Q1. - (Topic 3)
What are two enhancements that OSPFv3 supports over OSPFv2? (Choose two.)
A. It requires the use of ARP.
B. It can support multiple IPv6 subnets on a single link.
C. It supports up to 2 instances of OSPFv3 over a common link.
D. It routes over links rather than over networks.
Answer: B,D
Explanation:
Here is a list of the differences between OSPFv2 and OSPFv3:
✑ They use different address families (OSPFv2 is for IPv4-only, OSPFv3 can be used for IPv6-only or both protocols
✑ OSPFv3 introduces new LSA types
✑ OSPFv3 has different packet format
✑ OSPFv3 uses different flooding scope bits (U/S2/S1)
✑ OSPFv3 adjacencies are formed over link-local IPv6 communications
✑ OSPFv3 runs per-link rather than per-subnet
✑ OSPFv3 supports multiple instances on a single link, Interfaces can have multiple IPv6 addresses
✑ OSPFv3 uses multicast addresses FF02::5 (all OSPF routers), FF02::6 (all OSPF DRs)
✑ OSPFv3 Neighbor Authentication done with IPsec (AH)
✑ OSPFv2 Router ID (RID) must be manually configured, still a 32-bit number
Reference: http://www.networkworld.com/article/2225270/cisco-subnet/ospfv3-for-ipv4-and- ipv6.html
Q2. CORRECT TEXT - (Topic 4)
A corporation wants to add security to its network. The requirements are:
✑ Host B should be able to use a web browser (HTTP) to access the Finance Web Server.
✑ Other types of access from host B to the Finance Web Server should be blocked.
✑ All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.
✑ All hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to a single outbound interface. This access list can contain no more than three statements that meet these requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
✑ All passwords have been temporarily set to “cisco”.
✑ The Core connection uses an IP address of 198.18.132.65.
✑ The computers in the Hosts LAN have been assigned addresses of 192.168.201.1
– 192.168.201.254.
✑ host A 192.168.201.1
✑ host B 192.168.201.2
✑ host C 192.168.201.3
✑ host D 192.168.201.4
✑ The Finance Web Server has been assigned an address of 172.22.237.17.
✑ The Public Web Server in the Server LAN has been assigned an address of 172.22.237.18.
Answer:
Please check the below explanation for all details.
Explanation:
We should create an access-list and apply it to the interface that is connected to the Server LAN because it can filter out traffic from both S2 and Core networks. To see which interface this is, use the “show ip interface brief” command:
Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-11-17 at 3.24.34 PM.png From this, we know that the servers are located on the fa0/1 interface, so we will place our numbered access list here in the outbound direction.
Corp1#configure terminal
Our access-list needs to allow host B – 192.168125.2 to the Finance Web Server 172.22.109.17 via HTTP (port 80), so our first line is this:
Corp1(config)#access-list 100 permit tcp host 192.168.125.2 host 172.22.109.17 eq 80
Then, our next two instructions are these:
✑ Other types of access from host B to the Finance Web Server should be blocked.
✑ All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.
This can be accomplished with one command (which we need to do as our ACL needs to be no more than 3 lines long), blocking all other access to the finance web server: Corp1(config)#access-list 100 deny ip any host 172.22.109.17
Our last instruction is to allow all hosts in the Core and on the local LAN access to the Public Web Server (172.22.109.18)
Corp1(config)#access-list 100 permit ip host 172.22.109.18 any Finally, apply this access-list to Fa0/1 interface (outbound direction) Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks.
To verify, just click on host B to open its web browser. In the address box type
http://172.22.109.17 to check if you are allowed to access Finance Web Server or not. If
your configuration is correct then you can access it.
Click on other hosts (A, C and D) and check to make sure you can’t access Finance Web Server from these hosts. Then, repeat to make sure they can reach the public server at 172.22.109.18. Finally, save the configuration
Corp1(config-if)#end
Corp1#copy running-config startup-config
Q3. - (Topic 8)
What are three broadband wireless technologies? (Choose three.)
A. WiMax
B. satellite Internet
C. municipal Wi-Fi
D. site-to-site VPN
E. DSLAM
F. CMTS
Answer: A,B,C
Q4. - (Topic 8)
On which type of device is every port in the same collision domain?
