CCNA 4 v5 CN Chapter 8 Exam Answers 2014

CCNA 4 v5 CN Chapter 8 Exam Answers 2014

Connecting Networks

 

1.

Refer to the exhibit. Which two conclusions can be drawn from the syslog message that was generated by the router? (Choose two.)

This message resulted from an unusual error requiring reconfiguration of the interface.
This message indicates that the interface should be replaced.
This message is a level 5 notification message.*
This message indicates that service timestamps have been configured.*
This message indicates that the interface changed state five times.

2. A network technician has issued the service timestamps log datetime command in the configuration of the branch router. Which additional command is required to include the date and time in logged events?

Branch1(config)# service timestamps log uptime
Branch1# clock set 08:00:00 05 AUG 2013*
Branch1(config)# service timestamps debug datetime
Branch1# copy running-config startup-config

3.

Refer to the exhibit. From what location have the syslog messages been retrieved?

syslog server
syslog client
router RAM*
router NVRAM

4.

Refer to the exhibit. What does the number 17:46:26.143 represent?

the time passed since the syslog server has been started
the time when the syslog message was issued*
the time passed since the interfaces have been up
the time on the router when the show logging command was issued

5. What are SNMP trap messages?

messages that are used by the NMS to query the device for data
unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the network*
messages that are used by the NMS to change configuration variables in the agent device
messages that are sent periodically by the NMS to the SNMP agents that reside on managed devices to query the device for
data

6. How can SNMP access be restricted to a specific SNMP manager?

Use the snmp-server community command to configure the community string with no access level.
Specify the IP address of the SNMP manager by using the snmp-server host command.
Use the snmp-server traps command to enable traps on an SNMP manager.
Define an ACL and reference it by using the snmp-server community command.*

7. A network administrator issues two commands on a router:
R1(config)# snmp-server host 10.10.50.25 version 2c campus
R1(config)# snmp-server enable traps
What can be concluded after the commands are entered?

No traps are sent, because the notification-types argument was not specified yet.
Traps are sent with the source IP address as 10.10.50.25.
If an interface comes up, a trap is sent to the server.*
The snmp-server enable traps command needs to be used repeatedly if a particular subset of trap types is desired.

8. What is a difference between SNMP and NetFlow?

Unlike NetFlow, SNMP uses a “push”-based model.
NetFlow collects more detailed traffic statistics on IP networks than SNMP does.*
SNMP only gathers traffic statistics, whereas NetFlow can also collect many other performance indicators, such as interface
errors and CPU usage.
Unlike NetFlow, SNMP may be used to provide IP accounting for billing purposes.

9. How does NetFlow function on a Cisco router or multilayer switch?

Netflow captures and analyzes traffic.
One user connection to an application exists as two NetFlow flows.*
On 2960 switches, Netlow allows for data export.
NetFlow does not consume any additional memory.

10. Which type of information can an administrator obtain with the show ip cache flow command?

the NetFlow version that is enabled
whether NetFlow is configured on the correct interface and in the correct direction
the configuration of the export parameters
the protocol that uses the largest volume of traffic*

11. What is the most common purpose of implementing NetFlow in a networked environment?

to support accounting and monitoring with consumer applications*
to actively capture traffic from networked devices
to monitor live data usage and to control traffic flow with set messages
to passively capture changing events that occur in the network and to perform after-the-fact-analysis

12. Which destination do Cisco routers and switches use by default when sending syslog messages for all severity levels?

RAM
NVRAM
nearest syslog server
console*

13. Which SNMP feature provides a solution to the main disadvantage of SNMP polling?

SNMP community strings
SNMP set messages
SNMP get messages
SNMP trap messages*

14. Which statement describes SNMP operation?

A get request is used by the SNMP agent to query the device for data.
A set request is used by the NMS to change configuration variables in the agent device.*
An NMS periodically polls the SNMP agents that are residing on managed devices by using traps to query the devices for data.
An SNMP agent that resides on a managed device collects information about the device and stores that information remotely in the MIB that is located on the NMS.

15. A network administrator has issued the logging trap 4 global configuration mode command. What is the result of this command?

After four events, the syslog client will send an event message to the syslog server.
The syslog client will send to the syslog server any event message that has a severity level of 4 and higher.
The syslog client will send to the syslog server event messages with an identification trap level of only 4.
The syslog client will send to the syslog server any event message that has a severity level of 4 and lower.*

16. When logging is used, which severity level indicates that a device is unusable?

Critical – Level 2
Alert – Level 1
Emergency-Level 0 *
Error-Level 3

17.

Refer to the exhibit. While planning an upgrade, a network administrator uses the Cisco NetFlow utility to analyze data flow in the current network. Which protocol used the greatest amount of network time?

TCP-FTP
TCP-Telnet
UDP-DNS
TCP-other
UDP-other*

18. Which two statements describe items to be considered in configuring NetFlow? (Choose two.)

Netflow requires both management and agent software.
NetFlow can only be used if all devices on the network support it.
Netflow can only be used in a unidirectional flow.*
Netflow requires UDP port 514 for notification messages.
Netflow consumes additional memory.*

19. When SNMPvl or SNMPv2 is being used, which feature provides secure access to MIB objects?

message integrity
source validation
community strings*
packet encryption

20.

Refer to the exhibit. What can be concluded from the produced output?

An ACL was configured to restrict SNMP access to an SNMP manager.*
This is the output of the show snmp command without any parameters.
The system contact was not configured with the snmp server contact command

21. What are the most common syslog messages?

output messages that are generated from debug output
linkup and link down messages*
those that occur when a packet matches a parameter condition in an access control list
error messages about hardware or software malfunctions

22. A network administrator has issued the snmp-server user adminl admin v3 encrypted auth md5 abc789 priv des 256 key99 command. What are two features of this command? (Choose two.)

It forces the network manager to log into the agent to retrieve the SNMP messages.
It restricts SNMP access to defined SNMP managers.
It uses the MD5 authentication of the SNMP messages.*
It allows a network administrator to configure a secret encrypted password on the SNMP server.
It adds a new user to the SNMP group.*

23. Fill in the blank.

The   “syslog   protocol uses UDP port 514 and is the most common method to access system messages provided by networking devices.

24 When SNMPv1 or SNMPv2 is being used, which feature provides secure access to MIB objects?

packet encryption
source validation
community strings *
message integrity

25  A network administrator has issued the snmp-server user admin1 admin v3 encrypted auth md5 abc789 priv des 256 key99 command. What are two features of this command? (Choose two.)

It uses the MD5 authentication of the SNMP messages. *
It allows a network administrator to configure a secret encrypted password on the SNMP server.
It adds a new user to the SNMP group. *
It restricts SNMP access to defined SNMP managers.
It forces the network manager to log into the agent to retrieve the SNMP messages.

CCNA 4 v5 CN Chapter 7 Practice Skills Assessment – Packet Tracer 2014

CCNA 4 v5 CN Chapter 7 Practice Skills Assessment – Packet Tracer 2014

CCNA Routing and Switching
Connecting Networks

Practice Skills Assessment SIC – Packet Tracer

A few things to keep in mind while completing this activity:

  1. Do not use the browser Back button or close or reload any exam windows during the exam.
  2. Do not close Packet Tracer when you are done. It will close automatically.
  3. Click the Submit Assessment button in the browser window to submit your work.


Introduction

In this practice skills assessment, you will configure the School Network with IPv4, point-to-point Frame Relay, OSPFv2, default routes and GRE tunnels.

