search for ccna answer

Tuesday, October 27, 2009

OCT 2009 CCNA Exploration 4.0 EWAN Chapter 8 - Accessing the WAN

 updated: OCT 2009 by bluefiz 100%  

1. Which two pieces of information are typically found on a logical network diagram? (Choose two.)
- cable types
- connector types
- interface identifiers
- DLCI for virtual circuits

- operating system versions

2. Excessive broadcasts are generally a symptom of a problem at which layer?
- physical
- data link
- network
- transport

3. What is one example of a physical layer problem?
- incorrect encapsulation
- incorrect STP configuration
- incorrect ARP mapping
- incorrect clock rate

4. Which two components should be taken into consideration when establishing a network baseline? (Choose two.)
- information about the network design
- IP addressing allocation on the network
- requirements about the service provider setup
- requirements for access control lists to regulate traffic
- expected performance under normal operating conditions

5. Refer to the exhibit. Which two steps should be taken during the process of creating network documentation? (Choose two.)


- Record the information about the devices discovered in the Campus network only.
- Record the information about the devices discovered in the entire network, including the remote locations.
- Transfer any information about the devices from the network configuration table that corresponds to a component of the topology diagram.

- Transfer only the Layer 2 and Layer 3 information about the devices from the network configuration table that corresponds to a component of the topology diagram.
- Transfer the recorded information about the devices from the network configuration table gathered during peak network utilization that corresponds to a component of the topology diagram.

6. Which two statements are true concerning logical networking models? (Choose two.)
- TCP/IP splits the lowest layer of the OSI model into two separate layers.
- The top layer of the TCP/IP model combines the functions of the top three OSI layers.
- Troubleshooting with the TCP/IP model requires different techniques than with the OSI model.
- The network access layer is responsible for exchanging packets between devices on a TCP/IP network.
- The Internet layer provides communication between applications, such as FTP, HTTP, and SMTP on separate hosts.
- The TCP/IP network access layer corresponds to the OSI physical and data link layers.

7. Clients across the company are reporting poor performance across all corporate applications running in the data center. Internet access and applications running across the corporate WAN are performing normally. The network administrator observes a continual broadcast of random meaningless traffic (jabber) on the application server LAN in the data center on a protocol analyzer. How should the administrator start troubleshooting?
- The jabber in the data center indicates a local physical layer problem. Use the protocol analyzer to determine the source of the jabber, and then check for a recent NIC driver update or bad cabling.
- Because all clients are experiencing application problems, the administrator should use a top-down approach with the application servers in the data center.
- The scope of the problem indicates a likely routing or spanning-tree problem. Begin by checking routing tables, and follow up using appropriate STP show commands to find a loop if routing is working normally.
- Poll the staff to determine if any recent changes have been made. Back out all the changes one by one until the error condition is fixed.

8. Which troubleshooting approach is suggested for dealing with a complex problem that is suspected of being caused by faulty network cabling?
- bottom up
- top down
- divide and conquer
- middle out

9. A technician has been asked to make several changes to the configuration and topology of a network and then determine the outcome of the changes. What tool can be used to determine the overall effect caused by the changes?
- baselining tool
- knowledge base
- protocol analyzer
- cable tester

10. A technician has been asked to troubleshoot an existing switched network but is unable to locate documentation for the VLAN configuration. Which troubleshooting tool allows the technician to map and discover VLAN and port assignments?
- cable analyzer
- network analyzer
- protocol analyzer
- knowledge base

11. Refer to the exhibit. Users on the Internal LAN are unable to connect to the www server. The network administrator pings the server and verifies that NAT is functioning correctly. Which OSI layer should the administrator begin to troubleshoot next?


- physical
- data link
- network
- application

12. When gathering symptoms for troubleshooting a network problem, which step could result in getting an external administrator involved in the process?
- narrowing the scope
- gathering symptoms from suspect devices - analyzing existing symptoms
- determining ownership

13. Refer to the exhibit. Which three pieces of information can be determined by analyzing the output shown? (Choose three.)
- A carrier detect signal is present.
- Keepalives are being received successfully.

- Default encapsulation is used on this serial link.
- Packets passing this interface cannot exceed 1 KB in size.
- The reliability of this link is very low.
- The LCP negotiation phase is complete.

14. Refer to the exhibit. Users at Branch B are reporting trouble accessing a corporate website running on a server that is located at HQ. HQ and Branch A users can access the website. R3 is able to ping 10.10.10.1 successfully but not 10.10.10.2. The users at Branch B can access servers at Branch A. Which two statements are true aboutthe troubleshooting efforts? (Choose two.)

- The web server should be tested for an application layer problem.
- Frame Relay at R3 and R2 should be tested to narrow the scope of the problem.
- The fact that users at Branch A are working normally proves that there is no problem at R2.
- An ACL entry error could cause the failure at Layer 4 in either R3 or R2.
- The successful ping from R3 to R1 proves that the WAN is functioning normally. Therefore, the problem has to be in the upper layers.

15. Users are complaining of very long wait times to access resources on the network. The show interface command reveals collision counts far above the network baseline. At which OSI layer should the administrator begin troubleshooting?
- application
- transport
- network
- data link
- physical

16. Encapsulation errors from mismatched WAN protocols on a serial link between two routers indicate a problem at which OSI layer?
- physical
- data link
- network
- transport

17. What combination of IP address and wildcard mask should be used to specify only the last 8 addresses in the subnet 192.168.3.32/28?
- 192.168.3.32 0.0.0.7
- 192.168.3.32 0.0.0.15
- 192.168.3.40 0.0.0.7
- 192.168.3.40 0.0.0.15

18. A network administrator has received complaints that users on a local LAN can retrieve e-mail from a remote e-mail server but are unable to open web pages on the same server. Services at which two layers of the OSI model should be investigated during the troubleshooting process? (Choose two.)
- physical layer
- data link layer
- network layer
- transport layer
- application layer


19. Information about which OSI layers of connected Cisco devices can be verified with the show cdp neighbors command?
- All layers
- Layer 1, Layer 2, and Layer 3
- Layer 1, Layer 2, Layer 3, and Layer 4
- Layer 6 and Layer 7

20. Which three approaches should be used when attempting to gather data from users for troubleshooting? (Choose three.)
- Determine fault.
- Get to know the user to build trust.
- Obtain information by asking simple pertinent questions.
- Impress the user with use of technical language and skills.
- Determine if the problem is related to time or a specific event.
- Determine if the user can re-create the problem or events leading to the problem.


updated: OCT 2009 by bluefiz 100%
For image version, please send your request to lovestoryhouse@gmail.com. thx.
Disclaimer: This questionnaires are just for revision purpose! 

