[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Note: If you are not sure about HSRP and GLBP, please read our HSRP tutorial and GLBP tutorial.

Question 1

[am4show have=’p2;’]Which one of these is a valid HSRP Virtual Mac Address?

A. 0000.0C07.AC01
B. 0000.5E00.0110
C. 0007.B400.1203
D. 0000.C007.0201

 

Answer: A[/am4show]

Explanation

With HSRP, two or more devices support a virtual router with a fictitious MAC address and unique IP address. There are two version of HSRP.

+ With HSRP version 1, the virtual router’s MAC address is 0000.0c07.ACxx , in which xx is the HSRP group.
+ With HSRP version 2, the virtual MAC address if 0000.0C9F.Fxxx, in which xxx is the HSRP group.

Note: Another case is HSRP for IPv6, in which the MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF.

-> A is correct.

(Good resource for HSRP: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html)

Question 2

[am4show have=’p2;’]Which three statements about HSRP operation are true? (Choose three)

A. The virtual IP address and virtual MAC address are active on the HSRP Master router.
B. The HSRP default timers are a 3 second hello interval and a 10 second dead interval.
C. HSRP supports only clear-text authentication.
D. The HSRP virtual IP address must be on a different subnet than the routers’ interfaces on the same LAN.
E. The HSRP virtual IP address must be the same as one of the router’s interface addresses on the LAN.
F. HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing.

 

Answer: A B F[/am4show]

Explanation

The virtual MAC address of HSRP version 1 is 0000.0C07.ACxx, where xx is the HSRP group number in hexadecimal based on the respective interface. For example, HSRP group 10 uses the HSRP virtual MAC address of 0000.0C07.AC0A. HSRP version 2 uses a virtual MAC address of 0000.0C9F.FXXX (XXX: HSRP group in hexadecimal)

For more information about HSRP operation, please read our HSRP tutorial.

Question 3

[am4show have=’p2;’]Which statement describes VRRP object tracking?

A. It monitors traffic flow and link utilization.
B. It ensures the best VRRP router is the virtual router master for the group.
C. It causes traffic to dynamically move to higher bandwidth links
D. It thwarts man-in-the-middle attacks.

 

Answer: B[/am4show]

Explanation

Object tracking is the process of tracking the state of a configured object and uses that state to determine the priority of the VRRP router in a VRRP group -> B is correct.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_cli_nxos/l3_vrrp.html#wp1074871)

Note: Unlike HSRP which can track interface status directly, VRRP can only track interface status through a tracked object.

Question 4

[am4show have=’p2;’]In GLBP, which router will respond to client ARP requests?

A. The active virtual gateway will reply with one of four possible virtual MAC addresses.
B. All GLBP member routers will reply in round-robin fashion.
C. The active virtual gateway will reply with its own hardware MAC address.
D. The GLBP member routers will reply with one of four possible burned in hardware addresses.

 

Answer: A[/am4show]

Explanation

One disadvantage of HSRP and VRRP is that only one router is in use, other routers must wait for the primary to fail because they can be used. However, Gateway Load Balancing Protocol (GLBP) can use of up to four routers simultaneously. In GLBP, there is still only one virtual IP address but each router has a different virtual MAC address. First a GLBP group must elect an Active Virtual Gateway (AVG). The AVG is responsible for replying ARP requests from hosts/clients. It replies with different virtual MAC addresses that correspond to different routers (known as Active Virtual Forwarders – AVFs) so that clients can send traffic to different routers in that GLBP group (load sharing).

Question 5

[am4show have=’p2;’]In a GLBP network, who is responsible for the arp request?

A. AVF
B. AVG
C. Active Router
D. Standby Router

 

Answer: B[/am4show]

Question 6

[am4show have=’p2;’]What are three benefits of GLBP? (Choose three)

A. GLBP supports up to eight virtual forwarders per GLBP group.
B. GLBP supports clear text and MD5 password authentication between GLBP group members.
C. GLBP is an open source standardized protocol that can be used with multiple vendors.
D. GLBP supports up to 1024 virtual routers.
E. GLBP can load share traffic across a maximum of four routers.
F. GLBP elects two AVGs and two standby AVGs for redundancy.

 

Answer: B D E[/am4show]

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Question 1

[am4show have=’p2;’]What are the benefit of using Netflow? (Choose three)

A. Network, Application & User Monitoring

B. Network Planning

C. Security Analysis

D. Accounting/Billing

 

Answer: A C D[/am4show]

Explanation

NetFlow traditionally enables several key customer applications including:

+ Network Monitoring – NetFlow data enables extensive near real time network monitoring capabilities. Flow-based analysis techniques may be utilized to visualize traffic patterns associated with individual routers and switches as well as on a network-wide basis (providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.

+ Application Monitoring and Profiling – NetFlow data enables network managers to gain a detailed, time-based, view of application usage over the network. This information is used to plan, understand new services, and allocate network and application resources (e.g. Web server sizing and VoIP deployment) to responsively meet customer demands.

+ User Monitoring and Profiling – NetFlow data enables network engineers to gain detailed understanding of customer/user utilization of network and application resources. This information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.

+ Network Planning – NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including peering, backbone upgrade planning, and routing policy planning. NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications. NetFlow will give you valuable information to reduce the cost of operating your network.

+ Security Analysis – NetFlow identifies and classifies DDOS attacks, viruses and worms in real-time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents.

+ Accounting/Billing – NetFlow data provides fine-grained metering (e.g. flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.) for highly flexible and detailed resource utilization accounting. Service providers may utilize the information for billing based on time-of-day, bandwidth usage, application usage, quality of service, etc. Enterprise customers may utilize the information for departmental charge-back or cost allocation for resource utilization.

(Reference: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1030045)

Question 2

[am4show have=’p2;’]What are the three things that the NetFlow uses to consider the traffic to be in a same flow?

A. IP address

B. Interface name

C. Port numbers

D. L3 protocol type

E. MAC address

 

Answer: A C D[/am4show]

Explanation

What is an IP Flow?

Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.

Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes.

IP Packet attributes used by NetFlow:

+ IP source address

+ IP destination address

+ Source port

+ Destination port

+ Layer 3 protocol type

+ Class of Service

+ Router or switch interface

(Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html)

Question 3

[am4show have=’p2;’]What NetFlow component can be applied to an interface to track IPv4 traffic?

A. flow monitor

B. flow record

C. flow sampler

D. flow exporter

 

Answer: A[/am4show]

Explanation

Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the flow monitor cache.

For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible NetFlow flow monitor configuration mode:

Router(config)# flow monitor FLOW-MONITOR-1

Router(config-flow-monitor)#

(Reference: http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/reference/fnf_book/fnf_01.html#wp1314030)

Question 4

[am4show have=’p2;’]What command visualizes the general NetFlow data on the command line?

A. show ip flow export

B. show ip flow top-talkers

C. show ip cache flow

D. show mls sampling

E. show mls netflow ip

 

Answer: C[/am4show]

Explanation

The “show ip cache flow” command displays a summary of the NetFlow accounting statistics.

Question 5

[am4show have=’p2;’]What are three reasons to collect NetFlow data on a company network? (Choose three)

A. To identify applications causing congestion.

B. To authorize user network access.

C. To report and alert link up / down instances.

D. To diagnose slow network performance, bandwidth hogs, and bandwidth utilization.

E. To detect suboptimal routing in the network.

F. To confirm the appropriate amount of bandwidth that has been allocated to each Class of Service.

 

Answer: A D F[/am4show]

Explanation

NetFlow facilitates solutions to many common problems encountered by IT professionals.

+ Analyze new applications and their network impact

Identify new application network loads such as VoIP or remote site additions.

+ Reduction in peak WAN traffic

Use NetFlow statistics to measure WAN traffic improvement from application-policy changes; understand who is utilizing the network and the network top talkers.

+ Troubleshooting and understanding network pain points

Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools. -> D is correct.

+ Detection of unauthorized WAN traffic

Avoid costly upgrades by identifying the applications causing congestion. -> A is correct.

+ Security and anomaly detection

NetFlow can be used for anomaly detection and worm diagnosis along with applications such as Cisco CS-Mars.

+ Validation of QoS parameters

Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is over- or under-subscribed.-> F is correct.

(Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html)

Question 6

[am4show have=’p2;’]What are three factors a network administrator must consider before implementing Netflow in the network? (Choose three)

A. CPU utilization

B. where Netflow data will be sent

C. number of devices exporting Netflow data

D. port availability

E. SNMP version

F. WAN encapsulation

 

Answer: A B C[/am4show]

Question 7

[am4show have=’p2;’]What Cisco IOS feature can be enabled to pinpoint an application that is causing slow network performance?

A. SNMP

B. Netflow

C. WCCP

D. IP SLA

 

Answer: B[/am4show]

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Question 1

[am4show have=’p2;’]Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two)

A. CHAP uses a two-way handshake.
B. CHAP uses a three-way handshake.
C. CHAP authentication periodically occurs after link establishment.
D. CHAP authentication passwords are sent in plaintext.
E. CHAP authentication is performed only upon link establishment.
F. CHAP has no protection from playback attacks.

 

Answer: B C[/am4show]

Explanation

Point-to-Point Protocol (PPP) can use either Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) for authentication. CHAP is used upon initial link establishment and periodically to make sure that the router is still communicating with the same host. CHAP passwords arc exchanged as message digest algorithm 5 (MD5) hash values.

The three-way handshake steps are as follows:

Challenge: The authenticator generates a frame called a Challenge and sends it to the initiator. This frame contains a simple text message (sometimes called the challenge text). The message has no inherent special meaning so it doesn’t matter if anyone intercepts it. The important thing is that after receipt of the Challenge both devices have the same challenge message.

Response: The initiator uses its password (or some other shared “secret” that the authenticators also knows) to encrypt the challenge text. It then sends the encrypted challenge text as a Response back to the authenticator.

Success or Failure: The authenticator performs the same encryption on the challenge text that the initiator did. If the authenticator gets the same result that the initiator sent it in the Response, the authenticator knows that the initiator had the right password when it did its encryption, so the authenticator sends back a Success message. Otherwise, it sends a Failure message.

(Reference: CCNA Quick Reference Sheets)

Question 2

[am4show have=’p2;’]Refer to the exhibit. Hosts in network 192.168.2.0 are unable to reach hosts in network 192.168.3.0. Based on the output from RouterA, what are two possible reasons for the failure? (Choose two)

A. The cable that is connected to S0/0 on RouterA is faulty.
B. Interface S0/0 on RouterB is administratively down.
C. Interface S0/0 on RouterA is configured with an incorrect subnet mask.
D. The IP address that is configured on S0/0 of RouterB is not in the correct subnet.
E. Interface S0/0 on RouterA is not receiving a clock signal from the CSU/DSU.
F. The encapsulation that is configured on S0/0 of RouterB does not match the encapsulation that is configured on S0/0 of RouterA.