All IOS device configurations should be completed from a direct terminal connection to the device console from an available host.

Some values that are required to complete the configurations may have not been given to you. In that case, create the values that you need to complete the requirements.

You will practice and be assessed on the following skills:

  • Configuration of IPv4 addressing
  • Configuration of point-to-point Frame Relay
  • Configuration of HDLC
  • Configuration of OSPFv2
  • Configuration of default routes
  • Configuration of a GRE tunnel

You are required to configure the devices as follows:

R1:

  • Configure IPv4 addressing.
  • Configure point-to-point Frame Relay on the appropriate interfaces.
  • Configure HDLC on the appropriate interfaces.
  • Configure OSPF for IPv4.
  • Configure passive interfaces.
  • Redistribute a default route.
  • Configure a GRE tunnel to R4.

R2:

  • Configure IPv4 addressing.
  • Configure point-to-point Frame Relay on the appropriate interfaces.
  • Configure OSPF for IPv4.
  • Configure passive interfaces.

R3:

  • Configure IPv4 and IPv6 addressing.
  • Configure Point-to-Point Frame-Relay on the appropriate interfaces.
  • Configure OSPF for IPv4 and IPv6.
  • Configure passive interfaces.

R4:

  • Configure IPv4 addressing.
  • Configure a GRE tunnel to R1.
  • Configure HDLC on the appropriate interfaces.
  • Configure an IPv4 default route to the Internet.


Tables

Addressing Table:

Device Interface IP Address
R1 S0/0/0.2 192.168.0.1/30
S0/0/0.3 192.168.0.5/30
S0/0/1 198.51.100.1/30
T0 192.168.0.9/30
R2 G0/0 10.2.0.1/24
S0/0/0.1 192.168.0.2/30
S0/0/0.3 192.168.0.13/30
R3 G0/0 10.3.0.1/24
S0/0/0.1 192.168.0.6/30
S0/0/0.2 192.168.0.14/30
R4 G0/0 10.4.0.1/24
S0/0/1 203.0.113.1/30
T0 192.168.0.10/30

 

Frame Relay Table:

Device Interface DLCI
R1 S0/0/0.2 122
S0/0/0.3 123
R2 S0/0/0.1 221
S0/0/0.3 223
R3 S0/0/0.1 321
S0/0/0.2 322

ccna 4 cha7 skill

Instructions

All configurations must be performed through a direct terminal connection to the device consoles from an available host.

Step 1: Configure HDLC interfaces on R1 and R4.

Configure HDLC on the interfaces connected to the Internet. Use information from the Addressing Table. The interfaces should be configured for full connectivity.

Step 2:
 Configure Frame Relay.

Configure Frame Relay using the information from the Frame Relay Table.

  • Configure the IPv4 addressing of each sub-interface.
  • Configure the DLCI for each sub-interface.

Step 3:  Configure a GRE Tunnel between R1 and R4.

  • Configure a GRE tunnel, using Tunnel interface 0, that connects R1 with R4. Refer to the Addressing Table.
  • Configure a GRE tunnel, using Tunnel interface 0, that connects R4 with R1. Refer to the Addressing Table.

Step 4:  Configure OSPFv2.

  • Configure OSPF AS 1 area 0 on R1, R2, and R3.
  • Use the precise inverse mask for each network statement.
  • Only send OSPF updates out of the required interfaces.
  • Configure R1 to distribute a default route to the Internet.

Step 5:  Configure static and dynamic routing.

  • Create a next-hop default route to the Internet on R1.
  • Create a directly-attached default route to the Internet on R4.

r1_chap7

r2_chap7

r3_chap7

r4_chap7

CCNA 4 v5 CN Chapter 7 Exam Answers 2014

CCNA 4 v5 CN Chapter 7 Exam Answers 2014

Connecting Networks

 

1. How is “tunneling” accomplished in a VPN?

New headers from one or more VPN protocols encapsulate the original packets.*
All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private.
Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers.
A dedicated circuit is established between the source and destination devices for the duration of the connection.

2. Which two scenarios are examples of remote access VPNs? (Choose two.)

A toy manufacturer has a permanent VPN connection to one of its parts suppliers.
All users at a large branch office can access company resources through a single VPN connection.
A mobile sales agent is connecting to the company network via the Internet connection at a hotel.*
A small branch office with three employees has a Cisco ASA that is used to create a VPN connection to the HQ.
An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.*

3.

Refer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router?

172.16.1.1
172.16.1.2*
209.165.200.225
209.165.200.226

4. Which statement correctly describes IPsec?

IPsec works at Layer 3, but can protect traffic from Layer 4 through Layer 7.*
IPsec uses algorithms that were developed specifically for that protocol.
IPsec implements its own method of authentication.
IPsec is a Cisco proprietary standard.

5. What is an IPsec protocol that provides data confidentiality and authentication for IP packets?

AH
ESP*
RSA
IKE

6. Which three statements describe the building blocks that make up the IPsec protocol framework? (Choose three.)

IPsec uses encryption algorithms and keys to provide secure transfer of data.*
IPsec uses Diffie-Hellman algorithms to encrypt data that is transferred through the VPN.
IPsec uses 3DES algorithms to provide the highest level of security for data that is transferred through a VPN.
IPsec uses secret key cryptography to encrypt messages that are sent through a VPN.*
IPsec uses Diffie-Hellman as a hash algorithm to ensure integrity of data that is transmitted through a VPN.
IPsec uses ESP to provide confidential transfer of data by encrypting IP packets.*

7. What key question would help determine whether an organization should use an SSL VPN or an IPsec VPN for the remote access solution of the organization?

Is a Cisco router used at the destination of the remote access tunnel?
What applications or network resources do the users need for access?
Are both encryption and authentication required?
Do users need to be able to connect without requiring special VPN software?*

8. What is the purpose of a message hash in a VPN connection?

It ensures that the data cannot be duplicated and replayed to the destination.
It ensures that the data is coming from the correct source.
It ensures that the data has not changed while in transit.*
It ensures that the data cannot be read in plain text.

9. A network design engineer is planning the implementation of a cost-effective method to interconnect multiple networks securely over the Internet. Which type of technology is required?

a dedicated ISP
a VPN gateway*
a leased line
a GRE IP tunnel

10. What is one benefit of using VPNs for remote access?

lower protocol overhead
potential for reduced connectivity costs *
increased quality of service
ease of troubleshooting

11. Which statement describes a characteristic of IPsec VPNs?

IPsec can secure traffic at Layers 1 through 3.
IPsec works with all Layer 2 protocols.*
IPsec encryption causes problems with routing.
IPsec is a framework of Cisco proprietary protocols

12. What is the purpose of the generic routing encapsulation tunneling protocol?

to support basic unencrypted IP tunneling using multivendor routers between remote sites
to provide fixed flow-control mechanisms with IP tunneling between remote sites
to manage the transportation of IP multicast and multiprotocol traffic between remote sites*
to provide packet level encryption of IP traffic between remote sites

13. Which algorithm is an asymmetrical key cryptosystem?

3DES
DES
AES
RSA*

14. A network design engineer is planning the implementation of an IPsec VPN. Which hashing algorithm would provide the strongest level of message integrity?

512-bit SHA*
AES
SHA-1
MD5

15. What two encryption algorithms are used in IPsec VPNs? (Choose two.)

IKE
DH
PSK
3DES*
AES*

16. Which statement describes a feature of site-to-site VPNs?

Internal hosts send normal, unencapsulated packets.*
VPN client software is installed on each host.
The VPN connection is not statically defined.
Individual hosts can enable and disable the VPN connection.

