Q1. - (Topic 3)
Refer to the exhibit.
For what two reasons has the router loaded its IOS image from the location that is shown? (Choose two.)
A. Router1 has specific boot system commands that instruct it to load IOS from a TFTP server.
B. Router1 is acting as a TFTP server for other routers.
C. Router1 cannot locate a valid IOS image in flash memory.
D. Router1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server.
E. Cisco routers will first attempt to load an image from TFTP for management purposes.
Answer: A,C
Explanation:
The loading sequence of CISCO IOS is as follows: Booting up the router and locating the Cisco IOS
1. POST (power on self-test)
2. Bootstrap code executed
3. Check Configuration Register value (NVRAM) which can be modified using the config- register command
0 = ROM Monitor mode 1 = ROM IOS
2 - 15 = startup-config in NVRAM
4. Startup-config filE. Check for boot system commands (NVRAM)
If boot system commands in startup-config
a. Run boot system commands in order they appear in startup-config to locate the IOS
b. [If boot system commands fail, use default fallback sequence to locate the IOS (Flash, TFTP, ROM)?]
If no boot system commands in startup-config use the default fallback sequence in locating the IOS:
a. Flash (sequential)
b. TFTP server (netboot)
c. ROM (partial IOS) or keep retrying TFTP depending upon router model
5. If IOS is loaded, but there is no startup-config file, the router will use the default fallback sequence for locating the IOS and then it will enter setup mode or the setup dialogue.
Q2. - (Topic 8)
How can you disable DTP on a switch port?
A. Configure the switch port as a trunk.
B. Add an interface on the switch to a channel group.
C. Change the operational mode to static access.
D. Change the administrative mode to access.
Answer: A
Q3. - (Topic 4)
Users have been complaining that their Frame Relay connection to the corporate site is very slow. The network administrator suspects that the link is overloaded.
Based on the partial output of the Router# show frame relay pvc command shown in the graphic, which output value indicates to the local router that traffic sent to the corporate site is experiencing congestion?
A. DLCI = 100
B. last time PVC status changed 00:25:40
C. in BECN packets 192
D. in FECN packets 147
E. in DE packets 0
Answer: C
Explanation:
If device A is sending data to device B across a Frame Relay infrastructure and one of the intermediate Frame Relay switches encounters congestion, congestion being full buffers, over-subscribed port, overloaded resources, etc, it will set the BECN bit on packets being returned to the sending device and the FECN bit on the packets being sent to the receiving device.
Q4. - (Topic 4)
Refer to the exhibit.
What is the meaning of the term dynamic as displayed in the output of the show frame- relay map command shown?
A. The Serial0/0 interface is passing traffic.
B. The DLCI 100 was dynamically allocated by the router.
C. The Serial0/0 interface acquired the IP address of 172.16.3.1 from a DHCP server.
D. The DLCI 100 will be dynamically changed as required to adapt to changes in the Frame Relay cloud.
E. The mapping between DLCI 100 and the end station IP address 172.16.3.1 was learned through Inverse ARP.
Answer: E
Explanation:
Inverse Address Resolution Protocol (Inverse ARP) was developed to provide a mechanism for dynamic DLCI to Layer 3 address maps. Inverse ARP works much the same way Address Resolution Protocol (ARP) works on a LAN. However, with ARP, the device knows the Layer 3 IP address and needs to know the remote data link MAC address. With Inverse ARP, the router knows the Layer 2 address which is the DLCI, but needs to know the remote Layer 3 IP address.
When using dynamic address mapping, Inverse ARP requests a next-hop protocol address for each active PVC. Once the requesting router receives an Inverse ARP response, it updates its DLCI-to-Layer 3 address mapping table. Dynamic address mapping is enabled by default for all protocols enabled on a physical interface. If the Frame Relay environment supports LMI autosensing and Inverse ARP, dynamic address mapping takes place automatically. Therefore, no static address mapping is required.
Q5. - (Topic 4)
Which command is used to enable CHAP authentication, with PAP as the fallback method, on a serial interface?
A. Router(config-if)# ppp authentication chap fallback ppp
B. Router(config-if)# ppp authentication chap pap
C. Router(config-if)# authentication ppp chap fallback ppp
D. Router(config-if)# authentication ppp chap pap
Answer: B
Explanation:
This command tells the router first to use CHAP and then go to PAP if CHAP isn't available.
Q6. - (Topic 8)
Which command sequence can you enter to create VLAN 20 and assign it to an interface on a switch?