 

Answer: E F[/am4show]

Explanation

From the output we see the Serial0/0 of RouterA is in “status up/protocol down” state which indicates a Layer 2 problem so the problem can be:

+ Keepalives mismatch
+ Encapsulation mismatch
+ Clocking problem

Question 3

[am4show have=’p2;’]Which command is used to enable CHAP authentication with PAP as the fallback method on a serial interface?

A. (config-if)# authentication ppp chap fallback ppp
B. (config-if)# authentication ppp chap pap
C. (config-if)# ppp authentication chap pap
D. (config-if)# ppp authentication chap fallback ppp

 

Answer: C[/am4show]

Explanation

The command “ppp authentication chap pap” command indicates the CHAP authentication is used first. If it fails or is rejected by other side then uses PAP instead. If you want to use PAP first (then CHAP) you can use the “ppp authentication pap chap” command.

Question 4

[am4show have=’p2;’]Which Layer 2 protocol encapsulation type supports synchronous and asynchronous circuits and has built-in security mechanisms?

A. HDLC
B. PPP
C. X.25
D. Frame Relay

 

Answer: B[/am4show]

Explanation

PPP supports both synchronous (like analog phone lines) and asynchronous circuits (such as ISDN or digital links). With synchronous circuits we need to use clock rate.

Note: Serial links can be synchronous or asynchronous. Asynchronous connections used to be only available on low-speed (<2MB) serial interfaces, but now, there are the new HWICs (High-Speed WAN Interface Cards) which also support asynchronous mode. To learn more about them please visit http://www.cisco.com/en/US/prod/collateral/modules/ps5949/ps6182/prod_qas0900aecd80274424.html.

Question 5

[am4show have=’p2;’]At which layer of the OSI model does PPP perform?

A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 5

 

Answer: A[/am4show]

Explanation

Layer 2 includes the popular WAN standards, such as the Point-to-Point Protocol (PPP), High-Level Data-Link Control (HDLC) and Frame Relay protocols.

Question 6

[am4show have=’p2;’]Which PPP subprotocol negotiates authentication options?

A. NCP
B. ISDN
C. SUP
D. LCP
E. DLCI

 

Answer: D[/am4show]

Explanation

Link Control Protocol (LCP) is a subprotocol within the Point-to-Point Protocol protocol suite that is responsible for link management. During establishment of a PPP communication session, LCP establishes the link, configures PPP options, and tests the quality of the line connection between the PPP client and PPP server. LCP automatically handles encapsulation format options and varies packet sizes over PPP communication links.

LCP also negotiates the type of authentication protocol used to establish the PPP session. Different authentication protocols are supported for satisfying the security needs of different environments.

Other subprotocol within PPP is Network Control Protocol (NCP), which is used to allow multiple Network layer protocols (routed protocols) to be used on a point-to-point connection.

Question 7

[am4show have=’p2;’]Which two options are valid WAN connectivity methods? (Choose two)

A. PPP
B. WAP
C. DSL
D. L2TPv3
E. Ethernet

 

Answer: A C[/am4show]

Question 8

[am4show have=’p2;’]Refer to the exhibit. Which WAN protocol is being used?

A. ATM
B. HDLC
C. Frame Relay
D. PPP

 

Answer: C[/am4show]

Explanation

Local Management Interface (LMI) is a signaling standard protocol used between your router (DTE) and the first Frame Relay switch. From the output we learn this interface is sending and receiving LMI messages -> Frame Relay is being used.

Question 9

[am4show have=’p2;’]Refer to the exhibit. The show interfaces serial 0/1 command was issued on the R10-1 router. Based on the output displayed which statement is correct?

A. The cable connected to the serial 0/1 interface of the R10-1 router is a DTE cable.
B. The R10-1 router can ping the router interface connected to the serial 0/1 interface.
C. The clock rate used for interface serial 0/1 of the R10-1 router is 1,544,000 bits per second.
D. The CSU used with the serial 0/1 interface of the R10-1 router has lost connection to the service provider.
E. The interface of the remote router connected to the serial 0/1 interface of the R10-1 router is using the default serial interface encapsulation.

 

Answer: E[/am4show]

Explanation

From the output, we see the the line “Serial0/1 is up, line protocol is up”. That means the link is good and the interface is functioning normally. Also the encapsulation used on this interface is HDLC -> The other end must use the same encapsulation. Otherwise the line protocol will go down.

Question 10

[am4show have=’p2;’]A network administrator needs to configure a serial link between the main office and a remote location. The router at the remote office is a non-Cisco router. How should the network administrator configure the serial interface of the main office router to make the connection?

A. Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# no shut

B. Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# encapsulation ppp
Main(config-if)# no shut

C. Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# encapsulation frame-relay
Main(config-if)# authentication chap
Main(config-if)# no shut

D. Main(config)# interface serial 0/0
Main(config-if)#ip address 172.16.1.1 255.255.255.252
Main(config-if)#encapsulation ietf
Main(config-if)# no shut

 

Answer: B[/am4show]

Explanation

“The router at the remote office is a non-Cisco router” so we cannot use HDLC which is a Cisco proprietary protocol -> A is not correct (HDLC is the default protocol on Cisco router for serial connection so we don’t need to type any command).

Frame Relay does not support authentication but if we run PPP over Frame Relay then we can use PAP or CHAP. Answer C does not have enough commands for this type of configuration -> C is not correct.

Cisco routers have two kinds of Frame Relay encapsulation: IETF or Cisco. A non-Cisco device does not understand “Frame Relay Cisco encapsulation” so if two routers use different kind of Frame Relay encapsulation, they cannot operate. So if we have a non-Cisco device we have to configure “encapsulation ietf” on both ends so that they can work. But the correct command should be “encapsulation frame-relay ietf” -> D is not correct.

Note: The “encapsulation frame-relay ietf” command uses to encapsulate outgoing frames with IETF. Incoming frames can still be decapsulated even if the interface is configured with “Cisco encapsulation”.

Question 11

[am4show have=’p2;’]Refer to the exhibit:

Assuming that the entire network topology is shown, what is the operational status of the interfaces of R2 as indicated by the command output shown?

A. One interface has a problem.
B. Two interfaces have problems.
C. The interfaces are functioning correctly.
D. The operational status of the interfaces cannot be determined from the output shown.

 

Answer: C[/am4show]

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

If you are not sure about Frame Relay, please read my Frame Relay tutorial.

Question 1

[am4show have=’p2;’]What can be done to Frame Relay to resolve split-horizon issues?(Choose two)

A. Disable Inverse ARP.
B. Create a full-mesh topology.
C. Develop multipoint subinterfaces.
D. Configure point-to-point subinterfaces.
E. Remove the broadcast keyword from the frame-relay map command.

 

Answer: B D[/am4show]

Explanation

SPLIT HORIZON: A router never sends information about a route back in same direction which is original information came, routers keep track of where the information about a route came from. Means when router A sends update to router B about any failure network, router B does not send any update for same network to router A in same direction.

Therefore in order to resolve split-horizon issue, we can create a full-mesh topology (a network topology in which there is a direct link between all pairs of nodes) so that all the routers can learn all the routes advertised by the neighbors -> B is correct.

Configuring Point-to-point subinterfaces is a good way to resolve the split-horizon issue because each subinterface is treated as a separate interface so an interface can send and receive information about a route -> D is correct.

Question 2

[am4show have=’p2;’]Which encapsulation type is a Frame Relay encapsulation type that is supported by Cisco routers?

A. IETF
B. ANSI Annex D
C. Q9333-A Annex A
D. HDLC

 

Answer: A[/am4show]

Explanation

Cisco supports two Frame Relay encapsulation types: the Cisco encapsulation and the IETF Frame Relay encapsulation, which is in conformance with RFC 1490 and RFC 2427. The former is often used to connect two Cisco routers while the latter is used to connect a Cisco router to a non-Cisco router. You can test with your Cisco router when typing the command Router(config-if)#encapsulation frame-relay ? on a WAN link. Below is the output of this command (notice Cisco is the default encapsulation so it is not listed here, just press Enter to use it).

Note: Three LMI options are supported by Cisco routers are ansi, Cisco, and Q933a. They represent the ANSI Annex D, Cisco, and ITU Q933-A (Annex A) LMI types, respectively.

HDLC is a WAN protocol same as Frame-Relay and PPP so it is not a Frame Relay encapsulation type.

Question 3

[am4show have=’p2;’]What are two characteristics of Frame Relay point-to-point subinterfaces? (Choose two)

A. They create split-horizon issues.
B. They require a unique subnet within a routing domain.
C. They emulate leased lines.
D. They are ideal for full-mesh topologies.
E. They require the use of NBMA options when using OSPF.

 

Answer: B C[/am4show]

Question 4

[am4show have=’p2;’]What is the result of issuing the frame-relay map ip 192.168.1.2 202 broadcast command?

A. defines the destination IP address that is used in all broadcast packets on DLCI 202
B. defines the source IP address that is used in all broadcast packets on DLCI 202
C. defines the DLCI on which packets from the 192.168.1.2 IP address are received
D. defines the DLCI that is used for all packets that are sent to the 192.168.1.2 IP address

 

Answer: D[/am4show]

Explanation

This command is described in detail at http://www.9tut.com/frame-relay-tutorial/2. If you don’t get this question please read it.

Question 5

[am4show have=’p2;’]What does the frame-relay interface-dlci command configure?

A. local DLCI on the subinterface
B. remote DLCI on the main interface
C. remote DLCI on the subinterface
D. local DLCI on the main interface

 

Answer: A[/am4show]

Explanation

When configuring on a point-to-point subinterface, the command frame-relay interface-dlci associates the selected point-to-point subinterface with a DLCI. But remember that the DLCI number in this command is the local DLCI. An example of using this command is shown below:

R1(config)#interface Serial0/0.1 point-to-point R1(config-subif)#ip address 192.168.1.1 255.255.255.252 R1(config-subif)#frame-relay interface-dlci 1 R1(config-fr-dlci)#exit

Question 6

[am4show have=’p2;’]What command is used to verify the DLCI destination address in a Frame Relay static configuration?

A. show frame-relay pvc
B. show frame-relay lmi
C. show frame-relay map
D. show frame relay end-to-end

 

Answer: C[/am4show]

Explanation

An example of the output of “show frame-relay map” command is shown below:

We can see the IP address 172.16.3.1 is associated with the DLCI 100.