OCT 2009 CCNA Exploration 4.0 EWAN Chapter 7 - Accessing the WAN

  updated: OCT 2009 by bluefiz 100%

1. Refer to the exhibit. A network technician determines DHCP clients are not working properly. The clients are receiving IP configuration information from a DHCP server configured on the router but cannot access the Internet. From the output in the graphic, what is the most likely problem?

- The DHCP server service is not enabled.
- The inside interface for DCHP is not defined.
- The DHCP pool is not bound to the interface.
- The pool does not have a default router defined for the clients.
- All the host addresses have been excluded from the DHCP pool.

2. Refer to the exhibit. On the basis of the configuration shown, how should the pool of the excluded addresses be assigned to key hosts on the network, such as router interfaces, printers, and servers?

- The addresses are statically assigned by the network administrator.
- The DHCP server dynamically assigns the addresses.
- The addresses must be listed under the DHCP pool of addresses before they are available for static assignment.
- The addresses must be listed under the DHCP pool of addresses before they are available for dynamic assignment.

3. Refer to the exhibit. According to the output, how many addresses have been successfully assigned by this DHCP server?


- 1
- 6
- 7
- 8
-9

4. What are two benefits of NAT? (Choose two.)
- It saves public IP addresses.
- It adds a degree of privacy and security to a network.

- It increases routing performance.
- It makes troubleshooting routing issues easier.
- It makes tunneling with IPsec less complicated.

5. What is true regarding the differences between NAT and PAT?
- PAT uses the word "overload" at the end of the access-list statement to share a single registered address.
- Static NAT allows an unregistered address to map to multiple registered addresses.
- Dynamic NAT allows hosts to receive the same global address each time external access is required.
- PAT uses unique source port numbers to distinguish between translations.

6. What type of NAT should a network administrator use to ensure that a web server on the inside network is always available to the outside network?
- NAT overload
- static NAT
- dynamic NAT
- PAT

7. Refer to the exhibit. Which address or addresses represent the inside global address?


- 10.1.1.2
- 192.168.0.100
- 209.165.20.25
- any address in the 10.1.1.0 network

8. Refer to the exhibit. Which two statements about the configuration are true? (Choose two.)

- Traffic from the 10.1.1.0 network will be translated.
- Traffic from the 209.165.200.0 network will be translated.
- Permitted traffic gets translated to a single inside global IP address.
- A pool of inside global IP addresses from the 10.1.1.0 network will be used for translation.
- External users from the 209.165.200.0 network can reach private addresses on the 10.1.1.0 and 10.1.2.0 networks.

9. Refer to the exhibit. What is the purpose of the command marked with an arrow shown in the partial configuration output of a Cisco broadband router?


- defines which addresses can be translated
- defines which addresses are allowed into the router
- defines which addresses are assigned to a NAT pool
- defines which addresses are allowed out of the router

10. A technician has been told by a supervisor to always clear any dynamic translations before attempting to troubleshoot a failed NAT connection. Why has the supervisor issued these instructions?
- The supervisor wants to clear any confidential information that may be seen by the technician.
- Because entries can be cached for long periods of time, the supervisor wants to prevent decisions being made based on old data.
- The translation table may be full and is unable to make new translations until space is available.
- Clearing the translations causes the starting configuration to be reread and may correct translation problems that have occurred.

11. Refer to the exhibit. Traffic exiting R1 is failing translation. What part of the configuration is most likely incorrect?

- ip nat pool statement
- access-list statement
- ip nat inside is on the wrong interface
- interface s0/0/2 should be a private IP address 
 

12. Refer to the exhibit. A technician used SDM to enter the NAT configuration for a Cisco router. Which statement correctly describes the result of the configuration?

- A user on the inside sees web traffic coming from 192.168.1.3 using port 8080.
- The address 172.16.1.1 is translated into an address from the pool beginning with 192.168.1.3.
- A user on the outside network sees a request addressed from 192.168.1.3 using port 80.
- A user on the outside must address traffic to port 8080 to reach the address 172.16.1.1.
 
13. Refer to the exhibit. How many IPv6 broadcast domains exist in this topology?

- 0
- 1
- 2
- 3
- 4

14. A network administrator wants to connect two IPv6 islands. The easiest way is through a public network that uses only IPv4 equipment. What simple solution solves the problem?
- Replace the devices on the public network with devices that support IPv6.
- Configure RIPng on the border routers of each IPv6 island.
- Configure the routers to take advantage of dual-stack technology.
- Use tunneling to encapsulate the IPv6 traffic in the IPv4 protocol.

15. After activating IPv6 routing on a Cisco router and programming IPv6 addresses on multiple interfaces, what is the remaining step to activate RIPng?
- Enter the interface programming mode for each IPv6 interface and enable IPng RIP.
- Enter the ipv6 router rip name command and then use network statements to activate RIPng on the interfaces.
- Enter the router rip command, and then activate RIPng using the version command. RIPng then automatically runs on all IPv6 interfaces.
- Enter the interface programming mode for each IPv6 interface and enable the multicast group FF02::9, and then activate RIPng globally using the ipv6 router rip name command.