17. Which Cisco VPN solution provides limited access to internal network resources by utilizing a Cisco ASA and provides browser-based access only?

clientless SSL VPN *
IPsec
SSL
client-based SSL VPN

18. Which two algorithms use Hash-based Message Authentication Code for message authentication? (Choose two.)

AES
DES
3DES
MD5*
SHA*

19. Which function of IPsec security services allows the receiver to verify that the data was transmitted without being changed or altered in any way?

confidentiality
anti-replay protection
data integrity*
authentication

20.

 

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. What problem is preventing the hosts from communicating across the VPN tunnel?

The EIGRP configuration is incorrect.
The tunnel destinations addresses are incorrect.
The tunnel IP addresses are incorrect.*
The tunnel source interfaces are incorrect

21. What is the purpose of utilizing Diffie-Hellman (DH) algorithms as part of the IPsec standard?

DH algorithms allow unlimited parties to establish a shared public key that is used by encryption and hash algorithms.
DH algorithms allow two parties to establish a shared public key that is used by encryption and hash algorithms.
DH algorithms allow two parties to establish a shared secret key that is used by encryption and hash algorithms.*
DH algorithms allow unlimited parties to establish a shared secret key that is used by encryption and hash algorithms.

22.

Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.)

The data that is sent across this tunnel is not secure.*
This tunnel mode provides encryption.
This tunnel mode does not support IP multicast tunneling.
A GRE tunnel is being used. *
This tunnel mode is not the default tunnel interface mode for Cisco IOS software.

23. Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?

Cisco AnyConnect Secure Mobility Client with SSL
Frame Relay
remote access VPN using IPsec
Cisco Secure Mobility Clientless SSL VPN
site-to-site VPN*

24. Which remote access implementation scenario will support the use of generic routing encapsulation tunneling?

a mobile user who connects to a SOHO site
a central site that connects to a SOHO site without encryption *
a branch office that connects securely to a central site
a mobile user who connects to a router at a central site

CCNA 4 v5 CN Chapter 6 Exam Answers 2014

CCNA 4 v5 CN Chapter 6 Exam Answers 2014

Connecting Networks

 

1. What are two Layer 2 WAN technologies that can provide secure remote connections between corporate branch offices? (Choose two.)

LTE
Frame Relay*
leased lines*
QoS
IPsec

2. Which two OSI Layer 1 specifications does DOCSIS define for a cable Internet connection? (Choose two.)

a deterministic media access method
channel bandwidth*
modulation technique*
VPN tunneling requirements
the separation of the voice and data transmissions

3. Which medium is used for delivering data via DSL technology through PSTN?

fiber
copper*
radifrequency
wireless

4. A company is looking for the least expensive broadband solution that provides at least 10 Mb/s download speed. The company is located 5 miles from the nearest provider. Which broadband solution would be appropriate?

satellite
DSL
WiMax
cable*

5. What are twcharacteristics of a PPPoE configuration on a Cisccustomer router? (Choose two.)

The PPP configuration is on the dialer interface.*
An MTU size of 1492 bytes is configured on the Ethernet interface.
The Ethernet interface does not have an IP address.*
The customer router CHAP username and password are independent of what is configured on the ISP router.
The dialer pool command is applied tthe Ethernet interface tlink it tthe dialer interface.

6. Fill in the blank.

DOCSIS specifies the  “MAC”  sub-layer as a Layer 2 requirement that defines either a deterministic access method, TDMA, or S-CDMA.

7. Fill in the blank. Use only an acronym.

PPPoE”   creates a PPP tunnel through the DSL connection for the purpose of sending PPP frames.

8. What functionality is required on routers tprovide remote workers with VoIP and videoconferencing capabilities?

PPPoE
QoS*
VPN
IPsec

9. Which broadband wireless technology is based on the 802.11 standard?

CDMA
municipal Wi-Fi*
UMTS
WiMAX

10. Why is the MTU for a PPPoE DSL configuration reduced from 1500 bytes t1492?

to enable CHAP authentication
to accommodate the PPPoE headers*
to reduce congestion on the DSL link
to establish a secure tunnel with less overhead

11. Which standard specifies the channel frequencies and the deterministic access method of cable networks?

DOCSIS*
802.16
LTE
WIMAX

12. Which two network components does a teleworker require to connect remotely and securely from home to the corporate network? (Choose two.)

VPN client software or VPN-enabled router*
broadband Internet connection*
VPN server or concentrator
authentication server
multifunction security appliance

13. In which layer of the TCP/IP protocol model does IPsec apply security to network data?

application
transport
internet*
network
access

14. Which cable network communication technology is secure, extremely resistant to noise, and employs spread-spectrum technology?

CDMA
S-CDMA*
FDMA
TDMA

15. How is voice traffic affected when the customer uses ADSL technology?

No special equipment is needed to separate voice and data signals.
Voice traffic is interrupted if the ADSL service fails.
Voice signals are on a separate wire pair from ADSL signals.
ADSL signals can distortvoice transmissions.*

16. Which technology provides a secure connection between a SOHO and the headquarters office?

PPPoE
QoS
WiMax
VPN*

17. What are two characteristics of a PPPoE configuration on a Cisco customer router? (Choose two.)

The customer router CHAP username and password are independent of what is configured on the ISP router.
The PPP configuration is on the dialer interface.*
An MTU size of 1492 bytes is configured on the Ethernet interface.
The Ethernet interface does not have an IP address.*
The dialer pool command is applied to the Ethernet interface to link it to the dialer interface.

18. What advantage does DSL have compared to cable technology?

DSL upload and download speeds are always the same.
DSL is not a shared medium.*
DSL is faster.
DSL has no distance limitations.

19. What are two disadvantages of employing teleworkers in an organization? (Choose two.)

slower customer service response times
increased usage of sick or vacation days
increased difficulty of tracking task progress*
increase in office expenses
the need to implement a new management style*

20. 

Place the options in the following order:
WiMax *
Cellular/Mobile *
Satellite *
– not scored –

 

21. Which DSL technology provides higher downstream bandwidth to the user than upstream bandwidth?

SDSL
TDMA
CDMA
ADSL*

22. Which networking technology will ensure reliable and secure remote access when a teleworker connects to a corporate network?

an encrypted VPN tunnel *
routers with QoS capability
broadband (cable or DSL) access to the corporate network
a VoIP and videoconferencing capable connection

23. Which broadband technology would be best for a user that needs remote access when traveling in mountains and at sea?

satellite *
Wi-Fi Mesh
mobile broadband
WiMax

24. Which type of long distance telecommunication technology provides point-to-point connections and cellular access?

WiMax*
satellite
mobile broadband
municipal Wi-Fi

25. What functionality is required on routers to provide remote workers with VoIP and videoconferencing capabilities?

QoS*
VPN
PPPoE
IPsec

26
A company is looking for the least expensive broadband solution that provides at least 10 Mb/s download speed. The company is located 5 miles from the nearest provider. Which broadband solution would be appropriate?

satellite
DSL
WiMax
cable*

CCNA 4 v5 CN Chapter 5 Exam Answers 2014

CCNA 4 v5 CN Chapter 5 Exam Answers 2014

Connecting Networks

1 Typically, which network device would be used to perform NAT for a corporate environment?

DHCP server
host device
router*
server
switch

2 What is the group of public IPv4 addresses used on a NAT-enabled router known as?

outside local addresses
inside local addresses
inside global addresses*
outside global addresses

3 When NAT is employed in a small office, which address type is typically used for hosts on the local LAN?

private IP addresses*
global public IP addresses
Internet-routable addresses
both private and public IP addresses

4 Which version of NAT allows many hosts inside a private network to simultaneously use a single inside global address for connecting to the Internet?

