CISCO CCNA Certifications

CISCO CCNA netacad 4 semester Questions

CCNA1,CCNA2,CCNA3,CCNA4 FINAL

CCNA4 version 4.o download

1. CCNA4 Module 1
2. CCNA4 Module 2
3. CCNA4 Module 3
4. CCNA4 Module 4
5. CCNA4 Module 5
6. CCNA4 Module 5-1
7. CCNA4 Module 5-2
8. CCNA4 Module 6
9. CCNA4 Module 7
10. CCNA4 FINAL 1

Updated 19/7/2008 CLICK
CCNA4 Final 100% (update 21/7/2008)

CCNA4 v4.0 download(updated 19/7/2008)

CCNA Discovery 4 Module 9 Scored 77%
1
Upon completion of a proposal, a network design team must sell their ideas to two key stakeholders. Who are these two stakeholders? (Choose two.)

Customers***

licensing boards

cabling contractors***

internal management

project implementation team



2
NetworkingCompany completes the installation of a network upgrade for a retail customer. All of the onsite tests complete successfully and the customer IT staff approves the results of the tests. The manager of the retail store contacts NetworkingCompany to inform the Company that the store will not pay for the upgrade until a recently purchased software package is installed and tested on the network. Which two items that are contained in the proposal can the account manager refer to when discussing this issue with the store manager? (Choose two.)

the project scope***

the bill-of-material

the project timeline***

the terms and conditions

the business goals of the customer

the evaluation of the current network



3
Which proposal section describes the intended routing protocol, security mechanisms, and addressing for the planned network?

logical design***

physical design

executive summary

implementation plan

network requirements



4
In order to finalize a project proposal, an account manager of a networking company creates the terms and conditions section. What are two clauses that should be included in this section? (Choose two.)

cost summary***

installation steps

change order procedures***

problem resolution process

maintenance contract quotation



5
A company informs the account manager that the installation of a new edge router at the customer remote branch location cannot be done at the scheduled time because of a large order that the branch office needs to complete. As a result, the end date of the project must be adjusted to accommodate the additional time. What is the action should the account manager take?

Cancel the order for the new edge router.

Work with designer to redesign the branch network.

Instruct the technician to complete the install of the router at on the date in the contract.

Adjust the timeline documentation to show the company how the delay will affect the project completion date.***



6
Which statement describes a phased installation into an existing network?

A phased installation generally takes less time and expense than a green-field installation.

A phased installation is not suitable for large, multi-site network installations or upgrades.

A phased installation requires detailed planning in order to avoid disruption of user services.***

A phased installation involves building an entire replacement network and migrating users over to it.



7
The NetworkingCompany team is tasked to prepare an implementation schedule for a customer. It is determined that the new firewalls and wireless controllers that are specified in the design cannot be delivered and installed within the agreed upon time frame. The NetworkingCompany informs the customer of the problem. What two options can the NetworkingCompany team take to ensure the success of the project? (Choose two.)

plan to add additional staff and resources to shorten the installation time after the new equipment is delivered***

eliminate redundancy in the design to reduce the amount of equipment that is needed

renegotiate a new time frame with the customer to accommodate the delay***

delay the installation of the security devices and controllers until a later time

redesign the network to use only readily available equipment and software



8
A network installation team is assigned to replace all core switches in an existing data center. No other upgrades are planned. Which kind of installation is this?

a new installation

a fork-lift installation

a phased installation***

a green field installation



9
What two items are typically included in the executive summary of a proposal? (Choose two.)

project scope summary***

high-level implementation plan

quotes for all needed equipment

technical requirements for the design

emphasis on the benefits that meet the goals of the customer***



10
Included in a Bill of Materials (BOM) for a SOHO wired implementation is a Cisco 2811 router, Catalyst 2560 switch, four PCs, three laptops, and a networked printer. Wireless LAN capability will be implemented on this network. Which two equipment types must be added to the BOM to implement this request? (Choose two.)

DNS server

LAN switch ***

wireless NICs

DHCP server

wireless access points***



11
An upgraded version of the Cisco IOS has been purchased. However, the CD arrived damaged. How will this loss be covered?

a hardware warranty

a software warranty

the Cisco SMARTnet Service***

an additional service contract



12
The operation of a new branch location network is delayed because a VPN cannot be configured and established between the branch location and the main office. It is determined that the router at the main office does not have enough memory and does not have the correct Cisco IOS version image to support the VPN features. To prevent this delay, this problem should have been identified and corrected during which part of the design project?

the preparation of the business case

the prioritizing of the technical goals

the characterization of the existing network***

the implementation of the approved design



13
AAA Financial Services Company is performing implementation planning for a core switch upgrade. The company has 200 financial software programmers that work billable hours during the week. They have critical, scheduled money transfer transmissions that occur at hourly intervals every night. There are two, two-hour long IT maintenance windows scheduled for software upgrades, one on Saturday and one on Sunday. The bank advertises online banking as available 24 hours on business days and 21 hours on the weekends. However, a network upgrade that is necessary to replace some switches is expected to take four hours. Because of rack constraints, this time includes three hours to remove the old switches before the new switches can be installed and one hour to test the logical configuration. How should the implementation scheduling be handled?

Defer the software upgrades. Use the Saturday window to perform the hardware installation. Use the Sunday window to perform the logical testing.

Coordinate and publish a separate four-hour downtime during Friday to perform the complete switch installation and testing process. Use the Saturday and Sunday windows to correct any outage problems after the Friday window.

Coordinate and publish two, four-hour downtimes incorporating the published Saturday and Sunday windows. Defer any software upgrades until the new network is proven to be working correctly with the old software. Use the Sunday window as a fallback scheduling period if there are problems necessitating backing out of the Saturday window.

Coordinate and publish an eight-hour downtime incorporating the Saturday window. This will allow four hours for installation and logical testing, one hour for troubleshooting and decision, and three hours to roll back to the previous configuration if the new switching cannot pass the logical testing. Defer any software upgrades until the new network is proven to be working correctly with the old software. ****



14
A customer has just taken delivery of a Cisco 2811 router and Catalyst 3560 switch. Included with the purchase is the SMARTnet Service. Which two resources are included with SMARTnet Service? (Choose two.)

signature file updates

technical support from TAC***

maintenance releases for OS

software application major releases***

software application maintenance and minor releases



15
What service is provided Cisco standard warranty?

software application maintenance

replacement of defected hardware***

next business day delivery of replacement parts

access to the Cisco Technical Assistance Center (TAC) 24 hours a day, 7 days a week



16
What are two important guidelines when creating a slide presentation for a meeting with a customer? (Choose two.)

Use all capital letters on words and phrases when possible for added emphasis.

Provide varied background graphics to enhance viewer interest.

Use contrasting colors for background and text to aid visibility.***

Change fonts frequently to denote differences in subject matter.

Use bulleted text to lead the discussion.****



17
Which two statements describe factors that influence the layout of a proposal? (Choose two.)

Proposal layouts are required to use sans serif typefaces.

A specific proposal layout is followed when one is specified in the RFP. ***

A designer chooses the layout if a written RFP does not specify an outline.***

The software that is used to create the proposal dictates the proposal layouts.

Proposal layouts are required to use a format that is designed by the network engineer.



18
Which occurrence would indicate a failure of the design phase?

The incorrect model switches were ordered.

There is no customer signoff for task completion.

New requirements are identified after implementation begins.

The new network capacity is inadequate to support required traffic.***



19
Which two items will a systems engineer include in an implementation plan? (Choose two.)

references to design documents

the business goals of the customer***

diagrams of the existing traffic flows***

the steps to install and test the network

cost of each network device and component



20
A Cisco 1841 router has been purchased without an agreement for SMARTnet Service. What two items are guaranteed under the standard warranty? (Choose two.)

access to TAC

replacement of defective physical media***

advanced replacement of hardware parts

access to a renewable standard warranty contract

under normal use, replacement of defective hardware***

CCNA4 v4.0 download(updated 19/7/2008)

1
Why is it important to record baseline measurements of a prototype network?

Test results show security weaknesses after the baseline tests are run.