A. Switch(config)#vlan 20 Switch(config)#Interface gig x/y Switch(config-if)#switchport access vlan 20
B. Switch(config)#Interface gig x/y Switch(config-if)#vlan 20
Switch(config-vlan)#switchport access vlan 20
C. Switch(config)#vlan 20
Switch(config)#Interface vlan 20
Switch(config-if)#switchport trunk native vlan 20
D. Switch(config)#vlan 20
Switch(config)#Interface vlan 20 Switch(config-if)#switchport access vlan 20
E. Switch(config)#vlan 20
Switch(config)#Interface vlan 20
Switch(config-if)#switchport trunk allowed vlan 20
Answer: A
Q7. CORRECT TEXT - (Topic 6)
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.
The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host. All passwords have been temporarily set to "cisco".
The Core connection uses an IP address of 198.18.196.65.
The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 - 192.168.33.254
✑ host A 192.168.33.1
✑ host B 192.168.33.2
✑ host C 192.168.33.3
✑ host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30.
The Finance Web Server is assigned an IP address of 172.22.242.23.
Answer:
Select the console on Corp1 router Configuring ACL
Corp1>enable Corp1#configure terminal
comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 comment: To deny any source to access finance server address (172.22.242.23)
{destination addr} on port number 80 (web)
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.
Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interface
comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.
Corp1(config)#interface fa 0/1
If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work
type this commands at interface mode :
no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask)
Configure Correct IP Address and subnet mask:
ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 - 172.22.242.30 )
Comment: Place the ACL to check for packets going outside the interface towards the
finance web server.
Corp1(config-if)#ip access-group 100 out Corp1(config-if)#end
Important: To save your running config to startup before exit. Corp1#copy running-config startup-config
Verifying the Configuration:
Step1: show ip interface brief command identifies the interface on which to apply access list.
Step2: Click on each host A, B, C, & D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server (172.22.242.23) to test whether it permits /deny access to the finance web Server.
Step 3: Only Host C (192.168.33.3) has access to the server. If the other host can also access then maybe something went wrong in your configuration. Check whether you configured correctly and in order.
Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.
Q8. - (Topic 8)
Which option describes how a switch in rapid PVST+ mode responds to a topology change?
A. It immediately deletes dynamic MAC addresses that were learned by all ports on the switch.
B. It sets a timer to delete all MAC addresses that were learned dynamically by ports in the same STP instance.
C. It sets a timer to delete dynamic MAC addresses that were learned by all ports on the switch.
D. It immediately deletes all MAC addresses that were learned dynamically by ports in the same STP instance.
Answer: D
Explanation:
Rapid PVST+This spanning-tree mode is the same as PVST+ except that is uses a rapid convergence based on the IEEE 802.1w standard. To provide rapid convergence, the rapid PVST+ immediately deletes dynamically learned MAC address entries on a per-port basis upon receiving a topology change. By contrast, PVST+ uses a short aging time for dynamically learned MAC address entries.
The rapid PVST+ uses the same configuration as PVST+ (except where noted), and the switch needs only minimal extra configuration. The benefit of rapid PVST+ is that you can migrate a large PVST+ install base to rapid PVST+ without having to learn the complexities of the MSTP configuration and without having to reprovision your network. In rapid-PVST+ mode, each VLAN runs its own spanning-tree instance up to the maximum supported.
Q9. - (Topic 7)
What are the three things that the Netflow uses to consider the traffic to be in a same flow? (Choose three)
A. IP address
B. Interface name
C. Port numbers
D. L3 protocol type
E. MAC address
Answer: A,C,D
Explanation:
What is an IP Flow?
Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.
Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes. IP Packet attributes used by NetFlow:
+ IP source address
+ IP destination address
+ Source port
+ Destination port
+ Layer 3 protocol type
+ Class of Service
+ Router or switch interface
Q10. - (Topic 3)
Refer to the exhibit.
The two exhibited devices are the only Cisco devices on the network. The serial network between the two devices has a mask of 255.255.255.252. Given the output that is shown, what three statements are true of these devices? (Choose three.)
A. The Manchester serial address is 10.1.1.1.
B. The Manchester serial address is 10.1.1.2.
C. The London router is a Cisco 2610.
D. The Manchester router is a Cisco 2610.
E. The CDP information was received on port Serial0/0 of the Manchester router.
F. The CDP information was sent by port Serial0/0 of the London router.
Answer: A,C,E
Explanation:
From the output, we learn that the IP address of the neighbor router is 10.1.1.2 and the question stated that the subnet mask of the network between two routers is 255.255.255.252. Therefore there are only 2 available hosts in this network (22 – 2 = 2). So we can deduce the ip address (of the serial interface) of Manchester router is 10.1.1.1 ->. The platform of the neighbor router is cisco 2610, as shown in the output ->.
Maybe the most difficult choice of this question is the answer E or F. Please notice that “Interface” refers to the local port on the local router, in this case it is the port of Manchester router, and “Port ID (outgoing port)” refers to the port on the neighbor router.