PAT*
static NAT
dynamic NAT
port forwarding

5 Which type of NAT maps a single inside local address to a single inside global address?

dynamic
static*
port address translation
overloading

6 Several key servers in an organization must be directly accessible from the Internet. What addressing policy should be implemented for these servers?

Use dynamic NAT to provide addresses for the servers.
Place all of the servers in their own Class C private subnet.
Use DHCP to assign addresses from the pool of Class B addresses.
Assign static internal addresses and public external addresses to each of the servers*

7 What is a disadvantage of NAT?

There is no end-to-end addressing.*
The router does not need to alter the checksum of the IPv4 packets.
The internal hosts have to use a single public IPv4 address for external communication.
The costs of readdressing hosts can be significant for a publicly addressed network.

8

 

Refer to the exhibit. What has to be done in order to complete the static NAT configuration on R1?

R1 should be configured with the command ip nat inside source static 209.165.200.1 192.168.11.11.
R1 should be configured with the command ip nat inside source static 209.165.200.200 192.168.11.11.
Interface S0/0/0 should be configured with the command ip nat outside.*
Interface Fa0/0 should be configured with the command no ip nat inside.

9

Refer to the exhibit. R1 is configured for NAT as displayed. What is wrong with the configuration?

Access-list 1 is misconfigured.
NAT-POOL2 is not bound to ACL 1.*
Interface Fa0/0 should be identified as an outside NAT interface.
The NAT pool is incorrect.

10 Which statement accurately describes dynamic NAT?

It always maps a private IP address to a public IP address.
It provides an automated mapping of inside local to inside global IP addresses.*
It provides a mapping of internal host names to IP addresses.
It dynamically provides IP addressing to internal hosts.

11 A network administrator configures the border router with the command R1(config)# ip nat inside source list 4 pool corp. What is required to be configured in order for this particular command to be functional?

a NAT pool named corp that defines the starting and ending public IP addresses*
an access list named corp that defines the private addresses that are affected by NAT
an access list numbered 4 that defines the starting and ending public IP addresses
ip nat outside to be enabled on the interface that connects to the LAN affected by the NAT
a VLAN named corp to be enabled and active and routed by R1

12 When dynamic NAT without overloading is being used, what happens if seven users attempt to access a public server on the Internet when only six addresses are available in the NAT pool?

No users can access the server.
The request to the server for the seventh user fails.*
All users can access the server.
The first user gets disconnected when the seventh user makes the request.

13 A network engineer has configured a router with the command ip nat inside source list 4 pool corp overload. Why did the engineer use the overload option?

The company has more private IP addresses than available public IP addresses.*
The company needs to have more public IP addresses available to be used on the Internet.
The company router must throttle or buffer traffic because the processing power of the router is not enough to handle the normal load of external-bound Internet traffic.
The company has a small number of servers that should be accessible by clients from the Internet.

14

Refer to the exhibit. What will be the effect of entering the command that is shown in the exhibit on R2 as part of the dynamic NAT configuration?

It will define a pool of addresses for translation.
It will identify an inside NAT interface.
It will bind NAT-POOL1 with ACL 1.*
It will define the source ACL for the external interface.

15 Which configuration would be appropriate for a small business that has the public IP address of 209.165.200.225/30 assigned to the external interface on the router that connects to the Internet?

access-list 1 permit 10.0.0.0 0.255.255.255*
ip nat inside source list 1 interface serial 0/0/0 overload*

access-list 1 permit 10.0.0.0 0.255.255.255
ip nat pool comp 192.0.2.1 192.0.2.8 netmask 255.255.255.240
ip nat inside source list 1 pool comp

access-list 1 permit 10.0.0.0 0.255.255.255
ip nat pool comp 192.0.2.1 192.0.2.8 netmask 255.255.255.240
ip nat inside source list 1 pool comp overload

access-list 1 permit 10.0.0.0 0.255.255.255
ip nat pool comp 192.0.2.1 192.0.2.8 netmask 255.255.255.240
ip nat inside source list 1 pool comp overload
ip nat inside source static 10.0.0.5 209.165.200.225

16 What are two required steps to configure PAT? (Choose two.)

Define a pool of global addresses to be used for overload translation.*
Define a standard access list denying the addresses that should be translated.
Define the range of ports to be used.
Identify the inside interface.*
Define a standard access list that allow the outside global addresses to be used.

17

Refer to the exhibit. What is the purpose of the command marked with an arrow shown in the partial configuration output of a Cisco broadband router?

defines which addresses can be translated*
defines which addresses are allowed into the router
defines which addresses are assigned to a NAT pool
defines which addresses are allowed out of the router

18 What is the purpose of port forwarding?

Port forwarding allows an external user to reach a service on a private IPv4 address that is located inside a LAN.*
Port forwarding allows users to reach servers on the Internet that are not using standard port numbers.
Port forwarding allows an internal user to reach a service on a public IPv4 address that is located outside a LAN.
Port forwarding allows for translating inside local IP addresses to outside local addresses.

19 What is a characteristic of unique local addresses?

They allow sites to be combined without creating any address conflicts.*
They are designed to improve the security of IPv6 networks.
Their implementation depends on ISPs providing the service.
They are defined in RFC 3927.

20

Refer to the exhibit. Based on the output that is shown, what type of NAT has been implemented?

dynamic NAT with a pool of two public IP addresses
PAT using an external interface*
static NAT with one entry
static NAT with a NAT pool

21

Refer to the exhibit. The NAT configuration applied to the router is as follows:
ERtr(config)# access-list 1 permit 10.0.0.0 0.255.255.255
ERtr(config)# ip nat pool corp 209.165.201.6 209.165.201.30 netmask 255.255.255.224
ERtr(config)# ip nat inside source list 1 pool corp overload
ERtr(config)# ip nat inside source static 10.10.10.55 209.165.201.4
ERtr(config)# interface gigabitethernet 0/0
ERtr(config-if)# ip nat inside
ERtr(config-if)# interface serial 0/0/0
ERtr(config-if)# ip nat outside

Based on the configuration and the output shown, what can be determined about the NAT status within the organization?

Dynamic NAT is working, but static NAT is not.
Static NAT is working, but dynamic NAT is not.
NAT is working.
Not enough information is given to determine if both static and dynamic NAT are working. *

22 Based on the configuration and the output shown, what can be determined about the NAT status within the organization?

NAT is working.
Static NAT is working, but dynamic NAT is not.
Dynamic NAT is working, but static NAT is not.
Not enough information is given to determine if both static and dynamic NAT are working.*

23

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
What problem is causing PC-A to be unable to communicate with the Internet?

