ICND1 Practice Exam

which of the following commands could be
used in R2? 100-101

To allow or prevent load balancing to network 172.16.3.0/24, which of the following
commands
could be used in R2? (Choose two.)

A.
R2(config-if)#clock rate
B.
R2(config-if)#bandwidth
C.
R2(config-if)#ip ospf cost
D.
R2(config-if)#ip ospf priority
E.
R2(config-router)#distance ospf

1 Answers
1.

Answers: B,C
R2(config-if)#bandwidth
R2(config-if)#ip ospf cost
Explanation:
The cost (also called metric) of an interface in OSPF is an indication of the overhead
required to
send packets across a certain interface. The cost of an interface is inversely
proportional to the
bandwidth of that interface. A higher bandwidth indicates a lower cost. There is more
overhead
(higher cost) and time delays involved in crossing a 56k serial line than crossing a
10M Ethernet
line. The formula used to calculate the cost is:
Cost = 10000 0000/bandwidth in bps
For example, it will cost 10 EXP8/10 EXP7 = 10 to cross a 10M Ethernet line and
will cost 10
EXP8/1544000 =64 to cross a T1 line.
By default, the cost of an interface is calculated based on the bandwidth; you can
force the cost of
an interface with the ip ospf cost <value> interface subconfiguration mode comman

what type of messaging, if any, occurs
between R3 and R4?
After the network has converged, what type of messaging, if any, occurs between R3 and R4?

A.
No messages are exchanged
B.
Hellos are sent every 10 seconds.
C.
The full database from each router is sent every 30 seconds.
D.
The routing table from each router is sent every 60 seconds.

1 Answers
1.

Answers: B
Hellos are sent every 10 seconds.
Explanation:
HELLO messages are used to maintain adjacent neighbors so even when the network
is
converged, hellos are still exchanged. On broadcast and point-to-point links, the
default is 10
seconds, on NBMA the default is 30 seconds.
Although OSPF is a link-state protocol the full database from each router is sent every
30 minutes
(not seconds) therefore, C and D are not correct.

how many networks will be in the routing
table of R1 that are indicated to be learned
by OSPF?
OSPF is configured using default classful addressing. With all routers and interfaces
operational,
how many networks will be in the routing table of R1 that are indicated to be learned by
OSPF?

A.
2
B.
3
C.
4
D.
5
E.
6
F.
7

1 Answers
1.

Answers: C
4

Answers
which address will the OSPF process select
as the router ID?

R1 is configured with the default configuration of OSPF. From the following list of IP
addresses
configured on R1, which address will the OSPF process select as the router ID?

A.
192.168.0.1
B.
172.16.1.1
C.
172.16.2.1
D.
172.16.2.225

1 Answers
1.

Answers: A
192.168.0.1
Explanation:
The Router ID (RID) is an IP address used to identify the router and is chosen using
the following
sequence:
+ The highest IP address assigned to a loopback (logical) interface. + If a loopback
interface is not
defined, the highest IP address of all active routers physical interfaces will be chosen.
+ The router ID can be manually assigned
In this case, because a loopback interface is not configured so the highest active IP
address
192.168.0.1 is chosen as the router ID.

what does the 128 refer to in the router
output above?
ROUTER# show ip route
192.168.12.0/24 is variably subnetted, 9 subnets, 3 masks
C 192.168.12.64 /28 is directly connected, Loopback1
C 192.168.12.32 /28 is directly connected, Ethernet0
O 192.168.12.236 /30 [110/128] via 192.168.12.233, 00:35:36, Serial0
C 192.168.12.232 /30 is directly connected, Serial0
O 192.168.12.245 /30 [110/782] via 192.168.12.233, 00:35:36, Serial0
O 192.168.12.240 /30 [110/128] via 192.168.12.233, 00:35:36, Serial0
O 192.168.12.253 /30 [110/782] via 192.168.12.233, 00:35:37, Serial0
O 192.168.12.249 /30 [110/782] via 192.168.12.233, 00:35:37, Serial0
O 192.168.12.240/30 [110/128] via 192.168.12.233, 00:35:36, Serial 0
To what does the 128 refer to in the router output above?
A.
OSPF cost
B.
OSPF priority
C.
OSPF hop count
D.
OSPF ID number
E.
OSPF administrative distance

1 Answers
1.

Answers: A
OSPF cost
Explanation:
The first parameter is the Administrative Distance of OSPF (110) while the second
parameter is
the cost of OSPF.

Which of the following describe the process
identifier that is used to run OSPF on a
router?
Which of the following describe the process identifier that is used to run OSPF on a router?
(Choose two)
A.
It is locally significant.
B.
It is globally significant.
C.
It is needed to identify a unique instance of an OSPF database.
D.
It is an optional parameter required only if multiple OSPF processes are running on the
router.
E.
All routers in the same OSPF area must have the same process ID if they are to exchange
routing information.

1 Answers
1.

Answers: A,C
It is locally significant.
It is needed to identify a unique instance of an OSPF database.
Explanation:
https://learningnetwork.cisco.com/thread/6248
They are locally significant only, and have no bearing on the structure of any OSPF
packet or LSA
update. So you can have a separate process-id on every single router in your network
if you so
desire!

Drag the protocol on the left to an
associated function for that protocol on the
right.
DRAG DROP
Various protocols are listed on the left. On the right are application for the use of those
protocols. Drag the protocol on the left to an associated function for that protocol on the right.
(Not all options are used)

1 Answers
1.

Fujmin on May 08, 2014 Reply
Answers: <a href="http://assets.tinthuc.com/images/100-
101/60a.jpg"><img class="aligncenter size-full"
src="http://assets.tinthuc.com/images/100-101/60a.jpg" alt=""
/></a>
Explanation:

Move the protocol or service on the left to a
situation on the right where it would be
used.
DRAG DROP
Move the protocol or service on the left to a situation on the right where it would be used.
(not all option are used)

1 Answers
1.

Explanation:

what password or password sequence is
required for the administrator to access
privileged mode on Router1?
Refer to the exhibit.

The network administrator made the entries that are shown and then saved the configuration.
From a console connection, what password or password sequence is required for the
administrator to access privileged mode on Router1?
A.
cisco
B.
sanfran
C.
sanjose
D.
either cisco or sanfran
E.
either cisco or sanjose
F.
sanjose and sanfran

1 Answers
1.
Answers: B
sanfran
Explanation:
The enable secret password takes precedence over the enable password, so sanfran
will be used.

Drag the appropriate command on the left
to the configuration task it accomplished.
DRAG DROP
Drag the appropriate command on the left to the configuration task it accomplished. (Not all
options are used)

1 Answers
1.

Fujmin on May 08, 2014 Reply
Answers: <a href="http://assets.tinthuc.com/images/100-
101/71a.jpg"><img class="aligncenter size-full"
Explanation:

What is the purpose of the last command
entered?
The following commands are entered on the router:
Burbank(config)# enable secret fortress
Burbank(config)# line con 0
Burbank(config-line)# login
Burbank(config-line)# password n0way1n
Burbank(config-line)# exit
Burbank(config)# service password-encryption
What is the purpose of the last command entered?
A.
to require the user to enter an encrypted password during the login process
B.
to prevent the vty, console, and enable passwords from being displayed in plain text in the
configuration files
C.
to encrypt the enable secret password
D.
to provide login encryption services between hosts attached to the router

1 Answers
1.

Answers: B
to prevent the vty, console, and enable passwords from being displayed in plain text in
the
configuration files
Explanation:
Explanation/Reference:
Certain types of passwords, such as Line passwords, by default appear in clear text in
the
configuration file. You can use the service password-encryption command to make
them more
secure. Once this command is entered, each password configured is automatically
encrypted and
thus rendered illegible inside the configuration file (much as the Enable/Enable Secret
passwords
are). Securing Line passwords is doubly important in networks on which TFTP
servers are used,
because TFTP backup entails routinely moving config files across networksand
config files, of
course, contain Line passwords.
0

What is the effect of using the service
password-encryption command?
What is the effect of using the service password-encryption command?
A.
Only the enable password will be encrypted.
B.
Only the enable secret password will be encrypted.
C.
Only passwords configured after the command has been entered will be encrypted.
D.
It will encrypt the secret password and remove the enable secret password from the
configuration.
E.
It will encrypt all current and future passwords.

1 Answers
1.

Answers: E
It will encrypt all current and future passwords.
Explanation:
Encryption further adds a level of security to the system as anyone having access to
the database
of passwords cannot reverse the process of encryption to know the actual passwords
which isnt
the case if the passwords are stored simply.
0 Votes 0 Votes 0 Votes

which need to be modified before RouterA
is used?

Select two options which are security Issues which need to be modified before RouterA is
used?
(Choose two.)
A.
unencrypted weak password is configured to protect privilege mode
B.
inappropriate wording in banner message
C.
the virtual terminal lines have a weak password configured
D.
virtual terminal lines have a password, but it will not be used
E.
configuration supports un-secure web server access

1 Answers
1.

Answers: B,D
inappropriate wording in banner message
virtual terminal lines have a password, but it will not be used
Explanation:
This answer can be done by simulation only, dont know user name password and
banner
message etc

Choose three.)

100-101

Select three options which are security issues with the current configuration of SwitchA.
(Choose
three.)
A.
Privilege mode is protected with an unencrypted password
B.
Inappropriate wording in banner message
C.
Virtual terminal lines are protected only by a password requirement
D.
Both the username and password are weak
E.
Telnet connections can be used to remotely manage the switch
F.
Cisco user will be granted privilege level 15 by default

1 Answers
1.

Answers: A,B,D
Privilege mode is protected with an unencrypted password
Inappropriate wording in banner message
Both the username and password are weak
Explanation:
This answer can be done by simulation only, dont know user name password and
banner
message etc

Which two of the following are true
regarding the configuration of RouterA?

Which two of the following are true regarding the configuration of RouterA? (Choose two.)
A.
At least 5 simultaneous remote connections are possible
B.
Only telnet protocol connections to RouterA are supported
C.
Remote connections to RouterA using telnet will succeed
D.
Console line connections will nevertime out due to inactivity
E.
Since DHCP is not used on Fa0/1 there is not a need to use the NAT protocol

1 Answers
1.

Answers: A,C
At least 5 simultaneous remote connections are possible
Remote connections to RouterA using telnet will succeed
Explanation:
The IP address can accommodate 5 hosts at least, telnet can be accessed on the router

Answers
Which of the following is true regarding the
configuration of SwitchA?

Which of the following is true regarding the configuration of SwitchA?
A.
only 5 simultaneous remote connections are possible
B.
remote connections using ssh will require a username and password
C.
only connections from the local network will be possible
D.
console access to SwitchA requires a password

1 Answers
1.
Answers: B
remote connections using ssh will require a username and password
Explanation:
Ssh login requires a user name and password always while other conditions may or
may not be
true.

What is the subnet broadcast address of the
LAN connected to Router1?

What is the subnet broadcast address of the LAN connected to Router1?
A.
192.168.8.15
B.
192.168.8.31
C.
192.168.8.63
D.
192.168.8.127

1 Answers
1.

Answers: A
192.168.8.15
Explanation:
The IP address assigned to FA0/1 is 192.168.8.9/29, making 192.168.8.15 the
broadcast address.

Answers
What is the bandwidth on the WAN
interface of Router 1?

What is the bandwidth on the WAN interface of Router 1?
A.
16 Kbit/sec
B.
32 Kbit/sec
C.
64 Kbit/sec
D.
128 Kbit/sec
E.
512 Kbit/sec
F.
1544 Kbit/sec

1 Answers
1.
Answers: A
16 Kbit/sec
Explanation:
Use the show interface s0/0 to see the bandwidth set at 16 Kbit/sec.
The show interface s0/0 command results will look something like this and the
bandwidth will be
represented by the BW on the fourth line as seen below where BW equals 1544
Kbits/sec.
R2#show interface serial 0/0
Serial0/0 is up, line protocol is down
Hardware is GT96K Serial
Internet address is 10.1.1.5/30
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 uses.
0

Answers
which Routed is connected?

Including the address on the Routed Ethernet interface, how many hosts can have IP
addresses
on the LAN to which Routed is connected?
A.
6
B.
30
C.
62
D.
126

1 Answers
1.
Answers: A
6
Explanation:
This is a /29 address, so there are 6 usable IPs on this subnet.

1 6

Which commands will correct this issue?

The hosts in the LAN are not able to connect to the Internet. Which commands will correct
this issue?

A.
Option A
B.
Option B
C.
Option C
D.
Option D
E.
Option E

1 Answers
1.
Answers: B
Option B
Explanation:
Do a show ip int brief and you will see that Fa0/1 has an IP address assigned, but it
is shut
down.

what is the most likely cause of the
problem?
The network administrator has found the following problem.

The remote networks 172.16.10.0, 172.16.20.0, and 172.16.30.0 are accessed through the
Central routers serial 0/0 interface. No users are able to access 172.16.20.0. After reviewing
the
command output shown in the graphic, what is the most likely cause of the problem?
A.
no gateway of last resort on Central
B.
Central routers not receiving 172.16.20.0 update
C.
incorrect static route for 172.16.20.0
D.
172.16.20.0 not located in Centrals routing table

1 Answers
1.

Answers: C
incorrect static route for 172.16.20.0

The host on Network A can communicate
with other hosts on Network

A person is trying to send a file from a host on Network A of the JAX Company to a server
on
Network Z of the XYZ Company. The file transfer fails. The host on Network A can
communicate
with other hosts on Network A.
Which command, issued from router RTA, would be the most useful for troubleshooting this
problem?
A.
show flash:
B.
show history
C.
show version
D.
show interfaces
E.
show controllers serial

1 Answers
1.

Answers: D
show interfaces

1 6

What is the most likely cause of the
problem?

A user cannot reach any web sites on the Internet, but others in the department are not having
a
problem.
What is the most likely cause of the problem?
A.
IP routing is not enabled.
B.
The default gateway is not in the same subnet.
C.
A DNS server address is not reachable by the PC.
D.
A DHCP server address is not reachable by the PC.
E.
NAT has not been configured on the router that connects to the Internet.

1 Answers
1.

Answers: C
A DNS server address is not reachable by the PC.
what is the most likely cause of this
problem?

100-101

A network administrator is troubleshooting a connectivity problem on the serial interfaces.
The
output from the show interfaces command on both routers shows that the serial interface is
up,
line protocol is down. Given the partial output for the show running-config in the exhibit,
what is the
most likely cause of this problem?
A.
The serial cable is bad.
B.
The MTU is incorrectly configured.
C.
The Layer 2 framing is misconfigured.
D.
The IP addresses are not in the same subnet.

1 Answers
1.

Answers: C
The Layer 2 framing is misconfigured.
Answers
What should be done to correct this
situation?

100-101

The DHCP settings have recently been changed on the DHCP server and the client is no
longer
able to reach network resources. What should be done to correct this situation?
A.
Verify that the DNS server address is correct in the DHCP pool.
B.
Ping the default gateway to populate the ARP cache.
C.
Use the tracert command on the DHCP client to first determine where the problem is located.
D.
Clear all DHCP leases on the router to prevent address conflicts.
E.
Issue the ipconfig command with the /release and /renew options in a command window.

1 Answers
1.

Answers: E
Issue the ipconfig command with the /release and /renew options in a command
window. What conclusions can be made about
this design?

100-101

A network technician is asked to design a small network with redundancy. The exhibit
represents
this design, with all hosts configured in the same VLAN. What conclusions can be made
about this
design?
A.
This design will function as intended.
B.
Spanning-tree will need to be used.
C.
The router will not accept the addressing scheme.
D.
The connection between switches should be a trunk.
E.
The router interfaces must be encapsulated with the 802.1Q protocol.

Answers: C
The router will not accept the addressing scheme.
Explanation:
The proposed addressing scheme is on the same network.
what is the cause of the problem?

100-101

An administrator replaced the 10/100 Mb NIC in a desktop PC with a 1 Gb NIC and now the
PC
will not connect to the network. The administrator began troubleshooting on the switch.
Using the
switch output shown, what is the cause of the problem?
A.
Speed is set to 100Mb/s.
B.
Input flow control is off.
C.
Encapsulation is set to ARPA.
D.
The port is administratively down.
E.
The counters have never been cleared.

1 Answers: A
Speed is set to 100Mb/s.

1 6

what could be the problem?

100-101

A technician is troubleshooting a host connectivity problem. The host is unable to ping a
server
connected to Switch_A. Based on the results of the testing, what could be the problem?
A.
A remote physical layer problem exists.
B.
The host NIC is not functioning.
C.
TCP/IP has not been correctly installed on the host.
D.
A local physical layer problem exists.

1 Answers
1.

Answers: D
A local physical layer problem exists.

What would be an effect of this cable being
disconnected?

100-101

A problem with network connectivity has been observed. It is suspected that the cable
connected
to switch port
Fa0/9 on Switch1 is disconnected. What would be an effect of this cable being disconnected?
A.
Host B would not be able to access the server in VLAN9 until the cable is reconnected.
B.
Communication between VLAN3 and the other VLANs would be disabled.
C.
The transfer of files from Host B to the server in VLAN9 would be significantly slower.
D.
For less than a minute, Host B would not be able to access the server in VLAN9. Then
normal
network function would resume.

1 Answers
1.

Answers: D
For less than a minute, Host B would not be able to access the server in VLAN9.
Then normal
network function would resume.

How will the default route configured on R1
affect the operation of R2?

100-101

Assume that all router interfaces are operational and correctly configured. In addition, assume
that
OSPF has been correctly configured on router R2. How will the default route configured on
R1
affect the operation of R2?
A.
Any packet destined for a network that is not directly connected to router R2 will be dropped
immediately.
B.
Any packet destined for a network that is not referenced in the routing table of router R2 will
be
directed to R1. R1 will then send that packet back to R2 and a routing loop will occur.
C.
Any packet destined for a network that is not directly connected to router R1 will be dropped.
D.
The networks directly connected to router R2 will not be able to communicate with the
172.16.100.0, 172.16.100.128, and 172.16.100.64 subnetworks.
E.
Any packet destined for a network that is not directly connected to router R2 will be dropped
immediately because of the lack of a gateway on R1.

1 Answers
1.

Answers: B
Any packet destined for a network that is not referenced in the routing table of router
R2 will be
Explanation:
First, notice that the more-specific routes will always be favored over less-specific routes
regardless of the administrative distance set for a protocol. In this case, because we use OSPF
for
three networks (172.16.100.0 0.0.0.3, 172.16.100.64 0.0.0.63, 172.16.100.128 0.0.0.31) so
the
packets destined for these networks will not be affected by the default route.
The default route configured on R1 ip route 0.0.0.0 0.0.0.0 serial0/0 will send any packet
whose
destination network is not referenced in the routing table of router R1 to R2, it doesnt drop
anything. These routes are declared in R1 and the question says that OSPF has been
correctly
configured on router R2, so network directly connected to router R2 can communicate with
those
three subnetworks.
As said above, the default route configured on R1 will send any packet destined for a network
that
is not referenced in its routing table to R2; R2 in turn sends it to R1 because it is the only way
andAnswers
what information will Router_E contain in
its routing table for the subnets
208.149.23.64 and 208.149.23.96?