Question 7

[am4show have=’p2;’]What occurs on a Frame Relay network when the CIR is exceeded?

A. All TCP traffic is marked discard eligible.
B. All UDP traffic is marked discard eligible and a BECN is sent.
C. All TCP traffic is marked discard eligible and a BECN is sent.
D. All traffic exceeding the CIR is marked discard eligible.

 

Answer: D[/am4show]

Explanation

Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the Frame Relay switch. Frames that are sent in excess of the CIR are marked as discard eligible (DE) which means they can be dropped if the congestion occurs within the Frame Relay network.

Note: In the Frame Relay frame format, there is a bit called Discard eligible (DE) bit that is used to identify frames that are first to be dropped when the CIR is exceeded.

Question 8

[am4show have=’p2;’]What is the purpose of Inverse ARP?

A. to map a known IP address to a MAC address
B. to map a known DLCI to a MAC address
C. to map a known MAC address to an IP address
D. to map a known DLCI to an IP address
E. to map a known IP address to a SPID
F. to map a known SPID to a MAC address

 

Answer: D[/am4show]

Question 9

[am4show have=’p2;’]What is the advantage of using a multipoint interface instead of point-to-point subinterfaces when configuring a Frame Relay hub in a hub-and-spoke topology?

A. It avoids split-horizon issues with distance vector routing protocols.
B. IP addresses can be conserved if VLSM is not being used for subnetting.
C. A multipoint interface offers greater security compared to point-to-point subinterface configurations.
D. The multiple IP network addresses required for a multipoint interface provide greater addressing flexibility over point-to-point configurations.

 

Answer: B[/am4show]

Explanation

A main advantage of configuring Frame Relay multipoint compared to point-to-point subinterfaces is we can assign IP addresses on the same subnets/networks to the interfaces of Frame Relay switch, thus saving the subnets/networks you have.

Question 10

[am4show have=’p2;’]Which command allows you to verify the encapsulation type (CISCO or IETF) for a frame relay link?

A. show frame-relay map
B. show frame-relay lmi
C. show inter serial
D. show frame-relay pvc

 

Answer: A[/am4show]

Explanation

The “show frame-relay map” command displays the current map entries and information about the connections, including encapsulation type.

You can check Table 33 in the following link: http://www.cisco.com/en/US/docs/ios/12_2/wan/command/reference/wrffr4.html#wp1029343

It clearly states there is a Field which can be Cisco or IETF, which “indicates the encapsulation type for this map”. We quote that Table 33 here for your quick reference (you will see what we want to imply in bold):

Field	Description
Serial 1 (administratively down)	Identifies a Frame Relay interface and its status (up or down).
ip 131.108.177.177	Destination IP address.
dlci 177 (0xB1,0x2C10)	DLCI that identifies the logical connection being used to reach this interface. This value is displayed in three ways: its decimal value (177), its hexadecimal value (0xB1), and its value as it would appear on the wire (0x2C10).
static	Indicates whether this is a static or dynamic entry.
CISCO	Indicates the encapsulation type for this map; either CISCO or IETF.
TCP/IP Header Compression (inherited), passive (inherited)	Indicates whether the TCP/IP header compression characteristics were inherited from the interface or were explicitly configured for the IP map.

The “show frame-relay lmi” gives us information about the LMI encapsulation type used by the Frame Relay interface, which can be ANSI, CISCO or Q933a. Therefore it is not what the question requires (CISCO or IETF).

 

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

If you are not sure about Frame Relay, please read my Frame Relay tutorial.

Question 1

[am4show have=’p2;’]The command show frame-relay map gives the following output:

Serial 0 (up): ip 192.168.151.4 dlci 122, dynamic, broadcast, status defined, active

Which statements represent what is shown? (Choose three)

A. 192.168.151.4 represents the IP address of the remote router
B. 192.168.151.4 represents the IP address of the local serial interface
C. DLC1122 represents the interface of the remote serial interface
D. DLC1122 represents the local number used to connect to the remote address
E. broadcast indicates that a dynamic routing protocol such as RIP v1 can send packets across this PVC
F. active indicates that the ARP process is working

 

Answer: A D E[/am4show]

Question 2

[am4show have=’p2;’]The output of the show frame-relay pvc command shows ”PVC STATUS=INACTIVE”. What does this mean?

A. The PVC is configured correctly and is operating normally,but no data packets have been detected for more than five minutes.
B. The PVC is configured correctly, is operating normally and is no longer actively seeking the address the remote route.
C. The PVC is configured correctly, is operating normally and is waiting for interesting to trigger a call to the remote router.
D. The PVC is configured correctly on the local switch, but there is a problem on the remote end of the PVC.
E. The PVC is not configured on the switch.

 

Answer: D[/am4show]

Explanation

The PVC STATUS displays the status of the PVC. The DCE device creates and sends the report to the DTE devices. There are 4 statuses:

+ ACTIVE: the PVC is operational and can transmit data
+ INACTIVE: the connection from the local router to the switch is working, but the connection to the remote router is not available
+ DELETED: the PVC is not present and no LMI information is being received from the Frame Relay switch
+ STATIC: the Local Management Interface (LMI) mechanism on the interface is disabled (by using the “no keepalive” command). This status is rarely seen so it is ignored in some books.

Question 3

[am4show have=’p2;’]What two statistics appear in show frame-relay map output? (Choose two)

A. The number of FECN packets that are received by the router
B. The number of BECN packets that are received by the router
C. The ip address of the local router
D. The value of the local DLCI
E. The status of the PVC that is configured on the router

 

Answer: D E[/am4show]

Explanation

An example of the output of this command is shown below:

From the output we can see the local DLCI (102 & 103) and the status of the PVC configured on the router (both are defined, active).

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Question 1

[am4show have=’p2;’]Which three of these statements regarding 802.1Q trunking are correct? (Choose three)

A. 802.1Q native VLAN frames are untagged by default.
B. 802.1Q trunking ports can also be secure ports.
C. 802.1Q trunks can use 10 Mb/s Ethernet interfaces.
D. 802.1Q trunks require full-duplex, point-to-point connectivity.
E. 802.1Q trunks should have native VLANs that are the same at both ends.

 

Answer: A C E[/am4show]

Explanation

Native VLAN frames are carried over the trunk link untagged -> A is correct.

802.1Q trunking ports carry all the traffic of all VLANs so it cannot be the secure ports. A secure port should be only configured to connect with terminal devices (hosts, printers, servers…) -> B is not correct.

The Inter-Switch Link (ISL) encapsulation requires FastEthernet or greater to operate but 802.1q supports 10Mb/s Ethernet interfaces. -> C is correct.

802.1Q supports point-to-multipoint connectivity. Although in Cisco implementation, a “trunk” is considered a point-to-point link but 802.1q encapsulation can be used on an Ethernet segment shared by more than two devices. Such a configuration is seldom needed but is still possible with the disablement of DTP negotiation. -> D is not correct (Reference: http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008012ecf3.shtml)

The native VLAN that is configured on each end of an 802.1Q trunk must be the same. This is because when a switch receives an untagged frame, it will assign that frame to the native VLAN. If one end is configured VLAN1 as the native VLAN while the other end is configured VLAN2 as the native VLAN, a frame sent in VLAN1 on one side will be received on VLAN2 on the other side -> E is correct.

Question 2

[am4show have=’p2;’]Refer to the exhibit. A technician has configured the FastEthernet 0/1 interface on Sw11 as an access link in VLAN 1. Based on the output from the show vlan brief command issued on Sw12, what will be the result of making this change on Sw11?

A. Only the hosts in VLAN 1 on the two switches will be able to communicate with each other.
B. The hosts in all VLANs on the two switches will be able to communicate with each other.
C. Only the hosts in VLAN 10 and VLAN 15 on the two switches will be able to communicate with each other.
D. Hosts will not be able to communicate between the two switches.

 

Answer: D[/am4show]

Explanation

Fa0/1 of Switch11 is configured as an access link of VLAN1 so only frames in VLAN1 can communicate through the two switches. But from the output above we see there is no interface belongs to VLAN1 on Switch12 -> no hosts can communicate between the two switches.

Question 3

[am4show have=’p2;’]Refer to the exhibit:

What can be determined about the interfaces of the Main_Campus router from the output shown?

A. The LAN interfaces are configured on different subnets.
B. Interface FastEthernet 0/0 is configured as a trunk.
C. The Layer 2 protocol of interface Serial 0/1 is NOT operational.
D. The router is a modular router with five FastEthernet interfaces.
E. Interface FastEthernet 0/0 is administratively deactivated.

 

Answer: B[/am4show]

Explanation

We can’t confirm answer B is totally correct but all other answers are wrong so B is the best choice.

+ We only have 1 LAN interface on Main_Campus router with 4 subinterfaces -> answer A is not correct (although it is a bit unclear).
+ The “protocol” column of interface Serial0/1 is up so its Layer 2 is operating correctly -> answer C is not correct.
+ This router has only 1 FastEthernet interface -> answer D is not correct.
+ The “status” column of Fa0/0 is currently “up” so it is operating -> answer E is not correct.

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

If you are not sure about InterVLAN routing, please read my InterVLAN Routing Tutorial (Premium Tutorial)

Question 1

[am4show have=’p2;’]Refer to the exhibit:

Which two statements are true about interVLAN routing in the topology that is shown in the exhibit? (Choose two)

A. Host E and host F use the same IP gateway address.
B. Routed and Switch2 should be connected via a crossover cable.
C. Router1 will not play a role in communications between host A and host D.
D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.
E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.
F. The FastEthernet 0/0 interface on Router1 and Switch2 trunk ports must be configured using the same encapsulation type.

