Q1. - (Topic 2)
Which address type does a switch use to make selective forwarding decisions?
A. Source IP address
B. Destination IP address
C. Source and destination IP address
D. Source MAC address
E. Destination MAC address
Answer: E
Explanation:
Switches analyze the destination MAC to make its forwarding decision since it is a layer 2 device. Routers use the destination IP address to make forwarding decisions.
Q2. - (Topic 3)
OSPF is configured using default classful addressing. With all routers and interfaces operational, how many networks will be in the routing table of R1 that are indicated to be learned by OSPF?
A. 2
B. 3
C. 4
D. 5
E. 6
F. 7
Answer: C
Explanation:
Although OSPF is configured using default classful addressing but OSPF is a link-state routing protocol so it will always send the subnet mask of each network in their advertised routes. Therefore R1 will learn the the complete subnets. Four networks list below will be in the routing table of R1:+ 172.16.2.64/30+ 172.16.2.228/30+ 172.16.2.232/30+ 172.16.3.0/24 Note: Other networks will be learned as “Directly connected” networks (marked with letter “C”)
Q3. - (Topic 5)
Select three options which are security issues with the current configuration of SwitchA. (Choose three.)
A. Privilege mode is protected with an unencrypted password
B. Inappropriate wording in banner message
C. Virtual terminal lines are protected only by a password requirement
D. Both the username and password are weak
E. Telnet connections can be used to remotely manage the switch
F. Cisco user will be granted privilege level 15 by default
Answer: A,B,D
Q4. - (Topic 2)
Refer to the exhibit.
What two things can the technician determine by successfully pinging from this computer to the IP address 172.16.236.1? (Choose two)
A. The network card on the computer is functioning correctly.
B. The default static route on the gateway router is correctly configured.
C. The correct default gateway IP address is configured on the computer.
D. The device with the IP address 172.16.236.1 is reachable over the network.
E. The default gateway at 172.16.236.1 is able to forward packets to the internet.
Answer: A,D
Explanation:
The source and destination addresses are on the same network therefore, a default gateway is not necessary for communication between these two addresses.
Q5. - (Topic 3)
Refer to the exhibit.
The two routers have had their startup configurations cleared and have been restarted. At a minimum, what must the administrator do to enable CDP to exchange information between R1 and R2?
A. Configure the router with the cdp enable command.
B. Enter no shutdown commands on the R1 and R2 fa0/1 interfaces.
C. Configure IP addressing and no shutdown commands on both the R1 and R2 fa0/1 interfaces.
D. Configure IP addressing and no shutdown commands on either of the R1 or R2 fa0/1 interfaces.
Answer: B
Explanation:
If the no shut down commands are not entered, then CDP can exchange information between the two routers. By default, all Cisco device interfaces and ports are shut down and need to be manually enabled.
Q6. - (Topic 3)
Which statements describe the routing protocol OSPF? (Choose three.)
A. It supports VLSM.
B. It is used to route between autonomous systems.
C. It confines network instability to one area of the network.
D. It increases routing overhead on the network.
E. It allows extensive control of routing updates.
F. It is simpler to configure than RIP v2.
Answer: A,C,E
Explanation:
Routing overhead is the amount of information needed to describe the changes in a dynamic network topology. All routers in an OSPF area have identical copies of the topology database and the topology database of one area is hidden from the rest of the areas to reduce routing overhead because fewer routing updates are sent and smaller routing trees are computed and maintained (allow extensive control of routing updates and confine network instability to one area of the network).
Q7. - (Topic 5)
What are two recommended ways of protecting network device configuration files from outside network security threats? (Choose two.)
A. Allow unrestricted access to the console or VTY ports.
B. Use a firewall to restrict access from the outside to the network devices.
C. Always use Telnet to access the device command line because its data is automatically encrypted.
D. Use SSH or another encrypted and authenticated transport to access device configurations.
E. Prevent the loss of passwords by disabling password encryption.
Answer: B,D
Explanation:
Using a firewall is a must for networks of any size to protect the internal network from outside threats and unauthorized access. SSH traffic is encrypted while telnet is not, so it is always recommended to use SSH.
Q8. - (Topic 3)
The command ip route 192.168.100.160 255.255.255.224 192.168.10.2 was issued on a router. No routing protocols or other static routes are configured on the router. Which statement is true about this command?
A. The interface with IP address 192.168.10.2 is on this router.
B. The command sets a gateway of last resort for the router.
C. Packets that are destined for host 192.168.100.160 will be sent to 192.168.10.2.
D. The command creates a static route for all IP traffic with the source address
192.168.100.160.
Answer: C
Explanation:
With 160 it's actually network address of /27 so any address within the range of .160-.191 network will be sent to 192.168.10.2
Q9. - (Topic 7)
By default, how many MAC addresses are permitted to be learned on a switch port with port security enabled?
A. 8
B. 2
C. 1
D. 0
Answer: C
Q10. - (Topic 4)
What happens when computers on a private network attempt to connect to the Internet through a Cisco router running PAT?
A. The router uses the same IP address but a different TCP source port number for each connection.
B. An IP address is assigned based on the priority of the computer requesting the connection.
C. The router selects an address from a pool of one-to-one address mappings held in the lookup table.
D. The router assigns a unique IP address from a pool of legally registered addresses for the duration of the connection.
Answer: A
Reference:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_staticpat.html
Static PAT translations allow a specific UDP or TCP port on a global address to be translated to a specific port on a local address. That is, both the address and the port numbers are translated.
Static PAT is the same as static NAT, except that it enables you to specify the protocol (TCP or UDP) and port for the real and mapped addresses. Static PAT enables you to identify the same mapped address across many different static statements, provided that the port is different for each statement. You cannot use the same mapped address for multiple static NAT statements.
Port Address Translation makes the PC connect to the Internet but using different TCP source port.