16. Refer to the exhibit. The FTP server has an RFC 1918 private address. Users on the Internet need to connect to the FTP server on the Fa0/0 LAN of R1. Which three configurations must be completed on R1? (Choose three.)

- dynamic NAT
- NAT with overloading
- open port 20
- open port 21

- open port 23
- NAT with port forwarding

17. Refer to the exhibit. R1 is performing NAT for the 10.1.1.0/24 network, and R2 is performing NAT for the 192.168.1.2/24 network. What would be valid destination IP address for HostA to put in its IP header when communicating with the web server?



- 10.1.1.1
- 172.30.20.2
- 192.168.1.2
- 255.255.255.255

18. Refer to the exhibit. Which two addresses could be assigned to traffic leaving S0 as a result of the statement ip nat pool Tampa 179.9.8.96 179.9.8.111 netmask 255.255.255.240? (Choose two.)

- 10.0.0.125
- 179.9.8.95
- 179.9.8.98
- 179.9.8.101

- 179.9.8.112

19. Refer to the exhibit. IPv6 address 2006:1::1/64 eui-64 has been configured on the router FastEthernet0/0 interface. Which statement accurately describes the EUI-64 identifier configuration?

- It will randomly generate a 64 bit interface ID.
- It will assign an address from the pool of IPv6 private addresses to the interface.
- It will assign only the registry prefix of the IPv6 Global Unicast address to the interface.
- The configuration will derive the interface portion of the IPv6 address from the MAC address of the interface.

20. How many bits of an IPv6 address are used to identify the interface ID?
- 32
- 48
- 64
- 128

21. Your organization is issued the IPv6 prefix of 2001:0000:130F::/48 by your service provider. With this prefix, how many bits are available for your organization to create subnetworks?
- 8
- 16
- 80
- 128

 updated: OCT 2009 by bluefiz 100%
For image version, please send your request to lovestoryhouse@gmail.com. thx.
Disclaimer: This questionnaires are just for revision purpose! 
 

OCT 2009 CCNA Exploration 4.0 EWAN Chapter 6 - Accessing the WAN

 updated: OCT 2009 by bluefiz 100%

1. Which two statements about DSL are true? (Choose two.)
- users are on a shared medium
- uses RF signal transmission
- local loop can be up to 3.5 miles (5.5km)
- physical and data link layers are defined by DOCSIS
- user connections are aggregated at a DSLAM located at the CO

2. Which two Layer 1 requirements are outlined in the Data-over-Cable Service Interface Specification (DOCSIS)? (Choose two.)
- channel widths
- access method
- maximum data rate
- modulation techniques
- compression techniques

3. Which two statements are valid solutions for a cable ISP to reduce congestion for users? (Choose two.)
- use higher RF frequencies
- allocate an additional channel
- subdivide the network to reduce users on each segment

- reduce the length of the local loop to 5.5 kilometers or less
- use filters and splitters at the customer site to separate voice from data traffic

4. A technician has been asked to configure a broadband connection for a teleworker. The technician has been instructed that all uploads and downloads for the connection must use existing phone lines. Which broadband technology should be used?
- cable
- DSL
- ISDN
- POTS

5. After conducting research to learn about common remote connection options for teleworkers, a network administrator has decided to implement remote access over broadband to establish VPN connections over the public Internet. What is the result of this solution?
- A reliable connection is established at greater speeds than what is offered from dialup over POTS. Security is increased, but username and password information are sent in plain text.
- The connection has increased security and reliable connectivity. Users need a remote VPN router or VPN client software.
- Security and reliability are increased at a substantial loss in throughput, which is considered acceptable when supporting a single user environment.
- Reliability and security are increased without the need for additional equipment, when compared to dialup connections using POTS.

6. What are the three main functions of a secure VPN? (Choose three.)
- accounting
- authentication
- authorization
- data availability
- data confidentiality
- data integrity

7. Which two methods could an administrator use to authenticate users on a remote access VPN? (Choose two.)
- digital certificates
- ESP
- hashing algorithms
- smart cards
- WPA

8. Data confidentiality through a VPN is achieved through which two methods? (Choose two.)
- digital certificates
- encryption
- encapsulation
- hashing
- passwords

9. Data confidentiality through a VPN can be enhanced through the use of which three encryption protocols? (Choose three.)
- AES
- DES

- AH
- hash
- MPLS
- RSA

10. Which is an example of symmetric-key encryption?
- Diffie-Hellman
- digital certificate
- pre-shared key
- RSA signature

11. Which statement describes cable?
- Delivering services over a cable network requires downstream frequencies in the 50 to 860 MHz range, and upstream frequencies in the 5 to 42 MHz range.
- The cable subscriber must purchase a cable modem termination system (CMTS)
- Each cable subscriber has dedicated upstream and downstream bandwidth.
- Cable subscribers may expect up to 27 Mbps of bandwidth on the upload path.

12. A company is using WiMAX to provide access for teleworkers. What home equipment must the company provide at the teleworker's site?
- a WiMAX tower
- a one-way multicast satellite
- a WiMAX receiver
- an access point connected to the company WLAN

13. Which two features can be associated with the Worldwide Interoperability for Microwave Access (WiMAX) telecommunication technology? (Choose two.)
- supports municipal wireless networks utilizing mesh technologies
- covers areas as large as 7,500 square kilometers
- supports point-to-point links, but not full mobile cellular-type access
- connects directly to the Internet through high-bandwidth connections
- operates at lower speeds than Wi-Fi, but supports many more users

14. While monitoring traffic on a cable network, a technician notes that data is being transmitted at 38 MHz. Which statement describes the situation observed by the technician?
- Data is being transmitted from the subscriber to the headend.
- Data is flowing downstream.
- Cable television transmissions are interfering with voice and data transmissions.
- The system is experiencing congestion in the lower frequency ranges.