 

Answer: D F[/am4show]

Question 2

[am4show have=’p2;’]Refer to the exhibit:

What commands must be configured on the 2950 switch and the router to allow communication between host 1 and host 2? (Choose two)

A. Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shut down

B. Router(config)#interface fastethernet 0/0
Router(config-if)#no shutdown
Router(config)#interface fastethernet 0/0.1
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
Router(config-subif)#interface fastethernet 0/0.2
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 192.168.20.1 255.255.255.0

C. Router (config)#router eigrp 100
Router(config-router)#network 192.168.10.0
Router(config-router)#network 192.168.20.0

D. Switch1(config)# vlan database
Switch1(config-vlan)# vtp domain XYZ
Switch1(config-vlan)# vtp server

E. Switch1(config)# interface fastEthernet 0/1
Switch1(config-if)# switchport mode trunk

F. Switch1(config)# interface vlan 1
Switch1(config-if)# ip default-gateway 192.168.1.1

 

Answer: B E[/am4show]

Explanation

The two answers B and E list all the commands needed to configure interVLAN routing. Please notice that Cisco switch 2950, 2960 only support dot1Q trunking so we don’t need to specify which trunking encapsulation to use in this case. For Cisco switches 3550 or above we have to use these commands instead:

Switch3550(config-if)#switchport trunk encapsulation dot1q
Switch3550(config-if)#switchport mode trunk

Question 3

[am4show have=’p2;’]Which three statements are typical characteristics of VLAN arrangements? (Choose three)

A. A new switch has no VLANs configured.
B. Connectivity between VLANs requires a Layer 3 device.
C. VLANs typically decrease the number of collision domains.
D. Each VLAN uses a separate address space.
E. A switch maintains a separate bridging table for each VLAN.
F. VLANs cannot span multiple switches.

 

Answer: B D E[/am4show]

Explanation

By default, all ports on a new switch belong to VLAN 1 (default & native VLAN). There are also some well-known VLANs (for example: VLAN 1002 for fddi-default; VLAN 1003 for token-ring…) configured by default -> A is not correct.

To communicate between two different VLANs we need to use a Layer 3 device like router or Layer 3 switch -> B is correct.

VLANs don’t affect the number of collision domains, they are the same -> C is not correct. Typically, VLANs increase the number of broadcast domains.
We must use a different network (or sub-network) for each VLAN. For example we can use 192.168.1.0/24 for VLAN 1, 192.168.2.0/24 for VLAN 2 -> D is correct.

A switch maintains a separate bridging table for each VLAN so that it can send frame to ports on the same VLAN only. For example, if a PC in VLAN 2 sends a frame then the switch look-ups its bridging table and only sends frame out of its ports which belong to VLAN 2 (it also sends this frame on trunk ports) -> E is correct.

We can use multiple switches to expand VLAN -> F is not correct.

Question 4

[am4show have=’p2;’]Refer to the exhibit:

C-router is to be used as a “router-on-a-stick” to route between the VLANs. All the interfaces have been properly configured and IP routing is operational. The hosts in the VLANs have been configured with the appropriate default gateway. What can be said about this configuration?

A. These commands need to be added to the configuration:
C-router(config)# router eigrp 123
C-router(config-router)# network 172.19.0.0

B. No further routing configuration is required.

C. These commands need to be added to the configuration:
C-router(config)# router ospf 1
C-router(config-router)# network 172.19.0.0 0.0.3.255 area 0

D. These commands need to be added to the configuration:
C-router(config)# router rip
C-router(config-router)# network 172.19.0.0

 

Answer: B[/am4show]

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Note: If you are not sure about Spanning Tree Protocol, please read my Spanning Tree Protocol STP tutorial (Premium tutorial).

Question 1

[am4show have=’p2;’]Which term describes a spanning-tree network that has all switch ports in either the blocking or forwarding state?

A. converged
B. redundant
C. provisioned
D. spanned

 

Answer: A[/am4show]

Explanation

Spanning Tree Protocol convergence (Layer 2 convergence) happens when bridges and switches have transitioned to either the forwarding or blocking state. When layer 2 is converged, root bridge is elected and all port roles (Root, Designated and Non-Designated) in all switches are selected.

Question 2

[am4show have=’p2;’]Refer to the exhibit. Given the output shown from this Cisco Catalyst 2950, what is the reasons that interface FastEthernet 0/10 is not the root port for VLAN 2?

A. This switch has more than one interface connected to the root network segment in VLAN 2.
B. This switch is running RSTP while the elected designated switch is running 802.1d Spanning Tree.
C. This switch interface has a higher path cost to the root bridge than another in the topology.
D. This switch has a lower bridge ID for VLAN 2 than the elected designated switch.

 

Answer: C[/am4show]

Question 3

[am4show have=’p2;’]Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network segment that services the printers?

A. Switch1
B. Switch2
C. Switch3
D. Switch4

 

Answer: C[/am4show]

Explanation

First, the question asks what switch services the printers, so it can be Switch 3 or Switch 4 which is connected directly to the Printers.

Next, by comparing the MAC address of Switch 3 and Switch 4 we found that the MAC of Switch 3 is smaller. Therefore the interface connected to the Printers of Switch 3 will become designated interface and the interface of Switch 4 will be blocked.
(Please notice that Switch 1 will become the root bridge because of its lowest priority, not Switch 3)

Question 4

[am4show have=’p2;’]What is one benefit of PVST+?

A. PVST+ supports Layer 3 load balancing without loops.
B. PVST+ reduces the CPU cycles for all the switches in the network.
C. PVST+ allows the root switch location to be optimized per VLAN.
D. PVST+ automatically selects the root bridge location, to provide optimized bandwidth usage.

 

Answer: C[/am4show]

Explanation

Per VLAN Spanning Tree (PVST) maintains a spanning tree instance for each VLAN configured in the network. It means a switch can be the root bridge of a VLAN while another switch can be the root bridge of other VLANs in a common topology. For example, Switch 1 can be the root bridge for Voice data while Switch 2 can be the root bridge for Video data. If designed correctly, it can optimize the network traffic.

Question 5

[am4show have=’p2;’]Which port state is introduced by Rapid-PVST?

A. learning
B. listening
C. discarding
D. forwarding

 

Answer: C[/am4show]

Explanation

PVST+ is based on IEEE802.1D Spanning Tree Protocol (STP). But PVST+ has only 3 port states (discarding, learning and forwarding) while STP has 5 port states (blocking, listening, learning, forwarding and disabled). So discarding is a new port state in PVST+.

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Note: If you are not sure about Rapid Spanning Tree Protocol, please read our Rapid Spanning Tree Protocol RSTP Tutorial.

Question 1

[am4show have=’p2;’]Which three statements about RSTP are true? (Choose three)

A. RSTP significantly reduces topology reconvening time after a link failure.
B. RSTP expands the STP port roles by adding the alternate and backup roles.
C. RSTP port states are blocking, discarding, learning, or forwarding.
D. RSTP provides a faster transition to the forwarding state on point-to-point links than STP does.
E. RSTP also uses the STP proposal-agreement sequence.
F. RSTP uses the same timer-based process as STP on point-to-point links.

 

Answer: A B D[/am4show]

Question 2

[am4show have=’p2;’]Refer to the exhibit:

Why has this switch not been elected the root bridge for VLAN1?

A. It has more than one internee that is connected to the root network segment.
B. It is running RSTP while the elected root bridge is running 802.1d spanning tree.
C. It has a higher MAC address than the elected root bridge.
D. It has a higher bridge ID than the elected root bridge.

 

Answer: D[/am4show]

Explanation

As we can see from the output above, the priority of the root bridge is 20481 while that of the local bridge is 32769.

Question 3

[am4show have=’p2;’]Which command enables RSTP on a switch?

A. spanning-tree mode rapid-pvst
B. spanning-tree uplinkfast
C. spanning-tree backbonefast
D. spanning-tree mode mst

 

Answer: A[/am4show]

Question 4

[am4show have=’p2;’]Refer to the exhibit. Which statement is true?

A. The Fa0/11 role confirms that SwitchA is the root bridge for VLAN 20.
B. VLAN 20 is running the Per VLAN Spanning Tree Protocol.
C. The MAC address of the root bridge is 0017.596d.1580.
D. SwitchA is not the root bridge, because not all of the interface roles are designated.

 

Answer: D[/am4show]

Explanation

Only non-root bridge can have root port. Fa0/11 is the root port so we can confirm this switch is not the root bridge -> A is not correct.

From the output we learn this switch is running Rapid STP, not PVST -> B is not correct.

0017.596d.1580 is the MAC address of this switch, not of the root bridge. The MAC address of the root bridge is 0017.596d.2a00 -> C is not correct.

All of the interface roles of the root bridge are designated. SwitchA has one Root port and 1 Alternative port so it is not the root bridge -> D is correct.

Question 5

[am4show have=’p2;’]Refer to the exhibit. The output that is shown is generated at a switch. Which three of these statements are true? (Choose three)

A. All ports will be in a state of discarding, learning or forwarding.
B. Thirty VLANs have been configured on this switch.
C. The bridge priority is lower than the default value for spanning tree.
D. All interfaces that are shown are on shared media.
E. All designated ports are in a forwarding state.
F. The switch must be the root bridge for all VLANs on this switch.

 

Answer: A C E[/am4show]

Explanation

From the output, we see that all ports are in Designated role (forwarding state) -> A and E are correct.

The command “show spanning-tree vlan 30″ only shows us information about VLAN 30. We don’t know how many VLAN exists in this switch -> B is not correct.

The bridge priority of this switch is 24606 which is lower than the default value bridge priority 32768 -> C is correct.

All three interfaces on this switch have the connection type “p2p”, which means Point-to-point environment – not a shared media -> D is not correct.

The only thing we can specify is this switch is the root bridge for VLAN 3o but we can not guarantee it is also the root bridge for other VLANs -> F is not correct.

Question 6

[am4show have=’p2;’]Which two states are the port states when RSTP has converged? (choose two)

A. blocking
B. learning
C. disabled
D. forwarding
E. listening

 

Answer: A D[/am4show]

Explanation

RSTP only has 3 port states that are discarding, learning and forwarding. When RSTP has converged there are only 2 port states left: discarding and forwarding but the answers don’t mention about discarding state so blocking state (answer A) may be considered the best alternative answer.

Question 7

[am4show have=’p2;’]Which two of these statements regarding RSTP are correct? (Choose two)

A. RSTP cannot operate with PVST+.
B. RSTP defines new port roles.
C. RSTP defines no new port states.
D. RSTP is a proprietary implementation of IEEE 802.1D STP.
E. RSTP is compatible with the original IEEE 802.1D STP.

 

Answer: B E[/am4show]

Question 8

[am4show have=’p2;’]Refer to the exhibit. Each of these four switches has been configured with a hostname, as well as being configured to run RSTP. No other configuration changes have been made. Which three of these show the correct RSTP port roles for the indicated switches and interfaces? (Choose three)

A. SwitchA, Fa0/2, designated
B. SwitchA, Fa0/1, root
C. SwitchB, Gi0/2, root
D. SwitchB, Gi0/1, designated
E. SwitchC, Fa0/2, root
F. SwitchD, Gi0/2, root

 

Answer: A B F[/am4show]

Explanation

The question says “no other configuration changes have been made” so we can understand these switches have the same bridge priority. Switch C has lowest MAC address so it will become root bridge and 2 of its ports (Fa0/1 & Fa0/2) will be designated ports -> E is incorrect.