100-101

The network is converged.After link-state advertisements are received from Router_A, what
information will Router_E contain in its routing table for the subnets 208.149.23.64 and
208.149.23.96?
A.
208.149.23.64[110/13] via 190.173.23.10, 00:00:07, FastEthemet0/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:16, FastEthemet0/0
B.
208.149.23.64[110/1] via 190.172.23.10, 00:00:07, Serial1/0
208.149.23.96[110/3] via 190.173.23.10, 00:00:16, FastEthemet0/0
C.
208.149.23.64[110/13] via 190.173.23.10, 00:00:07, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:16, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:16, FastEthemet0/0
D.
208.149.23.64[110/3] via 190.172.23.10, 00:00:07, Serial1/0
208.149.23.96[110/3] via 190.173.23.10, 00:00:16, Serial1/0

1 Answers
1.

Answers: A
208.149.23.64[110/13] via 190.173.23.10, 00:00:07, FastEthemet0/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:16, FastEthemet0/0
Explanation:
Router_E learns two subnets subnets 208.149.23.64 and 208.149.23.96 via Router_A
through
FastEthernet interface. The interface cost is calculated with the formula 108 /
Bandwidth. For
FastEthernet it is 108 / 100 Mbps = 108 / 100,000,000 = 1. Therefore the cost is
12(learned from
Router_A) + 1= 13for both subnets ->
The cost through T1 link is much higher than through T3 link (T1 cost = 108 / 1.544
Mbps = 64; T3
cost = 108 / 45 Mbps = 2) so surely OSPF will choose the path through T3 link ->
Router_E will
choose the path from Router_A through FastEthernet0/0, not Serial1/0.
In fact, we can quickly eliminate answers B, C and D because they contain at least
one subnet
learned from Serial1/0 -> they are surely incorrect.

Answers
what information will Router_E contain in
its routing table for the subnets
208.149.23.64 and 208.149.23.96?

100-101

The network is converged.After link-state advertisements are received from Router_A, what
information will Router_E contain in its routing table for the subnets 208.149.23.64 and
208.149.23.96?
A.
208.149.23.64[110/13] via 190.173.23.10, 00:00:07, FastEthemet0/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:16, FastEthemet0/0
B.
208.149.23.64[110/1] via 190.172.23.10, 00:00:07, Serial1/0
208.149.23.96[110/3] via 190.173.23.10, 00:00:16, FastEthemet0/0
C.
208.149.23.64[110/13] via 190.173.23.10, 00:00:07, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:16, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:16, FastEthemet0/0
D.
208.149.23.64[110/3] via 190.172.23.10, 00:00:07, Serial1/0
208.149.23.96[110/3] via 190.173.23.10, 00:00:16, Serial1/0

1 Answers
1.
Answers: A
208.149.23.64[110/13] via 190.173.23.10, 00:00:07, FastEthemet0/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:16, FastEthemet0/0
Explanation:
Router_E learns two subnets subnets 208.149.23.64 and 208.149.23.96 via Router_A
through
FastEthernet interface. The interface cost is calculated with the formula 108 /
Bandwidth. For
FastEthernet it is 108 / 100 Mbps = 108 / 100,000,000 = 1. Therefore the cost is
12(learned from
Router_A) + 1= 13for both subnets ->
The cost through T1 link is much higher than through T3 link (T1 cost = 108 / 1.544
Mbps = 64; T3
cost = 108 / 45 Mbps = 2) so surely OSPF will choose the path through T3 link ->
Router_E will
choose the path from Router_A through FastEthernet0/0, not Serial1/0.
In fact, we can quickly eliminate answers B, C and D because they contain at least
one subnet
learned from Serial1/0 -> they are surely incorrect.

All hosts are PCs

100-101
CORRECT TEXT
This topology contains 3 routers and 1 switch. Complete the topology.
Drag the appropriate device icons to the labeled Device
Drag the appropriate connections to the locations labeled Connections.
Drag the appropriate IP addresses to the locations labeled IP address
(Hint: use the given host addresses and Main router information)
To remove a device or connection, drag it away from the topology.
Use information gathered from the Main router to complete the configuration of any
additional
routers.
No passwords are required to access the Main router. The config terminal command has been
disabled for the HQ router. The router does not require any configuration.
Configure each additional router with the following:

Configure the interfaces with the correct IP address and enable the interfaces.
Set the password to allow console access to consolepw
Set the password to allow telnet access to telnetpw
Set the password to allow privilege mode access to privpw
Note: Because routes are not being added to the configurations, you will not be able to ping
through the internetwork.
All devices have cable autosensing capabilities disabled.
All hosts are PCs

1 Answers
1.

Answers: .
Explanation:
Specify appropriate devices and drag them on the Device boxes
For the device at the bottom-right box, we notice that it has 2 interfaces Fa0/2 and
Fa0/4;
moreover the link connects the PC on the right with the device on the bottom-right is
a straightthrough link -> it is a switch
The question stated that this topology contains 3 routers and 1 switch -> two other
devices are
routers
Place them on appropriate locations as following:
(Host D and host E will be automatically added after placing two routers. Click on
them to access
neighboring routers)
Specify appropriate connections between these devices:
+ The router on the left is connected with the Main router through FastEthernet
interfaces: use a
crossover cable
+ The router on the right is connected with the Main router through Serial interfaces:
use a serial
cable
+ The router on the right and the Switch: use a straight-through cable
+ The router on the left and the computer: use a crossover cable
(To remember which type of cable you should use, follow these tips:
- To connect two serial interfacesof 2 routers we use serial cable
- To specify when we use crossover cable or straight-through cable, we should
remember:
Group 1:Router, Host, Server
Group 2:Hub, Switch
One device in group 1 + One device in group 2: use straight-through cable
Two devices in the same group: use crossover cable
For example: we use straight-through cable to connect switch to router, switch to host,
hub to host,
hub to server and we use crossover cable to connect switch to switch, switch to
hub, router to
router, host to host )
Assign appropriate IP addresses for interfaces:
From Main router, use show running-config command:
(Notice that you may see different IP addresses in the real CCNA exam, the ones
shown above
are just used for demonstration)
From the output we learned that the ip address of Fa0/0 interface of the Main router is
192.168.152.177/28. This address belongs to a subnetwork which has:
Increment: 16 (/28 = 255.255.255.240 or 1111 1111.1111 1111.1111 1111.11110000)
Network address: 192.168.152.176 (because 176 = 16 * 11 and 176 < 177)
Broadcast address: 192.168.152.191 (because 191 = 176 + 16 1)
And we can pick up an ip address from the list that belongs to this subnetwork:
192.168.152.190
and assign it to the Fa0/0 interface the router on the left
Use the same method for interface Serial0/0 with an ip address of 192.168.152.161
Increment: 16
-> and we choose 192.168.152.174for Serial0/0 interface of the router on the right
Interface Fa0/1 of the router on the left
IP (of the computer on the left) : 192.168.152.129/28
Increment: 16
-> we choose 192.168.152.142from the list
Interface Fa0/0 of the router on the right
IP (of the computer on the left) : 192.168.152.225/28
Increment: 16
-> we choose 192.168.152.238from the list
Lets have a look at the picture below to summarize
Configure two routers on the left and right with these commands:
Router1 = router on the left
Assign appropriate IP addresses to Fa0/0 & Fa0/1 interfaces:
Router1>enable
Router1#configure terminal
Router1(config)#interface fa0/0
Router1(config-if)#ip address 192.168.152.190 255.255.255.240
Router1(config-if)#no shutdown
Router1(config-if)#interface fa0/1
Set passwords (configure on two routers)
+ Console password:
Router1(config-if)#exit
Router1(config)#line console 0
Router1(config-line)#password consolepw
Router1(config-line)#login
Router1(config-line)#exit
+ Telnet password:
Router1(config)#line vty 0 4
Router1(config-line)#password telnetpw
Router1(config-line)#login
Router1(config-line)#exit
+ Privilege mode password:
Router1(config)#enable password privpw
Save the configuration:
Router1(config)#exit
Router1#copy running-config startup-config
Configure IP addresses of Router2 (router on the right)
Router2>enable
Router2#configure terminal
Router2(config)#interface fa0/0
Router2(config-if)#interface serial0/0
Router2(config-if)#no shutdown and set console, telnet and privilege mode passwords
for Router2
as we did for Router1, remember to save the configuration when you finished

1 6

What is the simplest way to configure
routing between the regional office network
10.89.0.0/20 and the corporate network?

100-101

What is the simplest way to configure routing between the regional office network
10.89.0.0/20
and the corporate network?
A.
router1(config)#ip route 10.89.0.0 255.255.240.0 10.89.16.2
B.
C.
D.

1 Answers
1.
Answers: D
Explanation:
The fourth command makes it possible for all hosts beyond R2 and all hosts beyond
R1 to interact with each other, hence it is the most simplest technique.

1 6

Answers
Which command would you use to
configure a static route on Router1 to
network 192.168.202.0/24 with a nondefault
administrative distance?

100-101

Which command would you use to configure a static route on Router1 to network
192.168.202.0/24 with a nondefault administrative distance?
A.
router1(config)#ip route 1 192.168.201.1 255.255.255.0 192.168.201.2
B.
router1(config)#ip route 192.168.202.0 255.255.255.0 192.168.201.2 1
C.
router1(config)#ip route 5 192.168.202.0 255.255.255.0 192.168.201.2
D.

1 Answers
1.

Answers: D
Explanation:
Since it has /24 CIDR and it also has a non default administrative distance, the
answer has to be option D.

The the definition on the left to the correct
term on the right.
DRAG DROP
The the definition on the left to the correct term on the right. Not all definition on the left will
be used.

1 Answers
1.

Explanation:

Drag the appropriate command on the left
to the configuration task it accomplishes.

100-101
DRAG DROP
Drag the appropriate command on the left to the configuration task it accomplishes. (not all
options are used)

1 Answers

Note: If you are not sure about Subnetting, please read my Subnetting Made Easy tutorial.
Question 1
Refer to the exhibit. The junior network support staff provided the diagram as a recommended
configuration for the first phase of a four-phase network expansion project. The entire network
expansion will have over 1000 users on 14 network segments and has been allocated this IP
address space:
192.168.1.1 through 192.168.5.255
192.168.100.1 through 198.168.100.255
What are three problems with this design? (Choose three)

A The AREA 1 IP address space is inadequate for the number of users.
B The AREA 3 IP address space is inadequate for the number of users.
C AREA 2 could use a mask of /25 to conserve IP address space.
D The network address space that is provided requires a single network-wide mask.
E The router-to-router connection is wasting address space.
F The broadcast domain in AREA 1 is too large for IP to function.

Answer: A C E
Explanation
AREA 1 has 500 users but it uses class C which only supports 254 users (from 192.168.1.1 to
192.168.1.254)-> A is correct.
AREA 3 also uses class C and as mentioned above it supports 254 users so it is enough for 200
users -> B is incorrect.
In AREA 2 there are only 60 users < 64 = 2
6
so we can use a subnet mask which has 6 bits 0 ->
/26. Of course we can use larger subnets (like /25) for future expansion -> C is correct.
A large network should never use a single network-wide mask. It should be some different subnet
masks to make the network flexible and easy to be summarized -> D is incorrect.
For router-to-router connection we should use a subnet mask of /30 which supports 2 hosts per
subnet. This subnet mask is ideal for router-to-router connection -> E is correct.
There is no limit for IP to function if we know how to organize our network -> F is incorrect.
Question 2
Refer to the exhibit. The enterprise has decided to use the network address 172.16.0.0. The
network administrator needs to design a classful addressing scheme to accommodate the three
subnets, with 30, 40, and 50 hosts, as shown. What subnet mask would accommodate this
network?
Net bits Subnet mask total-addresses per subnet
/20 255.255.240.0 4096
/21 255.255.248.0 2048
/22 255.255.252.0 1024
/23 255.255.254.0 512
/24 255.255.255.0 256
/25 255.255.255.128 128
/26 255.255.255.192 64
/27 255.255.255.224 32
/28 255.255.255.240 16
/29 255.255.255.248 8
/30 255.255.255.252 4

A. 255.255.255.192
B. 255.255.255.224
C. 255.255.255.240
D. 255.255.255.248

Answer: A
Explanation
The maximum number of hosts in this question is 50 hosts so we have to use /26 subnet mask or
above.
Question 3
The network manager has requested a 300-workstation expansion of the network. The
workstations are to be installed in a single broadcast domain, but each workstation must have its
own collision domain. The expansion is to be as cost-effective as possible while still meeting the
requirements. Which three items will adequately fulfill the request? (Choose three)
A. one IP subnet with a mask of 255.255.254.0
B. two IP subnets with a mask of 255.255.255.0
C. seven 48-port hubs
D. seven 48-port switches
E. one router interface
F. seven router interfaces

Answer: A D E
Explanation
To support 300 workstations in a single broadcast domain, we need to use a subnet mask which
supports 512 hosts = 2
9
-> /23 or 255.255.254.0 in decimal form -> A is correct.
If we use 48-port switches we need 300/48 = 6.25 -> seven 48-port switches are enough because
we also need trunking between them -> D is correct.
We only need one router interface and it is connected with one of seven switches -> E is correct.
Question 4
Which router command will configure an interface with the IP address 10.10.80.1/19?
A. router(config-if)# ip address 10.10.80.1/19
B. router(config-if)# ip address 10.10.80.1 255.255.0.0
C. router(config-if)# ip address 10.10.80.1 255.255.255.0
D. router(config-if)# ip address 10.10.80.1 255.255.224.0
E. router(config-if)# ip address 10.10.80.1 255.255.240.0
F. router(config-if)# ip address 10.10.80.1 255.255.255.240

Answer: D
Explanation
/19 = 255.255.224.0. The fast way to find out this subnet mask is to remember /16 =
255.255.0.0 and we need 3 more bits 1 for 3rd octet: 1110 0000 which is 224.

Question 1
What is the subnet address for the IP address 172.19.20.23/28?
A. 172.19.20.0
B. 172.19.20.15
C. 172.19.20.16
D. 172.19.20.20
E. 172.19.20.32

Answer: C
Explanation
From the /28 we can find all information we need:
Increment: 16 (/28 = 11111111.11111111.11111111.11110000)
Network address: 172.19.20.16 (because 16 < 23)
In fact we dont need to find out the broadcast address because the question only asks about
subnet address (network address).
Question 2
What is the network address for the host with IP address 192.168.23.61/28?
A. 192.168.23.0
B. 192.168.23.32
C. 192.168.23.48
D. 192.168.23.56
E. 192.168.23.60

Answer: C
Explanation
Increment: 16 (/28 = 11111111.11111111.11111111.11110000)
Question 3
Given an IP address of 192.168.1.42 255.255.255.248, what is the subnet address?
A. 192.168.1.8/29
B. 192.168.1.32/27
C. 192.168.1.40/29
D. 192.168.1.16/28
E. 192.168.1.48/29

Answer: C
Explanation
From the subnet mask of 255.255.255.248 we learn:
Increment: 8 (248 = 11111111.11111111.11111111.11111000)
Question 4
Which IP addresses are valid for hosts belonging to the 10.1.160.0/20 subnet? (Choose three)
A. 10.1.168.0
B. 10.1.176.1
C. 10.1.174.255
D. 10.1.160.255
E. 10.1.160.0
F. 10.1.175.255

Answer: A C D
Explanation
Increment: 16 (/20 = 11111111.11111111.11110000.00000000). This is applied for the 3rd octet.
Network address: 10.1.160.0 (because 160 = 16 * 10 and 160 = 160 -> the IP address above is
also the network address.
Therefore only 10.1.168.0, 10.1.174.255 and 10.1.160.255 are in this range. Please notice
10.1.174.255 is not a broadcast address and can be assigned to host.
Question 5
Which one of the following IP addresses is the last valid host in the subnet using mask
255.255.255.224?
A. 192.168.2.63
B. 192.168.2.62
C. 192.168.2.61
D. 192.168.2.60
E. 192.168.2.32

Answer: B
Explanation
Increment: 32 (224 = 11111111.11111111.11111111.11100000)
Network address: x.x.x.(0;32;64;96;128;160;192;224)
Broadcast address: x.x.x.(31;63;95;127;159;191;223)
-> Last valid host (reduced broadcast addresses by 1): x.x.x.(30;62;94;126;158;190;222) ->
Only B is correct.
Question 6
An administrator is working with the 192.168.4.0 network, which has been subnetted with a /26
mask. Which two addresses can be assigned to hosts within the same subnet? (Choose two)
A. 192.168.4.61
B. 192.168.4.63
C. 192.168.4.67
D. 192.168.4.125
E. 192.168.4.128
F. 192.168.4.132

Answer: C D
Explanation
Increment: 64 (/26 = 11111111.11111111.11111111.11000000)
The IP 192.168.4.0 belongs to class C. The default subnet mask of class C is /24 and it has been
subnetted with a /26 mask so we have 2
(26-24)
= 2
2
= 4 sub-networks:
1st subnet: 192.168.4.0 (to 192.168.4.63)
2nd subnet: 192.168.4.64 (to 192.168.4.127)
3rd subnet: 192.168.4.128 (to 192.168.4.191)
4th subnet: 192.168.4.192 (to 192.168.4.225)
In all the answers above, only answer C and D are in the same subnet.
Therefore only IPs in this range can be assigned to hosts.
Question 7
An administrator must assign static IP addresses to the servers in a network. For network
192.168.20.24/29, the router is assigned the first usable host address while the sales server is
given the last usable host address. Which of the following should be entered into the IP properties
box for the sales server?
A. IP address: 192.168.20.14
Subnet Mask: 255.255.255.248
Default Gateway. 192.168.20.9
B. IP address: 192.168.20.254
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.20.1
C. IP address: 192.168.20.30
Subnet Mask: 255.255.255.248
D. IP address: 192.168.20.30
Subnet Mask: 255.255.255.240
E. IP address: 192.168.20.30
Subnet Mask: 255.255.255.240
Default Gateway. 192.168.20.25

Answer: C
Explanation
With network 192.168.20.24/29 we have:
Increment: 8 (/29 = 255.255.255.248 = 11111000 for the last octet)
Network address: 192.168.20.24 (because 24 = 8 * 3)
Therefore the first usable IP address is 192.168.20.25 (assigned to the router) and the last usable
IP address is 192.168.20.30 (assigned to the sales server). The IP address of the router is also the
default gateway of the sales server.
Question 8
Given a Class C IP address subnetted with a /30 subnet mask, how many valid host IP addresses
are available on each of the subnets?
A. 1
B. 2
C. 4
D. 8
E. 252
F. 254

Answer: B
Explanation
The number of valid host IP addresses depends on the number of bits 0 left in the subnet mask.
With a /30 subnet mask, only two bits 0 left (/30 = 11111111.11111111.11111111.11111100) so
the number of valid host IP addresses is 2
2
2 = 2. Also please notice that the /30 subnet mask is
a popular subnet mask used in the connection between two routers because we only need two IP
addresses. The /30 subnet mask help save IP addresses for other connections. An example of the
use of /30 subnet mask is shown below:

Question 9
Which two statements describe the IP address 10.16.3.65/23? (Choose two)
A. The subnet address is 10.16.3.0 255.255.254.0.
B. The lowest host address in the subnet is 10.16.2.1 255.255.254.0.
C. The last valid host address in the subnet is 10.16.2.254 255.255.254.0
D. The broadcast address of the subnet is 10.16.3.255 255.255.254.0.
E. The network is not subnetted.