The baseline is the point at which the network is operating at its fullest potential.

Baseline measurements define a point at which network traffic has exceeded the designed capabilities of the network.

Test results are compared to the baseline to see how the test conditions increase processor use or decrease available bandwidth.*****



2


Refer to the exhibit. During prototype testing, verification of VLAN connectivity is being performed. Based on the information shown, what command produced the output?

show spanning-tree

show interfaces trunk********

show cdp neighbors

show interfaces

show ip interface brief



3
How do designers decide which network functions need to be included in the prototype test?

They select the functions that align with the business goals.******

They select the functions that occur at the network core.

They select the functions that do not exist in the existing network.

They select the functions from a list of generic network operations.



4


Refer to the exhibit. A network administrator has been given the task of creating a design for a temporary classroom building that is to be set up outside an overcrowded school. In testing the prototype, it is found that the student PC cannot ping the teacher PC. All the switch interfaces are active and connected properly, as is interface Fa0/0 of the router. Given that only the commands shown have been added to the router configuration, what is the source of the problem?

The IP settings on the student PC are incorrect.*******

The default gateway on the teacher PC is misconfigured.

The router Fa0/0 interface has not been configured as a VLAN trunk.

The Fa0/0 physical interface has not been configured with an IP address and subnet mask.

The administrator forgot to configure a routing protocol to allow the ping packets to reach the teacher PC subnet.



5


Refer to the exhibit. What two measures can be taken to address the areas of weakness circled in the network design? (Choose two.)

Provide redundant connections to all end users.

Add another core switch to increase redundancy.

Add a switch in the server block connecting the server farm to each core switch.*******

Add an additional switch to the DMZ and direct links from the new switch to the core switches.

Provide a redundant firewall router connecting to a second ISP, the core switches, and the DMZ.*******



6


Refer to the exhibit. After all the interfaces have stabilized, what is the spanning-tree state of all the enabled interfaces of SW11?

discarding

Forwarding****

learning

listening



7
A network engineer has decided to pilot test a portion of a new network design rather than rely on a prototype for proof-of-concept. What are two advantages of pilot testing a design concept? (Choose two.)

The test network experiences real-world network traffic.*********

Users within the enterprise are not affected by the test.

Network response can be tested in unplanned and unpredictable situations.*********

Unlikely failure conditions can be conveniently tested.

Network response can be tested in a highly controlled simulated environment.



8


Refer to the exhibit. During prototype testing of the Cisco network shown, connectivity must be verified. Assuming all connections are working and CDP is enabled on all devices and interfaces, on which device was the command issued?

R1********

S1

R3

S2

R5

S3



9
Switch port Fa0/24 was previously configured as a trunk, but now it is to be used to connect a host to the network. How should the network administrator reconfigure switch port Fa0/24?

Use the switchport mode access command from interface configuration mode.

Enter the switchport nonegotiate command from interface configuration mode.

Administratively shut down and re-enable the interface to return it to the default.

Enter the no switchport mode trunk command in interface configuration mode.*****

Use the switchport access vlanvlan number command from interface configuration mode to remove the port from the trunk and add it to a specific VLAN.



10


Refer to the exhibit. A network technician is performing an initial installation of a new switch in the east wing. The technician removes the switch from the box, makes the connections to the network, and adds the configuration shown. The technician notifies the network administrator that the switch has been installed. When the network administrator at the home office attempts to telnet to the switch from host 192.168.0.1, the connection fails. What action should the network technician take?

Add an enable password to the switch.

Add a default gateway to the switch configuration.*********

Configure the switch with an IP access list to permit the host connection.

Enable the physical interfaces of the switch with the no shutdown command.



11


Refer to the exhibit. The redundant paths are of equal bandwidth and EIGRP is the routing protocol in use. Which statement describes the data flow from Server to PC2?

EIGRP load balances across the R3 to R1 and R3 to R2 links. **********

EIGRP load balances across the R1 to Switch3 and R2 to Switch3 paths.

EIGRP load balances across the Switch1 to Switch3 and Switch1 to Switch2 paths.

EIGRP does not load balance in this topology.



12
In the router command encapsulation dot1q 10, what does the number 10 represent?

the metric used for a particular route

the number of the VLAN associated with the encapsulated subinterface*********

the priority number given to the device for the election process

the number that must match the Fast Ethernet subinterface number

the number used to program the router for unequal cost path load balancing



13
Which protocol allows a switch port to transition directly to the forwarding state after a failure is detected?

STP********

BGP

RSTP

HSRP



14
A network designer needs to determine if a proposed IP addressing scheme allows efficient route summarization and provides the appropriate amount of scalability to a design. What is useful for validating a proposed hierarchical IP addressing scheme?

NBAR

a pilot network

a route summary

a network simulator********

a physical topology map



15


Refer to the exhibit. A network designer creates a test plan that includes the specification shown. In which section of the test plan would this specification be found?

Test Description

Test Procedures

Design and Topology Diagram

Actual Results and Conclusions

Anticipated Results and Success Criteria***********



16
While preparing a network test plan document, a network designer records all initial and modified device configurations. Which section of the document typically contains this information?

Appendix*******

Test Procedures

Test Description

Actual Results and Conclusions

Anticipated Results and Success Criteria



17


Refer to the exhibit. The users on the 192.168.10.192 network are not allowed Internet access. The network design calls for an extended ACL to be developed and tested. Where should the ACL be placed for the least effect on other network traffic?

inbound on Fa0/0 of R3

outbound on Fa0/0 of R3

inbound on Fa0/1 of R3

outbound on Fa0/1 of R3*******

inbound on Fa0/1 of R2

outbound on S0/0 of R2



18


Refer to the exhibit. Why are interfaces Fa0/11, Fa0/23, and Fa0/24 not shown in this switch output?

Interfaces Fa0/11, Fa0/23, and Fa0/24 are trunks.********

Interfaces Fa0/11, Fa0/23, and Fa0/24 are shutdown.

Interfaces Fa0/11, Fa0/23, and Fa0/24 are blocking.

Interfaces Fa0/11, Fa0/23, and Fa0/24 failed diagnostics.



19
What OSI model Layer 2 security measure can a network engineer implement when prototyping network security?

a firewall at the network edge

port security at the access design layer**********

port security at the distribution design layer

IP access control lists at the access design layer



20


Refer to the exhibit. During prototyping, Layer 2 functionality is being tested. Based on the output shown, which two pieces of information can be determined? (Choose two.)

Switch1 is the root bridge.

Interface Fa0/2 on Switch1 has no role in the operation of spanning tree.

Interface Fa0/2 on Switch1 is the alternate port used to reach the root bridge.****

Based on the entries in the "Role" column, it can be concluded that RSTP has been implemented.****

Interface Fa0/1 on Switch1 is the forwarding port selected for the entire spanning-tree topology.



21
What Rapid Spanning Tree Protocol (RSTP) state is given to the forwarding port elected for every switched Ethernet LAN segment?

root

backup

alternate

Designated*******

CCNA4 v4.0 download(updated 19/7/2008)

1
Refer to the exhibit. The IT management has determined that the new subnet for WGROUP3 needs to be broken down into four more subnets. What would the subnet mask be for the four newly created subnets within WGROUP3?

255.255.128.0

255.255.192.0

255.255.224.0

255.255.248.0*****

255.255.252.0

255.255.255.0



2
A network administrator is using the 10.0.0.0/8 network for the company. The administrator must create a masking scheme to support 750 users at the main office and 620 users at the remote office. What mask should be assigned to the 10.0.0.0/8 network to preserve the most addresses?