Because SwitchC is the root bridge so the 2 ports nearest SwitchC on SwitchA (Fa0/1) and SwitchD (Gi0/2) will be root ports -> B and F are correct.

Now we come to the most difficult part of this question: SwitchB must have a root port so which port will it choose? To answer this question we need to know about STP cost and port cost.

In general, “cost” is calculated based on bandwidth of the link. The higher the bandwidth on a link, the lower the value of its cost. Below are the cost values you should memorize:

 

Link speed	Cost
10Mbps	100
100Mbps	19
1 Gbps	4

SwitchB will choose the interface with lower cost to the root bridge as the root port so we must calculate the cost on interface Gi0/1 & Gi0/2 of SwitchB to the root bridge. This can be calculated from the “cost to the root bridge” of each switch because a switch always advertises its cost to the root bridge in its BPDU. The receiving switch will add its local port cost value to the cost in the BPDU.

In the exhibit you also see FastEthernet port is connecting to GigabitEthernet port. In this case GigabitEthernet port will operate as a FastEthernet port so the link can be considered as FastEthernet to FastEthernet connection.

One more thing to notice is that a root bridge always advertises the cost to the root bridge (itself) with an initial value of 0.

Now let’s have a look at the topology again

SwitchC advertises its cost to the root bridge with a value of 0. Switch D adds 19 (the cost value of 100Mbps link although the port on Switch D is GigabitEthernet port) and advertises this value (19) to SwitchB. SwitchB adds 4 (the cost value of 1Gbps link) and learns that it can reach SwitchC via Gi0/1 port with a total cost of 23. The same process happens for SwitchA and SwitchB learns that it can reach SwitchC via Gi0/2 with a total cost of 38 -> Switch B chooses Gi0/1 as its root port -> D is not correct.

Now our last task is to identify the port roles of the ports between SwitchA & SwitchB. It is rather easy as the MAC address of SwitchA is lower than that of SwitchB so Fa0/2 of SwitchA will be designated port while Gi0/2 of SwitchB will be alternative port -> A is correct but C is not correct.

Below summaries all the port roles of these switches:

 

+ DP: Designated Port (forwarding state)
+ RP: Root Port (forwarding state)
+ AP: Alternative Port (blocking state)

Question 9

[am4show have=’p2;’]Refer to the exhibit. At the end of an RSTP election process, which access layer switch port will assume the discarding role?

A. Switch3, port fa0/1
B. Switch3, port fa0/12
C. Switch4, port fa0/11
D. Switch4, port fa0/2
E. Switch3, port Gi0/1

 

Answer: C[/am4show]

Explanation

In this question, we only care about the Access Layer switches (Switch3 & 4). Switch 3 has a lower bridge ID than Switch 4 (because the MAC of Switch3 is smaller than that of Switch4) so both ports of Switch3 will be in forwarding state. The alternative port will surely belong to Switch4.

Switch4 will need to block one of its ports to avoid a bridging loop between the two switches. But how does Switch4 select its blocked port? Well, the answer is based on the BPDUs it receives from Switch3. A BPDU is superior than another if it has:

1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID

These four parameters are examined in order. In this specific case, all the BPDUs sent by Sswitch3 have the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). In this case the port priorities are equal because they use the default value, so Switch4 will compare port index values, which are unique to each port on the switch, and because Fa0/12 is inferior to Fa0/1, Switch4 will select the port connected with Fa0/1 (of Switch3) as its root port and block the other port -> Port fa0/11 of Switch4 will be blocked (discarding role).

If you are still not sure about this question, please read my RSTP tutorial.

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Question 1

[am4show have=’p2;’]Which two are advantages of static routing when compared to dynamic routing? (choose two)

A. Security increases because only the network administrator may change the routing tables.
B. Configuration complexity decreases as network size increases.
C. Routing updates are automatically sent to neighbors.
D. Route summarization is computed automatically by the router.
E. Routing traffic load is reduced when used in stub network links.
F. An efficient algorithm is used to build routing tables using automatic updates.
G. Routing tables adapt automatically to topology changes.

 

Answer: A E[/am4show]

Explanation

Static routing can only be configured for each route manually so it is more secure than dynamic routing which only needs to declare which networks to run -> A is correct.

Also static route does not use any complex algorithm to find out the best path so no routing updates need to be sent out -> reduce routing traffic load. Static routing is useful especially in stub network links.

Note: Stub network (or stub router) is used to describe a network (or router) that does not have any information about other networks except a default route. This type of network (or router) usually has only one connection to the outside.

Question 2

[am4show have=’p2;’]Which parameter would you tune to affect the selection of a static route as a backup, when a dynamic protocol is also being used?

A. hop count
B. administrative distance
C. link bandwidth
D. link delay
E. link cost

 

Answer: B[/am4show]

Explanation

By default a static route has the Administrative Distance (AD) of 1, which is always preferred to dynamic routing protocols. In some cases we may want to use dynamic routing protocols and set static routes as a backup route when the “dynamic” routes fail -> we can increase the AD of that static route to a higher value than the AD of the dynamic routing protocols.

Question 3

[am4show have=’p2;’]Which statement is true, as relates to classful or classless routing?

A. RIPV1 and OSPF are classless routing protocols.
B. Classful routing protocols send the subnet mask in routing updates.
C. Automatic summarization at classful boundaries can cause problems on discontigous networks.
D. EIGRP and OSPF are classful routing protocols and summarize routes by default.

 

Answer: C[/am4show]

Explanation

Discontiguous networks are networks that have subnets of a major network separated by a different major network. Below is an example of discontiguous networks where subnets 10.10.1.0/24 and 10.10.2.0/24 are separated by a 2.0.0.0/8 network.

If we configure automatic summarization at classful boundaries, users on network 10.10.1.0/24 cannot communicate with users on network 10.10.2.0/24.

If you are not clear about automatic summarization please read the last part of this tutorial: http://www.9tut.com/eigrp-routing-protocol-tutorial.

Question 4

[am4show have=’p2;’]A technician pastes the configurations in the exhibit into the two new routers shown. Otherwise, the routers are configured with their default configurations. A ping from Host1 to Host2 fails, but the technician is able to ping the S0/0 interface of R2 from Host1. The configurations of the hosts have been verified as correct. What is the cause of the problem?

A. The serial cable on R1 needs to be replaced.
B. The interfaces on R2 are not configured properly.
C. R1 has no route to the 192.168.1.128 network.
D. The IP addressing scheme has overlapping subnetworks.
E. The ip subnet-zero command must be configured on both routers.

 

Answer: C[/am4show]

Explanation

Host1 can ping the Serial interface of R2 because R1 has the network of 192.168.1.4/30 as directly connected route. But R1 does not know how to route to the network of Host2 (192.168.1.128/26) so R1 will drop that ping without trying to send it out S0/0 interface. To make the ping work, we have to configure a route pointing to that network (for example: ip route 192.168.1.128 255.255.255.192 s0/0 on R1).

Question 5

[am4show have=’p2;’]Refer to the exhibit. The Lakeside Company has the internetwork in the exhibit. The Administrator would like to reduce the size of the routing table to the Central Router. Which partial routing table entry in the Central router represents a route summary that represents the LANs in Phoenix but no additional subnets?

A – 10.0.0.0 /22 is subnetted, 1 subnet
D 10.0.0.0 [90/20514560] via 10.2.0.2 6w0d, serial 0/1

B – 10.0.0.0 /28 is subnetted, 1 subnet
D 10.2.0.0 [90/20514560] via 10.2.0.2 6w0d, serial 0/1

C – 10.0.0.0 /30 is subnetted, 1 subnet
D 10.2.2.0 [90/20514560] via 10.2.0.2 6w0d, serial 0/1

D – 10.0.0.0 /22 is subnetted, 1 subnet
D 10.4.0.0 [90/20514560] via 10.2.0.2 6w0d, serial 0/1

E – 10.0.0.0 /28 is subnetted, 1 subnet
D 10.4.4.0 [90/20514560] via 10.2.0.2 6w0d, serial 0/1

F – 10.0.0.0 /30 is subnetted, 1 subnet
D 10.4.4.4 [90/20514560] via 10.2.0.2 6w0d, serial 0/1

 

Answer: D[/am4show]

Explanation

All the above networks can be summarized to 10.0.0.0 network but the question requires to “represent the LANs in Phoenix but no additional subnets” so we must summarized to 10.4.0.0 network. The Phoenix router has 4 subnets so we need to “move left” 2 bits of “/24”-> /22 is the best choice -> D is correct.

Question 6

[am4show have=’p2;’]Refer to the exhibit. How will the router handle a packet destined for 192.0.2.156?

A. The router will drop the packet.
B. The router will return the packet to its source.
C. The router will forward the packet via Serial2.
D. The router will forward the packet via either Serial0 or Serial1.

 

Answer: C[/am4show]

Explanation

From the output we see a line “Gateway of last resort is 192.168.4.1 to network 0.0.0.0”. Gateway of last resort refers to the next-hop router of a router’s current default route. Therefore all the traffic through this router to destination networks not matching any other networks or subnets in the routing table will be sent to 192.168.4.1 (which is on Serial2) -> packet destined for 192.0.2.156 (or an unknown destination) will be forwarded via Serial2.

An weird thing in the output above is the missing of the asterisk mask (*) which represents for the candidate default route. To set the “Gateway of last resort is 192.168.4.1 to network 0.0.0.0” as the output above we can use these commands:

ip route 0.0.0.0 0.0.0.0 192.168.4.1
ip default-network 192.168.4.0

But these commands will create an static routing in the routing table with an asterisk mask. Maybe the output shown above is missing that route.

For more information about the command ip default-network please visit: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml.

Question 7

[am4show have=’p2;’]Refer to the exhibit. RTA is configured with a basic configuration. The link between the two routers is operational and no routing protocols are configured on either router. The line shown in the exhibit is then added to router RTA. Should interface Fa0/0 on router RTB shut down, what effect will the shutdown have on router RTA?

A. A route to 172.16.14.0/24 will remain in the RTA routing table.
B. A packet to host 172.16.14.225 will be dropped by router RTA
C. Router RTA will send an ICMP packet to attempt to verify the route.
D. Because router RTB will send a poison reverse packet to router RTA, RTA will remove the route.

 

Answer: A[/am4show]

Explanation

Static routes remain in the routing table even if the specified gateway becomes unavailable. If the specified gateway becomes unavailable, you need to remove the static route from the routing table manually. However, static routes are removed from the routing table if the specified interface goes down, and are reinstated when the interface comes back up.