Answer: B D
Explanation
Increment: 2 (/23 = 11111111.11111111.11111110.00000000 = 255.255.254.0)
Broadcast address: 10.16.3.255 (because 2 + 2 1 = 3 for the 3rd octet)
-> The lowest (first assignable) host address is 10.16.2.1 and the broadcast address of the subnet
is 10.16.3.255 255.255.254.0
Question 10
What is the subnet address of 172.16.159.159/22?
A. 172.16.0.0
B. 172.16.128.0
C. 172.16.156.0
D. 172.16.159.0
E. 172.16.159.128
F. 172.16.192.0

Answer: C
Explanation
Increment: 4 (/22 = 11111111.11111111.11111100.00000000)
Network address: 172.16.156.0 (156 is multiple of 4 and 156 < 159) Question 1
Which two of these functions do routers perform on packets? (Choose two)
A. examine the Layer 2 headers of inbound packets and use that information to determine the next
hops for the packets
B. update the Layer 2 headers of outbound packets with the MAC addresses of the next hops
C. examine the Layer 3 headers of inbound packets and use that information to determine the
next hops for the packets
D. examine the Layer 3 headers of inbound packets and use that information to determine the
complete paths along which the packets will be routed to their ultimate destinations
E. update the Layer 3 headers of outbound packets so that the packets are properly directed to
valid next hops
F. update the Layer 3 headers of outbound packets so that the packets are properly directed to
their ultimate destinations

Answer: B C
Explanation
When packets travel through many routers, the source and destination IP addresses do not change
but the source and destination MAC do change.
Question 2
Refer to the exhibit. An administrator cannot connect from R1 to R2. To troubleshoot this problem,
the administrator has entered the command shown in the exhibit. Based on the output shown,
what could be the problem?

A. The serial interface is configured for half duplex.
B. The serial interface does not have a cable attached.
C. The serial interface has the wrong type of cable attached.
D. The serial interface is configured for the wrong frame size.
E. The serial interface has a full buffer.

Answer: C
Explanation
The output above is unclear. Normally when we use this command we can see the type of serial
connection on this interface, for example V.35 DCE cable. Below is an example of the same
command as above:
RouterA#show controllers serial 0
HD unit 0, idb = 0xECA4C, driver structure at 0xF1EC8
buffer size 1524 HD unit 0, V.35 DTE cable
cpb = 062, eda = 0x403C, cda = 04050
RX ring with 16 entries at 0624000
00 bd_ptr=04000 pak=0x0F5704 ds=0x62FFB8 status=80 pak_size=22
Or
RouterB#show controllers serial 0
buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000
cpb = 062, eda = 0x408C, cda = 0x40A0
RX ring with 16 entries at 0624000
00 bd_ptr=04000 pak=0x0F2F04 ds=0627908 status=80 pak_size=22
but in this case we only get V.35 cable. So in fact we are not sure about the answer C. But the
output above also does not have any information to confirm other answers are correct or not.
Just for your information, the V.35 male and V.35 female cable are shown below:

Question 3
What two things does a router do when it forwards a packet? (Choose two)
A. switches the packet to the appropriate outgoing interfaces
B. computes the destination host address
C. determines the next hop on the path
D. updates the destination IP address
E. forwards ARP requests

Answer: A C
Question 4
Refer to the exhibit. A network device needs to be installed in the place of the icon labeled
Network Device to accommodate a leased line attachment to the Internet. Which network device
and interface configuration meets the minimum requirements for this installation?

A. a router with two Ethernet interfaces
B. a switch with two Ethernet interfaces
C. a router with one Ethernet and one serial interface
D. a switch with one Ethernet and one serial interface
E. a router with one Ethernet and one modem interface

Answer: C
Question 5
Which two commands will display the current IP address and basic Layer 1 and 2 status of an
interface? (Choose two)
A. Router#show version
B. Router#show ip interface
C. router#show protocols
D. router#show controllers
E. Router#show running-config

Answer: B C
Explanation
The outputs of show protocols and show ip interface are shown below:
Global values:
Internet Protocol routing is enabled
NVI0 is up, line protocol is up
Interface is unnumbered. Using address of NVI0 (0.0.0.0)
Loopback0 is up, line protocol is up
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled

Question 1
A switch has 48 ports and 4 VLANs. How many collision and broadcast domains exist on the
switch?
A. 4, 48
B. 48, 4
C. 48, 1
D. 1, 48
E. 4, 1

Answer: B
Explanation
Each port on a switch is a collision domain while each VLAN is a broadcast domain because
broadcast is only forwarded within that VLAN so we have 48 collision domains and 4 broadcast
domains on this switch (if all ports are used).
Question 2
A switch receives a frame on one of its ports. There is no entry in the MAC address table for the
destination MAC address. What will the switch do with the frame?
A. drop the frame
B. forward it out of all ports except the one that received it
C. forward it out of all ports
D. store it until it learns the correct port

Answer: B
Question 3
Which address type does a switch use to make selective forwarding decisions?
A. source IP address
B. destination IP address
C. source and destination IP address
D. source MAC address
E. destination MAC address

Answer: E
Explanation
When a switch receives a frame, it first checks for the destination MAC address and tries to find a
matching entry in its MAC address table. If found, the switch then forwards that frame on the
corresponding port associated with that MAC address. If no entry is found, the switch will flood
that frame out of all (active) ports except the port that sent it.
Question 4
Which two characteristics apply to Layer 2 switches? (Choose two)
A. increases the number of collision domains
B. decreases the number of collision domains
C. implements VLAN
D decreases the number of broadcast domains
E. uses the IP address to make decisions for forwarding data packets

Answer: A C
Question 5
What is the purpose of assigning an IP address to a switch?
A. provides local hosts with a default gateway address
B. allows remote management of the switch
C. allows the switch to respond to ARP requests between two hosts
D. ensures that hosts on the same LAN can communicate with each other

Answer: B
Question 6
How does a switch differ from a hub?
A. A switch does not induce any latency into the frame transfer time.
B. A switch tracks MAC addresses of directly-connected devices.
C. A switch operates at a lower, more efficient layer of the OSI model.
D. A switch decreases the number of broadcast domains.
E. A switch decreases the number of collision domains.

Answer: B
Explanation
A hub is not as intelligent as a switch because a hub does not try to remember anything passing
to it. It just floods out all the ports (except the one that sent it) when it receives a frame.
Question 7
Refer to the exhibit. The ports that are shown are the only active ports on the switch. The MAC
address table is shown in its entirety. The Ethernet frame that is shown arrives at the switch. What
two operations will the switch perform when it receives this frame? (Choose two)

A. The MAC address of 0000.00aa.aaaa will be added to the MAC address table.
B. The MAC address of 0000.00dd.dddd will be added to the MAC address table.
C. The frame will be forwarded out port fa0/3 only.
D. The frame will be forwarded out fa0/1, fa0/2, and fa0/3.
E. The frame will be forwarded out all the active ports.

Answer: A D
Explanation
When a switch receives a frame, it first checks for the destination MAC address and tries to find a
matching entry in its MAC address table. If found, the switch then forwards that frame on the
corresponding port associated with that MAC address. If no entry is found, the switch will flood
that frame out of all active ports except the port that sent it. In this case, the destination MAC
address 0000.00dd.dddd has not been in the MAC address table so the switch will flood the frame
out all of its ports except fa0/0 (the port that it received the frame) -> D is correct.
Also, the switch learns that the MAC address 0000.00aa.aaaa is received on fa0/0 -> the switch
adds 0000.00aa.aaaa and its corresponding port fa0/0 to the MAC address table -> A is correct.
Question 8
Refer to the exhibit. The MAC address table is shown in its entirety. The Ethernet frame that is
shown arrives at the switch. What two operations will the switch perform when it receives this
frame? (Choose two)

A. The switch will not forward a frame with this destination MAC address.
B. The MAC address of 0000.00aa.aaaa will be added to the MAC Address Table.
C. The MAC address of ffff.ffff.ffff will be added to the MAC address table.
D. The frame will be forwarded out all active switch ports except for port fa0/0.
E. The frame will be forwarded out fa0/0 and fa0/1 only.
F. The frame will be forwarded out all the ports on the switch.

Answer: B D
Explanation
The destination MAC address is ffff.ffff.ffff so this is a broadcast frame so the switch will forward
the frame out all active switch ports except for port fa0/0.
Question 9
Refer to the exhibit. The exhibit is showing the topology and the MAC address table. Host A sends
a data frame to host D. What will the switch do when it receives the frame from host A?

A. The switch will add the source address and port to the MAC address table and forward the frame
to host D.
B. The switch will discard the frame and send an error message back to host A.
C. The switch will flood the frame out of all ports except for port Fa0/3.
D. The switch will add the destination address of the frame to the MAC address table and forward
the frame to host D.

Answer: A
Explanation
In this case the destination MAC address has been learned so the switch just forwards the frame to
the corresponding port. It also learn that the source MAC address of host A has not been existed in
the MAC address table so it will add it (and port fa0/3) to its MAC address table.
Question 10
Refer to the topology and switching table shown in the graphic. Host B sends a frame to Host C.
What will the switch do with the frame?

A. drop the frame
B. send the frame out all ports except port 0/2
C. return the frame to Host B
D. send an ARP request for Host C
E. send an ICMP Host Unreachable message to Host B
F. record the destination MAC address in the switching table and send the frame directly to Host C

Answer: B
Question 11
Refer to the exhibit. SwitchA receives the frame with the addressing shown in the exhibit.
According to the command output also shown in the exhibit, how will SwitchA handle this frame?

A. It will drop the frame.
B. It will forward the frame out port Fa0/6 only.
C. It will forward the frame out port Fa0/3 only.
D. It will flood the frame out all ports.
E. It will flood the frame out all ports except Fa0/3.

Answer: B

Note: If you are not sure about OSPF, please read my OSPF tutorial first.
Question 1
Which of the following describe the process identifier that is used to run OSPF on a router?
(Choose two)
A. It is locally significant.
B. It is globally significant.
C. It is needed to identify a unique instance of an OSPF database.
D It is an optional parameter required only if multiple OSPF processes are running on the router.
E. All routers in the same OSPF area must have the same process ID if they are to exchange
routing information.

Answer: A C
Question 2
Open Shortest Path First (OSPF) is a routing protocol developed for Internet Protocol (IP) networks
by the Interior Gateway Protocol (IGP) working group of the Internet Engineering Task Force
(IETF). What is the default administrative distance of the OSPF routing protocol?
A. 90
B. 100
C. 110
D. 20
E. 130
F. 170

Answer: C
Question 3
Which statements describe the routing protocol OSPF? (Choose three)
A. It supports VLSM.
B. It is used to route between autonomous systems.
C. It confines network instability to one area of the network.
D. It increases routing overhead on the network.
E. It allows extensive control of routing updates.
F. It is simpler to configure than RIPv2.

Answer: A C E
Explanation
Answer A and C are obviously correct. For answer E, it allows extensive control of routing updates
via Link-State Advertisement (LSA). Administrators can filter these LSAs to meet their
requirements easily.
Question 4
R1 is unable to establish an OSPF neighbor relationship with R3. What are possible reasons for this
problem? (Choose two)

A. All of the routers need to be configured for backbone Area 1.
B. R1 and R2 are the DR and BDR, so OSPF will not establish neighbor adjacency with R3.
C. A static route has been configured from R1 to R3 and prevents the neighbor adjacency from
being established.
D. The hello and dead interval timers are not set to the same values on R1 and R3.
E. EIGRP is also configured on these routers with a lower administrative distance.
F. R1 and R3 are configured in different areas.

Answer: D F
Explanation
A is not correct because the backbone area of OSPF is always Area 0.
B is not correct because R1 or R3 must be the DR or BDR -> it has to establish neighbor adjacency
with the other.
C is not correct because OSPF neighbor relationship is not established based on static routing. It
uses multicast address 224.0.0.5 to establish OSPF neighbor relationship.
E is not correct because configure EIGRP on these routers (with a lower administrative distance)
will force these routers to run EIGRP, not OSPF.
D and F are correct because these entries must match on neighboring routers:
- Hello and dead intervals
Area ID (Area 0 in this case)
Authentication password
Stub area flag
Question 5
Which address are OSPF hello packets addressed to on point-to-point networks?
A. 224.0.0.5
B. 172.16.0.1
C. 192.168.0.5
D. 223.0.0.1
E. 254.255.255.255

Answer: A
Question 6
RouterD# show ip interface brief

Given the output for this command, if the router ID has not been manually set, what router ID will
OSPF use for this router?
A. 10.1.1.2
B. 10.154.154.1
C. 172.16.5.1
D. 192.168.5.3

Answer: C
Explanation
The highest IP address of all loopback interfaces will be chosen -> Loopback 0 will be chosen as
the router ID.
Question 7
ROUTER# show ip route
192.168.12.0/24 is variably subnetted, 9 subnets, 3 masks C 192.168.12.64 /28 is directly
connected, Loopback1
C 192.168.12.32 /28 is directly connected, Ethernet0
O 192.168.12.236 /30 [110/128] via 192.168.12.233, 00:35:36, Serial0
C 192.168.12.232 /30 is directly connected, Serial0
O 192.168.12.245 /30 [110/782] via 192.168.12.233, 00:35:36, Serial0
O 192.168.12.240 /30 [110/128] via 192.168.12.233, 00:35:36, Serial0
O 192.168.12.253 /30 [110/782] via 192.168.12.233, 00:35:37, Serial0
O 192.168.12.249/30 [110/782] via 192.168.12.233, 00:35:37, Serial0
O 192.168.12.240/30 [110/128] via 192.168.12.233, 00:35:36, Serial0
To what does the 128 refer to in the router output above?
A. OSPF cost
B. OSPF priority
C. OSPF hop count 5
D. OSPF ID number
E. OSPF administrative distance

Answer: A
Explanation
OSPF uses a metric referred to as cost. The cost of the entire path is the sum of the costs of the
outgoing interfaces along the path. Cisco uses a simple formula to calculate OSPF cost:
OSPF cost = 10
8
/ Bandwidth (byte)
Therefore, a 100 Mbps FastEthernet interface will have the cost of 10
8
/ 100,000,000 (bytes) = 1
Note: Cost for interfaces with bandwidth equal or larger than 10^8 bps is normalized to 1 so a
1Gbps interface will also have OSPF cost of 1.
For O 192.168.12.240 /30 [110/128] via 192.168.12.233, 00:35:36, Serial0 line, the first
number in the brackets is the administrative distance of the information source; the second
number is the metric for the route -> In this case the second number is the OSPF cost.
Question 8

The internetwork infrastructure of company XYZ consists of a single OSPF area as shown in the
graphic. There is concern that a lack of router resources is impeding internetwork performance.
As part of examining the router resources the OSPF DRs need to be known.
All the router OSPF priorities are at the default and the router IDs are shown with each router.
Which routers are likely to have been elected as DR? (Choose two)
A. Corp-1
B. Corp-2
C. Corp-3
D. Corp4
E. Branch-1
F. Branch-2

Answer: D F
Explanation
There are 2 segments on the topology above which are separated by Corp-3 router. Each segment
will have a DR so we have 2 DRs.
To select which router will become DR they will compare their router-IDs. The router with highest
(best) router-ID will become DR. The router-ID is chosen in the order below:
+ The highest IP address assigned to a loopback (logical) interface.
+ If a loopback interface is not defined, the highest IP address of all active routers physical
interfaces will be chosen.
In this question, the IP addresses of loopback interfaces are not mentioned so we will consider IP
addresses of all active routers physical interfaces. Router Corp-4 (10.1.40.40) & Branch-2
(10.2.20.20) have highest active IP addresses so they will become DRs.
Question 9
What information does a router running a link-state protocol use to build and maintain its
topological database? (Choose two)
A. hello packets
B. SAP messages sent by other routers
C. LSAs from other routers
D. beacons received on point-to-point links
E. routing tables received from other link-state routers
F. TTL packets from designated routers

Answer: A C

Question 1
Refer to the exhibit. A TFTP server has recently been installed in the Atlanta office. The network
administrator is located in the NY office and has made a console connection to the NY router. After
establishing the connection they are unable to backup the configuration file and IOS of the NY
router to the TFTP server. What is the cause of this problem?

A. The NY router has an incorrect subnet mask.
B. The TFTP server has an incorrect IP address.
C. The TFTP server has an incorrect subnet mask.
D. The network administrator computer has an incorrect IP address.

Answer: C
Question 2
Refer to the exhibit. A network administrator has configured a Catalyst 2950 switch for remote
management by pasting into the console the configuration commands that are shown in the
exhibit. However, a Telnet session cannot be successfully established from a remote host. What
should be done to fix this problem?
interface vlan 1
ip address 192.168.17.253 255.255.255.240
no shutdown
exit
ip default-gateway 192.168.17.1
line vty 0 15
password cisco
login
exit
A. Change the first line to interface fastethernet 0/1.
B. Change the first line to interface vlan 0/1.
C. Change the fifth line to ip default-gateway 192.168.17.241.
D. Change the fifth line to ip route 0.0.0.0 0.0.0.0 192.168.17.1.
E. Change the sixth line to line con 0.

Answer: C
October 19th, 2013 in ICND1 100-101 Go to comments
Question 1
What is the best practice when assigning IP addresses in a small office of six hosts?
A. Use a DHCP server that is located at the headquarters.
B. Use a DHCP server that is located at the branch office.
C. Assign the addresses by using the local CDP protocol.
D. Assign the addresses statically on each node.

Answer: D
Question 2
The ip helper-address command does what?
A. assigns an IP address to a host
B. resolves an IP address from a DNS server
C. relays a DHCP request across networks
D. resolves an IP address overlapping issue

Answer: C
Explanation
By default, Cisco routers do not forward broadcast address. So what will happen if your PC does
not in the same LAN with DHCP Server? Your PC (also a DHCP Client) will broadcast a packet but it
is dropped by the router -> Your PC cannot get the IP from DHCP Server. So the ip helper-
address command enables the DHCP broadcast to be forwarded to the DHCP server. For example,
the IP address of your DHCP Server is 10.10.10.254 then we can type in the interface connecting
with the DHCP Client (fa0/0 in this case) this command: ip helper-address 10.10.10.254.

Note: When a client boots up for the first time, it transmits a DHCPDISCOVER message on its local
physical subnet. Because the client has no way of knowing the subnet to which it belongs, the
DHCPDISCOVER is an all-subnets broadcast (destination IP address of 255.255.255.255, which is a
layer 3 broadcast address). The client does not have a configured IP address, so the source IP
address of 0.0.0.0 is used.
Question 3
Refer to the exhibit. As packets travel from Mary to Robert, which three devices will use the
destination MAC address of the packet to determine a forwarding path? (Choose three)

A. Hub1
B. Switch1
C. Router1
D. Switch2
E. Router2
F. Switch3

Answer: B D F
Explanation
Routers do not look to the destination MAC address to forward packet. It will find the next
destination MAC address itself to replace the old destination MAC address of the received packet.
Hubs do not care about MAC addresses, it just flood the frames out of all its port except the port
that sent it.
Therefore only three switches in the exhibit above use destination MAC address to determine the
next hops.
Question 4
Refer to the exhibit. HostX is transferring a file to the FTP server. Point A represents the frame as
it goes toward the Toronto router. What will the Layer 2 destination address be at this point?

A. abcd. 1123.0045
B. 192.168.7.17
C. aabb.5555.2222
D. 192.168.1.1
E. abcd.2246.0035

Answer: E
Explanation
The destination MAC address at point A must be the MAC address of the interface fa0/0 of Toronto
router -> E is correct.
Question 5
The command ip route 192.168.100.160 255.255.255.224 192.168.10.2 was issued on a
router. No routing protocols or other static routes are configured on the router. Which statement is
true about this command?
A. The interface with IP address 192.168.10.2 is on this router.
B. The command sets a gateway of last resort for the router.
C. Packets that are destined for host 192.168.100.160 will be sent to 192.168.10.2.
D. The command creates a static route for all IP traffic with the source address 192.168.100.160.

Answer: C
Explanation
The simple syntax of static route:
ip route destination-network-address subnet-mask {next-hop-IP-address | exit-
interface}
+ destination-network-address: destination network address of the remote network
+ subnet mask: subnet mask of the destination network
+ next-hop-IP-address: the IP address of the receiving interface on the next-hop router
+ exit-interface: the local interface of this router where the packets will go out
Therefore the purpose of this command is to send any packets with destination IP address in the
range of 192.168.100.160/27 subnet to 192.168.10.2. In fact, answer C is a bit weird when saying
host 192.168.100.160 because 192.168.100.160 is the network address in this case and it
cannot be assigned to a host. But answer C is the most suitable answer for this question.
Question 6
What does administrative distance refer to?
A. the cost of a link between two neighboring routers
B. the advertised cost to reach a network
C. the cost to reach a network that is administratively set
D. a measure of the trustworthiness of a routing information source

Answer: D
Question 7
Refer to the exhibit. If host A sends an IP packet to host B, what will the source physical address
be in the frame when it reaches host B?