The static route should not reference the interface, but the outside address instead.
This router should be configured to use static NAT instead of PAT.
The ip nat inside source command refers to the wrong interface.
The access list used in the NAT process is referencing the wrong subnet.
The NAT interfaces are not correctly assigned.*

24

Place the options in the following order:
– not scored –
step 5
step 2
step 4
step 1
step 3

25 
What are two of the required steps to configure PAT? (Choose two.)

Create a standard access list to define applications that should be translated.
Identify the inside interface.*
Define the range of source ports to be used.
Define the hello and interval timers to match the adjacent neighbor router.
Define a pool of global addresses to be used for overload translation.*

CCNA 4 v5 CN Chapter 4 Exam Answers 2014

CCNA 4 v5 CN Chapter 4 Exam Answers 2014

Connecting Networks

1.
What is a characteristic of Frame Relay that provides more flexibility than a dedicated line?

Customers use dedicated circuits in increments of 64 kb/s.
Dedicated physical circuits are installed between each site.
The Frame Relay cloud allocates as much bandwidth as required to active PVCs to maintain the connection.
One router WAN port can be used to connect to multiple destinations.*

2
What are the two major criteria that constitute the cost of a Frame Relay circuit? (Choose two.)

QoS
end-to-end connectivity
local loop*
required bandwidth*
circuit management fees

3
A router interface connects to a Frame Relay network over a preconfigured logical circuit that does not have a direct electrical connection from end to end. Which type of circuit is being used?

SVC
hub and spoke
full mesh
dedicated leased line
PVC*

4
Which Frame Relay topology provides a connection from every site to every other site and maintains a high amount of reliability?

hub and spoke
partial mesh
full mesh*
star

5
Which technology allows a Layer 3 IPv4 address to be dynamically obtained from a Layer 2 DLCI?

Neighbor Discovery
Address Resolution Protocol
Inverse Neighbor Discovery
Inverse Address Resolution Protocol*

6
A network administrator has statically configured the LMI type on the interface of a Cisco router that is running Cisco IOS Release 11.2. If the service provider modifies its own LMI type in the future, what step must the network administrator take?

The network administrator must modify the keepalive time interval to maintain connectivity with the LMI type of the service provider.
The network administrator does not have to do anything, because all LMI types are compatible with one another.
The network administrator must statically set the LMI type to be compatible with the service provider.*
The network administrator simply has to verify connectivity with the provider, because the router has an LMI autosensing feature that automatically detects the LMI type.

7
Which two functions are provided by the Local Management Interface (LMI) that is used in Frame Relay networks? (Choose two.)

mapping of DLCIs to network addresses
error notification
congestion notification
simple flow control*
exchange of information about the status of virtual circuits*

8
Which parameter would be specified in a Frame Relay provider contract for a particular company?

DE
QoS
Inverse ARP enabled/disabled
CIR*

9
Which three notification mechanisms are used when congestion is present in a Frame Relay network? (Choose three.)

DE*
BECN*
inverse ARP
CIR
FECN*
DLCI

10
Why would a customer request a Frame Relay circuit with a CIR of zero?

to have a circuit used for network management traffic
to have a backup circuit for critical data transmissions
to have better QoS
to have a link with reduced costs*
to have a circuit used for voice traffic

11
Which provider-negotiated parameter would allow a customer to send data above the rate of the bandwidth specified by the CIR?

DE
FECN
Be
Bc*

12
What is the purpose of applying the command frame-relay map ip 10.10.1.2 110 broadcast?​

to support IPv6 traffic over the NBMA network by using DLCI 110
to allow Frame Relay frames to be broadcast over DLCI 110​
to allow Frame Relay frames to be broadcast toward host 10.10.1.2
to allow Frame Relay frames to be broadcast on all Frame Relay interfaces
to configure a device with a static Frame Relay map that also allows the forwarding of routing updates*

13

Refer to the exhibit. Which two statements are correct? (Choose two.)

The IPv4 address of interface S0/1/0 on RA is 192.168.1.2.
The IPv4 address of interface S0/1/1 on RB is 192.168.1.2.*
The DLCI that is attached to the VC on RA to RB is 62.*
The DLCI that is attached to the VC on RB to RA is 62.
The Frame Relay map was set by using the command frame-relay map.

14

 

Refer to the exhibit. Which statement is true about Frame Relay traffic on R1?

Traffic that exits subinterface Serial 0/0/0.102 is marked with DLCI 201.*
Traffic on Serial 0/0/0 is experiencing congestion between R1 and the Frame Switch.
Traffic that is mapped to DLCI 201 will exit subinterface Serial 0/0/0.201.
Frames that enter router R1 from a Frame Relay neighbor will have DLCI 201 in the frame header.

15
Which three actions can be taken to solve Layer 3 routing protocol router reachability issues when using Frame Relay? (Choose three.)

Use subinterfaces.*
Disable Inverse ARP.
Use a full mesh topology.*
Use the keyword cisco as the LMI type.
Disable split horizon.*
Configure static DLCI mappings.

16
When would the multipoint keyword be used in Frame Relay PVCs configuration?

when multicasts must be supported
when using physical interfaces
when participating routers are in the same subnet*
when global DLCIs are in use

17
A network engineer has issued the interface serial 0/0/1.102 point-to-point command on a router that will be communicating with another router over a Frame Relay virtual circuit that is identified by the DLCI 102. Which two commands would be appropriate for the network engineer to issue next? (Choose two.)

no shutdown
no ip address
encapsulation frame relay
ip address 10.1.1.10 255.255.255.252*
frame-relay interface-dlci 102*

18
Which two Frame Relay router reachability issues are resolved by configuring logical subinterfaces? (Choose two.)

LMI status inquiry messages sent to the network are not received.
Inverse ARP fails to associate all IP addresses to the correct DLCIs.
Frame Relay is unable to map a remote IP address to a DLCI.
Distance vector routing protocols are unable to forward routing updates back out the incoming interface to other remote routers.*
Link-state routing protocols are unable to complete neighbor discovery.*

19

 

Refer to the exhibit. A network administrator has implemented the show interfaces serial 0/1/0 command. What can be verified from the displayed output?

Router R1 connects to multiple sites through the serial 0/1/0 interface.
Router R1 is forwarding traffic on interface serial 0/1/0 using the local DLCI 1023.*
Router R1 is not using the default LMI type.​
Router R1 has been configured with Frame Relay via the ietf keyword.

20
The show frame-relay pvc command is best utilized to display the number for which type of packets that are received by the router?

FECN and BECN messages*
Inverse Neighbor Discovery messages
Inverse ARP messages
LMI status messages

21

 

Refer to the exhibit. A network administrator is configuring Frame Relay subinterfaces on R1. A distance vector routing protocol has also been configured. Data is routing successfully from R1 to networks that are connected to R2, R3, and R4, but routing updates between R2 and R3 are failing. What is the possible cause of this failure?

Split horizon is preventing successful routing table updates on the multipoint link.*
Multipoint Frame Relay networks cannot be used with this IP addressing scheme.
Subinterfaces cannot be used on multipoint Frame Relay links.
Two DLCI identifiers cannot be configured on one subinterface.

22

Refer to the exhibit. A network administrator issues the show frame-relay map command to troubleshoot the Frame Relay connection problem. Based on the output, what is the possible cause of the problem?

The S0/0/1 interface of the R2 router is down.
The IP address on S0/0/1 of R3 is configured incorrectly.
Inverse ARP is providing false information to the R1 router.
The S0/0/1 interface of the R2 router has been configured with the encapsulation frame relay ietfcommand.
The Frame Relay map statement on the R3 router for the PVC to R2 is configured with an incorrect DLCI number.*

23
Fill in the blank. Use an acronym.
The Frame Relay     “DLCI”      identifies a connection from one endpoint to a remote destination.

