
We are not sure about the configuration of ppp authentication in this case. Some reports said that only one router has the “ppp authentication chap” command but it is just a trick and is not the problem here. The real problem here is R6 uses the same router-id of R3 (192.168.3.3) so OSPF neighborship cannot be established. In real life, such configuration error will be shown in the command line interface (CLI). So please check carefully for this question.
D
What are three advantages of VLANs? (Choose three.)
A. They establish broadcast domains in switched networks.
B. They provide a low-latency internetworking alternative to routed networks.
C. They utilize packet filtering to enhance network security.
D. They can simplify adding, moving, or changing hosts on the network.
E. They allow access to network services based on department, not physical location.
F. They provide a method of conserving IP addresses in large networks.
ADE
Which command can you enter to determine whether serial interface 0/2/0 has been configured using HDLC encapsulation?
A. router#show platform
B. router#show interfaces Serial 0/2/0
C. router#show ip interface s0/2/0
D. router#show ip interface brief
B
Which function of the IP SLAs ICMP jitter operation can you use to determine whether a VoIP issue is caused by excessive end-to-end time?
A. packet loss
B. jitter
C. successive packet loss
D. round-trip time latency
D
Which of these statements correctly describes the state of the switch once the boot process has been completed?
A. The switch will need a different IOS code in order to support VLANs and STР.
B. Remote access management of this switch will not be possible without configuration change.
C. As FastEthernet0/12 will be the last to come up, it will be blocked by STP.
D. More VLANs will need to be created for this switch.
B
The network administrator normally establishes a Telnet session with the switch from host A. However, host A is unavailable. The administrator’s attempt to telnet to the switch from host fails, but pings to the other two hosts are successful. What is the issue?
A. The switch interfaces need the appropriate IP addresses assigned.
B. Host В and the switch need to be in the same subnet.
C. The switch needs an appropriate default gateway assigned.
D. The switch interface connected to the router is down.
E. Host В needs to be assigned an IP address in VLAN 1.
C
Which condition does the err-disabled status indicate on an Ethernet interface?
A. There is a duplex mismatch.
B. The device at the other end of the connection is powered off.
C. The serial interface is disabled.
D. The interface is configured with the shutdown command.
E. Port security has disabled the interface.
F. The interface is fully functioning.
E
Which statement about RADIUS security is true?
A. It supports EAP authentication for connecting to wireless networks.
B. It provides encrypted multiprotocol support.
C. Device-administration packets are encrypted in their entirety.
D. It ensures that user activity is fully anonymous.
A
A router has learned three possible routes that could be used to reach a destination network. One route is from EIGRP and has a composite metric of 20514560.
Another route is from OSPF with a metric of 782. The last is from RIPv2 and has a metric of 4. Which route or routes will the router install in the routing table?
A. the RIPv2 route
B. all three routes
C. the OSPF and RIPv2 routes
D. the OSPF route
E. the EIGRP route
E
Which two correctly describe steps in the OSI data encapsulation process? (Choose two.)
A. The presentation layer translates bits into voltages for transmission across the physical link.
B. The data link layer adds physical source and destination addresses and an FCS to the segment.
C. Packets are created when the network layer adds Layer 3 addresses and control information to a segment.
D. Packets are created when the network layer encapsulates a frame with source and destination host addresses and protocol-related control information.
E. The transport layer divides a data stream into segments and may add reliability and flow control information.
CE
Which two statements about IPv4 multicast traffic are true? (Choose two.)
A. It burdens the source host without affecting remote hosts.
B. It uses a minimum amount of network bandwidth.
C. It is bandwidth-intensive.
D. It simultaneously delivers multiple streams of data.
E. It is the most efficient way to deliver data to multiple receivers.
DE
All of the routers in the network are configured with the ip subnet-zero command. Which network addresses should be used for Link A and Network A? (Choose two.)
A. Link A – 172.16.3.0/30
B. Link A – 172.16.3.112/30
C. Network A – 172.16.3.48/26
D. Network A – 172.16.3.128/25
E. Link A – 172.16.3.40/30
F. Network A – 172.16.3.192/26
AD
Which type of device can be replaced by the use of subinterfaces for VLAN routing?
