Share your ICND2 v3.0 Experience

we need @9tut to help us 😀 and updates the new question section

@nixie thanks man. so it is just C and the second answer is unknown

what about 4th question?

4. Which ACL rules are applied as first? (one answer)

= port filter
= router filter
= something
= something

have no idea

I really dont know what are port filter and router filter

What about answer of gareth ?

1 : Full mesh
11 C
7 A C
9 A

@nixie
1 is full mesh 100%
11 it is = Root Guard or BPDU Guard filter, need to read about it
7 ping is the first , that is obvious, but not sure about trace
9 it is old question, the answer is here on 9tut int the pppoe section and it is : Dev1(config-if)# pppoe enable. But there are always arguments about this, because the pppoe-client dial-pool-number command includes pppoe enable by default, so you don’t have to enter pppoe enable separately.

Hum you’re right for 9.

How long do you think 9tut will take to update the questions?

Taking exam on 26th February

I am taking mine on the 6th of February, and I really have no hope for the questions to be updated till that date :D. Will be happy if I am wrong.

Maybe this weekend hopefully. Could you share the questions after your exam?

21. What prevents DDOS? DHCP snooping is false ?

22. What does Stack switching provide?

23. What allows two neighbor to establish EIGRP adjacency?

25. What is true about GRE tunnel? it use MD5?? Plaintexst !

27. What command to check if a trunk is enable on an interface?

28. what command will remove ipv6 OSPF address on an interface?

29 what are the following things that will need to enable ipv6 on OSPFv3?

30. which of the following is true about a single area OSPF?

21 is right, DHCP snooping prevents DHCP Starvation which is DDos attack

Ok thanks !

Would be great if someone share information about the QoS questions they had

After your exam can you tell us more about the questions?

@nixie
sure I will tell more

Ok great , lets pray for 9tut to update the questions

@nixie and @Billy the Dump
When is the test of voices?
Please post the questions with the updated answers below, please.

voices = you*

26th February for me

@ nixie

Where do you get these issues?
Do not have the answers, too?

DONT LISTEN TO FILL, ITS FAKE!!!!

@Kaz

what does this monitor session command (monitor session 16 source interface GI0/11) means?

It mean that “look at this SOURCE port” (not destination port) and tell me what do you see.
By default destination port will get TX and RX that means both.

If there was command monitor session 16 source interface GI0/11 tx or monitor session 16 source interface GI0/11 rx – you could say unidirection (because of tx or rx in the end of each command).

You say “A source interface can not be simultaneously configured as a destination interface” but it’s not the reason at all! Source port is a source of information it receives(rx) or give away(tx). Destination port is ANOTHER PORT(ANOTHER!!!!!) who gets this information and we even don’t need to choose between tx or rx or both. HE GETS ALL INFORMATION!!! Ofcourse you cannot make source and destination port of 1(ONE) port, because it is different ports!

@Skvok
about keepalives – have just finished research
the answer is B (have to apply on both sides)
Wendell Odom’s CCNA ICND2 Official Certification Guide (page 449) says:
“It is a configuration mistake to enable keepalives on only one end of a point-to-point serial link. It appears that some very recent IOS versions notice when the keepalives are mistakenly disabled on one end of a link and prevent the link from going to an “up and up” state.” This is exactly what happens when PPP encapsulation is enabled on my routers!So CCNA candidates should know for the exam that disabling keepalives on end of a serial link (whether default HDLC or PPP encapsulation is configured) will result in an “up and down” state.

and of course you are right about monitor session command, it is bi-directional

I just don’t understand the question:
4. Which ACL rules are applied as first? (one answer)

= port filter
= router filter
= something
= something

and have problems with this one:

14. If Trap in SNMP is not working, where can be issue? (one answer) something like that

= Trap was not set
= wasn’t put command “snmp-server enable traps”
= snmp server host has not configured inform messages
= something

Answer: A? B? (By default, SNMP does not have any traps set. Without snmp-server enable traps command, SNMP managers must poll for all relevant information).

prevent the link from going to an “up and down”* state

@Billy The Dump
thx for answer on keepalive

4. I think B : obviously it means that we talking about extended acl(or named)

access-list acl-number source source-wildcard [operator [port]]
destination destination-wildcard [operator [port]] [log]

After you choose tcp,udp, etc there is source IP address and only then goes port.

But I don’t know what is C and D in the question. If I cshoose between A and B it will be B.

@Billy The Dump

About 14. If Trap in SNMP is not working, where can be issue? (one answer) something like that

For me it is obviously B.

snmp-server enable traps command in global configuration mode to enable the sending of all supported types of Trap and Inform messages.