24

Fill in the blank.
The   encapsulation frame-relay    “ietf”        command enables Frame Relay encapsulation and allows connection to a device from a different vendor.

25 

Place the options in the following order:
[+] customers pay for an end-to-end connection
[+] customers do not share the line
[+] requires more equipment to purchase and maintain
[+] used in one-to-one network link only

[#] used in one-to-many networks
[#] uses virtual circuits
[#] customers share bandwidth

[+] Order does not matter within this group.
[#] Order does not matter within this group.

CCNA 4 v5 CN Chapter 3 Exam Answers 2014

CCNA 4 v5 CN Chapter 3 Exam Answers 2014

Connecting Networks

1.
Which address is used in the Address field of a PPP frame?

a single byte of binary 10101010
a single byte of binary 11111111*
the IP address of the serial interface
a single byte of binary 00000000

2
How does PPP interface with different network layer protocols?

by specifying the protocol during link establishment through LCP
by encoding the information field in the PPP frame
by using separate NCPs*
by negotiating with the network layer handler

3

Place the options in the following order:
Compression
Multilink
Maximum Receive Unit
– not scored –
Authentication Protocol

4
Which command can be used to view the cable type that is attached to a serial interface?

Router(config)# show controllers*
Router(config)# show ip interface
Router(config)# show interfaces
Router(config)# show ip interface brief

5
In which situation would the use of PAP be preferable to the use of CHAP?

when plain text passwords are needed to simulate login at the remote host*
when router resources are limited
when multilink PPP is used
when a network administrator prefers it because of ease of configuration

6
Which protocol will terminate the PPP link after the exchange of data is complete?

IPCP
LCP*
IPXCP
NCP

7

Refer to the exhibit. Which statement describes the status of the PPP connection?

Both the link-establishment and network-layer phase completed successfully.*
Only the network-layer phase completed successfully.
Only the link-establishment phase completed successfully.
Neither the link-establishment phase nor the network-layer phase completed successfully.

8
Which is an advantage of using PPP on a serial link instead of HDLC?

option for session establishment
higher speed transmission
option for authentication*
fixed-size frames

9
Which three statements are true about PPP? (Choose three.)

PPP can use synchronous and asynchronous circuits.*
PPP carries packets from several network layer protocols in LCPs.
PPP can only be used between two Cisco devices.
PPP uses LCPs to agree on format options such as authentication, compression, and error detection.*
PPP uses LCPs to establish, configure, and test the data link connection.*

10
When configuring Multilink PPP, where is the IP address for the multilink bundle configured?

on a subinterface
on a physical serial interface
on a physical Ethernet interface
on a multilink interface*

11
Which field marks the beginning and end of an HDLC frame?

FCS
Flag*
Control
Data

12


Refer to the exhibit. Based on the debug command output that is shown, which statement is true of the operation of PPP.

Both PAP and CHAP authentication were attempted.
A PPP session was successfully established.*
CHAP authentication failed because of an unknown hostname.
The debug output is from router R2.

13
During a PPP session establishment phase, which two messages are sent by the requested party if the options are not acceptable? (Choose two.)

Configure-Reject*
Code-Reject
Discard-Request
Configure-Nak*
Protocol-Reject

14
A network administrator is evaluating authentication protocols for a PPP link. Which three factors might lead to the selection of CHAP over PAP as the authentication protocol? (Choose three.)

uses an unpredictable variable challenge value to prevent playback attacks*
uses a three-way authentication periodically during the session to reconfirm identities*
transmits login information in encrypted format*
control by the remote host of the frequency and timing of login events
establishes identities with a two-way handshake
makes authorized network administrator intervention a requirement to establish each session

15

Place the options in the following order:
Step 3
Step 2
Step 4
Step 1
– not scored –
Step 5
Step 6

16
What are three components of PPP? (Choose three.)

LCP*
multilink
NCP*
HDLC-like framing*

compression
authentication

17

Refer to the exhibit. A network administrator is configuring the PPP link between the two routers. However, the PPP link cannot be established. Based on the partial output of the show running-config command, what is the cause of the problem?​

The passwords do not match.*
The usernames do not match.
The passwords should be longer than 8 characters.
The interface IP addresses are in different subnets.

18
Which PPP option can detect links that are in a looped-back condition?

Magic Number*
Callback
MRU
ACCM

19
Which three are types of LCP frames used with PPP? (Choose three.)

link-negotiation frames
link-acknowledgment frames
link-maintenance frames*
link-termination frames*
link-establishment frames*
link-control frames

20
At which layer of the OSI model does multiplexing take place?

Layer 3
Layer 4
Layer 2
Layer 1*

21

Place the options in the following order:
Phase 3
– not scored –
Phase 1
Phase 2

22
Which three physical layer interfaces support PPP? (Choose three.)

GigabitEthernet
asynchronous serial*
HSSI*
synchronous serial*

POTS
FastEthernet

23


Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
Why is the serial link between router R1 and router R2 not operational?

The encapsulation in both routers does not match.
The passwords are different in both routers.
In each case the expected username is not the same as the remote router hostname.*
The authentication type is not the same in both routers.

24
Which serial 0/0/0 interface state will be shown if no serial cable is attached to the router, but everything else has been correctly configured and turned on?

Serial 0/0/0 is up, line protocol is down
Serial 0/0/0 is administratively down, line protocol is down
Serial 0/0/0 is up (disabled)
Serial 0/0/0 is up, line protocol is up
Serial 0/0/0 is down, line protocol is down*
Serial 0/0/0 is up (looped)

CCNA 4 v5 CN Chapter 2 Exam Answers 2014

CCNA 4 v5 CN Chapter 2 Exam Answers 2014

Connecting Networks

1.

Which WAN technology is cell-based and well suited to carry voice and video traffic?

VSAT
ISDN
Frame Relay
ATM*

2
Which WAN connectivity method would be used in a remote location where there are no service provider networks?

VPN
WiMAX
cable
VSAT*

3
Which network scenario will require the use of a WAN?

Employees need to access web pages that are hosted on the corporate web servers in the DMZ within their building.
Employees need to connect to the corporate email server through a VPN while traveling.*
Employee workstations need to obtain dynamically assigned IP addresses.
Employees in the branch office need to share files with the headquarters office that is located in a separate building on the same campus network.

4
Which two technologies use the PSTN network to provide an Internet connection? (Choose two.)

ATM
ISDN*
Frame Relay
MPLS
dialup*

5
Which geographic scope requirement would be considered a distributed WAN scope?

regional
one-to-one
global
local
one-to-many
many-to-many*

6
What are two advantages of packet switching over circuit switching? (Choose two.)

A connection through the service provider network is established quickly before communications start.
There are fewer delays in the data communications processes.
The communication costs are lower.
Multiple pairs of nodes can communicate over the same network channel.*
A dedicated secure circuit is established between each pair of communicating nodes.

7
Which connectivity method would be best for a corporate employee who works from home two days a week, but needs secure access to internal corporate databases?

VPN*
WiMAX
DSL
cable

8

Place the options in the following order:

– not scored –
CPE
Local Loop
– not scored –
DTE
DCE

9
Which wireless technology provides Internet access through cellular networks?

satellite
municipal WiFi
LTE*
WiMAX

10
What is a requirement of a connectionless packet-switched network?

Full addressing information must be carried in each data packet.*
A virtual circuit is created for the duration of the packet delivery.
Each packet has to carry only an identifier.
The network predetermines the route for a packet.