A. Layer 2 bridge
B. Layer 2 switch
C. Layer 3 switch
D. router
C
Which Layer 2 protocol encapsulation type supports synchronous and asynchronous circuits and has built-in security mechanisms?
A. X.25
B. HDLC
C. PPP
D. Frame Relay
C
Which statement about LLDP is true?
A. It is a Cisco proprietary protocol.
B. It is configured in global configuration mode.
C. The LLDP update frequency is a fixed value.
D. It runs over the transport layer.
B
What are two benefits of private IPv4 IP addresses? (Choose two.)
A. They are routed to the Internet the same as public IP addresses.
B. They are less costly than public IP addresses.
C. They can be assigned to devices without Internet connections.
D. They eliminate the necessity for NAT policies.
E. They eliminate duplicate IP conflicts.
BC
The two connected ports on the switch are not turning orange or green. Which three would be the most effective steps to troubleshoot this physical layer problem?
(Choose three.)
A. Ensure the switch has power.
B. Reseat all cables.
C. Ensure cable A is plugged into a trunk port.
D. Ensure that the Ethernet encapsulations match on the interconnected router and switch ports.
E. Reboot all of the devices.
F. Ensure that cables A and В are straight-through cables.
ABF
Which three ports will be STP designated ports if all the links are operating at the same bandwidth? (Choose three.)
A. Switch B - Fа0/0
B. Switch A - Fa0/1
C. Switch В - Fa0/l
D. Switch С - Fа0/1
E. Switch A - Fa0/0
F. Switch С - Fa0/0
ABC
The network administrator cannot connect to Switch 1 over a Telnet session, although the hosts attached to Switch1 can ping the interface Fa0/0 of the router.
Given the information in the graphic and assuming that the router and Switch2 are configured properly, which of the following commands should be issued on
Switch1 to correct this problem?
A. Switch1(config)# ip default-gateway 192.168.24.1
B. Switch1(config)# interface fa0/1 Switch1(config-if)# switchport mode trunk
C. Switch1(config)# line con0 Switch1(config-line)# password cisco Switch1(config-line)# login
D. Switch1(config)# interface fa0/1 Switch1(config-if)# ip address 192.168.24.3 255.255.255.0
E. Switch1(config)# interface fa0/1 Switch1(config-if)# duplex full Switch1(confiq-if)# speed 100
A
Each of these four switches has been configured with a hostname, as well as being configured to run RSTP. No other configuration changes have been made.
Which three of these show the correct RSTP port roles for the indicated switches and interfaces? (Choose three.)
A. SwitchD. Gi0/2, root
B. SwitchA, Fa0/2, designated
C. SwitchB, Gi0/l, designated
D. SwitchA, Fa0/l, root
E. SwitchB, Gi0/2, root
F. SwitchC, Fa0/2, root ABD
ABD
Why has the Branch3 router lost connectivity with R1? Use only show commands to troubleshoot because usage of the debug command is restricted on the
Branch3 and R1 routers.
A. A PPP chap hostname mismatch is noticed between Branch3 and R1
B. A PPP chap password mismatch is noticed between Branch3 and R1
C. PPP encapsulation is not configured on Branch3
D. The PPP chap hostname and PPP chap password commands are missing on the Branch3 router
Correct Answer: A 🗳️
First we should check Branch3 (and R1) with the “show ip interface brief” command to find any Layer1/Layer2 issue.
We see interfaces connecting between them are in “up/down” states which indicates a Layer 2 issue so we should check the configuration of these interfaces carefully witch the “show running-config” command and pay attention to these interfaces.
and on Branch3:
We learn from above config is R1 is using CHAP to authenticate Branch3 router (via the “ppp authentication chap” command on R1). Branch3 router is sending
CHAP hostname “Branch_3” and CHAP password “Branch3_Secret!” to R1 to be authenticated. Therefore, we should check if R1 has already been configured with such username and password or not with the “show running-config” command on R1:
On R1 we see the configured username is “Branch3”, not “Branch_3” so the usernames here are mismatched and this is the problem -> Answer A is correct.
Which statement about the router configurations is correct?