C – incorrect because in question said TRAPS(not INFORMS). If you not conf. inform messages so what? Traps will still be available.

A – fmmm very tricky, but in Wendell Odom there where no information about how to set traps, only to how configure.

@Skvok
thank you mate, I think you are right on 4th
and what do you think about the second question?

2. Something like – What can MPLS provide?(two correct Answers)

= Authentication Header
= something like secure payload of packet with ESP
= VPN
= something

as I know MPLS doesnt provide AH/ESP (IPSec does), so the answer will be VPN. and we don’t have a second right on the list. What do you think?
Reading this paper at the moment:
https://www.giac.org/paper/gsec/2937/ipsec-mpls-even-together/104944

@Billy The Dump

Oh SH*T! about 4. Which ACL rules are applied as first? (one answer)
Now I see what’s the problem. It’s said routeR not route filter(which i thought was ip address). Dunno in that case i think answer is port filter(because acl is putting on the port configuration).
Again, i need to see whole question to undestand. Maybe C and D correct.

@Billy The Dump

2. Something like – What can MPLS provide?(two correct Answers)

about VPN agree, second question don’t know.

Mpls provide auth and vpn

Hi Guys, just passed with 856, the most of the questions posted by Nixie are valid, I got ospf and eigrp lab(the same from 9tut). Study the questions from Nixie and you will be fine.

All the best for the futur CCNA…

@gsp did you have questions that were not posted by nixie? Qos ?

yes and i guess one question about QoS but dont remember the question.

Unfortunately i have seen only this morning the questions from Nixie, didn’t have have to study it.

@gsp
thanks for the review

@ENDnnd
I think IPsec privides AH or ESP/ MLPS only supports shared secrets

@ENDnnd
so, I agree it provides authentication, but not AH

@gsp and congratulations on passing the exam!

@Billy The dump,

thank you and good luck for the exam!

i remember now one question about QoS in the exam:
Which statement about QoS default behavior is true?

A. Ports are untrusted by default.
B. VoIP traffic is passed without being tagged.
C. Video traffic is passed with a well-known DSCP value of 46.
D. Packets are classified internally with an environment.
E. Packets that arrive with a tag are untagged at the edge of an administrative domain.

@ENDnnd

Yes, i had Q4,Q6,Q7,Q9,Q10 from NEW Questions.

@gareth

BGP Q:

How can BGP advertise routes? (one answer) or something like that

= correct answer was put command “network prefix mask DDN-mask ”

Which command is used to configure IPv6 peer for BGP? (one answer)

= neighbor xxxx remote-as xxxx

Congrats gsp! And thanks for all the hints guys.

@Reggae, thx

can you please tell us the right answer of Qos
A or E

A. Ports are untrusted by default.
B. VoIP traffic is passed without being tagged.
C. Video traffic is passed with a well-known DSCP value of 46.
D. Packets are classified internally with an environment.
E. Packets that arrive with a tag are untagged at the edge of an administrative domain.

the answer is A

I think so too. Although E is correct as well, the question mentions default behaviour, and A references default behaviour as well. E is fixed.

@ biily @ Reggae
thanks very much
what about PPPoE question should i choose pppoe-client dial-pool-number or pppoe enable

Enable

For QoS, I have chosen E in the exam but the explanation from reggae make sense then A is correct.

https://learningnetwork.cisco.com/message/667027#667027

For ACL question

Many thanks nixie. In short, precedence of ACLs is as follows:
1)Port ACL
2)Router ACL
3)VLAN ACL

Woops. Seems there’s some variation. They also have a list that goes:
1. PACL for the ingress port
2. VACL for the ingress VLAN
3. Input Cisco IOS ACL (Router ACL)
4. Output Cisco IOS ACL (Router ACL)
5. VACL for the egress VLAN

So I’m not sure. But Port ACLs seem to always be first.

Ok so we are all good. If someone can maybe add some new questions 😛

@gsp can you provide some questions that were not part of the questions above?

@Reggae, yeah, you are right

1. Port ACL

2. Ingress VACL

3. Ingress router ACL

4. SGACL

5. Egress router ACL

6. Egress VACL

DONT LISTEN TO BREA, ITS FAKE!!

Which three options are benefits of using TACACS+ on a device? (Choose three)
A. It ensures that user activity is untraceable.
B. It provides a secure accounting facility on the device.
C. device-administration packets are encrypted in their entirely.
D. It allows the user to remotely access devices from other vendors.
E. It allows the users to be authenticated against a remote server.
F. It supports access-level authorization for commands.