255.255.255.0

/19

/20

255.255.252.0*****

/23

/21



3


Refer to the exhibit. The network administrator wants router RTA to send only the summarized route of 10.10.0.0/16 to RTC. Which configuration accomplishes this?

RTA(config)# interface s0/0
RTA(config-if)# ip summary-address eigrp 101 10.10.0.0 255.255.0.0
RTA(config-if)# exit
RTA(config)# router eigrp 101
RTA(config-router)# no auto-summary

RTA(config)# interface s0/1
RTA(config-if)# ip summary-address eigrp 101 10.10.0.0 255.255.0.0
RTA(config-if)# exit
RTA(config)# router eigrp 101
RTA(config-router)# no auto-summary*******

RTA(config)# interface s0/0
RTA(config-if)# ip summary-address eigrp 101 10.10.0.0 255.255.0.0

RTA(config)# interface s0/1
RTA(config-if)# ip summary-address eigrp 101 10.10.0.0 255.255.0.0



4
When should the command no auto-summary be used?

with RIP version 1, to enable classless routing

with RIP version 2, to enable classless routing

with RIP version 1, when discontigous networks exist

with RIP version 2, when discontigous networks exist******



5
After activating IPv6 traffic forwarding, configuring IPv6 addresses, and globally configure RIPng, what is the remaining step to activate RIPng?

Enter the ipv6 router rip name command and then use network statements to activate RIPng on the interfaces.

Enter the ipv6 router rip name command and then specify which interfaces run RIPng, which are passive, and which only receive.

Enter the interface mode for each IPv6 interface and enable RIPng with the ipv6 ripnameenable command.************

Enter the interface mode for each IPv6 interface and enable the multicast group FF02::9, and then activate RIPng globally using the ipv6 router rip name command.

Enter the router rip command, and then activate RIPng using the version command. RIPng then automatically runs on all IPv6 interfaces.



6


Refer to the exhibit. Assuming that the default EIGRP configuration is running on both routers, which statement is true about Router A reaching the 2.2.2.0/24 network?

The no auto-summary command needs to be issued to disable automatic summarization.*****

The network 2.2.2.0 command needs to be issued to ensure that Router A recognizes the 2.2.2.0 network.

EIGRP supports VLSM and automatically recognizes the 2.2.2.0 network.

EIGRP does not support VLSM; therefore it cannot be used with discontiguous networks.



7


Refer to the exhibit. What are the broadcast addresses for each subnet?

Admin - 172.16.31.0
QA - 172.16.1.127
Development - 172.16.2.255
Sales - 172.16.32.255

Admin - 172.16.31.255
QA - 172.16.1.255
Development - 172.16.3.255
Sales - 172.16.63.255

Admin - 172.16.31.255
QA - 172.16.1.127
Development - 172.16.3.255
Sales - 172.16.63.255***********

Admin - 172.16.31.0
QA - 172.16.1.255
Development - 172.16.2.255
Sales - 172.16.32.255



8


Refer to the exhibit. What is the first usable IP address that can be assigned to the WGROUP3 switch?

172.16.50.96/27

172.16.50.97/27**************

172.16.50.98/27

172.16.50.99/27



9
Which statement describes MD5 authentication for neighbor authentication?

All passwords are sent in clear text when neighbors first learn about each other.

Only the initiating router sends its password using encrypted text when it first discovers a new router.

All routers send their password using encrypted text only when they first learn of each other.

All routers send their password using encrypted text each time they exchange update packets.************



10
What is a good design practice when developing a hierarchical addressing scheme?

Address the nodes in the Access Layer and work toward the Core Layer.

Assign addresses to the Core devices before planning the addressing scheme for the server farm.

Determine where statically configured addressing will be implemented. ******

Determine what percentage of devices are wired and what percentage of devices are wireless.



11


Refer to the exhibit. Which set of router commands is required to turn on unequal-cost load sharing so that RTRA selects the path A-B-E and the lowest cost path A-C-E to the Internet?

RTRA(config)# router eigrp 1
RTRA(config-router)# variance 2***************

RTRA(config)# router eigrp 1
RTRA(config-router)# variance 1

RTRA(config)# router eigrp 1
RTRA(config-router)# maximum-paths 2

RTRA(config)# router eigrp 1
RTRA(config-router)# maximum-paths 1



12
How would the routes for networks 172.16.1.0/24, 172.16.3.0/24, and 172.16.15.0/24 be summarized?

172.16.0.0/20

172.16.0.0/21*************

172.16.0.0/22

172.16.0.0/24



13
How many bits make up an IPv6 address?

32

48

64

128************



14
A network engineer researched whether there are mechanisms available to help with the transition from an IPv4 addressing structure to IPv6. What three options did the engineer find? (Choose three.)

A protocol translation mechanism allows communication between the IPv4 and IPv6 networks.************

A packet analyzer determines the addressing structure and converts it to the appropriate IPv4 or IPv6 scheme.

New Core devices that support IPV6 must be purchased.

A protocol converter changes IPv4 packets into IPv6 packets and vice versa.

A dual-stack network design allows both IPv4 and IPv6 addressing to be used on all network devices.***********

Tunneling allows IPv4 packets to be encapsulated so that they can traverse IPv6 networks and vice versa.**********



15
A network administrator is asked to design a new addressing scheme for a corporate network. Presently, there are 850 users at the head office, 220 users at sales, 425 at manufacturing, and 50 at the research site. Which statement defines the correct VLSM addressing map with minimal waste using the 172.17.0.0/16 network?

172.17.0.0/20 head office
172.17.1.0/21 manufacturing
172.17.1.0/22 sales
172.17.3.0/26 research

172.17.48.0/19 head office
172.17.16.0/20 manufacturing
172.17.48.128/25 sales
172.17.48.0/26 research

172.17.0.0/22 head office
172.17.4.0/23 manufacturing
172.17.5.0/24 sales
172.17.6.0/26 research************

172.17.2.0/22 head office
172.17.3.0/23 manufacturing
172.17.4.0/26 sales
172.17.4.128/25 research


16
What best describes a discontiguous network?

combines several classfull networking address

contains more than one route to a destination

implements more than one routing protocol

separated from the rest of the hierarchical group by another network*********



17
What is another format for the IPv6 address 1080:0000:0000:0000:0000:0000:1267:01A2?

1080::1267:01A2*********

1080:0:0:0:0:1267:01A2

1080::0:1267:01A2

1080:::::1267.01A2



18


Refer to the exhibit. A company has decided to add a new workgroup. If the subnetting scheme for the network uses contiguous blocks of addresses, what subnet is assigned to WGROUP3?

172.16.3.12/29

172.16.3.16/29

172.16.3.20/29**********

172.16.3.24/29

172.16.3.32/29



19
What two advantages does CIDR provide to a network? (Choose two.)

dynamic address assignment

automatic route redistribution

reduced routing update traffic********

easier management of summarization*********

automatic summarization at classfull boundaries



20


Refer to the exhibit. What must an administrator do on R3 to ensure that update packets are sent with subnet mask information?

Add the commands:
R3(config-router)# auto-summary
R3(config-router)# no version 2

Add the commands:
R3(config-router)# version 2
R3(config-router)# no auto-summary********

Change the network statement on R3:
R3(config)# network 10.10.4.0

Add the command:
R3(config)# ip route 0.0.0.0 0.0.0.0 s0/0

CCNA4 v4.0 download(updated 19/7/2008)

CCNA Discovery 4 Module 5 (100%), CCNA 4


1 Which three design requirements are implemented at the access layer? (Choose three.)
**PoE
**VLANs
high-density routing
packet filtering
rapidly converging routing protocols
**QoS traffic classification and marking


2 When applying network security, what security measure should be implemented first?
**securing the network devices
implementing the firewalls or filters at the enterprise edge
applying security to resources accessed by internal users
applying ACLs to the interfaces of the routers in the internal network


3 What are three features of a Catalyst 2960 switch? (Choose three.)
network layer functionality
**redundant power availability
route summarization
**SNMP
**switch clustering
inter-VLAN routing


4 Which rule should be followed when implementing the security requirements of a network design?
Always use a common security plan for all business needs.
As standard practice, lower access restrictions for users if cost is too high.
**Avoid reducing security in order to add additional network capabilities.
When possible, implement an IDS to protect users from spam.