15. Refer to the exhibit. All users have a legitimate purpose and the necessary persissions to access the Corporate network. Based on the topology shown, which locations are able to establish VPN connectivity with the Corporate network?


- Locations C, D, and E can support VPN connectivity. Locations A and B require an additional PIX Firewall appliance installed on the edge of the network.
- Locations C and E can support VPN connectivity. Locations A, B, and D require an additional PIX Firewall appliance installed on the edge of the network.
- Locations A, B, D, and E can support VPN connectivity. Location C requires an additional router on the edge of the network.
- All locations can support VPN connectivity.

16. What two protocols provide data authentication and integrity for IPsec? (Choose two.)
- AH
- L2TP
- ESP
- GRE
- PPTP

17. Which two protocols can be used to encapsulate traffic that is traversing a VPN tunnel? (Choose two.)
- ATM
- CHAP
- IPsec
- IPX
- MPLS
- PPTP

18. Refer to the exhibit. A teleworker is connected over the Internet to the HQ Office. What type of secure connection can be established between the teleworker and the HQ Office?

- a GRE tunnel
- a site-to-site VPN
- a remote-access VPN
- the user must be at the office location to establish a secure connection

19. Refer to the exhibit. A VPN tunnel has been established between the HQ Office and the Branch Office over the public Internet. Which three mechanisms are required by the devices on each end of the VPN tunnel to protect the data from being intercepted and modified? (Choose three.)

- The devices must use a dedicated Layer 2 connection.
- The devices must have the VPN client software installed.
- The two parties must inspect the traffic against the same ACLs.
- The two parties must establish a secret key used by encryption and hash algorithms.
- The two parties must agree on the encryption algorithm to be used over the VPN tunnel.
- The devices must be authenticated before the communication path is considered secure.



 updated: OCT 2009 by bluefiz 100%
For image version, please send your request to lovestoryhouse@gmail.com. thx.
Disclaimer: This questionnaires are just for revision purpose! 

Sunday, October 25, 2009

OCT 2009 CCNA Exploration 4.0 EWAN Chapter 5 - Accessing the WAN

 updated: OCT 2009 by bluefiz 96%

1. By default, how is IP traffic filtered in a Cisco router?
- blocked in and out of all interfaces
- blocked on all inbound interfaces, but permitted on all outbound interfaces
- permitted in and out of all interfaces
- blocked on all outbound interfaces, but permitted on all inbound interfaces

2. Which three parameters can ACLs use to filter traffic? (Choose three.)
- packet size
- protocol suite
- source address
- destination address

- source router interface
- destination router interface

3. How do Cisco standard ACLs filter traffic?
- by destination UDP port
- by protocol type
- by source IP address
- by source UDP port
- by destination IP address

4. Which two statements are correct about extended ACLs? (Choose two)
- Extended ACLs use a number range from 1-99.
- Extended ACLs end with an implicit permit statement.
- Extended ACLs evaluate the source and destination addresses.
- Port numbers can be used to add greater definition to an ACL.

- Multiple ACLs can be placed on the same interface as long as they are in the same direction.

5. Where should a standard access control list be placed?
- close to the source
- close to the destination
- on an Ethernet port
- on a serial port

6. Which three statements describe ACL processing of packets? (Choose three.)
- An implicit deny any rejects any packet that does not match any ACL statement.
- A packet can either be rejected or forwarded as directed by the statement that is matched.

- A packet that has been denied by one statement can be permitted by a subsequent statement.
- A packet that does not match the conditions of any ACL statements will be forwarded by default.
- Each statement is checked only until a match is detected or until the end of the ACL statement list.
- Each packet is compared to the conditions of every statement in the ACL before a forwarding decision is made.

7. Which two statements are true regarding the significance of the access control list wildcard mask 0.0.0.7? (Choose two.)
- The first 29 bits of a given IP address will be ignored.
- The last 3 bits of a given IP address will be ignored.
- The first 32 bits of a given IP address will be checked.
- The first 29 bits of a given IP address will be checked.
- The last 3 bits of a given IP address will be checked.

8. Which two statements are true regarding the following extended ACL? (Choose two.)
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21
access-list 101 permit ip any any

- FTP traffic originating from network 172.16.3.0/24 is denied.
- All traffic is implicitly denied.
- FTP traffic destined for the 172.16.3.0/24 network is denied.
- Telnet traffic originating on network 172.16.3.0/24 is denied.
- Web traffic originating from 172.16.3.0 is permitted.

9. Interface s0/0/0 already has an IP ACL applied inbound. What happens when the network administrator attempts to apply a second inbound IP ACL?
- The second ACL is applied to the interface, replacing the first.
- Both ACLs are applied to the interface.
- The network administrator receives an error.
- Only the first ACL remains applied to the interface.

10. Refer to the exhibit. When creating an extended ACL to deny traffic from the 192.168.30.0 network destined for the Web server 209.165.201.30, where is the best location for applying the ACL?


- ISP Fa0/0 outbound
- R2 S0/0/1 inbound
- R3 Fa0/0 inbound
- R3 S0/0/1 outbound

11. Which two statements are true regarding named ACLs? (Choose two.)
- Only named ACLs allow comments.
- Names can be used to help identify the function of the ACL.
- Named ACLs offer more specific filtering options than numbered ACLs.
- Certain complex ACLs, such as reflexive ACLs, must be defined with named ACLs.
- More than one named IP ACL can be configured in each direction on a router interface.

12. Which three items must be configured before a dynamic ACL can become active on a router? (Choose three.)
- extended ACL
- reflexive ACL
- console logging
- authentication
- Telnet connectivity
- user account with a privilege level of 15

13. Refer to the exhibit. How does this access list process a packet with the source address 10.1.1.1 and a destination of 192.168.10.13?