11
A customer needs a WAN virtual connection that provides high-speed, dedicated bandwidth between two sites. Which type of WAN connection would best fulfill this need?

circuit-switched network
packet-switched network
MPLS
Ethernet WAN*

12
Which WAN technology establishes a dedicated constant point-to-point connection between two sites?

ATM
Frame Relay
leased lines*
ISDN

13
A company needs to interconnect several branch offices across a metropolitan area. The network engineer is seeking a solution that provides high-speed converged traffic, including voice, video, and data on the same network infrastructure. The company also wants easy integration to their existing LAN infrastructure in their office locations. Which technology should be recommended?

Frame Relay
Ethernet WAN*
ISDN
VSAT

14
A home user lives within 10 miles (16 kilometers) of the Internet provider network. Which type of technology provides high-speed broadband service with wireless access for this home user?

WiMAX*
DSL
802.11
municipal Wi-Fi

15
Which two devices are needed when a digital leased line is used to provide a connection between the customer and the service provider? (Choose two.)

dialup modem
access server
DSU*
CSU*
Layer 2 switch

16

Place the options in the following order:
uses traditional video network
uses traditional phone network
set up by a city to provide free Internet access
slow access (upload speed is about one-tenth download speed)
– not scored –

17
What is a feature of dense wavelength-division multiplexing (DWDM) technology?

It replaces SONET and SDH technologies.
It provides Layer 3 support for long distance data communications.
It provides a 10 Gb/s multiplexed signal over analog copper telephone lines.
It enables bidirectional communications over one strand of fiber.*

18
What is the recommended technology to use over a public WAN infrastructure when a branch office is connected to the corporate site?

municipal Wi-Fi
VPN*
ATM
ISDN

19
A small company with 10 employees uses a single LAN to share information between computers. Which type of connection to the Internet would be appropriate for this company?

a broadband service, such as DSL, through their local service provider*
a dialup connection that is supplied by their local telephone service provider
Virtual Private Networks that would enable the company to connect easily and securely with employees
private dedicated lines through their local service provider

20
What is a long distance fiber-optic media technology that supports both SONET and SDH, and assigns incoming optical signals to specific wavelengths of light?

ATM
MPLS
ISDN
DWDM*

21
A new corporation needs a data network that must meet certain requirements. The network must provide a low cost connection to sales people dispersed over a large geographical area. Which two types of WAN infrastructure would meet the requirements? (Choose two.)

private infrastructure
dedicated
public infrastructure*
Internet*
satellite

22
What are two common high-bandwidth fiber-optic media standards? (Choose two.)

ITU
ANSI
ATM
SDH*
SONET*

CCNA 4 v5 CN Chapter 1 Exam Answers 2014

CCNA 4 v5 CN Chapter 1 Exam Answers 2014

Connecting Networks

1
What are two structured engineering principles necessary for successful implementation of a network design? (Choose two.)

modularity*
security
availability
quality of service
resiliency*

2
What is an important first consideration when starting to design a network?

size of the network*
access security
protocols to be used
type of applications

3
Which layer of the Cisco Collaboration Architecture contains unified communications and conference software such as Cisco WebEx Meetings, WebEx Social, Cisco Jabber, and TelePresence?

service provider edge
enterprise WAN
applications and devices*
services module

4
In which layer of the hierarchical enterprise LAN design model would PoE for VoIP phones and access points be considered?

core
physical
data link
access*
distribution

5
Which network module is the fundamental component of a campus design?

access-distribution module*
services module
data center
enterprise edge

6
In a hierarchical network design, which layers may be combined into a collapsed core for smaller networks?

core, distribution, and access
distribution and access
core and access
core and distribution*

7


Refer to the exhibit. Which type of ISP connectivity to the service provider edge is being used by company A?

dual-homed
dual-multihomed
single-homed
multihomed*

8
What is one advantage to designing networks in building block fashion for large companies?

mobility
redundancy
increased network access time
failure isolation*

9
A network engineer wants to redesign the wireless network and make use of wireless network controllers that manage the many deployed wireless access points. In which network design module of the campus network architecture would the centralized wireless network controllers be found?

services*
access-distribution
enterprise edge
data center

10
Which two devices would commonly be found at the access layer of the hierarchical enterprise LAN design model? (Choose two.)

Layer 3 device
firewall
access point*
Layer 2 switch*
modular switch

11
Which approach in networking allows for network changes, upgrades, or the introduction of new services in a controlled and staged fashion?

modular*
network module
borderless
static

12


Refer to the exhibit. Which type of Cisco hierarchical LAN design model is used at school site 1?

7 layer
two-tier collapsed core*
three-tier
3 layer

13
Which three network architectures have been introduced by Cisco to address the emerging technology challenges created by the evolving business models? (Choose three.)

Cisco Collaboration*
Cisco Data Center*
Cisco Borderless*
Cisco Enterprise Edge
Cisco Enterprise Campus
Cisco Enterprise Branch

14
Which Cisco technology allows diverse network devices to connect securely, reliably, and seamlessly to enterprise network resources?

Cisco AnyConnect*
enterprise edge
building distribution
service provider edge

15
The network design for a college with users at five sites is being developed. Where in the campus network architecture would servers used by all users be located?

services
enterprise edge
data center*
access-distribution

16
What is creating a new challenge for IT departments by changing the border of the enterprise network?

tablets*
company-owned desktops
energy costs
access layer switching

17
Which network architecture functions through a combination of technologies that include wired, wireless, security, and more?

Cisco Borderless*
Cisco Enterprise Campus
Cisco Enterprise Edge
Cisco Enterprise Branch

18
Which network architecture combines individual components to provide a comprehensive solution allowing people to cooperate and contribute to the production of something?

Cisco Enterprise Campus Architecture
Cisco Enterprise Branch Architecture
Cisco Borderless Network Architecture
Cisco Collaboration Architecture*

19
Fill in the blank.
Reducing the complexity of network design by dividing a network into smaller
areas is an example of a ” hierarchical ” network model.​

20
Fill in the blank. Use the abbreviation.
Under the Cisco Enterprise Edge module, the submodule that provides remote access
including authentication and IPS appliances is the ” VPN ” and remote access submodule.

21


Place the options in the following order:

– not scored –
core
ccess
distribution

22


Place the options in the following order:
[+] campus core
[+] building distribution
[+] data center

[#] VPN and remote access
[#] DMZ
[#] e-commerce

[+] Order does not matter within this group.
[#] Order does not matter within this group.

CCNA 3 v5 Switched Networks Practice Skills Assessment – Packet Tracer 2014

CCNA 3 v5 Switched Networks Practice Skills Assessment – Packet Tracer 2014

CCNA Routing and Switching
Switched Networks

Practice Skills Assessment – Packet Tracer

A few things to keep in mind while completing this activity:

Do not use the browser Back button or close or reload any exam windows during the exam.
Do not close Packet Tracer when you are done. It will close automatically.
Click the Submit Assessment button in the browser window to submit your work.

Introduction

In this practice skills assessment, you will configure the Company A network with RPVST+, port security, EtherChannel, DHCP, VLANs and trunking, and routing between VLANs. In addition you will perform an initial configuration on a switch, secure unused switch ports and secure SVIs. A simple access control list will also be configured.

All IOS device configurations should be completed from a direct terminal connection to the device console from an available host.

Some values that are required to complete the configurations have not been given to you. In those cases, create the values that you need to complete the requirements. These values may include certain IP addresses, passwords, interface descriptions, banner text, and other values.