Therefore the static route will only be removed from the routing table if the S0/0 interface on RTA is shutdown.

(Reference: http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/route_static.html)

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Note: If you are not sure about OSPF, please read my OSPF tutorial first.

Question 1

[am4show have=’p2;’]

R1 routing commands:
ip route 0.0.0.0 0.0.0.0 serial0/0
router ospf 1
network 172.16.100.0 0.0.0.3 area 0
network 172.16.100.64 0.0.0.63 area 0
network 172.16.100.128 0.0.0.31 area 0
default-information originate

Assuming that all router interfaces are operational and correctly configured, that OSPF has been correctly configured on router R2, how will the default route configured on R1 affect the operation of R2?

A. Any packet destined for a network that is not directly connected to router R1 will be dropped.
B. Any packet destined for a network that is not referenced in the routing table of router R2 will be directed to R1. R1 will then send that packet back to R2 and a routing loop will occur.
C. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately.
D. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately because of the lack of a gateway on R1.

 

Answer: B[/am4show]

Explanation

First, notice that the more-specific routes will always be favored over less-specific routes regardless of the administrative distance set for a protocol. In this case, because we use OSPF for three networks (172.16.100.0 0.0.0.3, 172.16.100.64 0.0.0.63, 172.16.100.128 0.0.0.31) so the packets destined for these networks will not be affected by the default route.

The default route configured on R1 “ip route 0.0.0.0 0.0.0.0 serial0/0″ will send any packet whose destination network is not referenced in the routing table of router R1 to R2, it doesn’t drop anything so answers A, B and C are not correct. D is not correct too because these routes are declared in R1 and the question says that “OSPF has been correctly configured on router R2″, so network directly connected to router R2 can communicate with those three subnetworks.

As said above, the default route configured on R1 will send any packet destined for a network that is not referenced in its routing table to R2; R2 in turn sends it to R1 because it is the only way and a routing loop will occur.

Question 2

[am4show have=’p2;’]What information does a router running a link-state protocol use to build and maintain its topological database? (Choose two)

A. hello packets
B. SAP messages sent by other routers
C. LSAs from other routers
D. beacons received on point-to-point links
E. routing tables received from other link-state routers
F. TTL packets from designated routers

 

Answer: A C[/am4show]

Explanation

Link-state protocol uses hello packets to discover neighbors and establish adjacencies. After that, the routers begin sending out LSAs to every neighbor (each received LSA is copied and forwarded to every neighbor except the one that sent the LSA)

Question 3

[am4show have=’p2;’]Which two statements describe the process identifier that is used in the command to configure OSPF on a router? (Choose two)

Router(config)# router ospf 1

A. All OSPF routers in an area must have the same process ID.
B. Only one process number can be used on the same router.
C. Different process identifiers can be used to run multiple OSPF processes
D. The process number can be any number from 1 to 65,535.
E. Hello packets are sent to each neighbor to determine the processor identifier.

 

Answer: C D[/am4show]

Question 4

[am4show have=’p2;’]What is the default administrative distance of OSPF?

A. 90
B. 100
C. 110
D. 120

 

Answer: C[/am4show]

Explanation

The Administrative Distances (AD) of popular routing protocols are listed below:

Question 5

[am4show have=’p2;’]Refer to the exhibit. The network is converged. After link-state advertisements are received from Router_A, what information will Router_E contain in its routing table for the subnets 208.149.23.64 and 208.149.23.96?

A. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, FastEthernet0/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, FastEthernet0/0

B. 208.149.23.64[110/1] via 190.173.23.10, 00:00:00:07, Serial1/0
208.149.23.96[110/3] via 190.173.23.10, 00:00:00:16, FastEthernet0/0

C. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, FastEthernet0/0

D. 208.149.23.64[110/13] via 190.173.23.10, 00:00:00:07, Serial1/0
208.149.23.96[110/13] via 190.173.23.10, 00:00:00:16, Serial1/0

 

Answer: A[/am4show]

Explanation

Router_E learns two subnets subnets 208.149.23.64 and 208.149.23.96 via Router_A through FastEthernet interface. The interface cost is calculated with the formula 10⁸ / Bandwidth. For FastEthernet it is 10⁸ / 100 Mbps = 10⁸ / 100,000,000 = 1. Therefore the cost is 12 (learned from Router_A) + 1 = 13 for both subnets -> B is not correct.

The cost through T1 link is much higher than through T3 link (T1 cost = 10⁸ / 1.544 Mbps = 64; T3 cost = 10⁸ / 45 Mbps = 2) so surely OSPF will choose the path through T3 link -> Router_E will choose the path from Router_A through FastEthernet0/0, not Serial1/0 -> C & D are not correct.

In fact, we can quickly eliminate answers B, C and D because they contain at least one subnet learned from Serial1/0 -> they are surely incorrect.

Question 6

[am4show have=’p2;’]What are three characteristics of the OSPF routing protocol? (Choose three)

A. It converges quickly.
B. OSPF is a classful routing protocol.
C. It uses cost to determine the best route.
D. It uses the DUAL algorithm to determine the best route.
E. OSPF routers send the complete routing table to all directly attached routers.
F. OSPF routers discover neighbors before exchanging routing information.

 

Answer: A C F[/am4show]

Explanation

OSPF is a link-state routing protocol so it converges more quickly than distance-vector protocol. OSPF uses cost to determine the best route. The popular formula to calculate OSPF cost is: cost = 10⁸ / Bandwidth [ in kbps] (in fact the formal formula is: cost = reference bandwidth / configured bandwidth of interface in kbps. On Cisco routers, the reference bandwidth defaults to 100000 kbps)

Question 7

[am4show have=’p2;’]

The internetwork infrastructure of company XYZ consists of a single OSPF area as shown in the graphic. There is concern that a lack of router resources is impeding internetwork performance.

As part of examining the router resources the OSPF DRs need to be known.

All the router OSPF priorities are at the default and the router IDs are shown with each router.

Which routers are likely to have been elected as DR? (Choose two)

A. Corp-1
B. Corp-2
C. Corp-3
D. Corp4
E. Branch-1
F. Branch-2

 

Answer: D F[/am4show]

Explanation

There are 2 segments on the topology above which are separated by Corp-3 router. Each segment will have a DR so we have 2 DRs.

To select which router will become DR they will compare their router-IDs. The router with highest (best) router-ID will become DR. The router-ID is chosen in the order below:

+ The highest IP address assigned to a loopback (logical) interface.

+ If a loopback interface is not defined, the highest IP address of all active router’s physical interfaces will be chosen.

In this question, the IP addresses of loopback interfaces are not mentioned so we will consider IP addresses of all active router’s physical interfaces. Router Corp-4 (10.1.40.40) & Branch-2 (10.2.20.20) have highest “active” IP addresses so they will become DRs.

Question 8

[am4show have=’p2;’]Which parameter or parameters are used to calculate OSPF cost in Cisco routers?

A. Bandwidth, Delay and MTU
B. Bandwidth
C. Bandwidth and MTU
D. Bandwidth, MTU, Reliability, Delay and Load

 

Answer: B[/am4show]

Explanation

The well-known formula to calculate OSPF cost is

Cost = 10⁸ / Bandwidth

so B is the correct answer.

Question 9

[am4show have=’p2;’]Refer to the exhibit:

Assume that all of the router interfaces are operational and configured correctly. How will router R2 be affected by the configuration of R1 that is shown in the exhibit?

A. Router R2 will not form a neighbor relationship with R1.
B. Router R2 will obtain a full routing table, including a default route, from R1.
C. R2 will obtain OSPF updates from R1, but will not obtain a default route from R1.
D. R2 will not have a route for the directly connected serial network, but all other directly connected networks will be present, as well as the two networks connected to R1.

 

Answer: B[/am4show]

Explanation

The default-information originate command advertises a default route to other routers, telling something like “please send me your unknown traffic”. So in this case, besides a full routing table, R2 will also receive a default route from R1 -> B is correct.

Note: But in this question, the static route should be “ip route 0.0.0.0 0.0.0.0 serial0/1″ (not serial0/0), that may cause a routing loop.

Question 10

[am4show have=’p2;’]Which commands are required to properly configure a router to run OSPF and to add network 192.168.16.0/24 to OSPF area 0? (Choose two)

A. Router(config)# router ospf 0
B. Router(config)# router ospf 1
C. Router(config)# router ospf area 0
D. Router(config-router)# network 192.168.16.0 0.0.0.255 0
E. Router(config-router)# network 192.168.16.0 0.0.0.255 area 0
F. Router(config-router)# network 192.168.16.0 255.255.255.0 area 0

 

Answer: B E[/am4show]

Explanation

In the router ospf command, the ranges from 1 to 65535 so o is an invalid number -> B is correct but A is not correct.

 

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Note: If you are not sure about OSPF, please read my OSPF tutorial first.

Question 1

[am4show have=’p2;’]Which command is used to display the collection of OSPF link states?

A. show ip ospf link-state
B. show ip ospf Isa database
C. show ip ospf neighbors
D. show ip ospf database

 

Answer: D[/am4show]

Explanation

The output of the “show ip ospf database” is shown below:

From the output above we can see LSA Type 1 (Router Link State) and LSA Type 3 (Summary Net Link State).

Question 2

[am4show have=’p2;’]What are two drawbacks of implementing a link-state routing protocol? (Choose two)

A. the sequencing and acknowledgment of link-state packets
B. the requirement for a hierarchical IP addressing scheme for optimal functionality
C. the high volume of link-state advertisements in a converged network
D. the high demand on router resources to run the link-state routing algorithm
E. the large size of the topology table listing all advertised routes in the converged network

 

Answer: B D[/am4show]

Question 3

[am4show have=’p2;’]

The internetwork infrastructure of company XYZ consists of a single OSPF area as shown in the graphic.

There is concern that a lack of router resources is impeding internetwork performance.

As part of examining the router resources the OSPF DRs need to be known.

All the router OSPF priorities are at the default and the router IDs are shown with each router.

Which routers are likely to have been elected as DR? (Choose two)

A. Corp-1
B. Corp-2
C. Corp-3
D. Corp4
E. Branch-1
F. Branch-2

 

Answer: D F[/am4show]

Explanation

There are 2 segments on the topology above which are separated by Corp-3 router. Each segment will have a DR so we have 2 DRs.

To select which router will become DR they will compare their router-IDs. The router with highest (best) router-ID will become DR. The router-ID is chosen in the order below:

+ The highest IP address assigned to a loopback (logical) interface.