A. 10.168.10.99
B. 10.168.11.88
C. A1:A1:A1:A1:A1:A1
D. B2:B2:B2:B2:B2:B2
E. C3:C3:C3:C3:C3:C3
F. D4:D4:D4:D4:D4:D4

Answer: E
Explanation
After receiving a packet, the router will keep the source and destination IP addresses while change
the source MAC address (to the MAC address of its outgoing interface) and the destination MAC
address (to the MAC address of the next-hop interface). Therefore when the packet reaches host
B, the source MAC address must be the MAC address of the outgoing interface of R1.
Question 8
Refer to the exhibit. Host A is sending a packet to Host B for the first time. What destination MAC
address will Host A use in the ARP request?

A. 192.168.0.1
B. 172.16.0.50
C. 00-17-94-61-18-b0
D. 00-19-d3-2d-c3-b2
E. ff-ff-ff-ff-ff-ff
F. 255.255.255.255

Answer: E
Explanation
Host A knows the IP address of Host B but it does not know the MAC address of host B, so it have
to create an ARP Request (which is a broadcast frame) to ask for the MAC address of host B. When
Router1 receives this ARP Request, it answers with its own MAC address.
Question 9
Refer to the exhibit. Host A can communicate with Host B but not with Host C or D. How can the
network administrator solve this problem?

A. Configure Hosts C and D with IP addresses in the 192.168.2.0 network.
B. Install a router and configure a route to route between VLANs 2 and 3.
C. Install a second switch and put Hosts C and D on that switch while Hosts A and B remain on the
original switch.
D. Enable the VLAN trunking protocol on the switch.

Answer: B
Question 10
Refer to the exhibit. The host in Kiev sends a request for an HTML document to the server in
Minsk. What will be the source IP address of the packet as it leaves the Kiev router?

A. 10.1.0.1
B. 10.1.0.5
C. 10.1.0.6
D. 10.1.0.14
E. 10.1.1.16
F. 10.1.2.8

Answer: E
Explanation
Along the routing path, the source and destination IP address will not change so the source IP will
always be 10.1.1.16.

Question 1
Refer to the exhibit. Mary is sending an instant message to Robert. The message will be broken
into a series of packets that will traverse all network devices. What addresses will populate these
packets as they are forwarded from Router1 to Router2?

A.
B.
C.
D.

Answer: A
Explanation
After receiving a packet, the router will keep the source and destination IP addresses (10.1.3.3
and 10.1.2.2, respectively) while change the source MAC address (to the MAC address of its
outgoing interface) and the destination MAC address (to the MAC address of the next-hop
interface). Therefore when the packet leaves Router1, the source MAC address must be the MAC
address of the outgoing interface of Router1 (0000.000c.0124) and the destination MAC address
must be the MAC of fa0/1 of R2 (0000.000c.0123).
Question 2
Refer to the exhibit. Which two statements are correct? (Choose two)

A. This is a default route.
B. Adding the subnet mask is optional for the ip route command.
C. This will allow any host on the 172.16.1.0 network to reach all known destinations beyond
RouterA.
D. This command is incorrect, it needs to specify the interface, such as s0/0/0 rather than an IP
address.
E. The same command needs to be entered on RouterA so that hosts on the 172.16.1.0 network
can reach network 10.0.0.0.

Answer: A C
Explanation
A static route with 0.0.0.0 0.0.0.0 will become a default route. The default route means: send all
traffic to this IP address. So the default route ip route 0.0.0.0 0.0.0.0 172.16.2.2 will send all
traffic to 172.16.2.2.
Question 3
Refer to the exhibit. Which command would you use to configure a static route on Router1 to
network 192.168.202.0/24 with a nondefault administrative distance?

A. router1(config)#ip route 1 192.168.201.1 255.255.255.0 192.168.201.2
B. router1(config)#ip route 192.168.202.0 255.255.255.0 192.168.201.2 1
C. router1(config)#ip route 5 192.168.202.0 255.255.255.0 192.168.201.2
D. router1(config)#ip route 192.168.202.0 255.255.255.0 192.168.201.2 5

Answer: D
Explanation
The Administrative Distance (AD) parameter must be put at the end of the ip route command.
The default AD is 1.
Question 4
Refer to the exhibit. The output is from a router in a large enterprise. From the output, determine
the role of the router.

A. A Core router.
B. The HQ Internet gateway router.
C. The WAN router at the central site.
D. Remote stub router at a remote site.

Answer: D
Explanation
This router only have directly connected networks (symbolized by letter C) and one default route
out of Serial0/0. Maybe this is a stub router with only one connection to the Headquarter or to the
Internet.
Question 5
Refer to the exhibit. What is the simplest way to configure routing between the regional office
network 10.89.0.0/20 and the corporate network?

A. router1(config)#ip route 10.89.0.0 255.255.240.0 10.89.16.2
B. router2(config)#ip route 10.89.3.0 255.255.0.0 10.89.16.2
C. router1(config)#ip route 10.89.0.0 255.255.240.0 10.89.16.1
D. router2(config)#ip route 0.0.0.0 0.0.0.0 10.89.16.1

Answer: D
Explanation
In this topology, R2 is a stub router with only one connection to the HQ network so the best way
to configure routing is to set a static route (default route) to R1.
Question 6
Refer to the exhibit. What must be configured to establish a successful connection from Host A to
switch SW-A through router RT-A?

A. VLAN 1 on RT-A
B. IP routing on SW-A
C. default gateway on SW-A
D. crossover cable connecting SW-A and RT-A

Answer: C
Explanation
Host A is in a different subnet of SW-A so SW-A does not know how to send data to host A so it
needs to be assigned with a default gateway. The command to assign a default gateway to a
switch is ip default-gateway . Please notice this command only has effect when ip routing is
disabled on SW-A.
Question 7
Refer to the exhibit. Which default gateway address should be assigned to HostA?

A. 192.168.1.1
B. 192.168.1.65
C. 192.168.1.66
D. 192.168.1.129
E. 10.1.1.1
F. 10.1.1.2

Answer: B
Explanation
The default gateway of Host A should be the connected interface of the router, except host A is
connected with a Layer 3 switch. In this case, Switch A is a pure Layer 2 switch and Switch A IP
address is just for management purpose.

Question 1
Various protocols are listed on the left On the right are applications for the use of those protocols.
Drag the protocol on the left to an associated function for that protocol on the right (Not all options
are used)

Answer:
+ ARP: A PC sends packets to the default gateway IP address the first time since the PC turned on.
+ ICMP: The network administrator is checking basic IP connectivity from a workstation to a
server.
+ DNS: The TCP/IP protocol stack must find an IP address for packets destined for a URL.
+ DHCP: A network device will automatically assign IP addresses to workstations.
Question 2
Move the protocol or service on the left to a situation on the right where it would be used. (Not all
options are used)

Answer:
+ NAT: A PC with address 10.1.5.10 must access devices on the Internet.
+ DHCP: Only routers and servers require static IP addresses. Easy IP administration is required.
+ DNS: A PC only knows a server as MediaServer. IP needs to send data to that server.
+ OSPF: A protocol is needed to replace current static routes with automatic route updates.
Question 3
Drag the definition on the left to the correct term on the right. Not all definitions on the left will be
used.

Answer:
+ SNMP: a protocol used to monitor and manage network devices
+ FTP: a reliable, connection-oriented service that uses TCP to transfer files between systems
+ TFTP: a connectionless service that uses UDP to transfer files between systems
+ DNS: a protocol that converts human-readable names into machine-readable addresses
+ DHCP: used to assign IP addresses automatically and set parameters such as subnet mask and
default gateway
Question 4
Drag the appropriate command on the left to the configuration task it accomplishes (not all options
are used)

Answer:
service password-encryption encrypt all clear text passwords
line console 0
password friendS0nly
protect access to the user mode prompt
enable secret noWay1n4u set privileged mode encrypted password
line vty 0 4
password 2hard2Guess
set password to allow Telnet connections
enable password uwi11NeverNo set privileged mode clear text password
Question 5
On the left are various network protocols. On the right are the layers of the TCP/IP model.
Assuming a reliable connection is required, move the protocols on the left to the TCP/IP layers on
the right to show the proper encapsulation for an email message sent by a host on a LAN. (Not all
options are used)

Answer:
+ application layer: SMTP
+ transport layer: TCP
+ internet layer: IP
+ network access layer: Ethernet

Note: If you are not sure about NAT/PAT, please read my Network Address Translation NAT
Tutorial.
Question 1
What happens when computers on a private network attempt to connect to the Internet through a
Cisco router running PAT?
A. The router uses the same IP address but a different TCP source port number for each
connection.
B. An IP address is assigned based on the priority of the computer requesting the connection.
C. The router selects an address from a pool of one-to-one address mappings held in the lookup
table.
D. The router assigns a unique IP address from a pool of legally registered addresses for the
duration of the connection.

Answer: A
Explanation
Port Address Translation (PAT) can support thousands of users connect to the Internet using only
one real global IP address. With PAT, each computer will be assigned a separate port number so
that the router can identify which computer should receive the return traffic.
Question 2
In the configuration of NAT, what does the keyword overload signify?
A. When bandwidth is insufficient, some hosts will not be allowed to access network translation.
B. The pool of IP addresses has been exhausted.
C. Multiple internal hosts will use one IP address to access external network resources.
D. If the number of available IP addresses is exceeded, excess traffic will use the specified address
pool.

Answer: C
Explanation
The keyword overload specifies we are using NAT Overload (PAT) in which multiple internal hosts
will use only one IP address to access external network resources.
Question 3
When configuring NAT, the Internet interface is considered to be what?
A. local
B. inside
C. global
D. outside

Answer: D
Explanation
On the interface connecting to the Internet of the router we have to use the command ip nat
outside for NAT to work. It identifies that interface as the outside interface.

Question 1
An administrator has connected devices to a switch and, for security reasons, wants the
dynamically learned MAC addresses from the address table added to the running configuration.
What must be done to accomplish this?
A. Enable port security and use the keyword sticky.
B. Set the switchport mode to trunk and save the running configuration.
C. Use the switchport protected command to have the MAC addresses added to the configuration.
D. Use the no switchport port-security command to allow MAC addresses to be added to the
configuration.

Answer: A
Explanation
This is the full command mentioned in answer A:
switchport port-security mac-address sticky [MAC]
If we dont specify the MAC address (like in this question) then the switch will dynamically learn
the attached MAC Address and place it into your running-configuration.
Question 2
The following commands are entered on the router:
Burbank(config)# enable secret fortress
Burbank(config)# line con 0
Burbank(config-line)# login
Burbank(config-line)# password n0way1n
Burbank(config-line)# exit
Burbank(config)# service password-encryption
What is the purpose of the last command entered?
A. to require the user to enter an encrypted password during the login process
B. to prevent the vty, console, and enable passwords from being displayed in plain text in the
configuration files
C. to encrypt the enable secret password
D. to provide login encryption services between hosts attached to the router

Answer: B
Explanation
The service password-encryption command encrypts passwords used by enable password
global configuration command, as well as the password line configuration command (VTY,
console) that are saved in the router configuration file.
Note: The secret password (configured by the command enable secret fortress) is always
encrypted even if the service password-encryption command is not used.
Also, the service password-encryption command encrypts both current and future passwords.
Question 3
Why would a network administrator configure port security on a switch?
A. to prevent unauthorized Telnet access to a switch port
B. to prevent unauthorized hosts from accessing the LAN
C. to limit the number of Layer 2 broadcasts on a particular switch port
D. block unauthorized access to the switch management interfaces

Answer: B
Question 4
A company has placed a networked PC in a lobby so guests can have access to the corporate
directory. A security concern is that someone will disconnect the directory PC and re-connect their
laptop computer and have access to the corporate network. For the port servicing the lobby, which
three configuration steps should be performed on the switch to prevent this? (Choose three)
A. Enable port security.
B. Create the port as a trunk port.
C. Create the port as an access port.
D Create the port as a protected port.
E. Set the port security aging time to 0.
F. Statically assign the MAC address to the address table.
G. Configure the switch to discover new MAC addresses after a set time of inactivity.

Answer: A C F
Explanation
By configuring the port connected with the directory PC as access port the network administrator
will mitigate a lot of security issues because access port does not have as much privilege as a
trunk port -> C is correct.
The port security feature can also help mitigate security issue because it can learn the MAC
address of the directory PC. When another laptop is plugged into the port, the switch will
automatically block or shut down that port (if suitable configuration is used) -> A is correct. But
nowadays a hacker can fake the MAC address of the directory PC.
By statically assigning the MAC address to the address table, only that MAC address can access to
the network -> F is correct.
Question 5
What is the effect of using the service password-encryption command?
A. Only the enable password will be encrypted.
B. Only the enable secret password will be encrypted.
C. Only passwords configured after the command has been entered will be encrypted.
D. It will encrypt the secret password and remove the enable secret password from the
configuration.
E. It will encrypt all current and future passwords.

Answer: E
Explanation
The service password-encryption command encrypts passwords used by enable password
global configuration command, as well as the password line configuration command (VTY,
console) that are saved in the router configuration file.
The service password-encryption command encrypts both current and future passwords.
Question 6
How can you ensure that only the MAC address of a server is allowed by switch port Fa0/1?
A. Configure port Fa0/1 to accept connections only from the static IP address of the server.
B. Configure the server MAC address as a static entry of port security.
C. Use a proprietary connector type on Fa0/1 that is incomputable with other host connectors.
D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from
spoofing the server IP address.

Answer: B
Explanation
The command to configure port security on a switch is (in interface configuration mode):
switchport port-security mac-address sticky [MAC]
In this case we will type the server MAC address. That MAC address will be stored in the address
table, and added to the switch running configuration.
Note: If we dont specify the MAC address then the switch will dynamically learn the attached MAC
Address and place it into your running-configuration
Question 7
Refer to the exhibit. The network administrator made the entries that are shown and then saved
the configuration. From a console connection, what password or password sequence is required for
the administrator to access privileged mode on Router1?
Router# configure terminal
Router(config)# hostname Router1
Router1(config)# enable secret sanfran
Router1(config)# enable password cisco
Router1(config)# line vty 0 4
Router1(config-line)# password sanjose
Route r1(config-line)#

A. cisco
B. sanfran
C. sanjose
D. either cisco or sanfran
E. either cisco or sanjose
F. sanjose and sanfran

Answer: B
Explanation
In the configuration above we have three passwords:
+ The enable secret password: sanfran
+ The enable password password: cisco
+ The VTY line password: sanjose
The two first enable secret and enable password are used to set password for entering privilege
mode (an example of privilege mode: Router#). Both of them will be stored in the running
configuration. But the password in enable secret command is always encrypted using MD5 hash
while the password in enable password is in plain text.
Note: If you want to encrypt enable password you can use the command service password-
encryption but it will be encrypted with a very basic form of encryption called vigenere cipher,
which is very weak.
When you configure both an enable and a secret password, the secret password will be used -> B
is correct

Note: If you are not sure about OSPF, please read my OSPF tutorial first.
Question
This item contains several questions that you must answer. You can view these questions by
clicking on the corresponding button to the left. Changing questions can be accomplished by
clicking the numbers to the left of each question. In order to complete the questions, you will need
to refer to the topology.
To gain access to the topology, click on the topology button at the bottom of the screen. When you
have finished viewing the topology, you can return to your questions by clicking on the Questions
button to the left.
Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by
dragging it by the title bar.

Question 1
R1 is configured with the default configuration of OSPF.
From the following list of IP addresses configured on R1, which address will the OSPF process
select as the router ID?
A. 192.168.0.1
B. 172.16.1.1
C. 172.16.2.1
D. 172.16.2.225

Answer: A
Explanation
The Router ID (RID) is an IP address used to identify the router and is chosen using the following
sequence:
+ The router ID can be manually assigned
In this case, because a loopback interface is not configured so the highest active IP address
192.168.0.1 is chosen as the router ID.
Question 2
After the network has converged, what type of messaging, if any, occurs between R3 and R4?
A. No messages are exchanged.
B. Hellos are sent every 10 seconds.
C. The full database from each router is sent every 30 seconds.
D. The routing table from each router is sent every 60 seconds.

Answer: B
Explanation
HELLO messages are used to maintain adjacent neighbors so even when the network is converged,
hellos are still exchanged. On broadcast and point-to-point links, the default is 10 seconds, on
NBMA the default is 30 seconds.
Although OSPF is a link-state protocol but the full database from each router is sent every 30
minutes (not seconds) -> C and D are not correct.
Question 3
To allow or prevent load balancing to network 172.16.3.0/24, which of the following commands
could be used in R2? (Choose two)
A. R2(config-if)#clock rate
B. R2(config-if)#bandwidth
C. R2(config-if)#ip ospf cost
D. R2(config-if)#ip ospf priority
E. R2(config-router)#distance ospf

Answer: B C
Question 4
R1 is unable to establish an OSPF neighbor relationship with R3. What are possible reasons for this
problem? (Choose two)
A. All of the routers need to be configured for backbone Area 1
B. R1 and R2 are the DR and BDR, so OSPF will not establish neighbor adjacency with R3
C. A static route has been configured from R1 to R3 and prevents the neighbor adjacency from
being established.
D. The hello and dead interval timers are not set to the same values on R1 and R3
E. EIGRP is also configured on these routers with a lower administrative distance
F. R1 and R3 are configured in different areas

Answer: D F
Question 5
OSPF is configured using default classful addressing. With all routers and interfaces operational,
how many networks will be in the routing table of R1 that are indicated to be learned by OSPF?
A. 2
B. 3
C. 4
D. 5
E. 6
F. 7

Answer: C
Explanation
Although OSPF is configured using default classful addressing but OSPF is a link-state routing
protocol so it will always send the subnet mask of each network in their advertised routes.
Therefore R1 will learn the the complete subnets. Four networks list below will be in the routing
table of R1:
+ 172.16.2.64/30
+ 172.16.2.228/30
+ 172.16.2.232/30
+ 172.16.3.0/24
Note: Other networks will be learned as Directly connected ne

Question 1
Which two options will help to solve the problem of a network that is suffering a broadcast storm?
(Choose two)
A. a bridge
B. a router
C. a hub
D. a Layer 3 switch
E. an access point

Answer: B D
Explanation
Only a router or a Layer 3 switch can mitigate a broadcast storm because they separate broadcast
domains -> B and D are correct.
Question 2
Refer to the exhibit. A network has been planned as shown. Which three statements accurately
describe the areas and devices in the network plan? (Choose three)

A. Network Device A is a switch.
B. Network Device B is a switch.
C. Network Device A is a hub.
D. Network Device B is a hub.
E. Area 1 contains a Layer 2 device.
F. Area 2 contains a Layer 2 device.

Answer: A D E
Explanation
AREA 1 has multiple collision domains so Network Device A must be a device operating in Layer
2 or above (a router or switch) -> A & E are correct.
AREA 2 only has single collision domain so Network Device B must be a device operating in Layer
1 (a hub or repeater) -> D is correct.
Question 3
Refer to the exhibit. If the resume command is entered after the sequence that is shown in the
exhibit, which router prompt will be displayed?