A. PPP PAP is authentication configured between Branch2 and R1
B. Tunnel keepalives are not configured for the tunnel0 interface on Branch2 and R2
C. The Branch 2 LAN network 192.168.11 0/24 is not advertised into the EIGRP network
D. The Branch3 LAN network 192.168.11 0/24 is not advertised into the EIGRP network
E. PPP CHAP is authentication configured between Branch1 and R1
Correct Answer: D 🗳️
In this question we have to check each option to see if it is correct. When we check Branch3 router we notice that “network 192.168.10.0” command is missing under “router eigrp 100” - > Answer D is correct.
Why did Branch1 router lose WAN connectivity with R1 router?
A. The IP address is misconfigured on PPP multilink interface on the Branch1 router
B. The PPP multilink group is misconfigured on the Branch1 serial interfaces
C. The PPP multilink group is misconfigured on the R1 serial interfaces
D. The Branch1 serial interfaces are placed in a shutdown condition
Correct Answer: A 🗳️
This question clearly stated there is a WAN connectivity issue between R1 and Branch1 so we should check both of them with the “show ip interface brief” command. On R1:
On Branch1:
We can see that although the Multilink1 interfaces are in “up/up” state but they are not in the same subnet. According to the IP address scheme shown on the topology we can deduce the Multilink interface on Branch1 has been misconfigured, it should be 192.168.14.2 instead.
nstructions:
- Enter IOS commands on the device to verify network operation and answer the multiple questions.
- THIS TASK DOES NOT REQUIRE REVICE CINFIGURATION.
- Click the device icon to gain access to the console device. No console or enable passwords are required.
- To access the multiple choice questions, click the numbered boxes on the left of the top panel.
- there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.
Server1 and Server2 are unable to communicate with the rest of the network. Your initial check with system administrators shows that IP address settings are correctly configured on the server side. What could be an issue?
A. The VLAN encapsulation is misconfigured on the router subinterfaces.
B. The IP address is misconfigured on the primary router interface.
C. The Router is missing subinterface configuration.
D. The Trunk is not configured on the L2SW1 switch.
Correct Answer: A 🗳️
Explanation -
Check the configuration of the interface that is connected to Server1 and Server2 on R2 with “show running-config” command.
We see that subinterface E0/1.100 has been configured with VLAN 200 (via “encapsulation dot1Q 200” command) while Server1 belongs to VLAN 100. Therefore this configuration is not correct. It should be “encapsulation dot1Q 100” instead. The same thing for interface E0/1.200, it should be “encapsulation dot1Q 200” instead.
Instructions:
- Enter IOS commands on the device to verify network operation and answer the multiple questions.
- THIS TASK DOES NOT REQUIRE REVICE CINFIGURATION.
- Click the device icon to gain access to the console device. No console or enable passwords are required.
- To access the multiple choice questions, click the numbered boxes on the left of the top panel.
- there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.
Users in the main office complain that they are unable to reach Internet sites. You observe that Internet traffic that is destined towards ISP router is not forwarded correctly on Router R1. What could be an issue?
Plug to the Internet server shows the following results from R1:
R1#ping 209.165.200.225 -
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.225, time out is 2 seconds.
Success rate is 0 percent (0/5)
A. The next hop router address for the default route is incorrectly configured.
B. Default route pointing to ISP router is configured with AD of 255.
C. Default route pointing to ISP router is not configured on Router R1.
D. Router R1 configured as DHCP client is not receiving default route via DHCP from ISP router.
Correct Answer: B 🗳️
When all the users cannot reach internet sites we should check on the router connecting to the ISP to see if it has a default route pointing to the ISP or not. Use the “show ip route” command on R1:
We cannot find a default route on R1 (something like this: S* 0.0.0.0/0 [1/0] via 209.165.201.2) so maybe R1 was not configured with a default route. We can check with the “show running-config” on R1:
We need a configure a default route ( “ip route 0.0.0.0 0.0.0.0 209.165.201.2”) but we cannot find here so we can conclude R1 was not be configured with a default route pointing to the ISP router.
Instructions:
- Enter IOS commands on the device to verify network operation and answer the multiple questions.