5 Using expandable, modular network devices is a key element of what network design criteria?
availability
performance
**scalability
security



6


Refer to the exhibit. What is an advantage of having two links connected between the two switches shown?
provides redundancy in case one of the switches fails
provides connectivity to Switch1 when the link to the server fails
**provides connectivity when one of the connections between the switches fails
provides power to the other switch when the other switch has lost AC power


7 When considering converged network designs, it is important to identify appropriate service demands. What is a concern when preparing a network design to fit this environment?
business data compensation for sensitivity to noise
location and placement of firewalls
**voice-level quality of service
security policy requirements


8 What is the function of the access layer in the Cisco three-layer hierarchical internetworking model?
**provides QoS classification and marking
implements a fast-converging routing protocol
uses routed interconnections between devices
aggregates traffic and performs route summarization


9 Which network design process identifies where to place access points?
**site survey
risk assessment
scalability design
network protocol analysis


10 What characteristic in a routing protocol allows it to support the network design criteria for availability?
CIDR support
**fast convergence
timed updates
VLSM support



11 What characteristic of a network supports high availability?
VPNs
high-bandwidth paths to servers
**redundancy
wireless management


12 What is a primary function of a wireless LAN controller?
**tuning each AP channel for optimal coverage
providing PoE to the wireless clients
distributing VLAN information to the wireless clients
serving as the point of connection between wireless clients and the wired LAN


13 Which two factors should be considered when designing a wireless LAN that provides seamless roaming capabilities? (Choose two.)
**use of a wireless controller to manage IP addressing
type of routing protocols
location of existing wired clients
**coverage
position of MDF


14 A company lists this equipment in their network design:
Two Catalyst 4503 Layer 3 switches
One 5500 security appliance firewall
Two Catalyst 6509 switches
Two lightweight access points
Two Catalyst 2960 switches

Which two types of devices would be appropriate to use at the access layer to provide end-user connectivity? (Choose two.)
Catalyst 4503 switches
Cisco 1841 router
Catalyst 6509 switches
**lightweight access points
**Catalyst 2960 switches


15 What limitations of the 2960 switch prevent it from providing the services needed in the Distribution layer?
It is limited to copper connections.
It does not support QoS.
It does not support voice VLAN capability.
**It does not support route summarization.

16 A state-funded college wants to implement Cisco wireless IP phones for employees to use while on campus. The college currently has only wired network device access. Which two devices must be incorporated into the network design to best accommodate roaming for wireless IP phones? (Choose two.)
voice VLAN capable switch
autonomous AP
PoE switch
**Cisco wireless LAN controller
2960 switch with 48 100-Mb ports
**lightweight access points


17 What type of WAN service is Frame Relay?
dedicated
cell switched
**packet switched
circuit switched


18 What is integrated into a Cisco IP phone to reduce the number of ports needed in the wiring closet?
hub
router
**switch
firewall appliance


19


Refer to the exhibit. Which statement is true regarding how the ISP router filters traffic?
Traffic from the 64.100.0.1 address to any destination on the Internet is denied.
Traffic from any source address entering the ISP router interface s0/0/0 is permitted.
Only traffic with a source address of 64.100.0.1/30 is allowed into the ISP router interface s0/0/0.
**All traffic from the 64.100.0.0/21 network can access the Internet.
Traffic from any source address can access the 64.100.0.0/21 network.

20 Which two statements are true regarding the following extended ACL? (Choose two.)

access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21
access-list 101 permit ip any any
**FTP traffic originating from network 172.16.3.0/24 is denied.
All traffic is implicitly denied.
FTP traffic destined for the 172.16.3.0/24 network is denied.
Telnet traffic originating on network 172.16.3.0/24 is denied.
**Web traffic originating from 172.16.3.0 is permitted.




21 Which statement applies to a large network with thousands of nodes?
Each wireless phone is normally in a separate VLAN for security reasons.
Multiple firewalls exist throughout the access layer for maximum security protection.
Firewalls cannot be implemented in the multilayer switches and routers.
**Intrusion detection is more likely to be performed by a separate device rather than integrated into a switch or router.

CCNA4 v4.0 download(updated 19/7/2008) <

CCNA Discovery 4 Module 1 Scored 100%



1

Refer to the exhibit. What happens when Host 1 attempts to send data?



Frames from Host 1 are dropped, but no other action is taken.



Frames from Host 1 cause the interface to shut down, and a log message is sent.*****



Frames from Host 1 are forwarded, but a log message is sent.



Frames from Host 1 are forwarded, and no log message is sent because the switchport port-security violation command was not configured.







2

Refer to the exhibit. Which two devices are part of the access design layer? (Choose two.)



Edge2



ISP4



BR4



FC-AP *****



FC-CPE-1



FC-ASW-2 *****







3

Refer to the exhibit. Two access layer Catalyst switches are connected. Both switches have ports configured for VLANs 40 and 50 as shown. What must be configured on the two switches to allow the link between the two switches to carry data for multiple VLANs?



trunking *****



STP



ACLs



switch blocks







4

What are three ways to ensure that an unwanted user does not connect to a wireless network and view the data? (Choose three.)



disable SSID broadcasting *****



configure filters to restrict IP addresses



use authentication between clients and the wireless device *****



use NetBIOS name filtering between clients and the wireless device



configure strong encryption such as WPA *****



use a WEP compression method







5

Refer to the exhibit. The server sends an ARP request for the MAC address of its default gateway. If STP is not enabled, what is the result of this ARP request?



Router_1 contains the broadcast and replies with the MAC address of the next-hop router.



Switch_A replies with the MAC address of the Router_1 E0 interface.



Switch_A and Switch_B continuously flood the message onto the network. *****



Switch_B forwards the broadcast request and replies with the Router_1 address.







6

Which two considerations are valid when designing access layer security? (Choose two.)



In a large wireless network, the most efficient method to secure the WLAN is MAC address filtering.



DoS attacks are normally launched against end-user PCs and can be mitigated by installing personal firewalls on all company PCs.



SSH is more secure than Telnet to administer network devices. *****



Disabling unused ports on the switches helps prevent unauthorized access to the network. *****



Attacks originating inside the network are common, but placing servers inside a DMZ cannot protect against this type of attack.







7

A network designer is creating a new network. The design must offer enough redundancy to provide protection against a single link or device failure, yet must not be too complex or expensive to implement. What topology would fill these needs?



star



full mesh



partial mesh *****



extended star



hub and spoke







8

Centralizing servers in a data center server farm can provide which benefit over a distributed server environment?



It keeps client-to-server traffic local to a single subnet.



Servers located in a data center require less bandwidth.



It is easier to filter and prioritize traffic to and from the data center. *****



Server farms are not subject to denial of service attacks.







9

Refer to the exhibit. Which two situations cause the router to display the rommon1> prompt? (Choose two.)



This is a normal stage in the router boot sequence.



A password recovery procedure is in progress. *****



The Cisco IOS software could not be loaded from flash memory or a TFTP server. *****



The configuration was not saved before the last reload.



The configuration register was changed to 0x2142 before the last reload.