A. Router1>
B. Router1#
C. Router2>
D. Router2#

Answer: C
Explanation
The Ctrl-Shift-6 and x is used to suspend the telnet session. In this case, the telnet session
from Router1 to Router2 will be suspended.
If we enter the keyword resume, Router1 will try to resume the telnet session to Router2 (you
will see the line [Resuming connection 1 to 192.168.9.2 ... ]) and we will get back the
Router2> prompt.
Question 4
Refer to the exhibit. All devices attached to the network are shown. How many collision domains
are present in this network?

A. 2
B. 3
C. 6
D. 9
E. 15

Answer: E
Explanation
In the topology above only routers and switches are used so for each link we have one collision
domains. In the picture below each pink ellipse represents for one collision domain.

October 19th, 2013 in ICND1 100-101 Go to comments
Question 1
Which two statements describe the operation of the CSMA/CD access method? (Choose two)
A. In a CSMA/CD collision domain, multiple stations can successfully transmit data simultaneously.
B. In a CSMA/CD collision domain, stations must wait until the media is not in use before
transmitting.
C. The use of hubs to enlarge the size of collision domains is one way to improve the operation of
the CSMA/CD access method.
D. After a collision, the station that detected the collision has first priority to resend the lost data.
E. After a collision, all stations run a random backoff algorithm. When the backoff delay period has
expired, all stations have equal priority to transmit data.
F. After a collision, all stations involved run an identical backoff algorithm and then synchronize
with each other prior to transmitting data.

Answer: B E
Explanation
CSMA/CD stands for Carrier Sense Multiple Access with Collision Detection. In an Ethernet
LAN, before transmitting, a computer first listens to the network media. If the media is idle, the
computer sends its data. If the media is not idle (another station is talking), the computer must
wait for some time.
When a station transmits, the signal is referred to as a carrier. Carrier Sense means that before a
station can send data onto an Ethernet wire, it have to listen to see if another carrier (of another
station) is present. If another station is talking, this station will wait until there is no carrier
present.
Multiple Access means that stations can access the network at any time. It is opposed to Token-
Ring network where a station must have the token so that it can send data.
Although Carrier Sense help two stations not send data at the same time but sometimes two
stations still send data at the same time! This is because two stations listen for network traffic,
hear none, and transmit simultaneously -> a collision occurs and both stations must retransmit at
some later time. Collision Detection is the ability of the media to detect collisions to know that
they must retransmit.
Basically, the CSMA/CD algorithm can be summarized as follows:
+ A device that wants to send a frame must wait until the LAN is silent (no one is talking)
+ If a collision still occurs, the devices that caused the collision wait a random amount of time and
then try to send data again.
Note: A switch separates each station into its own collision domain. It means that station can send
data without worrying its data is collided with the data of other stations. It is as opposed to a hub
which can cause collision between stations connected to it.
Question 2
On a live network, which commands will verify the operational status of router interfaces? (Choose
two)
A. Router#show interfaces
B. Router#show ip protocols
C. Router#debug interface
D. Router#show ip interface brief
E. Router#show start

Answer: A D
Explanation
Only two commands show interfaces and show ip interface brief reveal the status of router
interfaces (up/up, for example).
The outputs of two commands are shown below:

Question 3
What must occur before a workstation can exchange HTTP packets with a web server?
A. A UDP connection must be established between the workstation and its default gateway.
B. A UDP connection must be established between the workstation and the web server.
C. A TCP connection must be established between the workstation and its default gateway.
D. A TCP connection must be established between the workstation and the web server.
E. An ICMP connection must be established between the workstation and its default gateway.
F. An ICMP connection must be established between the workstation and the web sewer.

Answer: D
Explanation
HTTP is based on TCP connection so a TCP connection must be established first between the
workstation and the web server.
Question 4
Refer to the exhibit. If the hubs in the graphic were replaced by switches, what would be virtually
eliminated?

A. broadcast domains
B. repeater domains
C. Ethernet collisions
D. signal amplification
E. Ethernet broadcasts

Answer: C
Explanation
Hubs do not separate collision domains so if hub is used in the topology above, we will have only 1
collision domain. Switches do separate collision domains so if hubs are replaced by switches, we
would have 22 collision domains (19 collision domains for hosts and 3 collision domains among
three switches. Please notice that the WAN (serial) connection is not counted as a collision (or
broadcast) domain.
Question 5
If a host experiences intermittent issues that relate to congestion within a network while remaining
connected, what could cause congestion on this LAN?
A. half-duplex operation
B. broadcast storms
C. network segmentation
D. multicasting

Answer: B
Explanation
A broadcast storm can cause congestion within a network. For more information about broadcast
storm please read my STP tutorial.
Question 6
Refer to the exhibit. The network administrator is testing connectivity from the branch router to
the newly installed application server. What is the most likely reason for the first ping having a
success rate of only 60 percent?

Branch# ping 192.168.2.167
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.167, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/2/4 ms
Branch# ping 192.168.2.167
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.167, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Branch#

A. The network is likely to be congested, with the result that packets are being intermittently
dropped.
B. The branch router had to resolve the application server MAC address.
C. There is a short delay while NAT translates the server IP address.
D. A routing table lookup delayed forwarding on the first two ping packets.
E. The branch router LAN interface should be upgraded to FastEthernet.

Answer: B
Explanation
Before a host can send ICMP (ping) packets to another device, it needs to learn the MAC address
of the destination device so it first sends out an ARP Request. In fact, the first ping packet is
dropped because the router cannot create a complete packet without learning the destination MAC
address.
Question 7
An administrator is in the process of changing the configuration of a router. What command will
allow the administrator to check the changes that have been made prior to saving the new
configuration?
A. Router# show startup-config
B. Router# show current-config
C. Router# show running-config
D. Router# show memory
E. Router# show flash
F. Router# show processes

Answer: C
Explanation
The show running-config command displays active configuration in memory.
Question 8
What does a host on an Ethernet network do when it is creating a frame and it does not have the
destination address?
A. drops the frame
B. sends out a Layer 3 broadcast message
C. sends a message to the router requesting the address
D. sends out an ARP request with the destination IP address

Answer: D
Question 9
Which IOS command is used to initiate a login into a VTY port on a remote router?
A. router# login
B. router# telnet
C. router# trace
D. router# ping
E. router(config)# line vty 0 5
F. router(config-line)# login

Answer: B
Question 10
Which three statements are true about the operation of a full-duplex Ethernet network? (Choose
three)
A. There are no collisions in full-duplex mode.
B. A dedicated switch port is required for each full-duplex node.
C. Ethernet hub ports are preconfigured for full-duplex mode.
D. In a full-duplex environment, the host network card must check for the availability of the
network media before transmitting.
E. The host network card and the switch port must be capable of operating in full-duplex mode.

Answer: A B E
Explanation
Full-duplex communication allows both sending and receiving of data simultaneously. Switches
provide full-duplex communication capability. Half-duplex communication only allows data
transmission in only one direction at a time (either sending or receiving).

Note: If you are not sure about OSI Model, please read my OSI Model Tutorial.
Question 1
Which OSI layer header contains the address of a destination host that is on another network?
A. application
B. session
C. transport
D. network
E. data link
F. physical

Answer: D
Question 2
At which layer of the OSI model does the protocol that provides the information that is displayed
by the show cdp neighbors command operate?
A. application
B. transport
C. network
D. physical
E. data link

Answer: E
Explanation
CDP runs at Layer 2 (Data Link) of the OSI model -> E is correct.
Question 3
What are two common TCP applications? (Choose two)
A. TFTP
B. SMTP
C. SNMP
D. FTP
E. DNS

Answer: B D
Explanation
SMTP stands for Simple Mail Transfer Protocol. Its a set of communication guidelines that allow
software to transmit email over the Internet while File Transfer Protocol (FTP) is a standard
network protocol used to transfer files from one host to another host over TCP-based network.
Note: Simple Network Management Protocol (SNMP) uses UDP as the transport protocol for
passing data between managers and agents. SNMP uses UDP to help reduce the impact on your
networks performance. Although SNMP can be configured to run on TCP but we should only do it
in special situations. SNMP uses the UDP port 161 for sending and receiving requests, and port
162 for receiving traps from managed devices.
DNS work on both the TCP and UDP protocols. DNS uses TCP for zone exchanges between servers
and UDP when a client is trying to
resolve a hostname to an IP address. Therefore in most cases we say DNS uses UDP.
Question 4
Which two characteristics describe the access layer of the hierarchical network design model?
(Choose two)
A. layer 3 support
B. port security
C. redundant components
D. VLANs
E. PoE

Answer: B D
Explanation
The primary function of an access-layer is to provide network access to the end user.
The hardware and software attributes of the access layer that support high availability include
security services for additional security against unauthorized access to the network through the
use of tools such as 802.1x, port security, DHCP snooping, Dynamic ARP Inspection, and IP Source
Guard.
Question 5
Which layer of the TCP/IP stack combines the OSI model physical and data link layers?
A. Internet layer
B. transport layer
C. application layer
D. network access layer

Answer: D
Explanation
The picture below compares the two TCP/IP and OSI models:

Question 6
Which layer of the OSI model controls the reliability of communications between network devices
using flow control, sequencing and acknowledgments?
A. Physical
B. Data-link
C. Transport
D. Network

Answer: C
Explanation
Transmission Control Protocol (TCP) has all the features mentioned above and TCP resides in
Transport Layer (Layer 4) of the OSI model.
Flow control: A methodology used to ensure that receiving units are not overwhelmed with data
from sending devices when buffers at a receiving unit are full, a message is transmitted to the
sending unit to temporarily halt trans-missions until all the data in the receiving buffer has been
processed and the buffer is again ready for action.
Sequencing: is used to number segments before sending so they can be put back together again
in the correct order at the receiving side.
Acknowledgment: When the receiver gets the data, it sends a response telling the sender that
the data have been safely arrived.
Question 7
Which network device functions only at Layer 1 of the OSI model?
A. bridge
B. hub
C. NIC
D. router
E. switch

Answer: B
Explanation
In CCNA, the popular devices operate in Layer 1 are hub and repeater.

Question 1
Which protocol uses a connection-oriented service to deliver files between end systems?
A. TFTP
B. DNS
C. FTP
D. SNMP
E. RIP

Answer: C
Explanation
File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to
another host over TCP-based network, such as the Internet.
Question 2
On a Cisco switch, which protocol determines if an attached VoIP phone is from Cisco or from
another vendor?
A. RTP
B. TCP
C. CDP
D. UDP

Answer: C
Explanation
Cisco Discovery Protocol (CDP) is a proprietary protocol of Cisco so if you can see the VoIP phone
via the show cdp neighbors command on a Cisco switch then that phone is from Cisco.
Question 3
Which transport layer protocol provides best-effort delivery service with no acknowledgment
receipt required?
A. HTTP
B. IP
C. TCP
D. Telnet
E. UDP

Answer: E
Explanation
User Datagram Protocol (UDP) provides a connectionless datagram service that offers best-effort
delivery, which means that UDP does not guarantee delivery or verify sequencing for any
datagrams. UDP is typically used by programs that transmit small amounts of data at one time or
have real-time requirements (voice, for example).
Question 4
Which statements accurately describe CDP? (Choose three)
A. CDP is an IEEE standard protocol.
B. CDP is a Cisco proprietary protocol.
C. CDP is a datalink layer protocol.
D. CDP is a network layer protocol.
E. CDP can discover directly connected neighboring Cisco devices.
F. CDP can discover Cisco devices that are not directly connected.

Answer: B C E
Explanation
CDP is a device discovery protocol that runs over Layer 2. We can view the CDP information with
the show cdp neighbors command (thus the provided information is at layer 2), notice this
command only shows information about directly connected devices. The output of the show cdp
neighbors command is shown below:

There are 3 columns you must pay attention to:
* Local interface: type & ID of the local interface on which CDP information of the neighbor were
received.
* Device platform: the neighboring device model.
* Port ID: the connected interface of the neighbor.
Question 5
A workstation has just resolved a browser URL to the IP address of a server. What protocol will the
workstation now use to determine the destination MAC address to be placed into frames directed
toward the server?
A. HTTP
B. DNS
C. DHCP
D. RARP
E. ARP

Answer: E
Explanation
After resolving a browser URL to an IP address (via DNS server), the workstation must learn the
MAC address of the server so that it can create a complete packet (a complete packet requires
destination MAC and IP address, source MAC and IP address). Therefore the workstation must use
ARP to find out the MAC address from the IP address.
Question 6
How does TCP differ from UDP? (Choose two)
A. TCP provides best effort delivery.
B. TCP provides synchronized communication.
C. TCP segments are essentially datagrams.
D. TCP provides sequence numbering of packets.
E. TCP uses broadcast delivery.

Answer: B D
Explanation
Before two computers can communicate over TCP, they must synchronize their initial sequence
numbers (ISN) -> B is correct.
TCP uses a sequence number to identify each byte of data. The sequence number identifies the
order of the bytes sent from each computer so that the data can be reconstructed in order,
regardless of any fragmentation, disordering, or packet loss that may occur during transmission ->
D is correct.
Question 7
Refer to the exhibit. The two routers have had their startup configurations cleared and have been
restarted. At a minimum, what must the administrator do to enable CDP to exchange information
between R1 and R2?

A. Configure the router with the cdp enable command.
B. Enter no shutdown commands on the R1 and R2 fa0/1 interfaces.
C. Configure IP addressing and no shutdown commands on both the R1 and R2 fa0/1 interfaces.
D. Configure IP addressing and no shutdown commands on either of the R1 or R2 fa0/1 interfaces.

Answer: B
Explanation
By default CDP is enabled on Cisco routers -> A is not correct.
CDP runs at Layer 2 in the OSI model and it does not need an IP address to run -> C & D are not
correct.
Question 8
Which statements are true regarding ICMP packets? (Choose two)
A. They acknowledge receipt of TCP segments.
B. They guarantee datagram delivery
C. TRACERT uses ICMP packets.
D. They are encapsulated within IP datagrams.
E. They are encapsulated within UDP datagrams

Answer: C D
Explanation
Tracert (or traceroute) is used to trace the path between the sender and the destination host.
Traceroute works by sending packets with gradually increasing Time-to-Live (TTL) value, starting
with TTL value = 1. The first router receives the packet, decrements the TTL value and drops the
packet because it then has TTL value zero. The router sends an ICMP Time Exceeded message
back to the source. The next set of packets are given a TTL value of 2, so the first router forwards
the packets, but the second router drops them and replies with ICMP Time Exceeded. Proceeding
in this way, traceroute uses the returned ICMP Time Exceeded messages to build a list of routers
that packets traverse, until the destination is reached and returns an ICMP Echo Reply message ->
C is correct.
ICMP is encapsulated in an IP packet. In particular, the ICMP message is encapsulated in the IP
payload part of an IP datagram -> D is correct.
Note: The TRACERT command on Windows Operating System uses ICMP while MAC OS X and
Linux TRACEROUTE use UDP.
Question 9
Refer to the exhibit. If CDP is enabled on all devices and interfaces, which devices will appear in
the output of a show cdp neighbors command issued from R2?

A. R2 and R3
B. R1 and R3
C. R3 and S2
D. R1, S1, S2, and R3
E. R1, S1, S2, R3, and S3

Answer: C
Explanation
CDP runs at Layer 2 so it can recognize a switch (if that switch also runs CDP).

ICND2
Question 1
Which two statements about using the CHAP authentication mechanism in a PPP link are true?
(Choose two)
A. CHAP uses a two-way handshake.
B. CHAP uses a three-way handshake.
C. CHAP authentication periodically occurs after link establishment.
D. CHAP authentication passwords are sent in plaintext.
E. CHAP authentication is performed only upon link establishment.
F. CHAP has no protection from playback attacks.

Answer: B C
Explanation
Point-to-Point Protocol (PPP) can use either Password Authentication Protocol (PAP) or Challenge
Handshake Authentication Protocol (CHAP) for authentication. CHAP is used upon initial link
establishment and periodically to make sure that the router is still communicating with the same
host. CHAP passwords arc exchanged as message digest algorithm 5 (MD5) hash values.
The three-way handshake steps are as follows:
Challenge: The authenticator generates a frame called a Challenge and sends it to the initiator.
This frame contains a simple text message (sometimes called the challenge text). The message
has no inherent special meaning so it doesnt matter if anyone intercepts it. The important thing is
that after receipt of the Challenge both devices have the same challenge message.
Response: The initiator uses its password (or some other shared secret that the authenticators
also knows) to encrypt the challenge text. It then sends the encrypted challenge text as a
Response back to the authenticator.
Success or Failure: The authenticator performs the same encryption on the challenge text that
the initiator did. If the authenticator gets the same result that the initiator sent it in the Response,
the authenticator knows that the initiator had the right password when it did its encryption, so the
authenticator sends back a Success message. Otherwise, it sends a Failure message.
(Reference: CCNA Quick Reference Sheets
Question 2
Refer to the exhibit. Hosts in network 192.168.2.0 are unable to reach hosts in network
192.168.3.0. Based on the output from RouterA, what are two possible reasons for the failure?
(Choose two)

A. The cable that is connected to S0/0 on RouterA is faulty.
B. Interface S0/0 on RouterB is administratively down.
C. Interface S0/0 on RouterA is configured with an incorrect subnet mask.
D. The IP address that is configured on S0/0 of RouterB is not in the correct subnet.
E. Interface S0/0 on RouterA is not receiving a clock signal from the CSU/DSU.
F. The encapsulation that is configured on S0/0 of RouterB does not match the encapsulation that
is configured on S0/0 of RouterA.

Answer: E F
Explanation
From the output we see the Serial0/0 of RouterA is in status up/protocol down state which
indicates a Layer 2 problem so the problem can be:
+ Keepalives mismatch
+ Encapsulation mismatch
+ Clocking problem

Which command is used to enable CHAP authentication with PAP as the fallback method on a serial
interface?
A. (config-if)# authentication ppp chap fallback ppp
B. (config-if)# authentication ppp chap pap
C. (config-if)# ppp authentication chap pap
D. (config-if)# ppp authentication chap fallback ppp

Answer: C
Explanation
The command ppp authentication chap pap command indicates the CHAP authentication is used
first. If it fails or is rejected by other side then uses PAP instead. If you want to use PAP first (then
CHAP) you can use the ppp authentication pap chap command.
Question 4Which Layer 2 protocol encapsulation type supports synchronous and asynchronous
circuits and has built-in security mechanisms?
A. HDLC
B. PPP
C. X.25
D. Frame Relay

Answer: B
Explanation
PPP supports both synchronous (like analog phone lines) and asynchronous circuits (such as ISDN
or digital links). With synchronous circuits we need to use clock rate.
Note: Serial links can be synchronous or asynchronous. Asynchronous connections used to be only
available on low-speed (<2MB) serial interfaces, but now, there are the new HWICs (High-Speed
WAN Interface Cards) which also support asynchronous mode. To learn more about them please
visit
Question 5
At which layer of the OSI model does PPP perform?
A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 5

Answer: A
Explanation
Layer 2 includes the popular WAN standards, such as the Point-to-Point Protocol (PPP), High-Level
Data-Link Control (HDLC) and Frame Relay protocols.

Question 6
Which PPP subprotocol negotiates authentication options?
A. NCP
B. ISDN
C. SUP
D. LCP
E. DLCI

Answer: D
Explanation
Link Control Protocol (LCP) is a subprotocol within the Point-to-Point Protocol protocol suite that is
responsible for link management. During establishment of a PPP communication session, LCP
establishes the link, configures PPP options, and tests the quality of the line connection between
the PPP client and PPP server. LCP automatically handles encapsulation format options and varies
packet sizes over PPP communication links.
LCP also negotiates the type of authentication protocol used to establish the PPP session. Different
authentication protocols are supported for satisfying the security needs of different environments.
Other subprotocol within PPP is Network Control Protocol (NCP), which is used to allow multiple
Network layer protocols (routed protocols) to be used on a point-to-point connection

Question 7
Which two options are valid WAN connectivity methods? (Choose two)
A. PPP
B. WAP
C. DSL
D. L2TPv3
E. Ethernet

Answer: A CQuestion 8
Refer to the exhibit. Which WAN protocol is being used?