Answer: B, C and F

Answer C E F not B C F

@ccSK

57. Which three options are benefits of using TACACS+ on a device? (Choose three)

A. It ensures that user activity is untraceable.
B. It provides a secure accounting facility on the device.
C. device-administration packets are encrypted in their entirely.
D. It allows the user to remotely access devices from other vendors.
E. It allows the users to be authenticated against a remote server.
F. It supports access-level authorization for commands.

Correct Answer: CEF

Did anyone who took the test know the options of the questions below?

8. Which of the following is true about Link state protocol?

9. Which of the following is true about Distance Vector?

10. What does the BGP command mean?

21. What prevents DDOS?
DHCP snooping

22. What does Stack switching provide?

23. What allows neighbor to establish EIGRP adjacency?

25. What is true about GRE tunnel? it use MD5 ??

26. Which of the following is true about Cisco APIC-EM? it checks on both egress and interface?

27. What command to check if a trunk is enabled on an interface?

28. what command will remove ipv6 OSPF address on an interface?

29 what are the following things that will need to enable ipv6 on OSPFv3?

30. Which of the following is true about a single OSPF area?

@nixie and More

i am still convinced that the answer is B C and F. Search TACACS+ related and check AAA (Authentication, Authorization and Accounting) either on Cisco or other sites. See one of the link below:

https://ethernuno.wordpress.com/2016/01/15/ccnp-switch-300-115-part-2-2-security-with-cisco-ios-aaa-tacacs-radius/

“Accounting—Collects and sends information used for billing, auditing, and reporting to the TACACS+ daemon. Network managers can use the accounting facility to track user activity for a security audit or to provide information for user billing. Accounting records include user identities, start and stop times, executed commands (such as PPP), number of packets, and number of bytes.”

Answer E seems completely wrong as it authenticate against a remote server.

@More and nixie

I am still convinced with my answer.

See link below:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfoverv.pdf

Answer E seems wrong as it authenticate against a remote server

Hi every one
I would like to know the answer of this question please
7. troubleshooting connectivity between 2 devices. How will you start? (two answers)

= ping
= extended ping with source
= traceroute

@icnd2

I don’t think we can answer to this question without seeing the topology.
but I think you should make ping as the first step.

BUT!
if we want to test connectivity for CERTAIN network (where the host that lost connectivity resides) and that network is directly connected to our router, we can make extended ping from the source as well (by specifying IP address of the router interface that resides in that network) ->
and if we get the reply, we have a guarantee that the remote router have a route to that network in its routing table -> we may continue troubleshooting on upper layers
so, in this case I would choose Ping and Extended ping as the next step.
(just my thoughts)

Hi!

Everyone here!!!

This site has much and much spam now.

I just created one WA Group for talking the CCNA exams.

If you want to talk and share, you can add the group by this link:

bit.ly/ccna-cert-group

(copy that short link and open it in your web browser!!!)

Good luck, all!!!

And may be, I am a bit paranoid, but what to you guys think about this question?
14. If Trap in SNMP is not working, where can be issue? (one answer) something like that

= Trap was not set
= wasn’t put command “snmp-server enable traps”
= snmp server host has not configured inform messages
= something

This is from Cisco documentation:

If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent. In order to configure the router to send these SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, all notification types are enabled. If you enter the command with a keyword, only the notification type related to that keyword is enabled. In order to enable multiple types of notifications, you must issue a separate snmp-server enable traps command for each notification type and notification option.

BUT!!!

You do not want a Cisco device to send all of the SNMP traps that the device knows how to send. For instance, if you enable all traps in a Remote Access Server with 64 dial-in lines, you get a trap whenever a user dials in and whenever a user terminates the connection. This creates too many traps. Cisco IOS Software defines groups of traps that you can enable or disable. There are two global configuration commands that you use to configure SNMP traps into a Cisco IOS Software device:
snmp-server host host-addr [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port] [notification-type]
snmp-server enable traps [notification-type] [notification-option]

So, may be the answer A (the trap was not set) is more valid?

Plus in the question they ask you about TRAP, not TRAPS
(probably the other traps are working?)

Can someone who took the exam can confirm the question are valid?

Can anyone take the exam to confirm the questions are valid? :))))

Hi guys, yes 90% of the questions i got in the exam, just study them and you will be fine!!!

@gsd you had the questions posted by gareth?

I didn’t get the following questions 4,19,23,27,31,32,34,35,36,40,43 but it’s good to know the answers as well. One advice just follow the blueprint of the exam:https://learningcontent.cisco.com/cln_storage/text/cln/marketing/exam-topics/200-105-icnd2-v3.pdf

@Gsp , so you got the other questions?

@gareth, yes

Ok thanks. Can you remember any questions that I didnt post?