+ If a loopback interface is not defined, the highest IP address of all active router’s physical interfaces will be chosen.

In this question, the IP addresses of loopback interfaces are not mentioned so we will consider IP addresses of all active router’s physical interfaces. Router Corp-4 (10.1.40.40) & Branch-2 (10.2.20.20) have highest “active” IP addresses so they will become DRs.

Question 4

[am4show have=’p2;’]What is the default maximum number of equal-cost paths that can be placed into the routing of a Cisco OSPF router?

A. 16
B. 2
C. unlimited
D. 4

 

Answer: D[/am4show]

Explanation

The default number of equal-cost paths that can be placed into the routing of a Cisco OSPF router is 4. We can change this default value by using “maximum-paths” command:

Router(config-router)#maximum-paths 2

Note: Cisco routers support up to 16 equal-cost paths

Question 5

[am4show have=’p2;’]RouterD# show ip interface brief

Given the output for this command, if the router ID has not been manually set, what router ID will OSPF use for this router?

A. 10.1.1.2
B. 10.154.154.1
C. 172.16.5.1
D. 192.168.5.3

 

Answer: C[/am4show]

Explanation

The highest IP address of all loopback interfaces will be chosen -> Loopback 0 will be chosen as the router ID.

Question 6

[am4show have=’p2;’]Refer to the exhibit. Which two statements are true about the loopback address that is configured on RouterB? (Choose two)

A. It ensures that data will be forwarded by RouterB.
B. It provides stability for the OSPF process on RouterB.
C. It specifies that the router ID for RouterB should be 10.0.0.1.
D. It decreases the metric for routes that are advertised from RouterB.
E. It indicates that RouterB should be elected the DR for the LAN.

 

Answer: B C[/am4show]

Explanation

A loopback interface never comes down even if the link is broken so it provides stability for the OSPF process (for example we use that loopback interface as the router-id) -> B is correct.

The router-ID is chosen in the order below:

+ The highest IP address assigned to a loopback (logical) interface.
+ If a loopback interface is not defined, the highest IP address of all active router’s physical interfaces will be chosen.

-> The loopback interface will be chosen as the router ID of RouterB -> C is correct.

Question 7

[am4show have=’p2;’]Refer to the exhibit. The network associate is configuring OSPF on the Core router. All the connections to the branches should be participating in OSPF. The link to the ISP should NOT participate in OSPF and should only be advertised as the default route. What set of commands will properly configure the Core router?

A. Core(config-router)#default-information originate
Core(config-router)#network 10.0.0.0 0.255.255.255 area 0
Core(config-router)#exit
Core(config)#ip route 0.0.0.0 0.0.0.0 10.10.2.14

B. Core(config-router)#default-information originate
Core(config-router)#network 10.10.2.13 0.0.0.242 area 0
Core(config-router)#exit
Core(config)#ip route 0.0.0.0 0.0.0.0 10.10.2.14

C. Core(config-router)#default-information originate
Core(config-router)#network 10.10.2.16 0.0.0.15 area 0
Core(config-router)#exit
Core(config)#ip route 0.0.0.0 0.0.0.0 10.10.2.14

D. Core(config-router)#default-information originate
Core(config-router)#network 10.10.2.32 0.0.0.31 area 0
Core(config-router)#exit
Core(config)#ip route 0.0.0.0 0.0.0.0 10.10.2.14

 

Answer: C[/am4show]

Explanation

The question states that the link to ISP should not participate in OSPF -> answers A, B are not correct.

In answer D, the “network 10.10.2.32 0.0.0.31 area 0” does not cover the IP address of S0/0.103 (10.10.2.21) -> D is not correct.

The default-information originate command advertises a default route to other routers, telling something like “please send me your unknown traffic”. So in this case, besides a full routing table, other routers will also receive a default route from Core router.
But please notice that Core router needs to have a default route in its routing table. That is why the command “ip route 0.0.0.0 0.0.0.0 10.10.2.14” is added to Core router. By adding the “always” (after “default-information originate” command) the default route will be advertised even if there is no default route in the routing table of router Core.

Question 8

[am4show have=’p2;’]

A network associate has configured OSPF with the command:
City(config-router)# network 192.168.12.64 0.0.0.63 area 0

After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF.
Which three of the interfaces shown in the exhibit will participate in OSPF according to this configuration statement? (Choose three)

A. FastEthernet0/0
B. FastEthernet0/1
C. Serial0/0
D. Serial0/1.102
E. Serial0/1.103
F. Serial0/1.104

 

Answer: B C D[/am4show]

Explanation

The “network 192.168.12.64 0.0.0.63″ equals to network 192.168.12.64/26. This network has:
+ Increment: 64 (/26= 1111 1111.1111 1111.1111 1111.1100 0000)
+ Network address: 192.168.12.64
+ Broadcast address: 192.168.12.127
Therefore all interface in the range of this network will join OSPF -> B C D are correct.

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Note: If you are not sure about EIGRP, please read my EIGRP tutorial.

Question 1

[am4show have=’p2;’]What does a router do if it has no EIGRP feasible successor route to a destination network and the successor route to that destination network is in active status?

A. It routes all traffic that is addressed to the destination network to the interface indicated in the routing table.
B. It sends a copy of its neighbor table to all adjacent routers.
C. It sends a multicast query packet to all adjacent neighbors requesting available routing paths to the destination network.
D. It broadcasts Hello packets to all routers in the network to re-establish neighbor adjacencies.

 

Answer: C[/am4show]

Explanation

When a router has no EIGRP feasible successor and the successor route to that destination network is in active status (the successor route is down, for example) a route recomputation occurs. A route recomputation commences with a router sending a query packet to all neighbors. Neighboring routers can either reply if they have feasible successors for the destination or optionally return a query indicating that they are performing a route recomputation. While in Active state, a router cannot change the next-hop neighbor it is using to forward packets. Once all replies are received for a given query, the destination can transition to Passive state and a new successor can be selected.

(Reference: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f07.shtml#rout_states)

Question 2

[am4show have=’p2;’]Which statements are true about EIGRP successor routes? (Choose two)

A. A successor route is used by EIGRP to forward traffic to a destination.
B. Successor routes are saved in the topology table to be used if the primary route fails.
C. Successor routes are flagged as ‘active* in the routing table.
D. A successor route may be backed up by a feasible successor route.
E. Successor routes are stored in the neighbor table following the discovery process.

 

Answer: A D[/am4show]

Question 3

[am4show have=’p2;’]Which type of EIGRP route entry describes a feasible successor?

A. a backup route, stored in the routing table
B. a primary route, stored in the routing table
C. a backup route, stored in the topology table
D. a primary route, stored in the topology table

 

Answer: C[/am4show]

Explanation

Feasible successor is a route whose Advertised Distance is less than the Feasible Distance of the current best path. A feasible successor is a backup route, which is not stored in the routing table but stored in the topology table.

Question 4

[am4show have=’p2;’]Refer to the exhibit. Based on the exhibited routing table, how will packets from a host within the 192.168.10.192/26 LAN be forwarded to 192.168.10.1?

A. The router will forward packets from R3 to R2 to R1
B. The router will forward packets from R3 to R1
C. The router will forward packets from R3 to R1 to R2
D. The router will forward packets from R3 to R2 to R1 AND from R3 to R1

 

Answer: D[/am4show]

Explanation

From the routing table we learn that network 192.168.10.0/30 is learned via 2 equal-cost paths (192.168.10.9 &192.168.10.5) -> traffic to this network will be load-balancing.

Question 5

[am4show have=’p2;’]Refer to the exhibit. Given the output from the show ip eigrp topology command, which router is the feasible successor?

Router# show ip eigrp topology 10.0.0.5 255.255.255.255 IP-EIGRP topology entry for 10.0.0.5/32 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 41152000

A.

10.1.0.3 (Serial0), from 10.1.0.3, Send flag is 0x0
   Composite metric is (46866176/46354176), Route is Internal 
   Vector metric:
     Minimum bandwidth is 56 Kbit
     Total delay is 45000 microseconds
     Reliability is 255/255
     Load is 1/255
     Minimum MTU is 1500
     Hop count is 2 

B.

10.0.0.2 (Serial0.1), from 10.0.0.2, Send flag is 0x0
   Composite metric is (53973248/128256), Route is Internal 
   Vector metric:
     Minimum bandwidth is 48 Kbit
     Total delay is 25000 microseconds
     Reliability is 255/255
     Load is 1/255
     Minimum MTU is 1500
     Hop count is 1

C.

10.1.0.1 (Serial0), from 10.1.0.1, Send flag is 0x0
   Composite metric is (46152000/41640000), Route is Internal Vector metric:
     Minimum bandwidth is 64 Kbit 
     Total delay is 45000 microseconds 
     Reliability is 255/255 
     Load is 1/255 
     Minimum MTU is 1500
     Hop count is 2

D.

10.1.1.1 (SerialO.1), from 10.1.1.1, Send flag is 0x0
   Composite metric is (46763776/46251776), Route is External 
   Vector metric:
     Minimum bandwidth is 56 Kbit
     Total delay is 41000 microseconds
     Reliability is 255/255
     Load is 1/255
     Minimum MTU is 1500
     Hop count is 2

 

Answer: B[/am4show]

Explanation

First we must notice that all the 4 answers are parts of the “show ip eigrp topology” output. As you can see, there are 2 parameters in the form of [FD/AD] in each answer. For example answer C has [46152000/41640000], it means that the FD of that route is 46152000 while the AD is 41640000.

To become a feasible successor, a router must meet the feasibility condition:

“To qualify as a feasible successor, a router must have an AD less than the FD of the current successor route“

In four answer above, only answer B has an AD of 128256 and it is smaller than the FD of the current successor route (41152000) so it is the feasible successor -> B is correct.

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Question 1

[am4show have=’p2;’]Refer to the exhibit. What three actions will the switch take when a frame with an unknown source MAC address arrives at the interface? (Select three)

A. Send an SNMP trap.
B. Send a syslog message.
C. Increment the Security Violation counter.
D. Forward the traffic.
E. Write the MAC address to the startup-config.
F. Shut down the port.

 

Answer: A B C[/am4show]

Explanation

Notice that the Violation Mode is Restrict. In this mod, when the number of port secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped. You have to remove the secure mac-addresses below the maximum allowed number in order to learn a new MAC or allowing a host on the port. Also a SNMP trap is sent, a syslog message is logged in the syslog server and the violation counter increases.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html)

Question 2

[am4show have=’p2;’]Which protocol is an open standard protocol framework that is commonly used in VPNs, to provide secure end-to-end communications?