A. a router
B. a Layer 2 switch
C. a hub
Answer: C
Explanation: Collision domainA collision domain is, as the name implies, a part of a
network where packet collisions can occur. A collision occurs when two devices send a packet at the same time on the shared network segment. The packets collide and both devices must send the packets again, which reduces network efficiency. Collisions are often in a hub environment, because each port on a hub is in the same collision domain. By contrast, each port on a bridge, a switch or a router is in a separate collision domain.
Q5. - (Topic 6)
Which statement about access lists that are applied to an interface is true?
A. You can place as many access lists as you want on any interface.
B. You can apply only one access list on any interface.
C. You can configure one access list, per direction, per Layer 3 protocol.
D. You can apply multiple access lists with the same protocol or in different directions.
Answer: C
Explanation:
We can have only 1 access list per protocol, per direction and per interface. It means:
+ We cannot have 2 inbound access lists on an interface
+ We can have 1 inbound and 1 outbound access list on an interface
Q6. - (Topic 7)
An administrator is trying to ping and telnet from SwitchC to RouterC with the results shown below.
Click the console connected to RouterC and issue the appropriate commands to answer the questions.
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A. Attempts to telnet to the router would fail.
B. It would allow all traffic from the 10.4.4.0 network.
C. IP traffic would be passed through the interface but TCP and UDP traffic would not.
D. Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface.
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Q7. - (Topic 8)
Refer to the exhibit.
You have discovered that computers on the 192 168 10 0/24 network can ping their default gateway, but they cannot connect to any resources on a remote network Which reason for the problem is most likely true?
A. The 192.168.12 0/24 network is missing from OSPF
B. The OSPF process ID is incorrect
C. The OSPF area number is incorrect.
D. An ARP table entry is missing for 192.168.10.0.
E. A VLAN number is incorrect for 192.168.10.0.
Answer: C
Q8. - (Topic 4)
Which encapsulation type is a Frame Relay encapsulation type that is supported by Cisco routers?
A. IETF
B. ANSI Annex D
C. Q9333-A Annex A
D. HDLC
Answer: A
Explanation:
Cisco supports two Frame Relay encapsulation types: the Cisco encapsulation and the IETF Frame Relay encapsulation, which is in conformance with RFC 1490 and RFC 2427. The former is often used to connect two Cisco routers while the latter is used to connect a Cisco router to a non-Cisco router. You can test with your Cisco router when typing the command Router(config-if)#encapsulation frame-relay ? on a WAN link. Below is the output of this command (notice Cisco is the default encapsulation so it is not listed here, just press Enter to use it).
Note: Three LMI options are supported by Cisco routers are ansi, Cisco, and Q933a. They
represent the ANSI Annex D, Cisco, and ITU Q933-A (Annex A) LMI types, respectively. HDLC is a WAN protocol same as Frame-Relay and PPP so it is not a Frame Relay encapsulation type.
Q9. . - (Topic 3)
A Cisco router is booting and has just completed the POST process. It is now ready to find and load an IOS image. What function does the router perform next?
A. It checks the configuration register.
B. It attempts to boot from a TFTP server.
C. It loads the first image file in flash memory.
D. It inspects the configuration file in NVRAM for boot instructions.
Answer: A
Explanation:
Default (normal) Boot Sequence
Power on Router - Router does POST - Bootstrap starts IOS load - Check configuration register to see what mode the router should boot up in (usually 0x2102 to read startup- config in NVRAM / or 0x2142 to start in "setup-mode") - check the startup-config file in NVRAM for boot-system commands - load IOS from Flash.
Q10. - (Topic 8)
Which two statements about northbound and southbound APIs are true? (Choose two.)
A. Only southbound APIs allow program control of the network.
B. Only northbound APIs allow program control of the network.
C. Only southbound API interfaces use a Service Abstraction Layer.
D. Only northbound API interfaces use a Service Abstraction Layer.
E. Both northbound and southbound API interfaces use a Service Abstraction Layer.
F. Both northbound and southbound APIs allow program control of the network.
Answer: B,C