- It is allowed because of the implicit deny any.
- It is dropped because it does not match any of the items in the ACL.
- It is allowed because line 10 of the ACL allows packets to 192.168.0.0/16.
- It is allowed because line 20 of the ACL allows packets to the host 192.168.10.13.

14. A network administrator needs to allow traffic through the firewall router for sessions that originate from within the company network, but the administrator must block traffic for sessions that originate outside the network of the company. What type of ACL is most appropriate?
- dynamic
- port-based
- reflexive
- time-based

15. Refer to the exhibit. How will Router1 treat traffic matching the time-range requirement of EVERYOTHERDAY?

- TCP traffic entering fa0/0 from 172.16.1.254/24 destined to the 10.1.1.0/24 network is permitted.
- TCP traffic entering fa0/0 from 10.1.1.254/24 destined to the 172.16.1.0/24 network is permitted.
- Telnet traffic entering fa0/0 from 172.16.1.254/24 destined to the 10.1.1.0/24 network is permitted.
- Telnet traffic entering fa0/0 from 10.1.1.254/24 destined to the 172.16.1.0/24 network is permitted.

16. The following commands were entered on a router:
Router(config)# access-list 2 deny 172.16.5.24
Router(config)# access-list 2 permit any

The ACL is correctly applied to an interface. What can be concluded about this set of commands?

- The wildcard mask 0.0.0.0 is assumed.
- The access list statements are misconfigured.
- All nodes on the 172.16.0.0 network will be denied access to other networks.
- No traffic will be allowed to access any nodes or services on the 172.16.0.0 network.

17. Refer to the exhibit. The administrator wishes to block web traffic from 192.168.1.50 from reaching the default port of the web service on 192.168.3.30. To do this, the access control list name is applied inbound on the router R1 LAN interface. After testing the list, the administrator has noted that the web traffic remains successful. Why is web traffic reaching the destination?

- Web traffic does not use port 80 by default.
- The access list is applied in the wrong direction.
- The access list needs to be placed closer to the destination, on R3.
- The range of source addresses specified in line 10 does not include host 192.168.1.50.

18. Refer to the exhibit. What will be the effect of the configuration that is shown?

- Users attempting to access hosts in the 192.168.30.0/24 network will be required to telnet to R3.
- Hosts connecting to resources in the 191.68.30.0/24 network have an idle timeout of 15 minutes.
- Anyone attempting to telnet into R3 will have an absolute time limit of five minutes.
- Telnet access to R3 will only be permitted on Serial 0/0/1.

19. Which statement about standard ACLs is true?
- Standard ACLS must be numbered and cannot be named.
- They should be placed as close to the destination as possible.
- They can filter based on source and destination address as well as on source and destination port.
- When applied to an outbound interface, incoming packets are processed before they are routed to the outbound interface.

20. Which benefit does an extended ACL offer over a standard ACL?
- Extended ACLs can be named, but standard ACLs cannot.
- Unlike standard ACLs, extended ACLS can be applied in the inbound or outbound direction.
- Based on payload content, an extended ACL can filter packets, such as information in an e-mail or instant message.
- In addition to the source address, an extended ACL can also filter on destination address, destination port, and source port.

21. Which feature will require the use of a named ACL rather than a numbered ACL?
- the ability to filter traffic based on a specific protocol
- the ability to filter traffic based on an entire protocol suite and destination
- the ability to specify source and destination addresses to use when identifying traffic
- the ability to edit the ACL and add additional statements in the middle of the list without removing and re-creating the list

22. A technician is creating an ACL and needs a way to indicate only the subnet 172.16.16.0/21. Which combination of network address and wildcard mask will accomplish the desired task?
- 172.16.0.0 0.0.255.255
- 127.16.16.0 0.0.0.255
- 172.16.16.0 0.0.7.255
- 172.16.16.0 0.0.15.255
- 172.16.16.0 0.0.255.255

23. Which two statements accurately describe the characteristics of wildcard masks in an ACL? (Choose two.)
- Wildcard masks are the inverse of the subnet mask.
- The word "any" indicates that all corresponding bits must be matched.
- The word "host" corresponds to a wildcard mask of 0.0.0.0 in an ACL statement.
- A wildcard mask of 0.0.255.255 can be used to create a match for an entire Class B network.

- A wildcard mask bit of 1 indicates that the corresponding bit in the address must be matched.

24. Refer to the exhibit. Which statement is true about ACL 110 if ACL 110 is applied in the inbound direction on S0/0/0 of R1?

- It will deny TCP traffic to the Internet if the traffic is sourced from the 172.22.10.0/24 network.
- It will not allow TCP traffic coming from the Internet to enter the network 172.22.10.0/24.
- It will allow any TCP traffic from the Internet to enter the network 172.22.10.0/24.
- It will permit any TCP traffic that originated from network 172.22.10.0/24 to return inbound on the S0/0/0 interface.

25. Refer to the exhibit. ACL 120 is configured inbound on the serial0/0/0 interface on router R1, but the hosts on network 172.11.10.0/24 are able to telnet to network 10.10.0.0/16. On the basis of the provided configuration, what should be done to remedy the problem?


- Apply the ACL outbound on the serial0/0/0 interface on router R1.
- Apply the ACL outbound on the FastEthernet0/0 interface on router R1.
- Include the established keyword at the end of the first line in the ACL.
- Include a statement in the ACL to deny the UDP traffic that originates from 172.11.10.0/24 network.

26. Refer to the exhibit. The network administrator applied an ACL outbound on S0/0/0 on router R1. Immediately after the administrator did so, the users on network 172.22.30.0/24 started complaining that they have intermittent access to the resources available on the server on the 10.10.0.0/16 network. On the basis of the configuration that is provided, what is the
possible reason for the problem?