A. RSA
B. L2TP
C. IPsec
D. PPTP

 

Answer: C[/am4show]

Explanation

One of the most widely deployed network security technologies today is IPsec over VPNs. It provides high levels of security through encryption and authentication, protecting data from unauthorized access.

Question 3

[am4show have=’p2;’]Refer to the exhibit. Which of these correctly describes the results of port security violation of an unknown packet?

Switch(config)#interface fastethernet 0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security maximum 3 Switch(config-if)#switchport port-security mac-address sticky Switch(config-if)#end

A. port enabled; unknown packets dropped; no SNMP or syslog messages
B. port enabled; unknown packets dropped; SNMP or syslog messages
C. port disabled; no SNMP or syslog messages
D. port disabled; SNMP or syslog messages

 

Answer: D[/am4show]

Explanation

The default violation mode is shutdown, which will shutdown the port when the maximum number of secure MAC addresses is exceeded. It also sends an SNMP trap, logs a syslog message, and increments the violation counter.

The three violation modes are listed below:

+protect – When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. You are not notified that a security violation has occurred.

+restrict – When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. In this mode, you are notified that a security violation has occurred. Specifically, an SNMP trap is sent, a syslog message is logged, and the violation counter increments.

+shutdown – In this mode, a port security violation causes the interface to immediately become error-disabled, and turns off the port LED. It also sends an SNMP trap, logs a syslog message, and increments the violation counter. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shutdown interface configuration commands. This is the default mode.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html)

Question 4

[am4show have=’p2;’]The following configuration is applied to a Layer 2 Switch:

interface fastethernet 0/4
switchport mode access
switchport port-security
switchport port-security mac-address 0000.1111.1111
switchport port-security maximum 2

What is the result of the above configuration being applied to the switch?

A. A host with a mac address of 0000.1111.1111 and up to two other hosts can connect to FastEthernet 0/4 simultaneously
B. A host with a mac address of 0000.1111.1111 and one other host can connect to FastEthernet 0/4 simultaneously
C. Violating addresses are dropped and no record of the violation is kept
D. The switch can send an SNMP message to the network management station
E. The port is effectively shutdown

 

Answer: B[/am4show]

Question 5

[am4show have=’p2;’]What can be done to secure the virtual terminal interfaces on a router? (Choose two)

A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.

 

Answer: D E[/am4show]

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Note: If you are not sure about IPv6, please read my IPv6 tutorial.

Question 1

[am4show have=’p2;’]Which command enables IPv6 forwarding on a Cisco router?

A. ipv6 local
B. ipv6 host
C. ipv6 unicast-routing
D. ipv6 neighbor

 

Answer: C[/am4show]

Explanation

An example of configuring RIPng (similar to RIPv2 but is used for IPv6) is shown below:

Router(config)#ipv6 unicast-routing (Enables the forwarding of IPv6 unicast datagrams globally on the router)
Router(config)#interface fa0/0
Router(config-if)#ipv6 rip 9tut enable (9tut is the process name of this RIPng)

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Here you will find answers to ICND 2 – Drag And Drop Questions

Question 1

[am4show have=’p2;’]Two offices are displayed below

You work as a network technician at 9tut. Study the exhibit carefully. The company has a main office in Los Angeles and a satellite office in Boston. The offices are connected through two Cisco routers. The Boston satellite office is connected through the R2 router s0 interface to the Los Angeles office R1 router s1 interface. R1 has two local area networks. Boston users receive Internet access through the R1 router. Drag the boxes on the top to complete the goal on the left.

 

Answer:

[/am4show]1) Prevent all users from outside the enterprise network from accessing the server: permit ip 192.168.35.0 0.0 0.255 host 192.168.35.66
2) Block a user from R1 e0 network from accessing the server: deny ip 192.168.35.55 0.0.0.0 host 192.168.35.66
3) Block only the users attached to the e0 interface of the R2 router from accessing the server: deny ip 192.168.35.16 0.0.0.15 host 192.168.35.66

Question 2

[am4show have=’p2;’]You are configuring the localhost/nitunetwp office. In particular the host C, with the IP address 192.168.125.34/27, needs to be configured so that it cannot access hosts outside its own subnet. You decide to use the following command:
access-list 100 deny protocol address mask any

You are required to fill in the protocol, address, and mask in this command using the choices below:

 

Answer:

[/am4show]1) protocol: ip
2) address: 192.168.125.34
3) mask: 0.0.0.0

Explanation

The syntax of extended access-list:

access-list 100-199 {permit|deny} {ip|tcp|udp|icmp} source source-mask [lt|gt|eq|neq] [source-port] destination dest-mask [lt|gt|eq|neq] [dest-port]

By telling the router to drop traffic originated from host C (source), we can guarantee that host C can just communicate with hosts inside its own subnet (because this kind of traffic does not need to pass the router and will not be prevented).

Question 3

[am4show have=’p2;’]Exhibit:

Router# show interfaces s1/0 Seria11/0 is up, line protocol is up Hardware is CD2430 in sync mode Internet address is 192.168.0.10/30 MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: CDPCP. IPCP, loopback not set Last input 00:00:00, output 00:00:00, output hang never Last clearing of “show interface” counters 4d21h

Study the exhibit carefully. You need to match output lines in the exhibit with the proper OSI layer. One line will not be used.

 

Answer:

[/am4show]Data Link Layer:

+ Encapsulation PPP
+ Line protocol is up

Physical Layer:

+ Serial 1/0 is up
+ Hardware is CD2430 in sync mode

Question 4

[am4show have=’p2;’]You work as a network administrator for your corporation, your boss is interested in switch ports. Match the options to the appropriate switch ports

 

Answer:

[/am4show]Access Port:

+ carries traffic for a single VLAN
+ uses a straight-through cable to connect a device
+ connects an end-user workstation to a switch

Trunk Port:

+ carries traffic for a multiple VLAN
+ Facilitates interVLAN communications when connected to a Layer 3 device
+ uses 802.1q to identify traffic from different VLANs

Question 5

[am4show have=’p2;’]Below is the configuration of the R1 router:

R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1
R1(config)# ip route 10.1.0.0 255.255.255.0 192.168.2.2
R1(config)# ip route 10.1.0.0 255.255.0.0 192.168.3.3

Drag each destination IP address on the top to its correct next hop address at the bottom.

 

Answer:

[/am4show]Next hop 192.168.1.1:
+ 10.2.1.3
+ 10.6.8.4

Next hop 192.168.2.2:
+ 10.1.0.14
+ 10.1.0.123

Next hop 192.168.3.3:
+ 10.1.1.10
+ 10.1.4.6

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Here you will find answers to ICND 2 – Drag and Drop Questions Part 2

Question 1

[am4show have=’p2;’]Match the categories with the appropriate router output lines.

 

Answer:

[/am4show]1) Port operational: Serial0/1 is up, line protocol is up
2) Layer 2 problem: Serial0/1 is up, line protocol is down
3) Layer 1 problem: Serial0/1 is down, line protocol is down
4) Port disabled: Serial0/1 is administratively down, line protocol is down

Explanation:

A simple way to find out which layer is having problem is to remember this rule: “the first statement is for Layer 1, the last statement is for Layer 2 and if Layer 1 is down then surely Layer 2 will be down too”, so you have to check Layer 1 before checking Layer 2. For example, from the output “Serial0/1 is up, line protocol is down” we know that it is a layer 2 problem because the first statement (Serial0/1 is up) is good while the last statement (line protocol is down) is bad. For the statement “Serial0/1 is down, line protocol is down”, both layers are down so the problem belongs to Layer 1.

There is only one special case with the statement “…. is administratively down, line protocol is down”. In this case, we know that the port is currently disabled and shut down by the administrators.

Question 2

[am4show have=’p2;’]The above provides some descriptions, while the below provides some routing protocols. Drag the above items to the proper locations.

 

Answer:

[/am4show]EIGRP:

+ has a default administrative distance of 90
+ is vendor-specific

OSPF:

+ uses cost as its metric
+ elects a DR on each multiaccess network

Question 3

[am4show have=’p2;’]Drag the term on the left to its definition on the right (not all options are used)

 

Answer:

[/am4show]+ poison reverse: A router learns from its neighbor that a route is down and the router sends an update back to the neighbor with an infinite metric to that route
+ LSA: The packets flooded when a topology change occurs, causing network routers to update their topological databases and recalculate routes
+ split horizon: This prevents sending information about a routeback out the same interface that originally learned about the route
+ holddown timer: For a given period, this causes the router to ignore any updates with poorer metrics to a lost network

Question 4

[am4show have=’p2;’]

 

Answer:

[/am4show]+ holddown timer: prevents a router from improperly reinstating a route from a regular routing update
+ split horizon: prevents information about a route from being sent in the direction from which the route was learned
+ defining a maximum: prevents invalid updates from looping the internetwork indefinitely
+ route poisoning: causes a routing protocol to advertise an infinite metric for a failed route
+ triggered update: decreases convergence time by immediately sending route information in response to a topology change

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Here you will find answers to Drag and Drop Questions – Part 3

Question 1

[am4show have=’p2;’]Drag item on left to match item on right

 

Answer:
[/am4show]+ Point to Point Advantage: Quality
+ Point to Point Disadvantage: Limited Flexibility
+ Circuit Switched Advantage: Cost
+ Circuit Switched Disadvantage: Low speed
+ Packet Switch Advantage: Efficient
+ Packet Switch Disadvantage: More Complex

Question 2

[am4show have=’p2;’]Place the Spanning-Tree Protocol port state on its functions (not all options on the left are used)

 

Answer:

[/am4show]+ Populating the MAC address table but not forwarding data frames: LEARNING
+ Sending and receiving data frames: FORWARDING
+ Preparing to forward data frames without populating the MAC address table: LISTENING
+ Preventing the use of looped paths: BLOCKING

Question 3

[am4show have=’p2;’]As a CCNA candidate, you need to know EIGRP very well.
Which tables of EIGRP route information are held in RAM and maintained through the use of hello and update packets?

Please choose two appropriate tables and drag the items to the proper locations.

 

Answer:

[/am4show]Neighbor Table
Topology Table

The new ICND2 200-101 exam is coming to replace the old ICND2 640-816 exam. This exam is new so it will need some time to put up materials for this exam. In the meantime, we create the “Share your (new) ICND2 Experience” for everyone to share their experience after taking this exam.

Note: The last date to take the ICND2 exam is Sep-30-2013.

Please share with us your experience after taking the new ICND2 200-101 exam, your materials, the way you learned, your recommendations…