A. ATM
B. HDLC
C. Frame Relay
D. PPP

Answer: C
Explanation
Local Management Interface (LMI) is a signaling standard protocol used between your router (DTE)
and the first Frame Relay switch. From the output we learn this interface is sending and receiving
LMI messages -> Frame Relay is being used.
Question 9
Refer to the exhibit. The show interfaces serial 0/1 command was issued on the R10-1 router.
Based on the output displayed which statement is correct?

A. The cable connected to the serial 0/1 interface of the R10-1 router is a DTE cable.
B. The R10-1 router can ping the router interface connected to the serial 0/1 interface.
C. The clock rate used for interface serial 0/1 of the R10-1 router is 1,544,000 bits per second.
D. The CSU used with the serial 0/1 interface of the R10-1 router has lost connection to the
service provider.
E. The interface of the remote router connected to the serial 0/1 interface of the R10-1 router is
using the default serial interface encapsulation.

Answer: E
Explanation
From the output, we see the the line Serial0/1 is up, line protocol is up. That means the link is
good and the interface is functioning normally. Also the encapsulation used on this interface is
HDLC -> The other end must use the same encapsulation. Otherwise the line protocol will go
down.
Question 10A network administrator needs to configure a serial link between the main office and
a remote location. The router at the remote office is a non-Cisco router. How should the network
administrator configure the serial interface of the main office router to make the connection?
A. Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# no shut
B. Main(config)# interface serial 0/0
Main(config-if)# encapsulation ppp
C. Main(config)# interface serial 0/0
Main(config-if)# encapsulation frame-relay
Main(config-if)# authentication chap
D. Main(config)# interface serial 0/0
Main(config-if)#ip address 172.16.1.1 255.255.255.252
Main(config-if)#encapsulation ietf

Answer: B
Explanation
The router at the remote office is a non-Cisco router so we cannot use HDLC which is a Cisco
proprietary protocol -> A is not correct (HDLC is the default protocol on Cisco router for serial
connection so we dont need to type any command).
Frame Relay does not support authentication but if we run PPP over Frame Relay then we can use
PAP or CHAP. Answer C does not have enough commands for this type of configuration -> C is not
correct.
Cisco routers have two kinds of Frame Relay encapsulation: IETF or Cisco. A non-Cisco device does
not understand Frame Relay Cisco encapsulation so if two routers use different kind of Frame
Relay encapsulation, they cannot operate. So if we have a non-Cisco device we have to configure
encapsulation ietf on both ends so that they can work. But the correct command should be
encapsulation frame-relay ietf -> D is not correct.
Note: The encapsulation frame-relay ietf command uses to encapsulate outgoing frames with
IETF. Incoming frames can still be decapsulated even if the interface is configured with Cisco
encapsulation

Question 11
Refer to the exhibit:

Assuming that the entire network topology is shown, what is the operational status of the
interfaces of R2 as indicated by the command output shown?
A. One interface has a problem.
B. Two interfaces have problems.
C. The interfaces are functioning correctly.
D. The operational status of the interfaces cannot be determined from the output shown.

Answer: C
If you are not sure about Frame Relay, please read my Frame Relay tutorial.
Question 1
What can be done to Frame Relay to resolve split-horizon issues?(Choose two)
A. Disable Inverse ARP.
B. Create a full-mesh topology.
C. Develop multipoint subinterfaces.
D. Configure point-to-point subinterfaces.
E. Remove the broadcast keyword from the frame-relay map command.

Answer: B D
Explanation
SPLIT HORIZON: A router never sends information about a route back in same direction which is
original information came, routers keep track of where the information about a route came from.
Means when router A sends update to router B about any failure network, router B does not send
any update for same network to router A in same direction.
Therefore in order to resolve split-horizon issue, we can create a full-mesh topology (a network
topology in which there is a direct link between all pairs of nodes) so that all the routers can learn
all the routes advertised by the neighbors -> B is correct.
Configuring Point-to-point subinterfaces is a good way to resolve the split-horizon issue because
each subinterface is treated as a separate interface so an interface can send and receive
information about a route -> D is correct.
If you are not sure about Frame Relay, please read my Frame Relay tutorial.

Question 2
Which encapsulation type is a Frame Relay encapsulation type that is supported by Cisco routers?
A. IETF
B. ANSI Annex D
C. Q9333-A Annex A
D. HDLC

Answer: A
Explanation
Cisco supports two Frame Relay encapsulation types: the Cisco encapsulation and the IETF
Frame Relay encapsulation, which is in conformance with RFC 1490 and RFC 2427. The former
is often used to connect two Cisco routers while the latter is used to connect a Cisco router to a
non-Cisco router. You can test with your Cisco router when typing the command Router(config-
if)#encapsulation frame-relay ? on a WAN link. Below is the output of this command (notice
Cisco is the default encapsulation so it is not listed here, just press Enter to use it).

Note: Three LMI options are supported by Cisco routers are ansi, Cisco, and Q933a. They
represent the ANSI Annex D, Cisco, and ITU Q933-A (Annex A) LMI types, respectively.
HDLC is a WAN protocol same as Frame-Relay and PPP so it is not a Frame Relay encapsulation
type.
Question 3What are two characteristics of Frame Relay point-to-point subinterfaces? (Choose
two)
A. They create split-horizon issues.
B. They require a unique subnet within a routing domain.
C. They emulate leased lines.
D. They are ideal for full-mesh topologies.
E. They require the use of NBMA options when using OSPF.

Answer: B CIn this part we will continue to discuss about other important Frame Relay
parameters
DLCI
Although the above picture shows two VCs from the HeadQuarter but do you remember that the
HeadQuarter only has only one serial interface? So how can it know which branch it should send
the frame to?
Frame-relay uses data-link connection identifiers (DLCIs) to build up logical circuits. The identifiers
have local meaning only, that means that their values are unique per router, but not necessarily in
the other routers. For example, there is only one DLCI of 23 representing for the connection from
HeadQuarter to Branch 1 and only one DLCI of 51 from HeadQuarter to Branch 2. Branch 1 can
use the same DLCI of 23 to represent the connection from it to HeadQuarter. Of course it can use
other DLCIs as well because DLCIs are just local significant.

By including a DLCI number in the Frame Relay header, HeadQuarter can communicate with both
Branch 1 and Branch 2 over the same physical circuit.
DLCI values typically are assigned by the Frame Relay service provider (for example, the
telephone company). In Frame Relay, DLCI is a 10-bit field.
Before DLCI can be used to route traffic, it must be associated with the IP address of its remote
router. For example, suppose that:
+ HeadQuarters IP address is 9.9.9.9
+ Branch 1s IP address is 1.1.1.1
+ Branch 2s IP address is 2.2.2.2

Then the HeadQuarter will need to map Branch 1 IP address to DLCI 23 & map Branch 2 IP
address to DLCI 51. After that it can encapsulate data inside a Frame Relay frame with an
appropriate DLCI number and send to the destination. The mapping of DLCIs to Layer 3 addresses
can be handled manually or dynamically.

* Manually (static): the administrators can statically assign a DLCI to the remote IP address by
the following statement:
Router(config-if)#frame-relay map protocol dlci [broadcast]
For example HeadQuarter can assign DLCIs of 23 & 51 to Branch 1 & Branch 2 with these
commands:
HeadQuarter(config-if)#frame-relay map ip 1.1.1.1 23 broadcast
HeadQuarter(config-if)#frame-relay map ip 2.2.2.2 51 broadcast
We should use the broadcast keyword here because by default split-horizon will prevent routing
updates from being sent back on the same interface it received. For example, if Branch 1 sends an
update to HeadQuarter then HeadQuarter cant send that update to Branch 2 because they are
received and sent on the same interface. By using the broadcast keyword, we are telling the
HeadQuarter to send a copy of any broadcast or multicast packet received on that interface to the
virtual circuit specified by the DLCI value in the frame-relay map statement. In fact the copied
packet will be sent via unicast (not broadcast) so sometimes it is called pseudo-broadcast.
Note: frame-relay interface-dlci command can be used to statically assign (bind) a DLCI number
to a physical interface.
Note: In fact, we need to run a routing protocol (like OSPF, EIGRP or RIP) to make different
networks see each other
* Dynamic: the router can send an Inverse ARP Request to the other end of the PVC for its
Layer 3 address. In short, Inverse ARP will attempt to learn its neighboring devices IP addresses
and automatically create a dynamic map table. By default, physical interfaces have Inverse ARP
enabled.
We will take an example of how Inverse ARP works with the topology above. At the beginning, all
routers are not configured with static mapping and HeadQuarter has not learned the IP addresses
of Branch 1 & 2 yet. It only has 2 DLCI values on s0/0 interface (23 & 51). Now it needs to find
out who are attached to these DLCIs so it sends an Inverse ARP Request on s0/0 interface. Notice
that the router will send Inverse ARP Request out on every DLCI associated with the interface.

In the Inverse ARP Request, HeadQuarter also includes its IP 9.9.9.9. When Branch 1 & 2 receive
this request, they send back an Inverse ARP Reply with their own IP addresses.

Now all the routers have a pair of DLCI & IP address of the router at the other end so data can be
forwarded to the right destination.
In this example you can see that each router has a DLCI first (Layer 2) and it needs to find out the
IP address (Layer 3). This process is opposite of the ARP process (ARP translates Layer 3 address
to Layer 2 address) so it is called Inverse ARP.
After the Inverse ARP process completes, we can use the show frame-relay map to check. The
word dynamic indicates the mapping was learned through Inverse ARP (the output below is not
related to the above topology):

By default, routers send Inverse ARP messages on all active DLCIs every 60 seconds.
Another thing you should notice is when you supply a static map (via frame-relay map
command), Inverse ARP is automatically disabled for the specified protocol on the specified DLCI.
Question 4
What is the result of issuing the frame-relay map ip 192.168.1.2 202 broadcast command?
A. defines the destination IP address that is used in all broadcast packets on DLCI 202
B. defines the source IP address that is used in all broadcast packets on DLCI 202
C. defines the DLCI on which packets from the 192.168.1.2 IP address are received
D. defines the DLCI that is used for all packets that are sent to the 192.168.1.2 IP address

Answer: D
Question 5
What does the frame-relay interface-dlci command configure?
A. local DLCI on the subinterface
B. remote DLCI on the main interface
C. remote DLCI on the subinterface
D. local DLCI on the main interface

Answer: A
Explanation
When configuring on a point-to-point subinterface, the command frame-relay interface-dlci
associates the selected point-to-point subinterface with a DLCI. But remember that the DLCI
number in this command is the local DLCI. An example of using this command is shown below:
R1(config)#interface Serial0/0.1 point-to-point
R1(config-subif)#ip address 192.168.1.1 255.255.255.252
R1(config-subif)#frame-relay interface-dlci 1
R1(config-fr-dlci)#exit
Question 6
What command is used to verify the DLCI destination address in a Frame Relay static
configuration?
A. show frame-relay pvc
B. show frame-relay lmi
C. show frame-relay map
D. show frame relay end-to-end

Answer: C
Explanation
An example of the output of show frame-relay map command is shown below:

We can see the IP address 172.16.3.1 is associated with the DLCI 100.
Question 7
What occurs on a Frame Relay network when the CIR is exceeded?
A. All TCP traffic is marked discard eligible.
B. All UDP traffic is marked discard eligible and a BECN is sent.
C. All TCP traffic is marked discard eligible and a BECN is sent.
D. All traffic exceeding the CIR is marked discard eligible.

Answer: D
Explanation
Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the
Frame Relay switch. Frames that are sent in excess of the CIR are marked as discard eligible (DE)
which means they can be dropped if the congestion occurs within the Frame Relay network.
Note: In the Frame Relay frame format, there is a bit called Discard eligible (DE) bit that is used to
identify frames that are first to be dropped when the CIR is exceeded.
Question 8
What is the purpose of Inverse ARP?
A. to map a known IP address to a MAC address
B. to map a known DLCI to a MAC address
C. to map a known MAC address to an IP address
D. to map a known DLCI to an IP address
E. to map a known IP address to a SPID
F. to map a known SPID to a MAC address

Answer: DQuestion 9
What is the advantage of using a multipoint interface instead of point-to-point subinterfaces when
configuring a Frame Relay hub in a hub-and-spoke topology?
A. It avoids split-horizon issues with distance vector routing protocols.
B. IP addresses can be conserved if VLSM is not being used for subnetting.
C. A multipoint interface offers greater security compared to point-to-point subinterface
configurations.
D. The multiple IP network addresses required for a multipoint interface provide greater
addressing flexibility over point-to-point configurations.

Answer: B
Explanation
A main advantage of configuring Frame Relay multipoint compared to point-to-point subinterfaces
is we can assign IP addresses on the same subnets/networks to the interfaces of Frame Relay
switch, thus saving the subnets/networks you haveQuestion 10
Which command allows you to verify the encapsulation type (CISCO or IETF) for a frame relay
link?
A. show frame-relay map
B. show frame-relay lmi
C. show inter serial
D. show frame-relay pvc

Answer: A
Explanation
The show frame-relay map command displays the current map entries and information about the
connections, including encapsulation type.
You can check Table 33 in the following link:
http://www.cisco.com/en/US/docs/ios/12_2/wan/command/reference/wrffr4.html#wp1029343
It clearly states there is a Field which can be Cisco or IETF, which indicates the encapsulation type
for this map. We quote that Table 33 here for your quick reference (you will see what we want to
imply in bold):
Field Description
Serial 1 (administratively
down)
Identifies a Frame Relay interface and its status (up or down).
ip 131.108.177.177 Destination IP address.
dlci 177 (0xB1,0x2C10)
DLCI that identifies the logical connection being used to reach this
interface. This value is displayed in three ways: its decimal value
(177), its hexadecimal value (0xB1), and its value as it would
appear on the wire (0x2C10).
static Indicates whether this is a static or dynamic entry.
CISCO Indicates the encapsulation type for this map; either CISCO
or IETF.
TCP/IP Header
Compression (inherited),
passive (inherited)
Indicates whether the TCP/IP header compression characteristics
were inherited from the interface or were explicitly configured for
the IP map.

The show frame-relay lmi gives us information about the LMI encapsulation type used by the
Frame Relay interface, which can be ANSI, CISCO or Q933a. Therefore it is not what the question
requires (CISCO or IETF).

Frame-relay 2Question 1
The command show frame-relay map gives the following output:
Serial 0 (up): ip 192.168.151.4 dlci 122, dynamic, broadcast, status defined, active
Which statements represent what is shown? (Choose three)
A. 192.168.151.4 represents the IP address of the remote router
B. 192.168.151.4 represents the IP address of the local serial interface
C. DLC1122 represents the interface of the remote serial interface
D. DLC1122 represents the local number used to connect to the remote address
E. broadcast indicates that a dynamic routing protocol such as RIP v1 can send packets across this
PVC
F. active indicates that the ARP process is working
Question 2
The output of the show frame-relay pvc command shows PVC STATUS=INACTIVE. What does
this mean?
A. The PVC is configured correctly and is operating normally,but no data packets have been
detected for more than five minutes.
B. The PVC is configured correctly, is operating normally and is no longer actively seeking the
address the remote route.
C. The PVC is configured correctly, is operating normally and is waiting for interesting to trigger a
call to the remote router.
D. The PVC is configured correctly on the local switch, but there is a problem on the remote end of
the PVC.
E. The PVC is not configured on the switch.

Answer: D

Question 3
What two statistics appear in show frame-relay map output? (Choose two)
A. The number of FECN packets that are received by the router
B. The number of BECN packets that are received by the router
C. The ip address of the local router
D. The value of the local DLCI
E. The status of the PVC that is configured on the router

Answer: D E
Explanation
An example of the output of this command is shown below:

From the output we can see the local DLCI (102 & 103) and the status of the PVC configured on
the router (both are defined, active).
Vlan and TrunkingQuestion 1
Which three of these statements regarding 802.1Q trunking are correct? (Choose three)
A. 802.1Q native VLAN frames are untagged by default.
B. 802.1Q trunking ports can also be secure ports.
C. 802.1Q trunks can use 10 Mb/s Ethernet interfaces.
D. 802.1Q trunks require full-duplex, point-to-point connectivity.
E. 802.1Q trunks should have native VLANs that are the same at both ends.

Answer: A C E
Explanation
Native VLAN frames are carried over the trunk link untagged -> A is correct.
802.1Q trunking ports carry all the traffic of all VLANs so it cannot be the secure ports. A secure
port should be only configured to connect with terminal devices (hosts, printers, servers) -> B is
not correct.
The Inter-Switch Link (ISL) encapsulation requires FastEthernet or greater to operate but 802.1q
supports 10Mb/s Ethernet interfaces. -> C is correct.
802.1Q supports point-to-multipoint connectivity. Although in Cisco implementation, a trunk is
considered a point-to-point link but 802.1q encapsulation can be used on an Ethernet segment
shared by more than two devices. Such a configuration is seldom needed but is still possible with
the disablement of DTP negotiation. -> D is not correct (Reference:
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008012ecf3.
shtml)
The native VLAN that is configured on each end of an 802.1Q trunk must be the same. This is
because when a switch receives an untagged frame, it will assign that frame to the native VLAN. If
one end is configured VLAN1 as the native VLAN while the other end is configured VLAN2 as the
native VLAN, a frame sent in VLAN1 on one side will be received on VLAN2 on the other side -> E
is correct

Question 2
Refer to the exhibit. A technician has configured the FastEthernet 0/1 interface on Sw11 as an
access link in VLAN 1. Based on the output from the show vlan brief command issued on Sw12,
what will be the result of making this change on Sw11?

A. Only the hosts in VLAN 1 on the two switches will be able to communicate with each other.
B. The hosts in all VLANs on the two switches will be able to communicate with each other.
C. Only the hosts in VLAN 10 and VLAN 15 on the two switches will be able to communicate with
each other.
D. Hosts will not be able to communicate between the two switches.

Answer: D
Explanation
Fa0/1 of Switch11 is configured as an access link of VLAN1 so only frames in VLAN1 can
communicate through the two switches. But from the output above we see there is no interface
belongs to VLAN1 on Switch12 -> no hosts can communicate between the two switches
Question 3

What can be determined about the interfaces of the Main_Campus router from the output shown?
A. The LAN interfaces are configured on different subnets.
B. Interface FastEthernet 0/0 is configured as a trunk.
C. The Layer 2 protocol of interface Serial 0/1 is NOT operational.
D. The router is a modular router with five FastEthernet interfaces.
E. Interface FastEthernet 0/0 is administratively deactivated.

Answer: B
Explanation
We cant confirm answer B is totally correct but all other answers are wrong so B is the best
choice.
+ We only have 1 LAN interface on Main_Campus router with 4 subinterfaces -> answer A is not
correct (although it is a bit unclear).
+ The protocol column of interface Serial0/1 is up so its Layer 2 is operating correctly -> answer
C is not correct.
+ This router has only 1 FastEthernet interface -> answer D is not correct.
+ The status column of Fa0/0 is currently up so it is operating -> answer E is not correct.
Comments (19) Comments

Explanation
The PVC STATUS displays the status of the PVC. The DCE device creates and sends the report to
the DTE devices. There are 4 statuses:
+ ACTIVE: the PVC is operational and can transmit data
+ INACTIVE: the connection from the local router to the switch is working, but the connection to
the remote router is not available
+ DELETED: the PVC is not present and no LMI information is being received from the Frame Relay
switch
+ STATIC: the Local Management Interface (LMI) mechanism on the interface is disabled (by using
the no keepalive command). This status is rarely seen so it is ignored in some books.