- The ACL allows only the mail traffic to the server; the rest of the traffic is blocked.
- The ACL permits the IP packets for users on network 172.22.30.0/24 only during a specific time range.
- The ACL permits TCP packets only if a connection is established from the server to the network 172.22.0.0/16.
- The ACL allows only TCP traffic from users on network 172.22.40.0/24 to access the server; TCP traffic from any other sources is blocked.


 updated: OCT 2009 by bluefiz 96%
For image version, please send your request to lovestoryhouse@gmail.com. thx.
Disclaimer: This questionnaires are just for revision purpose!

OCT 2009 CCNA Exploration 4.0 EWAN Chapter 4 - Accessing the WAN

updated: OCT 2009 by bluefiz 100%

1. Which two statements are true regarding network security? (Choose two.)
- Securing a network against internal threats is a lower priority because company employees represent a low security risk.
- Both experienced hackers who are capable of writing their own exploit code and inexperienced individuals who download exploits from the Internet pose a serious threat to network security.
- Assuming a company locates its web server outside the firewall and has adequate backups of the web server, no further security measures are needed to protect the web server because no harm can come from it being hacked.
- Established network operating systems like UNIX and network protocols like TCP/IP can be used with their default settings because they have no inherent security weaknesses.
- Protecting network devices from physical damage caused by water or electricity is a necessary part of the security
policy.


2. Which two statements are true about network attacks? (Choose two.)
- Strong network passwords mitigate most DoS attacks.
- Worms require human interaction to spread, viruses do not.
- Reconnaissance attacks are always electronic in nature, such as ping sweeps or port scans.
- A brute-force attack searches to try every possible password from a combination of characters.
- Devices in the DMZ should not be fully trusted by internal devices, and communication between the DMZ and internal devices should be authenticated to prevent attacks such as port redirection.


3. Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?
- reconnaissance
- access
- DoS
- worm
- virus
- Trojan horse

4. An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?
- DoS
- DDoS
- virus
- access
- reconnaissance

5. Which two statements regarding preventing network attacks are true? (Choose two.)
- The default security settings for modern server and PC operating systems can be trusted to have secure default security settings.
- Intrusion prevention systems can log suspicious network activity, but there is no way to counter an attack in progress without user intervention.
- Physical security threat mitigation consists of controlling access to device console ports, labeling critical cable runs, installing UPS systems, and providing climate control.
- Phishing attacks are best prevented by firewall devices.
- Changing default usernames and passwords and disabling or uninstalling unnecessary services are aspects of device hardening.

6. Intrusion detection occurs at which stage of the Security Wheel?
- securing
- monitoring
- testing
- improvement
- reconnaissance

7. Which two objectives must a security policy accomplish? (Choose two.)
- provide a checklist for the installation of secure servers
- describe how the firewall must be configured
- document the resources to be protected
- identify the security objectives of the organization

- identify the specific tasks involved in hardening a router

8. What are three characteristics of a good security policy? (Choose three.)
- It defines acceptable and unacceptable use of network resources.
- It communicates consensus and defines roles.

- It is developed by end users.
- It is developed after all security devices have been fully tested.
- It defines how to handle security incidents.
- It should be encrypted as it contains backups of all important passwords and keys.

9. Which two statements define the security risk when DNS services are enabled on the network? (Choose two.)
- By default, name queries are sent to the broadcast address 255.255.255.255.
- DNS name queries require the ip directed-broadcast command to be enabled on the Ethernet interfaces of all routers.
- Using the global configuration command ip name-server on one router enables the DNS services on all routers in the network.
- The basic DNS protocol does not provide authentication or integrity assurance.
- The router configuration does not provide an option to set up main and backup DNS servers.

10. What are two benefits of using Cisco AutoSecure? (Choose two.)
- It gives the administrator detailed control over which services are enabled or disabled.
- It offers the ability to instantly disable non-essential system processes and services.
- It automatically configures the router to work with SDM.
- It ensures the greatest compatibility with other devices in your network.
- It allows the administrator to configure security policies without having to understand all of the Cisco IOS software features.

11. Refer to the exhibit. A network administrator is trying to configure a router to use SDM, but it is not functioning correctly. What could be the problem?


- The privilege level of the user is not configured correctly.
- The authentication method is not configured correctly.
- The HTTP server is not configured correctly.
- The HTTP timeout policy is not configured correctly.

12. The Cisco IOS image naming convention allows identification of different versions and capabilities of the IOS. What information can be gained from the filename c2600-d-mz.121-4? (Choose two.)
- The "mz" in the filename represents the special capabilities and features of the IOS.
- The file is uncompressed and requires 2.6 MB of RAM to run.
- The software is version 12.1, 4th revision.
- The file is downloadable and 121.4MB in size.
- The IOS is for the Cisco 2600 series hardware platform.


13. Refer to the exhibit. The network administrator is trying to back up the Cisco IOS router software and receives the output shown. What are two possible reasons for this output? (Choose two.)


- The Cisco IOS file has an invalid checksum.
- The TFTP client on the router is corrupt.
- The router cannot connect to the TFTP server.
- The TFTP server software has not been started.

- There is not enough room on the TFTP server for the software.

14. Which two conditions should the network administrator verify before attempting to upgrade a Cisco IOS image using a TFTP server? (Choose two.)
- Verify the name of the TFTP server using the show hosts command.
- Verify that the TFTP server is running using the tftpdnld command.
- Verify that the checksum for the image is valid using the show version command.
- Verify connectivity between the router and TFTP server using the ping command.
- Verify that there is enough flash memory for the new Cisco IOS image using the show flash command.


15. The password recovery process begins in which operating mode and using what type of connection? (Choose two.)
- ROM monitor
- boot ROM
- Cisco IOS
- direct connection through the console port
- network connection through the Ethernet port
- network connection through the serial port

16. Refer to the exhibit. Security Device Manager (SDM) is installed on router R1. What is the result of opening a web browser on PC1 and entering the URL https://192.168.10.1?


- The password is sent in plain text.
- A Telnet session is established with R1.
- The SDM page of R1 appears with a dialog box that requests a username and password.
- The R1 home page is displayed and allows the user to download Cisco IOS images and configuration files.