10

Refer to the exhibit. The network administrator creates a standard access control list to prohibit traffic from the 192.168.1.0/24 network from reaching the 192.168.2.0/24 network while still permitting Internet access for all networks. On which router interface and in which direction should it be applied?



interface fa0/0/0, inbound



interface fa0/0/0, outbound



interface fa0/0/1, inbound



interface fa0/0/1, outbound *****







11

In a well-designed, high-availability network, which device significantly affects the most users if a failure occurs?



desktop PC of the user



large switch in the network core layer



large switch in the network distribution layer



small workgroup switch in the network access layer *****







12

Which three statements describe the functions of the Cisco hierarchical network design model? (Choose three.)



Route summarization is not necessary at the core and distribution layers.



The distribution layer is responsible for traffic filtering and isolating failures from the core. *****



Two goals of the core layer are 100 percent uptime and maximizing throughput. *****



The access layer provides a means of connecting end devices to the network. *****



The distribution layer distributes network traffic directly to end users.



The core layer usually employs a star topology.







13

Which Cisco IOS function can be configured at the distribution layer to filter unwanted traffic and provide traffic management?



virus protection



spyware protection



VPNs



access control lists *****







14

What address can be used to summarize networks 172.16.1.0/24, 172.16.2.0/24, 172.16.3.0/24, and 172.16.4.0/24?



172.16.0.0/21 *****



172.16.1.0/22



172.16.0.0 255.255.255.248



172.16.0.0 255.255.252.0







15

Refer to the exhibit. What effect does the ACL shown have on network traffic, assuming that it is correctly applied to the interface?



All traffic to network 172.16.0.0 is denied.



All TCP traffic is denied to and from network 172.16.0.0.



All Telnet traffic from the 172.16.0.0 network to any destination is denied. *****



All port 23 traffic to the 172.16.0.0 network is denied.



All traffic from the 172.16.0.0 network is denied to any other network.







16

Which two statements are true regarding network convergence? (Choose two.)



In a large network, using the EIGRP or OSPF routing protocols rather than RIPv2 may improve convergence time. *****



Using STP at the core layer improves convergence time by allowing the use of redundant links between devices.



Route summarization improves convergence time by minimizing the size of the routing table. *****



A full mesh topology improves convergence time by allowing load balancing.



ACLs can be configured to improve convergence time.







17

The network administrator is designing network connectivity for a home teleworker. The teleworker needs secure access to download and upload documents on the network file server. What network connection would be most cost efficient while still meeting the security and connectivity needs of this teleworker?



dedicated leased line connection with a dialup backup link



Frame Relay connection with a DSL backup link



DSL VPN connection with a dialup backup link *****



ATM connection with a DSL VPN backup link



DSL connection with no backup link







18

Which three functions are performed at the distribution layer of the hierarchical network model? (Choose three.)



aggregating bandwidth by concentrating multiple low-speed access links *****



isolating network problems to prevent them from affecting the core layer *****



allowing end users to access the local network



summarizing routes from the access layer *****



preserving bandwidth at the access layer by filtering network functions



accelerating data transfer between links in the core layer







19

Refer to the exhibit. Which two statements correctly describe the benefits of the network access layer design shown? (Choose two.)



If Host A sends a broadcast message, only hosts in VLAN10 receive the broadcast frame. *****



If Host A attempts to transmit data at the same time as another host, only hosts in VLAN10 are affected by the collision.



Segmenting all voice traffic on a separate VLAN facilitates QoS by allowing devices to mark the traffic originating from the voice VLAN with the highest priority. *****



VLANs improve network performance by facilitating the use of route summarization.



VLANs at the access layer help guarantee network availability by facilitating load balancing.







20

The ability to connect securely to a private network over a public network is provided by which WAN technology?



DSL



Frame Relay



ISDN



PSTN



VPN *****

I dont have chapters exam, if u have it share or paste somewhere for example in "ksiega gosci" on the right of the page

ccna 4 v4.0 final exam 91% correct















4.0)


1
Top of Form
An administrator has configured a dual-stack router, employing IPv6 and IPv4 on all interfaces and RIPng for routing. All IPv6 traffic reaches its destination as desired, but only directly connected IPv4 networks can be reached. What is the cause of this problem?
All interfaces have been configured with the incorrect IPv4 addresses.
When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are shut down in favor of the newer technology.
RIPng is incompatible with dual-stack technology.
RIP needs to be configured in addition to RIPng to successfully use IPv4.*
Bottom of Form

2
Top of Form


Refer to the exhibit. R1 is performing NAT Overload for the 10.1.1.0/24 inside network. Host A and Host B are both trying to communicate with the web server using a source port of 1234. If the packet from Host A arrives at R1 first, what happens to the packet from Host B?
It is dropped.
It is queued until the session of Host A is completed and the port becomes available.
It is translated, keeping the source port number 1234.
It is assigned the first available port number in its range.*
Bottom of Form


3
Top of Form
What are the symptoms when the s0/0/0 interface on a router is attached to an operational CSU/DSU that is generating a clock signal, but the far end router on the point-to-point link has not been activated?
show interfaces s0/0/0 indicates serial down, line protocol down. show controllers indicates cable type “unknown”.
show controllers indicates cable type DCE V.35. show interfaces s0/0/0 indicates serial up, line protocol down.
show controllers indicatse cable type DTE V.35. show interfaces s0/0/0 indicates serial up, line protocol down.
show controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial down, line protocol down.*
Bottom of Form

4
Top of Form
A router in a Frame Relay network needs to forward a message received from a host. What two methods does the router use to identify the correct VC to forward the message? (Choose two.)
The router forwards the frame to all ports in the network and learns the address from the reply frame.
The destination host IP address is embedded in the DLCI.
The router searches Inverse ARP tables for maps of DLCIs to IP addresses.*
A table of static mappings can be searched.*
The router broadcasts a request for the required IP address.
Bottom of Form


5
Top of Form


Refer to the exhibit. To solve split horizon routing issues, the Frame Relay network has been redesigned to include subinterfaces. The appropriate frame-relay map commands have been configured on each router. Site to site pings are not successful. What will fix the problem?
The subinterfaces must be given addresses in separate subnets.*
The no ip split-horizon command must be issued on S0/0/0 on R2.
The DLCI numbers on each end of the PVCs must match.
The addressing has to be changed to publicly routable addresses.
Bottom of Form


6
Top of Form


Refer to the exhibit. Which two statements are true regarding the configuration shown? (Choose two.)
Before Layer 3 protocols are negotiated, the routers test the quality of the link.*
After the quality of the link is tested, LCP negotiates the compression and authentication options.
Before Layer 3 protocols are negotiated, the routers authenticate using a three-way handshake.*
After LCP negotiations are complete, the IP connection shows as OPEN.
When data exchange is complete, NCP terminates the link.
Bottom of Form

7
Top of Form


Refer to the exhibit. A network administrator is trying to configure a router to use SDM but it is not functioning correctly. What could be the problem?
The username and password are not configured correctly.
The authentication method is not configured correctly.
The HTTP timeout policy is not configured correctly.
The vtys are not configured correctly.*
Bottom of Form


8
Top of Form


Refer to the exhibit. This serial interface is not functioning correctly. Based on the output shown, what is the most likely cause?
interface reset
improper queuing strategy
unplugged cable
PPP negotiation failure*
Bottom of Form

9
Top of Form
What two events can occur when a Frame Relay switch detects its queue filling faster than it can process data? (Choose two.)
Frames in excess of the CIR are not accepted by the switch.
Frames with the DE bit set are dropped from the switch queue.*
Frames with the FECN and BECN bits set are dropped from the switch queue.
The switch sets the FECN bit on all frames it receives on the congested link and sets the BECN bit on all frames it places on the congested link.*
The switch sets the FECN bit on all frames it places on the congested link and sets the BECN bit on all frames it receives on the congested link.
Bottom of Form