Question 1

Which two statements are true about interVLAN routing in the topology that is shown in the
exhibit? (Choose two)
A. Host E and host F use the same IP gateway address.
B. Routed and Switch2 should be connected via a crossover cable.
C. Router1 will not play a role in communications between host A and host D.
D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.
E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.
F. The FastEthernet 0/0 interface on Router1 and Switch2 trunk ports must be configured using
the same encapsulation type.

Answer: D FQuestion 2

What commands must be configured on the 2950 switch and the router to allow communication
between host 1 and host 2? (Choose two)
A. Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shut down
B. Router(config)#interface fastethernet 0/0
Router(config-if)#no shutdown
Router(config)#interface fastethernet 0/0.1
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
Router(config-subif)#interface fastethernet 0/0.2
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 192.168.20.1 255.255.255.0
C. Router (config)#router eigrp 100
Router(config-router)#network 192.168.10.0
Router(config-router)#network 192.168.20.0
D. Switch1(config)# vlan database
Switch1(config-vlan)# vtp domain XYZ
Switch1(config-vlan)# vtp server
E. Switch1(config)# interface fastEthernet 0/1
Switch1(config-if)# switchport mode trunk
F. Switch1(config)# interface vlan 1
Switch1(config-if)# ip default-gateway 192.168.1.1

Answer: B E
Explanation
The two answers B and E list all the commands needed to configure interVLAN routing. Please
notice that Cisco switch 2950, 2960 only support dot1Q trunking so we dont need to specify which
trunking encapsulation to use in this case. For Cisco switches 3550 or above we have to use these
commands instead:
Switch3550(config-if)#switchport trunk encapsulation dot1q
Switch3550(config-if)#switchport mode trunk

Question 3
Which three statements are typical characteristics of VLAN arrangements? (Choose three)
A. A new switch has no VLANs configured.
B. Connectivity between VLANs requires a Layer 3 device.
C. VLANs typically decrease the number of collision domains.
D. Each VLAN uses a separate address space.
E. A switch maintains a separate bridging table for each VLAN.
F. VLANs cannot span multiple switches.

Answer: B D E
Explanation
By default, all ports on a new switch belong to VLAN 1 (default & native VLAN). There are also
some well-known VLANs (for example: VLAN 1002 for fddi-default; VLAN 1003 for token-ring)
configured by default -> A is not correct.
To communicate between two different VLANs we need to use a Layer 3 device like router or Layer
3 switch -> B is correct.
VLANs dont affect the number of collision domains, they are the same -> C is not correct.
Typically, VLANs increase the number of broadcast domains.
We must use a different network (or sub-network) for each VLAN. For example we can use
192.168.1.0/24 for VLAN 1, 192.168.2.0/24 for VLAN 2 -> D is correct.
A switch maintains a separate bridging table for each VLAN so that it can send frame to ports on
the same VLAN only. For example, if a PC in VLAN 2 sends a frame then the switch look-ups its
bridging table and only sends frame out of its ports which belong to VLAN 2 (it also sends this
frame on trunk ports) -> E is correct.
We can use multiple switches to expand VLAN -> F is not correct

Question 4

C-router is to be used as a router-on-a-stick to route between the VLANs. All the interfaces have
been properly configured and IP routing is operational. The hosts in the VLANs have been
configured with the appropriate default gateway. What can be said about this configuration?
A. These commands need to be added to the configuration:
C-router(config)# router eigrp 123
C-router(config-router)# network 172.19.0.0
B. No further routing configuration is required.
C. These commands need to be added to the configuration:
C-router(config)# router ospf 1
C-router(config-router)# network 172.19.0.0 0.0.3.255 area 0
D. These commands need to be added to the configuration:
C-router(config)# router rip
C-router(config-router)# network 172.19.0.0

Answer: B
Spanning Tree Protocol
Question 1
Which term describes a spanning-tree network that has all switch ports in either the blocking or
forwarding state?
A. converged
B. redundant
C. provisioned
D. spanned

Answer: A
Explanation
Spanning Tree Protocol convergence (Layer 2 convergence) happens when bridges and switches
have transitioned to either the forwarding or blocking state. When layer 2 is converged, root
bridge is elected and all port roles (Root, Designated and Non-Designated) in all switches are
selectedQuestion 2
Refer to the exhibit. Given the output shown from this Cisco Catalyst 2950, what is the reasons
that interface FastEthernet 0/10 is not the root port for VLAN 2?

A. This switch has more than one interface connected to the root network segment in VLAN 2.
B. This switch is running RSTP while the elected designated switch is running 802.1d Spanning
Tree.
C. This switch interface has a higher path cost to the root bridge than another in the topology.
D. This switch has a lower bridge ID for VLAN 2 than the elected designated switch.

Answer: C

Question 3
Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network
segment that services the printers?

A. Switch1
B. Switch2
C. Switch3
D. Switch4

Answer: C
Explanation
First, the question asks what switch services the printers, so it can be Switch 3 or Switch 4 which
is connected directly to the Printers.
Next, by comparing the MAC address of Switch 3 and Switch 4 we found that the MAC of Switch 3
is smaller. Therefore the interface connected to the Printers of Switch 3 will become designated
interface and the interface of Switch 4 will be blocked.
(Please notice that Switch 1 will become the root bridge because of its lowest priority, not Switch
3)

Question 4
What is one benefit of PVST+?
A. PVST+ supports Layer 3 load balancing without loops.
B. PVST+ reduces the CPU cycles for all the switches in the network.
C. PVST+ allows the root switch location to be optimized per VLAN.
D. PVST+ automatically selects the root bridge location, to provide optimized bandwidth usage.

Answer: C
Explanation
Per VLAN Spanning Tree (PVST) maintains a spanning tree instance for each VLAN configured in
the network. It means a switch can be the root bridge of a VLAN while another switch can be the
root bridge of other VLANs in a common topology. For example, Switch 1 can be the root bridge
for Voice data while Switch 2 can be the root bridge for Video data. If designed correctly, it can
optimize the network trafficQuestion 5
Which port state is introduced by Rapid-PVST?
A. learning
B. listening
C. discarding
D. forwarding

Answer: C
Explanation
PVST+ is based on IEEE802.1D Spanning Tree Protocol (STP). But PVST+ has only 3 port states
(discarding, learning and forwarding) while STP has 5 port states (blocking, listening, learning,
forwarding and disabled). So discarding is a new port state in PVST+.
IP Routing
Question 1
Which two are advantages of static routing when compared to dynamic routing? (choose two)
A. Security increases because only the network administrator may change the routing tables.
B. Configuration complexity decreases as network size increases.
C. Routing updates are automatically sent to neighbors.
D. Route summarization is computed automatically by the router.
E. Routing traffic load is reduced when used in stub network links.
F. An efficient algorithm is used to build routing tables using automatic updates.
G. Routing tables adapt automatically to topology changes.

Answer: A E
Explanation
Static routing can only be configured for each route manually so it is more secure than dynamic
routing which only needs to declare which networks to run -> A is correct.
Also static route does not use any complex algorithm to find out the best path so no routing
updates need to be sent out -> reduce routing traffic load. Static routing is useful especially in
stub network links.
Note: Stub network (or stub router) is used to describe a network (or router) that does not have
any information about other networks except a default route. This type of net
Which parameter would you tune to affect the selection of a static route as a backup, when a
dynamic protocol is also being used?
A. hop count
B. administrative distance
C. link bandwidth
D. link delay
E. link cost

Answer: B
Explanation
By default a static route has the Administrative Distance (AD) of 1, which is always preferred to
dynamic routing protocols. In some cases we may want to use dynamic routing protocols and set
static routes as a backup route when the dynamic routes fail -> we can increase the AD of that
static route to a higher value than the AD of the dynamic routing protocols
ork (or router) usually has only one connection to the outside
Question 2
Which parameter would you tune to affect the selection of a static route as a backup, when a
dynamic protocol is also being used?
A. hop count
B. administrative distance
C. link bandwidth
D. link delay
E. link cost

Answer: B
Explanation
By default a static route has the Administrative Distance (AD) of 1, which is always preferred to
dynamic routing protocols. In some cases we may want to use dynamic routing protocols and set
static routes as a backup route when the dynamic routes fail -> we can increase the AD of that
static route to a higher value than the AD of the dynamic routing protocols.
Question 3
Which statement is true, as relates to classful or classless routing?
A. RIPV1 and OSPF are classless routing protocols.
B. Classful routing protocols send the subnet mask in routing updates.
C. Automatic summarization at classful boundaries can cause problems on discontigous networks.
D. EIGRP and OSPF are classful routing protocols and summarize routes by default.

Answer: C
Explanation
Discontiguous networks are networks that have subnets of a major network separated by a
different major network. Below is an example of discontiguous networks where subnets
10.10.1.0/24 and 10.10.2.0/24 are separated by a 2.0.0.0/8 network.

If we configure automatic summarization at classful boundaries, users on network 10.10.1.0/24
cannot communicate with users on network 10.10.2.0/24.
If you are not clear about automatic summarization please read the last part of this tutorial:
http://

Question 4
A technician pastes the configurations in the exhibit into the two new routers shown. Otherwise,
the routers are configured with their default configurations. A ping from Host1 to Host2 fails, but
the technician is able to ping the S0/0 interface of R2 from Host1. The configurations of the hosts
have been verified as correct. What is the cause of the problem?

A. The serial cable on R1 needs to be replaced.
B. The interfaces on R2 are not configured properly.
C. R1 has no route to the 192.168.1.128 network.
D. The IP addressing scheme has overlapping subnetworks.
E. The ip subnet-zero command must be configured on both routers.

Answer: C
Explanation
Host1 can ping the Serial interface of R2 because R1 has the network of 192.168.1.4/30 as
directly connected route. But R1 does not know how to route to the network of Host2
(192.168.1.128/26) so R1 will drop that ping without trying to send it out S0/0 interface. To make
the ping work, we have to configure a route pointing to that network (for example: ip route
192.168.1.128 255.255.255.192 s0/0 on R1).
Question 5
Refer to the exhibit. The Lakeside Company has the internetwork in the exhibit. The Administrator
would like to reduce the size of the routing table to the Central Router. Which partial routing table
entry in the Central router represents a route summary that represents the LANs in Phoenix but no
additional subnets?

A 10.0.0.0 /22 is subnetted, 1 subnet
D 10.0.0.0 [90/20514560] via 10.2.0.2 6w0d, serial 0/1
B 10.0.0.0 /28 is subnetted, 1 subnet
D 10.2.0.0 [90/20514560] via 10.2.0.2 6w0d, serial 0/1
C 10.0.0.0 /30 is subnetted, 1 subnet
D 10.2.2.0 [90/20514560] via 10.2.0.2 6w0d, serial 0/1
D 10.0.0.0 /22 is subnetted, 1 subnet
D 10.4.0.0 [90/20514560] via 10.2.0.2 6w0d, serial 0/1
E 10.0.0.0 /28 is subnetted, 1 subnet
D 10.4.4.0 [90/20514560] via 10.2.0.2 6w0d, serial 0/1
F 10.0.0.0 /30 is subnetted, 1 subnet
D 10.4.4.4 [90/20514560] via 10.2.0.2 6w0d, serial 0/1

Answer: D
Explanation
All the above networks can be summarized to 10.0.0.0 network but the question requires to
represent the LANs in Phoenix but no additional subnets so we must summarized to 10.4.0.0
network. The Phoenix router has 4 subnets so we need to move left 2 bits of /24-> /22 is the
best choice -> D is correct.
Question 6
Refer to the exhibit. How will the router handle a packet destined for 192.0.2.156?

A. The router will drop the packet.
B. The router will return the packet to its source.
C. The router will forward the packet via Serial2.
D. The router will forward the packet via either Serial0 or Serial1.

Answer: C
Explanation
From the output we see a line Gateway of last resort is 192.168.4.1 to network 0.0.0.0. Gateway
of last resort refers to the next-hop router of a routers current default route. Therefore all the
traffic through this router to destination networks not matching any other networks or subnets in
the routing table will be sent to 192.168.4.1 (which is on Serial2) -> packet destined for
192.0.2.156 (or an unknown destination) will be forwarded via Serial2.
An weird thing in the output above is the missing of the asterisk mask (*) which represents for the
candidate default route. To set the Gateway of last resort is 192.168.4.1 to network 0.0.0.0 as
the output above we can use these commands:
ip route 0.0.0.0 0.0.0.0 192.168.4.1
ip default-network 192.168.4.0
But these commands will create an static routing in the routing table with an asterisk mask. Maybe
the output shown above is missing that route.
For more information about the command ip default-network please visit:

Question 7
Refer to the exhibit. RTA is configured with a basic configuration. The link between the two routers
is operational and no routing protocols are configured on either router. The line shown in the
exhibit is then added to router RTA. Should interface Fa0/0 on router RTB shut down, what effect
will the shutdown have on router RTA?

A. A route to 172.16.14.0/24 will remain in the RTA routing table.
B. A packet to host 172.16.14.225 will be dropped by router RTA
C. Router RTA will send an ICMP packet to attempt to verify the route.
D. Because router RTB will send a poison reverse packet to router RTA, RTA will remove the route.

Answer: A
Explanation
Static routes remain in the routing table even if the specified gateway becomes unavailable. If the
specified gateway becomes unavailable, you need to remove the static route from the routing table
manually. However, static routes are removed from the routing table if the specified interface goes
down, and are reinstated when the interface comes back up.
Therefore the static route will only be removed from the routing table if the S0/0 interface on RTA
is shutdown.
Question 1

R1 routing commands:
ip route 0.0.0.0 0.0.0.0 serial0/0
router ospf 1
network 172.16.100.0 0.0.0.3 area 0
network 172.16.100.64 0.0.0.63 area 0
network 172.16.100.128 0.0.0.31 area 0
default-information originate
Assuming that all router interfaces are operational and correctly configured, that OSPF has been
correctly configured on router R2, how will the default route configured on R1 affect the operation
of R2?
A. Any packet destined for a network that is not directly connected to router R1 will be dropped.
B. Any packet destined for a network that is not referenced in the routing table of router R2 will be
C. Any packet destined for a network that is not directly connected to router R2 will be dropped
immediately.
D. Any packet destined for a network that is not directly connected to router R2 will be dropped
immediately because of the lack of a gateway on R1.

Answer: B
Explanation
First, notice that the more-specific routes will always be favored over less-specific routes
regardless of the administrative distance set for a protocol. In this case, because we use OSPF for
three networks (172.16.100.0 0.0.0.3, 172.16.100.64 0.0.0.63, 172.16.100.128 0.0.0.31) so the
packets destined for these networks will not be affected by the default route.
The default route configured on R1 ip route 0.0.0.0 0.0.0.0 serial0/0 will send any packet whose
destination network is not referenced in the routing table of router R1 to R2, it doesnt drop
anything so answers A, B and C are not correct. D is not correct too because these routes are
declared in R1 and the question says that OSPF has been correctly configured on router R2, so
network directly connected to router R2 can communicate with those three subnetworks.
As said above, the default route configured on R1 will send any packet destined for a network that
is not referenced in its routing table to R2; R2 in turn sends it to R1 because it is the only way and
a routing loop will occur.
Question 2
What information does a router running a link-state protocol use to build and maintain its
topological database? (Choose two)
A. hello packets
B. SAP messages sent by other routers
C. LSAs from other routers
D. beacons received on point-to-point links
E. routing tables received from other link-state routers
F. TTL packets from designated routers

Answer: A C
Explanation
Link-state protocol uses hello packets to discover neighbors and establish adjacencies. After that,
the routers begin sending out LSAs to every neighbor (each received LSA is copied and forwarded
to every neighbor except the one that sent the LSA)
Question 3
Which two statements describe the process identifier that is used in the command to configure
OSPF on a router? (Choose two)
Router(config)# router ospf 1
A. All OSPF routers in an area must have the same process ID.
B. Only one process number can be used on the same router.
C. Different process identifiers can be used to run multiple OSPF processes
D. The process number can be any number from 1 to 65,535.
E. Hello packets are sent to each neighbor to determine the processor identifier.

Answer: C D
Question 4
What is the default administrative distance of OSPF?
A. 90
B. 100
C. 110
D. 120

Answer: C
Explanation
The Administrative Distances (AD) of popular routing protocols are listed below:

Question 5
Refer to the exhibit. The network is converged. After link-state advertisements are received from
Router_A, what information will Router_E contain in its routing table for the subnets
208.149.23.64 and 208.149.23.96?

A. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, FastEthernet0/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, FastEthernet0/0
B. 208.149.23.64[110/1] via 190.173.23.10, 00:00:00:07, Serial1/0
C. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, Serial1/0
D. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, Serial1/0

Answer: A
Explanation
Router_E learns two subnets subnets 208.149.23.64 and 208.149.23.96 via Router_A through
FastEthernet interface. The interface cost is calculated with the formula 10
8
/ Bandwidth. For
FastEthernet it is 10
8
/ 100 Mbps = 10
8
/ 100,000,000 = 1. Therefore the cost is 12 (learned from
Router_A) + 1 = 13 for both subnets -> B is not correct.
The cost through T1 link is much higher than through T3 link (T1 cost = 10
8
/ 1.544 Mbps = 64;
T3 cost = 10
8
/ 45 Mbps = 2) so surely OSPF will choose the path through T3 link -> Router_E will
choose the path from Router_A through FastEthernet0/0, not Serial1/0 -> C & D are not correct.
In fact, we can quickly eliminate answers B, C and D because they contain at least one subnet
learned from Serial1/0 -> they are surely incorrect Question 6
What are three characteristics of the OSPF routing protocol? (Choose three)
A. It converges quickly.
B. OSPF is a classful routing protocol.
C. It uses cost to determine the best route.
D. It uses the DUAL algorithm to determine the best route.
E. OSPF routers send the complete routing table to all directly attached routers.
F. OSPF routers discover neighbors before exchanging routing information.

Answer: A C F
Explanation
OSPF is a link-state routing protocol so it converges more quickly than distance-vector protocol.
OSPF uses cost to determine the best route. The popular formula to calculate OSPF cost is: cost =
10
8
/ Bandwidth [ in kbps] (in fact the formal formula is: cost = reference bandwidth / configured
bandwidth of interface in kbps. On Cisco routers, the reference bandwidth defaults to 100000
kbps)
Question 7

graphic. There is concern that a lack of router resources is impeding internetwork performance.
A. Corp-1
B. Corp-2
C. Corp-3
D. Corp4
E. Branch-1
F. Branch-2

Answer: D F
Explanation
(10.2.20.20) have highest active IP addresses so they will become DRs.

Question 8
Which parameter or parameters are used to calculate OSPF cost in Cisco routers?
A. Bandwidth, Delay and MTU
B. Bandwidth
C. Bandwidth and MTU
D. Bandwidth, MTU, Reliability, Delay and Load

Answer: B
Explanation
The well-known formula to calculate OSPF cost is
Cost = 10
8
/ Bandwidth
so B is the correct answer.

Question 9

Assume that all of the router interfaces are operational and configured correctly. How will router
R2 be affected by the configuration of R1 that is shown in the exhibit?
A. Router R2 will not form a neighbor relationship with R1.
B. Router R2 will obtain a full routing table, including a default route, from R1.
C. R2 will obtain OSPF updates from R1, but will not obtain a default route from R1.
D. R2 will not have a route for the directly connected serial network, but all other directly
connected networks will be present, as well as the two networks connected to R1.