Sorry, i don’t remember more I am an old man 😉 but with these and the 9tut questions you will score 9xx for sure but don’t forget you pass with 811 don’t stress, what is important is just to PASS. btw where did you find these VIP questions ? 😉

@gsp
Thank you for the info, It helps so much! Someone just posted the questions after his exam, and then additional info was added by the guys that passed.

@gsp I find those in this share section lol

Great team work guys!!!

Thanks for the info guys. Testing in 2 weeks. Panic button had been pressed. Will try to add anything new after my exam.

@gareth,

A couple of the questions you posted I got on the test I took

@gareth The answer of Question 37 is A? It’s messed up 😮 why answer is 38

DONT LISTEN TO CHILI, ITS FAKE!!!!

@hdawg , Can you remember other questions ?

@Kiki yes answer is A

I hope we are fine with those questions 🙂

Would be great if someone Can remember others questions

I am going to take an exam next tuesday. I wil try to remember most of the question and update 9tut.

I do not believe pppoe enable is in any of the configurations i’ve seen, my understanding is once you add the pppoe-client dial-pool-number (pool #) command to the interface is when the protocol comes up. Can someone confirm?

@Question 9 from Gareth posts
Once you add ‘pppoe-client dial-pool-number 1’ to the physical interface, IOS automatically adds ‘pppoe enable’ to the interface also.

so, I don’t know what answer they want you to give)

After a bit of research and considering cisco’s tricky ways i change my mind i believe pppoe enable is likely the answer they are looking for however the pppoe-client dial-pool-number command does natively enable pppoe. Its not always which answer works with cisco but, which answer is more correct

@Denis Good luck,

I passed ICND 2 today and the most of the questions are from gareth and 9tut questions the LAB was EIGRP same questions as 9tut but with different answers.

Good Luck to ALL

@Moro ; thanks for the information. Did you had other questions not included in gareth’s post?

@Moro
Pode ajudar a gente com mais detalhes do teste, por favor?

@Moro
Can you help us with more details of the test, please?

@Speedy

LLDP questions?? o_O

Hey guys, wrote my exam a few days ago and just wanted to come back and thank you all for the help. Definitely a lot of new questions. I got intense questions in PPPoE, SNMP, GRE, APIC-EM and HSRP. I’d say to just go and read all the cisco documentation you can get on those topics.

I dont remember questions too clearly (was too busy panicking) but here’s what I jotted down after the exam:
1) What three protocols does the APIC-EM path trace tool use?
2) What three protocols does HSRP use to talk?
3)Two commands to debug pppoe authentication?
4)Why security of radius may be compromised?
5)Which utility can be used to troubleshoot a TCP stream? Ping, Wireshark?
6)What does configuring snmp host 1.2.3.4 traps md5 auth do? Configure 1.2.3.4 to receive traps, configure it to receive informs, configure it to send data?
7)OSPF hotspot
8)EIGRP troubleshooting sim
9)Which switchport mode disables DTP? Auto, nonegotiate?
10)ACL 175 extended
deny tcp any any non-working hours (active)
permit tcp any any working hours
Why cant you access a pc behind the acl?
11)Which statement is true about switch stacking?
You can perform simplified maintenance, you can link aggregate
12) Which two statements configure static link aggregation?
…mode on in both switches…
13)Which cloud model is most vulnerable to the cloud? IAAS was my guess, but i think it was wrong
14)Which is used by IGPs? Dijstras, bellman ford
15)Which command configures ipv6 on an eigrp interface? ipv6 eigrp 1
16)Which two pieces on info are needed for bgp neighbours

Oh and I passed still. I knew enough to eliminate the craziest answers. So that’s what people meant when they said to not just cram answers but read the text and watch the vids. So once you’ve done some of that and you’ve read the cisco docs on the newer topics, don’t stress. Believe in yourself and stay calm 🙂

@Anonymous , did you had questions posted above?

1) What three protocols does the APIC-EM path trace tool use? DONT KNOW
3)Two commands to debug pppoe authentication?DONT KNOW
4)Why security of radius may be compromised? only pw is encrypted so can sniff trafic
6)What does configuring snmp host 1.2.3.4 traps md5 auth do? Configure 1.2.3.4 to receive traps, configure it to receive informs, configure it to send data? configure 1.2.3.4 to receive traps ?

Can someone share the answers?

@Anonymous
Thank you very much for the description!
Best of luck

@Anonymous
Are you sure the question was as follows: “1) What three protocols does the APIC-EM path trace tool use?”
May be it was just What three protocols does the APIC-EM use?
If so:

For controller-initiated communications (discovery or pushing policy to the devices), the Cisco APIC-EM uses the following protocols to access and program network devices:

SSH version 2
Telnet
SNMP versions 2c and 3

What about 2) What three protocols does HSRP use to talk?
What three protocols?