17. Which statement is true about Cisco Security Device Manager (SDM)?
- SDM can run only on Cisco 7000 series routers.
- SDM can be run from router memory or from a PC.
- SDM should be used for complex router configurations.
- SDM is supported by every version of the Cisco IOS software.

18. Which step is required to recover a lost enable password for a router?
- Set the configuration register to bypass the startup configuration.
- Copy the running configuration to the startup configuration.
- Reload the IOS from a TFTP server from ROMMON.
- Reconfigure the router using setup mode.

19. What is the best defense for protecting a network from phishing exploits?
- Schedule antivirus scans.
- Schedule antispyware scans .
- Schedule training for all users.
- Schedule operating systems updates.

20. Refer to the exhibit. Security Device Manager (SDM) has been used to configure a required level of security on the router. What would be accomplished when the SDM applies the next step on the security problems that are identified on the router?
 


- SDM will automatically invoke the AutoSecure command.
- SDM will generate a report that will outline the proper configuration actions to alleviate the security issues.
- SDM will create a configuration file that can be copy and pasted into the router to reconfigure the services.
- SDM will reconfigure the services that are marked in the exhibit as “fix it” to apply the suggested security changes.

21. Refer to the exhibit. What is the purpose of the "ip ospf message-digest-key 1 md5 cisco" statement in the configuration?

- to specify a key that is used to authenticate routing updates
- to save bandwidth by compressing the traffic
- to enable SSH encryption of traffic
- to create an IPsec tunnel

22. Refer to the exhibit. What is accomplished when both commands are configured on the router?

- The commands filter UDP and TCP traffic coming to the router.
- The commands disable any TCP or UDP request sent by the routing protocols.
- The commands disable the services such as echo, discard, and chargen on the router to prevent security vulnerabilities.
- The commands disable the BOOTP and TFTP server services to prevent security vulnerabilities.

updated: OCT 2009 by bluefiz 100%
For image version, please send your request to lovestoryhouse@gmail.com. thx.
Disclaimer: This questionnaires are just for revision purpose!

OCT 2009 CCNA Exploration 4.0 EWAN Chapter 3 - Accessing the WAN

   updated: OCT 2009 by bluefiz

1. Which best describes the benefit of using Frame Relay as opposed to a leased line or ISDN service?
- Customers can define their virtual circuit needs in far greater combinations, with increments as small as 64 kbps.
- Customers pay for an end-to-end connection that includes the local loop and the network link.
- Customers only pay for the local loop and the bandwidth they purchase from the network provider.
- Connecting new sites requires new lower cost circuit installations when compared to ISDN dialup costs or adding additional hardware for leased service.

2. What two methods does Frame Relay technology use to process frames that contain errors? (Choose two.)
- Frame Relay services depend on the upper layer protocols to handle error recovery.
- It requires the receiving device to request that the sender retransmit erroneous frames.
- FECN, BECN, and DE bits are set in the frames to minimize errors.
- The receiving device drops any frames that contain errors without notifying the sender.
- The frame relay switch notifies the sender that errors were detected.

3. What best describes the use of a data-link connection identifier (DLCI)?
- local address identifying a destination router across a Frame Relay network
- locally significant address used to identify a virtual circuit
- logical address identifying the interface between a router and a Frame Relay switch
- logical address used to identify the DCE

4. What is created between two DTEs in a Frame Relay network?
- ISDN circuit
- limited access circuit
- switched parallel circuit
- virtual circuit

5. Which two items allow the router to map data link layer addresses to network layer addresses in a Frame Relay network? (Choose two.)
- ARP
- RARP
- Proxy ARP
- Inverse ARP
- LMI status messages

- ICMP

6. Refer to the exhibit. A ping is sent to address 192.168.50.10 from the Peanut router. Which DLCI will be used to send the ping?


- 110
- 115
- 220
- 225

7. Refer to the exhibit. Which two outcomes occur from the configuration shown? (Choose two.)


- The broadcasts will be forwarded to 10.1.1.1.
- The router will use DLCI 22 to forward data to 10.1.1.1.
- DLCI 22 will replace the MAC address in the ARP table for entry 10.1.1.1
- Frames arriving on interface serial 0/0/0 of RT_1 will have a data link layer address of 22.
- Inverse-ARP will now add an entry for 10.1.1.1 into the Frame Relay map table using DLCI 22.

8. Refer to the exhibit. What effect does the point-to-point configuration on subinterface S0/0.110 have on the operation of the router?

- It helps to conserve IP addresses.
- It establishes multiple PVC connections to multiple physical interfaces.
- It eliminates split horizon issues without increasing the likelihood of routing loops.
- It requires the configuration of the encapsulation command on the subinterface.

9. Which three actions does a Frame Relay switch perform when it detects an excessive build-up of frames in its queue?(Choose three.)
- puts a hold on accepting frames in excess of the CIR
- drops frames from the queue that have the DE bit set
- reduces the number of frames it sends over the link
- re-negotiates flow control with the connected device
- sets the FECN bit on all frames it receives on the congested link
- sets the BECN bit on all frames it places on the congested link


10. Refer to the exhibit. Which two statements are true given the output shown? (Choose two.)

- The IP address of the local Frame Relay interface is 172.16.1.4.
- The local DLCI number is 401.
- Inverse ARP is being used on this connection.

- This interface is in the active state and in the process of negotiating configuration parameters.
- Multicast is not enabled on this connection.

11. Refer to the exhibit. When troubleshooting a Frame Relay connection, an administrator entered the show interfaces s0/0 command and received the output shown in the exhibit. What are two probable reasons for this problem? (Choose two.)

- The cable between the CSU/DSU and the router is disconnected.
- The serial 0/0 interface is shutdown.
- The router is not configured for the same Frame Relay PVC as the switch.
- The LMI type on the Frame Relay switch is NOT ANSI.