- THIS TASK DOES NOT REQUIRE REVICE CINFIGURATION.
- Click the device icon to gain access to the console device. No console or enable passwords are required.
- To access the multiple choice questions, click the numbered boxes on the left of the top panel.
- there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.
Examine R2 configuration, the traffic that is destined to R3 LAN network sourced from Router R2 is forwarded to R1 instead R3. What could be an issue?
R2#traceroute 10.10.12.1 source 10.10.10.1
Type escape sequence to abort -
Tracing the route to 10.10.12.1 -
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.14.1 0 msec 1 msec 0 msec
2 172.16.14.1 !H !H *
R2#
A. RIPv2 routing updates are suppressed between R2 and R3 using passive interface feature.
B. RIPv2 enabled on R3, but R3 LAN network that is not advertised into RIPv2 domain.
C. No issue that is identified; this behavior is normal since default route propagated into RIPv2 domain by Router R1.
D. RIPv2 not enabled on R3.
Correct Answer: D 🗳️
First we should check the routing table of R2 with the “show ip route” command.
In this table we cannot find the subnet “10.10.12.0/24” (R3 LAN network) so R2 will use the default route advertised from R1 (with the command “default- information originate” on R1) to reach unknown destination, in this case subnet 10.10.12.0/24 -> R2 will send traffic to 10.10.12.0/24 to R1.
Next we need to find out why R3 did not advertise this subnet to R2. A quick check with the “show running-config” on R3 we will see that R3 was not configured with RIP ( no “router rip” section). Therefore, we can conclude RIPv2 was not enabled on R3.
Instructions:
- Enter IOS commands on the device to verify network operation and answer the multiple questions.
- THIS TASK DOES NOT REQUIRE REVICE CINFIGURATION.
- Click the device icon to gain access to the console device. No console or enable passwords are required.
- To access the multiple choice questions, click the numbered boxes on the left of the top panel.
- there are four multiple-choice questions with this task. Be sure to answer all four questions before clicking Next.
What is the correct statement below after examining the R1 routing table?
A. Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses static route instead of RIPv2, because the static route AD that is configured is less than the AD of RIPv2.
B. Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses RIPv2 instead of static route, because the static route AD that is configured is higher than the AD of RIPv2.
C. Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses static route instead of RIPv2, but the traffic is forwarded to the ISP instead of the internal network.
D. Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses RIPv2 instead of static route, because the static route AD that is configured is 255.
Correct Answer: B 🗳️
First use the “show ip route” command to check the R1 routing table:
As we see here, 10.10.10/24 is learned from RIP. Notice that although there is a static route on R1 to this destination (you can check with the “show running- config” on R1 to see the line “ip route 10.10.10.0 255.255.255.0 172.16.14.2 200”), this static route is not installed to the routing table because it is not the best path because the Administrative Distance (AD) of this static route is 200 while the AD of RIP is 120 so R1 chose the path with lowest AD so it chose path advertised via RIP.
SIMULATION -
A corporation want to add security to its network. The requirements are:
- Host C should be able to use a web browser (HTTP) to access the Finance Web Server.
- Other types of access from host C to the Finance Web Server should be blocked.
- All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.
- All hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to a single outbound interface. This access list can contain no more than three statements that meets these requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
1. All passwords have been temporarily set to “cisco”.
2. The core connection uses an IP address of 192.168.228.65.
3. The computers in the hosts LAN been assigned addresses of 192.168.40.1 192.168.40.254.
- host A 192.168.40.1
- host B 192.168.40.2
- host C 192.168.40.3
- host D 192.168.40.4
4. The Finance Web Server has been assigned an addresses of 172.22.135.17.
5. The Public Web Server in the Server LAN has been assigned an addresses of 172.22.135.18.
Note: - You may need to scroll this window and the problem statement window.
- Click on picture of cost connected to the specified router and select the CiscoTerminal option to configure the router. If you select the wrong host, click on the show topology button and select a different host.
- To access a host, simply click on picture of host that you want to use and configure it. Certain hosts have dotted lines that represent the serial “console” cables.
- The help command does not display all commands of the help system. The help supports the first level of help system and selected lower layers.