10
Top of Form


Refer to the exhibit. Which statement correctly describes how Router1 processes an FTP request entering interface s0/0/0, destined for an FTP server at IP address 192.168.1.5?
It matches the incoming packet to the access-list 101 permit ip any 192.168.1.0 0.0.0.255 statement, continues comparing the packet to the remaining statements in ACL 101 to ensure that no subsequent statements prohibit FTP, and then allows the packet in interface s0/0/0.
It matches the incoming packet to the access-list 201 permit any any statement and allows the packet in interface s0/0/0.
It matches the incoming packet to the access-list 101 permit ip any 192.168.1.0 0.0.0.255 statement, ignores the remaining statements in ACL 101, and allows the packet in interface s0/0/0.*
It reaches the end of ACL 101 without matching a condition and drops the packet because there is no access-list 101 permit any any statement.
Bottom of Form

11
Top of Form


Refer to the exhibit. What VPN feature is being represented?
digital certificates
encapsulation
encryption
hashing*
tunneling
Bottom of Form

12
Top of Form


Refer to the exhibit. A new HR server has just been physically installed and configured in the data center by a vendor. The vendor certified that the server has passed all internal quality checks. The application console of the server indicates that the application has loaded and is functioning normally. However, in the initial client testing, the HR department workers report that the application is completely non-functional. The server is also unable to get to the Internet to perform updates. Which troubleshooting efforts are appropriate for these symptoms?
The lack of Internet connectivity indicates a likely problem in the lower layers. Begin with physical connectivity on the server and proceed with a bottom-up methodology.
Narrow the scope of the investigation by ensuring that no other general connectivity problems exist between the affected clients and other company resources. Use a divide-and-conquer approach by checking the functionality of the intervening switches, beginning with the physical layer.*
Because an external vendor installed the server increases the odds of an installation error. Use a top-down methodology by having the vendor reinstall and check each application, and then follow the layers down through the physical layer.
Isolate the problem area by obtaining and installing a protocol analyzer on the server. Coordinate with the test users to capture application traffic. Have the vendor analyze the captured traffic to determine the problem.
Bottom of Form



13
Top of Form


Refer to the exhibit. The SSH connections between the remote user and the server are failing. The correct configuration of NAT has been verified. What is the most likely cause of the problem?
SSH is unable to pass through NAT.
There are incorrect access control list entries.*
The access list has the incorrect port number for SSH.
The ip helper command is required on S0/0/0 to allow inbound connections.
Bottom of Form

14
Top of Form
A system administrator must provide Internet connectivity for ten hosts in a small remote office. The ISP has assigned two public IP addresses to this remote office. How can the system administrator configure the router to provide Internet access to all ten users at the same time?
Configure static NAT for all ten users.
Configure dynamic NAT for ten users.
Configure dynamic NAT with PAT.*
Configure DHCP and static NAT.
What the administrator wants to do cannot be done.
Bottom of Form


15
Top of Form
When configuring a Frame Relay connection, what are two instances when a static Frame Relay map should be used? (Choose two.)
when the remote router is a non-Cisco router
when the remote router does not support Inverse ARP*
when the local router is using IOS Release 11.1 or earlier
when broadcast traffic and multicast traffic over the PVC must be controlled*
when globally significant rather than locally significant DLCIs are being used
Bottom of Form

16
Top of Form


Refer to the exhibit. What is placed in the address field of a frame that will travel from the DC office of ABC company to the Orlando office?
MAC address of the Orlando router
MAC address of the DC router
192.168.1.25*
192.168.1.26
DLCI 100
DLCI 200*
Bottom of Form

17
Top of Form
Which three functions are provided by the Local Management Interface used in Frame Relay networks? (Choose three.)
exchange information about the status of virtual circuits
map DLCIs to network addresses*
provide flow control*
provide error notification
provide congestion notification
send keepalive packets to verify operation of the PVC*
Bottom of Form



18
Top of Form


Refer to the exhibit. While troubleshooting a failed NAT connection, an administrator notices an asterisk (*) on several lines in the debug output. What does this indicate?
The asterisk indicates congestion in the path that may result in dropped packets.
The asterisk indicates that the translation is proceeding in the fast-switched path, and the administrator should look for other potential causes for the problem.*
The asterisk indicates that the traffic is being forced to use a default route.
The asterisk indicates connections that fail to open and requires further investigation of the NAT configuration.
Bottom of Form

19
Top of Form


Refer to the exhibit. Branch A has a Cisco router. Branch B has a non-Cisco router set for IETF encapsulation. After the commands shown are entered, R2 and R3 fail to establish the PVC. The R2 LMI is Cisco, and the R3 LMI is ANSI. The LMI is successfully established at both locations. What is the likely problem?
LMI types must match on each end of a PVC.
The PVCs at R2 use different encapsulation types. A single port can only support one encapsulation type.
Multipoint topologies are Cisco proprietary. The PVC to R3 must be point to point.
The ietf parameter is missing from the frame-relay map ip 10.10.10.3 203 command.*
Bottom of Form


20
Top of Form


Refer to the exhibit. Which two statements are true regarding the configuration shown? (Choose two.)
LCP sends a Configure-Reject frame.
LCP tests the quality of the link.*
The routers authenticate using plain text passwords.
NCP terminates the link when data exchange is complete.
LCP uses link management frames to manage and debug a link.*
Layer 3 protocol options are negotiated immediately after the Configuration-Acknowledgement frame is sent.
Bottom of Form

21
Top of Form
What are three features of the CHAP protocol? (Choose three.)
exchanges a random challenge number during the session to verify identity*
sends authentication password to verify identity*
prevents transmission of login information in plain text*
disconnects the PPP session if authentication fails
initiates a two-way handshake
is vulnerable to playback attacks
Bottom of Form

22
Top of Form


Refer to the exhibit. A system administrator is unable to ping the S0 interface of the West router from the East router. During the troubleshooting process, the following facts are established:

- IP addressing and subnet masks are correct.
- East is a Cisco router and West is a router from another vendor.

What should the administrator do to solve the problem?
Enable the serial interface on West.
Change the encapsulation on both routers to PPP.*
Add a clock rate on East.
Replace the serial cable used to attach the CSU/DSU to West.
Set the loopback interface on East.
Bottom of Form



23
Top of Form
The command show frame-relay map gives the following output:

Serial 0 (up): ip 192.168.151.4 dlci 122, dynamic, broadcast, status defined, active

Which three statements represent what is shown?(Choose three.)


192.168.151.4 represents the IP address of the remote router*
192.168.151.4 represents the IP address of the local serial interface
DLCI 122 represents the interface of the remote serial interface
DLCI 122 represents the local number used to connect to the remote address*
broadcast indicates that a dynamic routing protocol such as RIP v1 can send packets across this PVC*
active indicates that the ARP process is working
Bottom of Form

24
Top of Form
What type of access control list must be used to create a reflexive ACL?
any extended IP ACL
named extended IP ACL *
numbered extended IP ACL
any standard or extended IP ACL
Bottom of Form


25
Top of Form


Refer to the exhibit. The network administrator creates a standard access control list to prohibit traffic from the 192.168.1.0/24 network from reaching the 192.168.2.0/24 network while still permitting Internet access for all networks. On which router interface and in which direction should it be applied?
interface fa0/0/0, inbound
interface fa0/0/0, outbound
interface fa0/0/1, inbound
interface fa0/0/1, outbound*
Bottom of Form

26
Top of Form
An established company has recently transitioned from outsourced LAN support to a completely in-house staff. The outsourcing company is no longer in business, so no records are available. There are many user complaints about application speed and availability. What two considerations apply to this situation?
A network utilization baseline should quickly reveal application availability.
A period of 24 to 48 hours should provide a sufficient baseline to track normal network activity.
It is easier to start with monitoring all available data inputs on application servers, and then fine-tune to fewer variables along the way.
The initial baseline results have little relevance to current values after the network has been modified or grown in usage.
When it is practical, network administrators should attempt to automate the collection of performance data and stay away from manual collection.*
Creating a network baseline data helps determine device thresholds for alerting.*
Bottom of Form