Answer: B
Explanation
The default-information originate command advertises a default route to other routers, telling
something like please send me your unknown traffic. So in this case, besides a full routing table,
R2 will also receive a default route from R1 -> B is correct.
Note: But in this question, the static route should be ip route 0.0.0.0 0.0.0.0 serial0/1 (not
serial0/0), that may cause a routing loop
Question 10
Which commands are required to properly configure a router to run OSPF and to add network
192.168.16.0/24 to OSPF area 0? (Choose two)
A. Router(config)# router ospf 0
B. Router(config)# router ospf 1
C. Router(config)# router ospf area 0
D. Router(config-router)# network 192.168.16.0 0.0.0.255 0
E. Router(config-router)# network 192.168.16.0 0.0.0.255 area 0
F. Router(config-router)# network 192.168.16.0 255.255.255.0 area 0

Answer: B E
Explanation
In the router ospf command, the ranges from 1 to 65535 so o is an invalid number -> B is correct
but A is not correct.
Question 1
Which command is used to display the collection of OSPF link states?
A. show ip ospf link-state
B. show ip ospf Isa database
C. show ip ospf neighbors
D. show ip ospf database

Answer: D
Explanation
The output of the show ip ospf database is shown below:

From the output above we can see LSA Type 1 (Router Link State) and LSA Type 3 (Summary Net
Link State).
Question 2
What are two drawbacks of implementing a link-state routing protocol? (Choose two)
A. the sequencing and acknowledgment of link-state packets
B. the requirement for a hierarchical IP addressing scheme for optimal functionality
C. the high volume of link-state advertisements in a converged network
D. the high demand on router resources to run the link-state routing algorithm
E. the large size of the topology table listing all advertised routes in the converged network

Answer: B D

Question 3

graphic.
There is concern that a lack of router resources is impeding internetwork performance.
A. Corp-1
B. Corp-2
C. Corp-3
D. Corp4
E. Branch-1
F. Branch-2

Answer: D F
Explanation
(10.2.20.20) have highest active IP addresses so they will become DRs Question 4
What is the default maximum number of equal-cost paths that can be placed into the routing of a
Cisco OSPF router?
A. 16
B. 2
C. unlimited
D. 4

Answer: D
Explanation
The default number of equal-cost paths that can be placed into the routing of a Cisco OSPF router
is 4. We can change this default value by using maximum-paths command:
Router(config-router)#maximum-paths 2
Note: Cisco routers support up to 6 equal-cost paths
Question 5
RouterD# show ip interface brief

Given the output for this command, if the router ID has not been manually set, what router ID will
OSPF use for this router?
A. 10.1.1.2
B. 10.154.154.1
C. 172.16.5.1
D. 192.168.5.3

Answer: C
Explanation
The highest IP address of all loopback interfaces will be chosen -> Loopback 0 will be chosen as
the router ID.

Question 6
Refer to the exhibit. Which two statements are true about the loopback address that is configured
on RouterB? (Choose two)

A. It ensures that data will be forwarded by RouterB.
B. It provides stability for the OSPF process on RouterB.
C. It specifies that the router ID for RouterB should be 10.0.0.1.
D. It decreases the metric for routes that are advertised from RouterB.
E. It indicates that RouterB should be elected the DR for the LAN.

Answer: B C
Explanation
A loopback interface never comes down even if the link is broken so it provides stability for the
OSPF process (for example we use that loopback interface as the router-id) -> B is correct.
The router-ID is chosen in the order below:
-> The loopback interface will be chosen as the router ID of RouterB -> C is correct. Question 7
Refer to the exhibit. The network associate is configuring OSPF on the Core router. All the
connections to the branches should be participating in OSPF. The link to the ISP should NOT
participate in OSPF and should only be advertised as the default route. What set of commands will
properly configure the Core router?

A. Core(config-router)#default-information originate
Core(config-router)#network 10.0.0.0 0.255.255.255 area 0
Core(config-router)#exit
Core(config)#ip route 0.0.0.0 0.0.0.0 10.10.2.14
B. Core(config-router)#default-information originate
C. Core(config-router)#default-information originate
D. Core(config-router)#default-information originate

Answer: C
Explanation
The question states that the link to ISP should not participate in OSPF -> answers A, B are not
correct.
In answer D, the network 10.10.2.32 0.0.0.31 area 0 does not cover the IP address of S0/0.103
(10.10.2.21) -> D is not correct.
The default-information originate command advertises a default route to other routers, telling
something like please send me your unknown traffic. So in this case, besides a full routing table,
other routers will also receive a default route from Core router.
But please notice that Core router needs to have a default route in its routing table. That is why
the command ip route 0.0.0.0 0.0.0.0 10.10.2.14 is added to Core router. By adding the
always (after default-information originate command) the default route will be advertised even
if there is no default route in the routing table of router Core.
Question 8

A network associate has configured OSPF with the command:
City(config-router)# network 192.168.12.64 0.0.0.63 area 0
After completing the configuration, the associate discovers that not all the interfaces are
participating in OSPF.
Which three of the interfaces shown in the exhibit will participate in OSPF according to this
configuration statement? (Choose three)
A. FastEthernet0/0
B. FastEthernet0/1
C. Serial0/0
D. Serial0/1.102
E. Serial0/1.103
F. Serial0/1.104

Answer: B C D
Explanation
The network 192.168.12.64 0.0.0.63 equals to network 192.168.12.64/26. This network has:
+ Increment: 64 (/26= 1111 1111.1111 1111.1111 1111.1100 0000)
+ Network address: 192.168.12.64
+ Broadcast address: 192.168.12.127
Therefore all interface in the range of this network will join OSPF -> B C D are correct.
EIGRP Question 1
What does a router do if it has no EIGRP feasible successor route to a destination network and the
successor route to that destination network is in active status?
A. It routes all traffic that is addressed to the destination network to the interface indicated in the
routing table.
B. It sends a copy of its neighbor table to all adjacent routers.
C. It sends a multicast query packet to all adjacent neighbors requesting available routing paths to
the destination network.
D. It broadcasts Hello packets to all routers in the network to re-establish neighbor adjacencies.

Answer: C
Explanation
When a router has no EIGRP feasible successor and the successor route to that destination
network is in active status (the successor route is down, for example) a route recomputation
occurs. A route recomputation commences with a router sending a query packet to all neighbors.
Neighboring routers can either reply if they have feasible successors for the destination or
optionally return a query indicating that they are performing a route recomputation. While in
Active state, a router cannot change the next-hop neighbor it is using to forward packets. Once all
replies are received for a given query, the destination can transition to Passive state and a new
successor can be selected
Question 2
Which statements are true about EIGRP successor routes? (Choose two)
A. A successor route is used by EIGRP to forward traffic to a destination.
B. Successor routes are saved in the topology table to be used if the primary route fails.
C. Successor routes are flagged as active* in the routing table.
D. A successor route may be backed up by a feasible successor route.
E. Successor routes are stored in the neighbor table following the discovery process.

Answer: A D
Question 3
Which type of EIGRP route entry describes a feasible successor?
A. a backup route, stored in the routing table
B. a primary route, stored in the routing table
C. a backup route, stored in the topology table
D. a primary route, stored in the topology table

Answer: C
Explanation
Feasible successor is a route whose Advertised Distance is less than the Feasible Distance of the
current best path. A feasible successor is a backup route, which is not stored in the routing table
but stored in the topology table. Question 4
Refer to the exhibit. Based on the exhibited routing table, how will packets from a host within the
192.168.10.192/26 LAN be forwarded to 192.168.10.1?

A. The router will forward packets from R3 to R2 to R1
B. The router will forward packets from R3 to R1
C. The router will forward packets from R3 to R1 to R2
D. The router will forward packets from R3 to R2 to R1 AND from R3 to R1

Answer: D
Explanation
From the routing table we learn that network 192.168.10.0/30 is learned via 2 equal-cost paths
(192.168.10.9 &192.168.10.5) -> traffic to this network will be load-bala Question 5
Refer to the exhibit. Given the output from the show ip eigrp topology command, which router
is the feasible successor?
Router# show ip eigrp topology 10.0.0.5 255.255.255.255
IP-EIGRP topology entry for 10.0.0.5/32 State is Passive, Query origin flag is 1, 1
Successor(s), FD is 41152000
A.
10.1.0.3 (Serial0), from 10.1.0.3, Send flag is 0x0
Composite metric is (46866176/46354176), Route is Internal
Vector metric:
Minimum bandwidth is 56 Kbit
Total delay is 45000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
B.
10.0.0.2 (Serial0.1), from 10.0.0.2, Send flag is 0x0
Composite metric is (53973248/128256), Route is Internal
Vector metric:
Load is 1/255
Minimum MTU is 1500
Hop count is 1
C.
10.1.0.1 (Serial0), from 10.1.0.1, Send flag is 0x0
Composite metric is (46152000/41640000), Route is Internal Vector
metric:
Load is 1/255
Minimum MTU is 1500
Hop count is 2
D.
10.1.1.1 (SerialO.1), from 10.1.1.1, Send flag is 0x0
Composite metric is (46763776/46251776), Route is External
Vector metric:
Load is 1/255
Minimum MTU is 1500
Hop count is 2

Answer: B
Explanation
First we must notice that all the 4 answers are parts of the show ip eigrp topology output. As you
can see, there are 2 parameters in the form of [FD/AD] in each answer. For example answer C has
[46152000/41640000], it means that the FD of that route is 46152000 while the AD is 41640000.
To become a feasible successor, a router must meet the feasibility condition:
To qualify as a feasible successor, a router must have an AD less than the FD of the
current successor route
In four answer above, only answer B has an AD of 128256 and it is smaller than the FD of the
current successor route (41152000) so it is the feasible successor -> B is correct.
ncing.

Question 1
Refer to the exhibit. What three actions will the switch take when a frame with an unknown source
MAC address arrives at the interface? (Select three)

A. Send an SNMP trap.
B. Send a syslog message.
C. Increment the Security Violation counter.
D. Forward the traffic.
E. Write the MAC address to the startup-config.
F. Shut down the port.

Answer: A B C
Explanation
Notice that the Violation Mode is Restrict. In this mod, when the number of port secure MAC
addresses reaches the maximum limit allowed on the port, packets with unknown source
addresses are dropped. You have to remove the secure mac-addresses below the maximum
allowed number in order to learn a new MAC or allowing a host on the port. Also a SNMP trap is
sent, a syslog message is logged in the syslog server and the viola Question 2
Which protocol is an open standard protocol framework that is commonly used in VPNs, to provide
secure end-to-end communications?
A. RSA
B. L2TP
C. IPsec
D. PPTP

Answer: C
Explanation
One of the most widely deployed network security technologies today is IPsec over VPNs. It
provides high levels of security through encryption and authentication, protecting data from
unauthorized access.
tion counter increases.

Question 3
Refer to the exhibit. Which of these correctly describes the results of port security violation of an
unknown packet?
Switch(config)#interface fastethernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security maximum 3
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#end
A. port enabled; unknown packets dropped; no SNMP or syslog messages
B. port enabled; unknown packets dropped; SNMP or syslog messages
C. port disabled; no SNMP or syslog messages
D. port disabled; SNMP or syslog messages

Answer: D
Explanation
The default violation mode is shutdown, which will shutdown the port when the maximum number
of secure MAC addresses is exceeded. It also sends an SNMP trap, logs a syslog message, and
increments the violation counter.
The three violation modes are listed below:
+protect When the number of secure MAC addresses reaches the limit allowed on the port,
packets with unknown source addresses are dropped until you remove a sufficient number of
secure MAC addresses or increase the number of maximum allowable addresses. You are not
notified that a security violation has occurred.
+restrict When the number of secure MAC addresses reaches the limit allowed on the port,
packets with unknown source addresses are dropped until you remove a sufficient number of
secure MAC addresses or increase the number of maximum allowable addresses. In this mode, you
are notified that a security violation has occurred. Specifically, an SNMP trap is sent, a syslog
message is logged, and the violation counter increments.
+shutdown In this mode, a port security violation causes the interface to immediately become
error-disabled, and turns off the port LED. It also sends an SNMP trap, logs a syslog message, and
increments the violation counter. When a secure port is in the error-disabled state, you can bring it
out of this state by entering the errdisable recovery cause psecure-violation global
configuration command, or you can manually re-enable it by entering the shutdown and no
shutdown interface configuration commands. This is the default mode. Question 4
The following configuration is applied to a Layer 2 Switch:
interface fastethernet 0/4
switchport mode access
switchport port-security
switchport port-security mac-address 0000.1111.1111
switchport port-security maximum 2
What is the result of the above configuration being applied to the switch?
A. A host with a mac address of 0000.1111.1111 and up to two other hosts can connect to
FastEthernet 0/4 simultaneously
B. A host with a mac address of 0000.1111.1111 and one other host can connect to FastEthernet
0/4 simultaneously
C. Violating addresses are dropped and no record of the violation is kept
D. The switch can send an SNMP message to the network management station
E. The port is effectively shutdown

Answer: B

Question 5
What can be done to secure the virtual terminal interfaces on a router? (Choose two)
A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group
command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class
command.

Answer: D E
IPv6 Question 1
Which command enables IPv6 forwarding on a Cisco router?
A. ipv6 local
B. ipv6 host
C. ipv6 unicast-routing
D. ipv6 neighbor

Answer: C
Explanation
An example of configuring RIPng (similar to RIPv2 but is used for IPv6) is shown below:
Router(config)#ipv6 unicast-routing (Enables the forwarding of IPv6 unicast datagrams globally
on the router)
Router(config)#interface fa0/0
Router(config-if)#ipv6 rip 9tut enable (9tut is the process name of this RIPng)
Question 1
Two offices are displayed below

You work as a network technician at 9tut. Study the exhibit carefully. The company has a main
office in Los Angeles and a satellite office in Boston. The offices are connected through two Cisco
routers. The Boston satellite office is connected through the R2 router s0 interface to the Los
Angeles office R1 router s1 interface. R1 has two local area networks. Boston users receive
Internet access through the R1 router. Drag the boxes on the top to complete the goal on the left.

Answer:
1) Prevent all users from outside the enterprise network from accessing the server:
permit ip 192.168.35.0 0.0 0.255 host 192.168.35.66
2) Block a user from R1 e0 network from accessing the server: deny ip 192.168.35.55
0.0.0.0 host 192.168.35.66
3) Block only the users attached to the e0 interface of the R2 router from accessing the
server: deny ip 192.168.35.16 0.0.0.15 host 192.168.35.66
Question 2
You are configuring the localhost/nitunetwp office. In particular the host C, with the IP address
192.168.125.34/27, needs to be configured so that it cannot access hosts outside its own subnet.
You decide to use the following command:
access-list 100 deny protocol address mask any
You are required to fill in the protocol, address, and mask in this command using the choices
below:

Answer:
1) protocol: ip
2) address: 192.168.125.34
3) mask: 0.0.0.0
Explanation
The syntax of extended access-list:
access-list 100-199 {permit|deny} {ip|tcp|udp|icmp} source source-mask [lt|gt|eq|neq]
[source-port] destination dest-mask [lt|gt|eq|neq] [dest-port]
By telling the router to drop traffic originated from host C (source), we can guarantee that host C
can just communicate with hosts inside its own subnet (because this kind of traffic does not need
to pass the router and will not be prevented).
Question 3
Exhibit:
Router# show interfaces s1/0
Seria11/0 is up, line protocol is up
Hardware is CD2430 in sync mode
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open Open: CDPCP. IPCP, loopback not set
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of show interface counters 4d21h
Study the exhibit carefully. You need to match output lines in the exhibit with the proper OSI
layer. One line will not be used.

Answer:
Data Link Layer:
+ Encapsulation PPP
+ Line protocol is up
Physical Layer:
+ Serial 1/0 is up
+ Hardware is CD2430 in sync mode Question 4
You work as a network administrator for your corporation, your boss is interested in switch ports.
Match the options to the appropriate switch ports

Answer:
Access Port:
+ carries traffic for a single VLAN
+ uses a straight-through cable to connect a device
+ connects an end-user workstation to a switch
Trunk Port:
+ carries traffic for a multiple VLAN
+ Facilitates interVLAN communications when connected to a Layer 3 device
+ uses 802.1q to identify traffic from different VLANs Question 5
Below is the configuration of the R1 router:
R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1
R1(config)# ip route 10.1.0.0 255.255.255.0 192.168.2.2
R1(config)# ip route 10.1.0.0 255.255.0.0 192.168.3.3
Drag each destination IP address on the top to its correct next hop address at the bottom.

Answer:
Next hop 192.168.1.1:
+ 10.2.1.3
+ 10.6.8.4
Next hop 192.168.2.2:
+ 10.1.0.14
+ 10.1.0.123
Next hop 192.168.3.3:
+ 10.1.1.10
+ 10.1.4.6 Question 1
Match the categories with the appropriate router output lines.

Answer:
1) Port operational: Serial0/1 is up, line protocol is up
2) Layer 2 problem: Serial0/1 is up, line protocol is down
3) Layer 1 problem: Serial0/1 is down, line protocol is down
4) Port disabled: Serial0/1 is administratively down, line protocol is down
Explanation:
A simple way to find out which layer is having problem is to remember this rule: the first
statement is for Layer 1, the last statement is for Layer 2 and if Layer 1 is down then surely Layer
2 will be down too, so you have to check Layer 1 before checking Layer 2. For example, from the
output Serial0/1 is up, line protocol is down we know that it is a layer 2 problem because the
first statement (Serial0/1 is up) is good while the last statement (line protocol is down) is bad. For
the statement Serial0/1 is down, line protocol is down, both layers are down so the problem
belongs to Layer 1.
There is only one special case with the statement . is administratively down, line protocol is
down. In this case, we know that the port is currently disabled and shut down by the
administrators.
Question 2
The above provides some descriptions, while the below provides some routing protocols. Drag the
above items to the proper locations.

Answer:
EIGRP:
+ has a default administrative distance of 90
+ is vendor-specific
OSPF:
+ uses cost as its metric
+ elects a DR on each multiaccess network Question 3
Drag the term on the left to its definition on the right (not all options are used)

Answer:
+ poison reverse: A router learns from its neighbor that a route is down and the router sends an
update back to the neighbor with an infinite metric to that route
+ LSA: The packets flooded when a topology change occurs, causing network routers to update
their topological databases and recalculate routes
+ split horizon: This prevents sending information about a routeback out the same interface that
originally learned about the route
+ holddown timer: For a given period, this causes the router to ignore any updates with poorer
metrics to a lost network
Question 4

Answer:
+ holddown timer: prevents a router from improperly reinstating a route from a regular routing
update
+ split horizon: prevents information about a route from being sent in the direction from which the
route was learned
+ defining a maximum: prevents invalid updates from looping the internetwork indefinitely
+ route poisoning: causes a routing protocol to advertise an infinite metric for a failed route
+ triggered update: decreases convergence time by immediately sending route information in
response to a topology change
Question 1
Drag item on left to match item on right

Answer:
+ Point to Point Advantage: Quality
+ Point to Point Disadvantage: Limited Flexibility
+ Circuit Switched Advantage: Cost
+ Circuit Switched Disadvantage: Low speed
+ Packet Switch Advantage: Efficient
+ Packet Switch Disadvantage: More Complex
Question 2
Place the Spanning-Tree Protocol port state on its functions (not all options on the left are used)

Answer:
+ Populating the MAC address table but not forwarding data frames: LEARNING
+ Sending and receiving data frames: FORWARDING
+ Preparing to forward data frames without populating the MAC address table: LISTENING
+ Preventing the use of looped paths: BLOCKING
Question 3
As a CCNA candidate, you need to know EIGRP very well.
Which tables of EIGRP route information are held in RAM and maintained through the use of hello
and update packets?
Please choose two appropriate tables and drag the items to the proper locations.

Answer:
Neighbor Table
Topology Table

ICND1 Practice Exam

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

ICND1 Practice Exam

Încărcat de

Drepturi de autor:

Formate disponibile

which of the following commands could be

used in R2? 100-101

S-ar putea să vă placă și