Correct Answer: See the solution below
(you may enter “cisco” as it passwords here)
Corp1>enable -
We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the “show running-config” command to check which interface has the IP address of
172.22.242.30.
Corp1#show running-config -
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).
Corp1#configure terminal -
Our access-list needs to allow host C 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via web
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permitted -
Corp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1 -
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks. If we apply access list to the inbound interface we can only filter traffic from the LAN network.
In the exam, just click on host C to open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server via HTTP or not. If your configuration is correct then you can access it.
Click on other hosts (A, B and D) and check to make sure you cant access Finance Web Server from these hosts.
Finally, save the configuration -
Corp1(config-if)#end -
Corp1#copy running-config startup-config
(This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic like FTP, SMTP then other hosts can access it, too.)
Notice: You might be asked to allow other host (A, B or D) to access the Finance Web Server so please read the requirement carefully.
Some modifications (mods):
Modification 1 (Mod 1):
Modification 2 (Mod 2):
Modification 3 (Mod 3):2 -
Modification 4 (Mod 4):
- There are some reports about the command of “All hosts in the core and on the local LAN should be able to access the Public web server” saying that the correct command should be “access-list 100 permit ip any any”, not “access-list 100 permit ip any host (IP of Public Web Server)”. Although I believe the second command is better but maybe you should use the first command “access-list 100 permit ip any any” instead as some reports said they got 100% when using this command (even if the question gives you the IP address of Public Web Server). It is a bug in this sim.
(Note: Dont forget to apply this access list to the suitable interface or you will lose points interface fa0/1 ip access-group 100 out
And in the exam, they may slightly change the requirements, for example host A, host B instead of host C so make sure you read the requirement carefully and use the access-list correctly)
You are a junior network engineer for a financial company, and the main office network is experiencing network issues. Troubleshoot the network issues.
Router R1 connects the main office to the Internet, and routers R2 and R3 are internal routers.
NAT is enabled on router R1.
The routing protocol that is enabled between routers R1, R2 and R3 is RIPv2.
R1 sends the default route into RIPv2 for the internal routers to forward Internet traffic to R1.
You have console access on R1, R2 and R3 devices. Use only show commands to troubleshoot the issues.
Examine the DCHP configuration between R2 and R3, R2 is configured as the DHCP server and R3 as the client. What is the reason R3 is not receiving the IP address via DHCP?
A. On R2, the network statement in the DHCP pool configuration is incorrectly configured.
B. On R3, DHCP is not enabled on the interface that is connected to R2.
C. On R2, the interface that is connected to R3 is in shutdown condition.
D. On R3, the interface that is connected to R2 is in shutdown condition.
Correct Answer: B 🗳️
First we should check which interface on R3 that is connected to R2 via the “show run” command.
From the description we learn interface E0/1 is connected to R2. Use the “show ip interface brief” command to verify the IP address of this interface.
Therefore we can conclude this interface does not have any IP address and there is no configuration on this interface (except the “description Link to R2” line).
If R3 wants to receive an IP address from R2 via DHCP, interface E0/1 should be configured with the command “ip address dhcp” so the answer “DHCP is not enabled on this interface” is correct.
You are a junior network engineer for a financial company, and the main office network is experiencing network issues. Troubleshoot the network issues.
Router R1 connects the main office to the Internet, and routers R2 and R3 are internal routers.
NAT is enabled on router R1.
The routing protocol that is enabled between routers R1, R2 and R3 is RIPv2.
R1 sends the default route into RIPv2 for the internal routers to forward Internet traffic to R1.
You have console access on R1, R2 and R3 devices. Use only show commands to troubleshoot the issues.
R1 router clock is synchronized with ISP router. R2 is supposed to receive NTP updates from R1. But you observe that R2 clock is not synchronized with R1. What is the reason R2 is not receiving NTP updates from R1?
A. The IP address that is used in the NTP configuration on R2 router is incorrect.
B. The NTP server command not configured on R2 router.
C. R2 router Ethernet interface that is connected to R1 is placed in shutdown condition.
D. R1 router Ethernet interface that is connected to R2 is placed in shutdown condition.
Correct Answer: A 🗳️
First we should verify if the ports connected between R1 and R2 is in “up/up” state with the “show ip interface brief” command on R1 & R2.