27
Top of Form


Refer to the exhibit. What type of VPN access is established from each location?
Locations A and B – Site-to-site VPN
Locations C, D, and E - Remote access VPN
Locations A, B, and C – Site-to-site VPN*
Locations D and E - Remote access VPN*
Locations A, B, C, and D – Site-to-site VPN
Location E - Remote access VPN
All locations can establish either site-to-site VPN or remote access VPN.
Bottom of Form



28
Top of Form


Refer to the exhibit. A packet is being sent from Host A to Host B through the VPN tunnel between R1 and R3. When the packet first arrives at R3, what are the source and destination IP addresses of the packet?
Source 192.168.1.2 - Destination 192.168.4.2 *
Source 192.168.3.1 - Destination 192.168.3.2
Source 192.168.2.1 - Destination 192.168.3.2
Source 192.168.3.1 - Destination 192.168.4.2
Bottom of Form

29
Top of Form
Which three statements accurately describe a security policy? (Choose three.)
It creates a basis for legal action if necessary.*
It defines a process for managing security violations.*
It defines acceptable and unacceptable use of network resources.
The remote access policy is a component of the security policy that governs acceptable use of e-mail systems.
It is kept private from users to prevent the possibility of circumventing security measures.
It provides step-by-step procedures to harden routers and other network devices.*
Bottom of Form




30
Top of Form
A technician has been asked to run Cisco SDM one-step lockdown on the router of a customer. What is the result of running these tests?
Security testing is performed and the results are saved as a text file stored in NVRAM.
All traffic entering the router is quarantined and checked for viruses before being forwarded.
The router is tested for potential security problems and any necessary changes are made.*
Traffic is only forwarded from SDM-trusted Cisco routers.
Bottom of Form



31
Top of Form


Refer to the exhibit. A new client Host A sent a DHCPDISCOVER message to the DHCP server located on a different subnet. How is the DHCPOFFER message sent to Host A by the DHCP server?
as a unicast using the Layer 2 MAC address of the server as a source address and the Layer 2 address of Host A as a destination address
as a unicast using the Layer 2 MAC address of the server as a source address and the Layer 2 address of the router as a destination address*
as a broadcast to all nodes on the subnet 172.1.16.10.0/24 using the Layer 2 MAC address of the server as a source address
as a broadcast to all nodes on subnet 172.16.10.0/24 using the Layer 2 MAC address of the router as a source address
Bottom of Form

32
Top of Form
What are two main components of data confidentiality? (Choose two.)
checksum
digital certificates
encapsulation*
encryption*
hashing
Bottom of Form



33
Top of Form


Refer to the exhibit. Which statement is true regarding the configuration shown?
DLCI 110 has global significance.
Point-to-point interfaces utilize bandwidth more efficiently.
The IP address should have been configured on interface Serial0/0.
The encapsulation should have been configured on the subinterface.
This configuration will have fewer split horizon problems without suffering from routing loops.*
Bottom of Form

34
Top of Form
Which statement is true regarding wildcard masks?
The wildcard mask and subnet mask perform the same function.
The wildcard mask is always the inverse of the subnet mask.
A "0" in the wildcard mask identifies IP address bits that must be checked.*
A "1" in the wildcard mask identifies a network or subnet bit.
Bottom of Form


35
Top of Form
The SDM homepage for a router displays which three pieces of information? (Choose three.)
ARP cache
amount of total and available flash memory*
routing table
number of configured LAN interfaces*
if a DHCP server is configured*
number of routers on the LAN
Bottom of Form

36
Top of Form


Refer to the exhibit. What types of switching technologies are used to carry voice and data traffic over the WAN connections shown in Scenario 1 and Scenario 2?
Scenario 1: packet switching
Scenario 2: packet switching
Scenario 1: circuit switching*
Scenario 2: circuit switching*
Scenario 1: circuit switching
Scenario 2: packet switching
Scenario 1: packet switching
Scenario 2: circuit switching
Bottom of Form

37
Top of Form
What functionality do access control lists provide when implementing dynamic NAT on a Cisco router?
defines which addresses are excluded from the NAT pool
defines which addresses are assigned to a NAT pool
defines which addresses are allowed out of the router
defines which addresses can be translated*
Bottom of Form



38
Top of Form
While troubleshooting a failed VPN connection, a technician opens an SDM connection to a router and notices a message box with a login button, a configured IPSec policy, and that the router is configured as a DMVPN hub. What is the most likely cause of the failed connection?
The connection has been administratively closed on the other end of the connection.
The VPN tunnel has failed due to problems at the physical layer.
The timeout interval is set too low to allow the tunnel to be maintained.
XAUTH has been enabled for the tunnel, and the username and password must be supplied.*
Bottom of Form

39
Top of Form
A network administrator must provide WAN connectivity between a central office and three remote sites: Orlando, Atlanta, and Phoenix. The Orlando and Atlanta remote offices receive sales orders and transmit shipping confirmations to the Central office consistently throughout the day. The Phoenix remote office consists of one salesperson traveling through the southwest territory. The salesperson occasionally needs to connect to the Central office for e-mail access. What two methods could the network administrator recommend to connect the remote sites to the Central office? (Choose two.)
Connect to the Atlanta and Orlando remote offices with Frame Relay connections.*
Connect to the Atlanta and Orlando remote offices with ISDN connections.
Connect to the Atlanta and Orlando remote offices with POTS dial-up connections.
Connect to the Phoenix remote office with a Frame Relay connection.
Connect to the Phoenix remote office with a POTS dial-up connection.*
Bottom of Form


40
Top of Form


Refer to the exhibit. The link between the CTRL and BR_1 routers is configured as shown in the exhibit. Why are the routers unable to establish a PPP session?
The CHAP passwords must be different on the two routers.
The clock rate must be 56000.
Interface serial 0/0 on CTRL must connect to interface serial 0/1 on BR_1.
The IP addresses are on different subnets.
The usernames are misconfigured.*
The clock rate is configured on the wrong end of the link.
Bottom of Form











41
Top of Form


Refer to the exhibit. What are two reasons that explain why the workstation with the IP address 192.168.1.153/28 fails to access the Internet? (Choose two.)
The NAT inside interfaces are not configured properly.*
The NAT outside interface is not configured properly.
The router is not properly configured to use the access control list for NAT.*
The NAT pool is not properly configured to use routable outside addresses.
The access control list does not include the IP address 192.168.1.153/28 to access the Internet.
Bottom of Form

42
Top of Form
Which two statements are true regarding the Security Wheel? (Choose two.)
Testing can be done with IDS tools.
Monitoring can be done using tools like SATAN, Nessus, or NMap.
Steps taken to secure the network should be based on the security policy.*
The improve phase of the Security Wheel describes the initial implementation of the guidelines in the security policy to secure the network.
Securing the network requires an adequate threat defense using packet filtering and HIPS, secure connectivity via VPNs, and secure trust relations using authentication.*
Bottom of Form


43
Top of Form


Refer to the exhibit. A technician has been asked to troubleshoot a failed connection between two routers. What can be determined by analyzing the output shown? (Choose two.)
The physical connection between the two routers has failed.
The failure occurs in an OSI layer other than layers 1 and 2.*
Encapsulation should be changed to PPP to solve the problem.
The bandwidth has been set to the value of a T1 line.*
The IP address of S0/0 is invalid, given the subnet mask being used.
Bottom of Form