- The address of the Frame Relay switch is not in the routing table.

12. Refer to the exhibit. What can be determined about the Frame Relay switch from the output shown?
- It is currently not transmitting data.
- It is in the process of establishing the PVC.
- It has put a hold on processing frames in excess of the CIR.
- It is experiencing congestion.

13. Refer to the exhibit. Router R2 is part of a Frame Relay network that uses OSPF for IP routing. After the commands that are shown are entered, R2 will not exchange OSPF information correctly. What is the likely cause?

- The frame-relay map command requires the broadcast keyword.
- The DLCIs on each end of the PVCs are not identical.
- The R2 S0/0/0 interface has not been brought online.
- The LMI or Inverse ARP or both are not working.

14. Which statement about Frame Relay subinterfaces is correct?
- Multipoint interfaces will automatically forward routing broadcasts but will consume more IP addresses than point-to-point subinterfaces will consume.
- Point-to-point subinterfaces act like leased lines and eliminate split-horizon routing issues.
- Interfaces with multiple PVCs require a separate subinterface for each PVC.
- Multipoint configurations cannot use subinterfaces.

15. Refer to the exhibit. You are a network administrator who has been tasked with completing the Frame Relay topology that interconnects two remote sites. Router HQ belongs to both the 172.16.1.0/24 and 172.16.2.0/24 subnets with IP addresses of 172.16.1.3 and 172.16.2.3 respectively. Traffic between R1 and R2 must travel through HQ first. How should the serial interface on HQ be configured to complete the topology?

- one multipoint subinterface
- two point-to-point subinterfaces
- with the physical interface configured with two ip addresses
- one IP address on a point-to-point subinterface and one IP address on the physical interface

16. What consideration must be taken into account if RIP is used on Frame Relay multiaccess networks?
- To forward routing updates, address-to-DLCI mapping must be done via the use of the frame-relay map command coupled with the broadcast keyword.
- Inverse ARP must be enabled to turn routing update broadcasts into unicast traffic that can be propagated to other Frame Relay nodes.
- Because broadcast traffic is not supported, RIPv1 cannot be implemented on Frame Relay networks.
- To forward broadcast routing updates, dynamic mapping must be enabled.

17. Refer to the exhibit. Which statement explains why the Frame Relay connection between R1 and R2 is failing?


- Split horizon must be disabled.
- The LMI type must be specified.
- Logical subinterfaces must be used instead.
- The frame-relay map commands are using incorrect DLCIs.

18. Refer to the exhibit. Router R1 has been configured for Frame Relay connectivity to routers R2 and R3. Which set of configuration options for routers R2 and R3 would provide each router connectivity to R1?

- R2(config)# interface serial0/0/1
R2(config-if)# frame-relay map ip 10.1.1.1 102
R3(config)# interface serial0/0/1
R3(config-if)# frame-relay map ip 10.1.2.1 103
- R2(config)# interface serial0/0/1
R2(config-if)# frame-relay map ip 10.1.1.1 102
R2(config-if)# frame-relay map ip 10.1.2.3 301
R3(config)# interface serial0/0/1
R3(config-if)# frame-relay map ip 10.1.2.1 103
R3(config-if)# frame-relay map ip 10.1.1.2 201
- R2(config)# interface serial0/0/1.201 point-to-point
R2(config-if)# no frame-relay invers-arp
R3(config)# interface serial0/0/1.301 point-to-point
R3(config-if)# no frame-relay invers-arp
- R2(config)# interface serial0/0/1.201 point-to-point
R2(config-if)# frame-relay interface-dlci 201
R3(config)# interface serial0/0/1.301 point-to-point
R3(config-if)# frame-relay interface-dlci 301


19. Refer to the exhibit. What can be known about the configuration of router R1 from the output?

- The Frame Relay LMI DLCI has been incorrectly configured as DLCI 1023.
- The Frame Relay LMI type has been changed from its default.
- The Serial 0/0/0 interface has been configured as a data communications equipment device.
- The command encapsulation frame-relay ietf has been used on the Serial 0/0/0 interface.

20. Refer to the exhibit. What can be determined about the configuration of router R1 from the exhibited output?

- LMI updates are not being received properly.
- The LMI type for the Serial 0/0/0 interface has been left to its default configuration.
- Cisco HDLC is used as a Layer 2 encapsulation protocol on the Serial 0/0/0 interface.
- The Serial 0/0/0 interface has been configured as a data communications equipment device.

21. Refer to the exhibit. What can be determined from the output?

- Serial 0/0/0 has been configured with an DLCI of 201.
- Serial 0/0/0 has the feature frame-relay inverse-arp enabled.
- Serial 0/0/0 has been configured with an IP address of 172.16.4.3.
- Serial 0/0/0 has been configured with the command frame-relay map ip 172.16.4.3 201 broadcast.

22. Refer to the exhibit. Router R1 has been configured for Frame Relay connectivity to routers R2 and R3. What configuration option should be configured on the R2 and R3 serial interfaces in order for all routers to ping each other successfully?

- R2(config-if)# frame-relay interface-dlci 201 broadcast
R3(config-if)# frame-relay interface-dlci 301 broadcast
- R2(config-if)# frame-relay map ip 10.1.1.1 201 broadcast
R3(config-if)# frame-relay map ip 10.1.1.1 301 broadcast
- R2(config-if)# frame-relay map ip 10.1.1.3 201 broadcast
R3(config-if)# frame-relay map ip 10.1.1.2 301 broadcast
- R2(config-if)# frame-relay map ip 10.1.1.1 201 broadcast
R2(config-if)# frame-relay map ip 10.1.1.3 201 broadcast
R3(config-if)# frame-relay map ip 10.1.1.1 301 broadcast
R3(config-if)# frame-relay map ip 10.1.1.2 301 broadcast


  updated: OCT 2009 by bluefiz