Note: We learn R1 & R2 connect to each other via E0/2 interface because the IP addresses of these interfaces belong to 192.168.10.0/30 subnet. Both of them are “up/up” so the link connecting between R1 & R2 is good.
Next we need to verify the ntp configuration on R2 with the “show running-config” command.
So there is only one command related to NTP configuration on R2 so we need to check if the IP address of 192.168.100.1 is correct or not. But from the “show ip interface brief” command on R1 we don’t see this IP -> This IP address is not correct. It should be 192.168.10.1 (IP address of interface E0/2 of R1), not
192.168.100.1.
You are a junior network engineer for a financial company, and the main office network is experiencing network issues. Troubleshoot the network issues.
Router R1 connects the main office to the Internet, and routers R2 and R3 are internal routers.
NAT is enabled on router R1.
The routing protocol that is enabled between routers R1, R2 and R3 is RIPv2.
R1 sends the default route into RIPv2 for the internal routers to forward Internet traffic to R1.
You have console access on R1, R2 and R3 devices. Use only show commands to troubleshoot the issues.
Why applications that are installed on PCs in R2 LAN network 10.100.20.0/24 are unable to communicate with server1?
A. A standard ACL statement that is configured on R1 is blocking the traffic sourced from Server1 network.
B. A standard ACL statement that is configured on R2 is blocking the traffic sourced from Server1 network.
C. A standard ACL statement that is configured on R2 is blocking the traffic sourced from R2 network.
D. A standard ACL statement that is configured on R1 is blocking traffic sourced from R2 LAN network.
Correct Answer: B 🗳️
We should check if we can ping from R1 to Server 1 or not:
The ping worked well so maybe R1 is good so we should check R2 first. We notice on R2 there is an access-list:
This access-list is applied to E0/2 interface with inbound direction. The purpose of this access-list is to block traffic with source IP address of 172.16.200.0/24 so it will block all traffic sent from Server 1 to us.
You are a junior network engineer for a financial company, and the main office network is experiencing network issues. Troubleshoot the network issues.
Router R1 connects the main office to the Internet, and routers R2 and R3 are internal routers.
NAT is enabled on router R1.
The routing protocol that is enabled between routers R1, R2 and R3 is RIPv2.
R1 sends the default route into RIPv2 for the internal routers to forward Internet traffic to R1.
You have console access on R1, R2 and R3 devices. Use only show commands to troubleshoot the issues.
Users complain that they are unable to reach Internet sites. You are troubleshooting Internet connectivity problem at main office. Which statement correctly identifies the problem on Router R1?
A. Interesting traffic for NAT ACL is incorrectly configured.
B. NAT configurations on the interfaces are incorrectly configured.
C. NAT translation statement incorrectly configured.
D. Only static NAT transaction configured for the server, missing Dynamic NAT or Dynamic NAT overloading for Internet networks.
Correct Answer: B 🗳️
If all users cannot access internet, then R1 is most likely to cause the problem so we should check it first. From the “show running-config” command we will see:
We notice that interface E0/0 (connected to ISP) has been configured as “nat inside” while interfaces E0/1 & E0/2 (connected to our company) have been configured as “nat outside”. This is not correct because “nat inside” should be configured with interfaces connected to our company while “nat outside” should be configured with interfaces connected to the internet. Therefore, we can conclude the NAT configuration on these interfaces is not correct.
Refer to the exhibit. If R1 sends traffic to 192.168.10.45, the traffic is sent through which interface?
A. FastEthernet0/1
B. FastEthernet0/0
C. FastEthernet1/0
D. FastEthernet1/1
A
Refer to the exhibit. Which command can you enter to verify link speed and duplex setting on the interface?
A. router#show ip protocols
B. router#show startup-config
C. router#show line
D. router#show interface gig 0/1
D
Refer to the exhibit. If computer A is sending traffic to computer B, which option is the source IP address when a packet leaves R1 on interface F0/1?
A. IP address of computer B
B. IP address of the R2 interface F0/1
C. IP address of the R1 interface F0/1
D. IP address of computer A
D