44
Top of Form
Which protocol should be chosen to support WAN connectivity in a multi-vendor system and provide strong security through authentication?
NAT with DHCP
Frame Relay
HDLC with encryption
HDLC with CHAP
PPP with PAP
PPP with CHAP*
Bottom of Form


45
Top of Form


Refer to the exhibit. R1 is performing NAT overload for the 10.1.1.0/24 inside network. Host A has sent a packet to the web server. What is the destination IP address of the return packet from the web server?
10.1.1.2:1234
172.30.20.1:3333*
10.1.1.2:3333
172.30.20.1:1234
192.168.1.2:80
Bottom of Form






46
Top of Form
What three statements describe the roles of devices in a WAN? (Choose three.)
A CSU/DSU terminates a digital local loop.*
A modem terminates a digital local loop.
A CSU/DSU terminates an analog local loop.
A modem terminates an analog local loop.*
A router is commonly considered a DTE device.*
A router is commonly considered a DCE device.
Bottom of Form






47
Top of Form


Refer to the exhibit. The network administrator is trying to back up the router Cisco IOS software and receives the output shown. The network administrator also cannot ping the TFTP server. What should be done to solve this problem?
Make sure that the Cisco IOS checksum is valid.
Start the TFTP server software on the TFTP server.*
Confirm there is enough room on the TFTP server for the Cisco IOS software.
Make sure that the router has a route to the network where the TFTP server resides.
Bottom of Form



48
Top of Form
An administrator has been asked to implement broadband connections for all teleworkers in the department. Which three options, if available in the area, would satisfy this request? (Choose three.)
cable*
dialup
DSL*
IEEE 802.11g
ISDN
satellite*
Bottom of Form

49
Top of Form
At what physical location does the responsibilty for a WAN connection change from the user to the service provider?
demilitarized zone (DMZ)
demarcation point*
local loop
cloud
Bottom of Form


50
Top of Form


Refer to the exhibit. Which three statements are true? (Choose three.)
NAT overloading is enabled.
Dynamic NAT is enabled.*
Address translation will fail.*
Interface configurations are incorrect.*
The host with an address of 192.168.1.255 will be translated.
Traffic entering serial interface 0/0/2 is translated before exiting serial interface 0/0/0.
Bottom of Form

51
Top of Form
Which two statements are true regarding IPv6? (Choose two.)
It is inherently more secure than IPv4.*
It can only be configured on an interface that does not have IPv4 on it.
It can automatically configure the IPv6 addresses on end devices.*
Routing efficiency is slightly reduced because of the length of IPv6 addresses.
There is no way to translate between IPv4 addresses and IPv6 addresses.
Bottom of Form

52
Top of Form
A technician is talking to a colleague at a rival company and comparing DSL transfer rates between the two companies. Both companies are in the same city, use the same service provider, and have the same rate/service plan. What is the explanation for why Company A reports higher download speeds than Company B?
Company B has a higher volume of POTS voice traffic than Company A.
Company B shares the conection to the DSLAM with more clients than Company A.
Company A only uses microfilters on branch locations.
Company A is closer to the service provider.*
Bottom of Form



53
Top of Form
Which two statements are true regarding network attack mitigation? (Choose two.)
Using non-alphanumeric characters prevents a brute-force password attack.
Using secure passwords is the best way to mitigate reconnaissance attacks.
Using payload encryption helps to mitigate attacks using malicious code, such as worms or viruses.
DoS and DDoS attacks prevent legitimate users from using network devices and are not easily mitigated.*
User education helps prevent social engineering and the spread of viruses.
Bottom of Form

54
Top of Form
Which three items are LCP options that can be configured for PPP? (Choose three.)
CHAP*
Stacker*
IPCP
CDPCP
Multilink*
Bottom of Form


55
Top of Form


Refer to the exhibit. How is the TCP/IP information specified by the default-router and dns-server commands made available to the clients in the network 10.0.1.0/24?
Each of the addresses must be manually configured on each of the network clients.
The TCP/IP information is dynamically configured on each network client.*
The TCP/IP information is available on the DHCP server only.
The TCP/IP information is excluded on the DNS server only.
Bottom of Form

56
Top of Form
What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when implemented inbound on the f0/0 interface?
All traffic from any network destined for the Internet is permitted.
All traffic from 172.16.4.0/24 is permitted anywhere on any port.
Traffic originating from 172.16.4.0/24 is permitted to all port 80 destinations.*
All TCP traffic is permitted, and all other traffic is denied.
The command is rejected by the router because it is incomplete.
Bottom of Form

57
Top of Form


Refer to the exhibit. A host connected to Fa0/0 is unable to acquire an IP address from this DHCP server. The output of the debug ip dhcp server command shows "DHCPD: there is no address pool for 192.168.1.1". What is the problem?
The 192.168.1.1 address has not been excluded from the DHCP pool.
The pool of addresses for the 192Network pool is incorrect.*
The default router for the 192Network pool is incorrect.
The 192.168.1.1 address is already configured on Fa0/0.
Bottom of Form



58
Top of Form
After examining server logs, a network administrator noticed that most of the servers on the network were probed for open TCP ports 80 and 8080 by an unknown remote user. Which type of attack would this most likely represent?
access
Trojan horse
reconnaissance*
denial of service
Bottom of Form

59
Top of Form
What is a major characteristic of a worm?
malicious software that copies itself into other executable programs
tricks users into running the infected software
a set of computer instructions that lies dormant until triggered by a specific event
exploits vulnerabilities with the intent of propagating itself across a network*
Bottom of Form


60
Top of Form
Which statement is true about the metro Ethernet packet-switched WAN technology?
Requires the network address to be assigned to the subscriber to establish a switched virtual circuit (SVC).
Provides a switched, high-bandwidth network capable of managing data, voice, and video all on the same infrastructure.*
Requires a DLCI number to be assigned to the subscribers to establish a permanent virtual circuit (PVC).
Provides permanent voice connectivity to the public switched telephone network (PSTN).
Bottom of Form

61
Top of Form


Refer to the exhibit. When does Router1 apply the dynamic access list named testlist to interface fa0/0?
15 seconds after receiving Telnet traffic from 10.1.1.1/24
when a Telnet session to 10.1.1.1/24 is authenticated
immediately after receiving traffic on port 23 from 10.1.1.1/15
immediately after receiving traffic from the 10.1.1.0/24 network destined for the 172.16.1.0/24 network
Bottom of Form

62
Top of Form
Which three statements are true about creating and applying access lists? (Choose three.)
Access list entries should filter in the order from general to specific.
One access list per port per protocol per direction is permitted.*
Standard ACLs should be applied closest to the source while extended ACLs should be applied closest to the destination.
There is an implicit deny at the end of all access lists.*
Statements are processed sequentially from top to bottom until a match is found.*
The inbound keyword refers to traffic entering the network from the router interface where the ACL is applied.
Bottom of Form



63
Top of Form


Refer to the exhibit. What happens if the network administrator issues the commands shown when an ACL called Managers already exists on the router?
The commands overwrite the Managers ACL that is already on the router.
The commands are added at the end of the Managers ACL that is already on the router.*
The commands are added at the beginning of the Managers ACL that is already on the router.
The network administrator receives an error stating that the ACL already exists.
Bottom of Form

64
Top of Form


Refer to the exhibit. Which two conclusions can be drawn from the output shown? (Choose two.)
This network is experiencing congestion.
The Frame Relay connection is in the process of negotiation.
Data is not flowing in this network.
The network is discarding eligible packets.
The DLCI is globally significant.
Bottom of Form


65
Top of Form
What can a network administrator do to recover from a lost router password?
perform a reload or reset
telnet from another router and issue the show running-config command to view the password
boot the router to ROM monitor mode and configure the router to ignore NVRAM when it initializes
boot the router to bootROM mode and enter the b command to load the IOS manually
Bottom of Form