Q1. - (Topic 8)
Which two security appliances will you use in a network? (Choose two.)
A. ATM
B. IDS
C. IOS
D. IOX
E. IPS
F. SDM
Answer: B,E
Q2. - (Topic 5)
How is an EUI-64 format interface ID created from a 48-bit MAC address?
A. by appending 0xFF to the MAC address
B. by prefixing the MAC address with 0xFFEE
C. by prefixing the MAC address with 0xFF and appending 0xFF to it
D. by inserting 0xFFFE between the upper three bytes and the lower three bytes of the MAC address
E. by prefixing the MAC address with 0xF and inserting 0xF after each of its first three bytes
Answer: D
Explanation:
The modified EUI-64 format interface identifier is derived from the 48-bit link-layer (MAC) address by inserting the hexadecimal number FFFE between the upper three bytes (OUI field) and the lower three bytes (serial number) of the link layer address.
Q3. - (Topic 5)
Given an IP address 172.16.28.252 with a subnet mask of 255.255.240.0, what is the correct network address?
A. 172.16.16.0
B. 172.16.0.0
C. 172.16.24.0
D. 172.16.28.0
Answer: A
Explanation:
For this example, the network range is 172.16.16.1 - 172.16.31.254, the network address is 172.16.16.0 and the broadcast IP address is 172.16.31.255.
Q4. - (Topic 5)
What SNMP message alerts the manager to a condition on the network?
A. response
B. get
C. trap
D. capture
Answer: C
Explanation:
An agent can send unsolicited traps to the manager. Traps are messages alerting the SNMP manager to a condition on the network. Traps can mean improper user authentication, restarts, link status (up or down), MAC address tracking, closing of a TCP
connection, loss of connection to a neighbor, or other significant events.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_9_ea1/configuration/guide/scg/swsnmp.html
Q5. - (Topic 8)
Which two circumstances can cause collision domain issues on VLAN domain? (Choose two.)
A. duplex mismatches on Ethernet segments in the same VLAN
B. multiple errors on switchport interfaces
C. congestion on the switch inband path
D. a failing NIC in an end device
E. an overloaded shared segment
Answer: A,C
Explanation: Collision Domains
A collision domain is an area of a single LAN where end stations contend for access to the network because all end stations are connected to a shared physical medium. If two connected devices transmit onto the media at the same time, a collision occurs. When a collision occurs, a JAM signal is sent on the network, indicating that a collision has occurred and that devices should ignore any fragmented data associated with the collision. Both sending devices back off sending their data for a random amount and then try again if the medium is free for transmission. Therefore, collisions effectively delay transmission of
data, lowering the effective throughput available to a device. The more devices that are attached to a collision domain, the greater the chances of collisions; this results in lower bandwidth and performance for each device attached to the collision domain. Bridges and switches terminate the physical signal path of a collision domain, allowing you to segment separate collision domains, breaking them up into multiple smaller pieces to provide more bandwidth per user within the new collision domains formed.
Q6. - (Topic 5)
Which two benefits are provided by using a hierarchical addressing network addressing scheme? (Choose two.)
A. reduces routing table entries
B. auto-negotiation of media rates
C. efficient utilization of MAC addresses
D. dedicated communications between devices
E. ease of management and troubleshooting
Answer: A,E
Explanation:
Here are some of the benefits of hierarchical addressing:
✑ Reduced number of routing table entries — whether it is with your Internet routers or your internal routers, you should try to keep your routing tables as small as possible by using route summarization. Route summarization is a way of having a single IP address represent a collection of IP addresses; this is most easily accomplished when you employ a hierarchical addressing plan. By summarizing routes, you can keep your routing table entries (on the routers that receive the summarized routes) manageable, which offers the following benefits:
✑ Efficient allocation of addresses—Hierarchical addressing lets you take advantage of all possible addresses because you group them contiguously.
Reference: http://www.ciscopress.com/articles/article.asp?p=174107
Q7. - (Topic 6)
Refer to the exhibit.
The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)# switchport port-security
2950Switch(config-if)# switchport port-security mac-address sticky 2950Switch(config-if)# switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)
A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.
Answer: B,D
Explanation:
The configuration shown here is an example of port security, specifically port security using sticky addresses. You can use port security with dynamically learned and static MAC addresses to restrict a port's ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.
Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.
Q8. - (Topic 8)
Which statement about switch access ports is true?
A. They drop packets with 802.1Q tags.
B. A VLAN must be assigned to an access port before it is created.
C. They can receive traffic from more than one VLAN with no voice support
D. By default, they carry traffic for VLAN 10.
Answer: A
Explanation:
"If an access port receives a packet with an 802.1Q tag in the header other than the access VLAN value, that port drops the packet without learning its MAC source address."
Q9. - (Topic 3)
What is the effect of using the service password-encryption command?
A. Only the enable password will be encrypted.
B. Only the enable secret password will be encrypted.
C. Only passwords configured after the command has been entered will be encrypted.
D. It will encrypt the secret password and remove the enable secret password from the configuration.
E. It will encrypt all current and future passwords.
Answer: E
Explanation:
Enable vty, console, AUX passwords are configured on the Cisco device. Use the show run command to show most passwords in clear text. If the service password-encryption is used, all the passwords are encrypted. As a result, the security of device access is improved.
Q10. - (Topic 3)
A network administrator needs to allow only one Telnet connection to a router. For anyone viewing the configuration and issuing the show run command, the password for Telnet access should be encrypted. Which set of commands will accomplish this task?
A. service password-encryption
access-list 1 permit 192.168.1.0 0.0.0.255
line vty 0 4 login
password cisco access-class 1
B. enable password secret line vty 0
login
password cisco
C. service password-encryption line vty 1
login
password cisco
D. service password-encryption line vty 0 4
login
password cisco
Answer: C
Explanation:
Only one VTY connection is allowed which is exactly what's requested. Incorrect Answer: command.
line vty0 4
would enable all 5 vty connections.
Topic 4, WAN Technologies