For the sake of time, many repetitive but important configuration tasks have been omitted from this activity. Many of these tasks, especially those related to device security, are essential elements of a network configuration. The intent of this activity is not to diminish the importance of full device configurations.

You will practice and be assessed on the following skills:

  • Configuration of initial switch settings
  • IPv4 address assignment and configuration
  • Configuration of switch management settings including SSH
  • Configuration of port security
  • Configuration of unused switch ports according to security best practices
  • Configuration of RPVST+
  • EtherChannel configuration
  • Configuration of a router as a DHCP server
  • Configuration of VLANs and trunks
  • Configuration of routing between VLANs

You are required to do the following:

Campus:

  • Configure interface IPv4 addresses and descriptions
  • Configure DHCP pools and excluded addresses
  • Configure routing between VLANs
  • Configure a simple standard access control list

SW-A:

  • Create and name VLANs
  • Configure EtherChannel
  • Configure trunking
  • Assign access ports to VLANs
  • Configure remote management settings
  • Configure RPVST+

SW-B:

  • Configure initial device settings
  • Create and name VLANs
  • Configure EtherChannel
  • Configure trunking
  • Assign access ports to VLANs
  • Configure remote management settings and SSH
  • Activate RPVST+
  • Secure unused switch ports
  • Configure port security

SW-C:

  • Create and name VLANs
  • Configure EtherChannel
  • Configure trunking
  • Assign access ports to VLANs
  • Configure remote management settings
  • Configure RPVST+

Internal PC hosts:

  • Configure as DHCP clients
  • Assign Static IPv4 addresses

Tables

Note: You are provided with the networks that interfaces should be configured on. Unless you are told to do differently in the detailed instructions below, you are free to choose the host addresses to assign.

Addressing Table:

Instructions

All configurations must be performed through a direct terminal connection to the device consoles from an available host.

Step 1: Configure initial device settings on SW-B only.

  • Configure the host name as SW-B. The host name must match the value in the table exactly in spelling, case, and punctuation.
  • Prevent the router CLI from attempting to look up mistyped commands as URLs.
  • Configure an appropriate message-of-the-day banner.
  • Configure an encrypted password for Privileged EXEC mode.
  • Protect access to the device console.
  • Prevent IOS status messages from interrupting command line output at the device console.
  • Encrypt all clear text passwords.

Step 2: Create and name VLANs.

On all three switches, create and name the VLANs shown in the VLAN Table.

  • The VLAN names must match the values in the table exactly in spelling, case, and punctuation.
  • Each switch should be configured with all of the VLANs shown in the table.

Step 3: Assign switch ports to VLANs.

Using the VLAN table, assign the switch ports to the VLANs you created in Step 2, as follows:

  • All switch ports that you assign to VLANs should be configured to static access mode.
  • All switch ports that you assign to VLANs should be activated.
  • Note that all the unused ports on SW-B only should be assigned to VLAN 999. This configuration step on switches SW-A and SW-C has been left out of this activity for the sake of time.

Step 4: Configure the SVIs.

Using the addressing table, create and address the SVIs on all three switches. Configure the switches so that they can connect with remote hosts. Full connectivity will be established after routing between VLANs has been configured later in this assessment.

Step 5: Configure Trunking and EtherChannel.

a. Use the information in the Port-Channel Groups table to configure EtherChannel as follows:

  • Use LACP.
  • The switch ports on both sides of Channels 1 and 2 should both initiate negotiations for channel establishment.
  • The switch ports on the SW-B side of the Channel 3 should initiate negotiations with the switch ports on SW-C.
  • The switch ports on the SW-C side of Channel 3 should not initiate negotiations with the switch ports on the other side of the channel.

b. Configure all port-channel interfaces as trunks.

c. Configure trunking on the switch port on SW-A that is connected to Campus.

Step 6: Configure Rapid PVST+.

Configure Rapid PVST+ settings as follows.

a. Activate Rapid PVST+ and set root priorities.

  • All three switches should be configured to run Rapid PVST+.
  • SW-A should be configured as root primary for VLAN 5 and VLAN 10 using the default primary priority values.
  • SW-A should be configured as root secondary for VLAN 15 and VLAN 100 using the default secondary priority values.
  • SW-C should be configured as root primary for VLAN 15 and VLAN 100 using the default primary priority values.
  • SW-C should be configured as root secondary for VLAN 5 and VLAN 10 using the default secondary priority values.

b. Activate PortFast and BPDU Guard on the SW-C switch access ports.

  • Configure PortFast on all access ports that are connected to hosts. This must be configured on the switch ports. Do not use the portfast default form of the command.
  • Activate BPDU Guard on all access ports that are connected to hosts.

Step 7: Configure switch security.

You are required to complete the following only on SW-B for this assessment. In reality, security should be configured on all devices in the network.

a. Secure unused switch ports. Following security best practices, do the following on SW-B only:

  • Shutdown all unused switch ports.
  • Configure all unused switch ports as access ports.
  • All unused switch ports should be assigned to VLAN 999.

b. Configure port security on all active access ports on the SW-B.

  • Each switch port should accept only two MAC addresses before a security action occurs.
  • The learned MAC addresses should be recorded in the running configuration.
  • If a security violation occurs, the switch ports should provide notification that a violation has occurred but not place the interface in an err-disabled state.

c. On SW-B, configure the virtual terminal lines to accept only SSH connections on the virtual terminal lines.

  • Use a domain name of ccnaPTSA.com.
  • Use a modulus value of 1024.
  • Configure SSH version 2.
  • Configure the vty lines to only accept SSH connections.
  • Configure user-based authentication for SSH connections to the vty lines with a user name of netadmin and a secret password of SSH_secret9. The user name and password must match the values provided here exactly in case, punctuation, and spelling.

Step 8: Configure routing between VLANs.

Configure router Campus to route between VLANs according to the information in the addressing table.

  • Do not route VLAN 999.

Step 9: Configure a standard access control list.

Configure a standard access control list to control access to the management interfaces (SVI) of the switches as follows:

  • Use the number 1 for the list.
  • Permit only addresses from the admin VLAN network to access any address on the manage VLAN network.
  • Hosts on the admin VLAN network should be able to reach all other destinations.
  • Your list should consist of one statement.

Step 10: Configure the router as a DHCP server.

Configure three DHCP pools as follows:

  • Create a DHCP pool for hosts on VLAN5 using the pool name vlan5pool.
  • Create a DHCP pool for hosts on VLAN10 using the pool name vlan10pool.
  • Create a DHCP pool for hosts on VLAN15 using the pool name vlan15pool.
  • All VLAN pool names must match the provided values exactly.
  • Exclude the first five addresses from each pool.
  • Configure a DNS server address of 192.0.2.62.
  • Once they have received addresses, the hosts should be able to ping hosts on other networks.

Step 11: Configure host addressing.

All hosts should be able to ping each other and the two external servers after they have been addressed.
Hosts on VLANs 5, 10 and 15 should be configured to receive addresses dynamically over DHCP.
Hosts on VLAN 100 should be addressed statically as indicated in the addressing table. Once configured, the hosts should be able to ping hosts on other networks.

Shared by Gega Sxirtladze

Router Campus

en
conf t
int g0/1
no shut
no shutdown
exit

int g0/1.5
encapsulation dot1Q 5
ip address 10.10.5.1 255.255.255.0
no shutdown
exit
int g0/1.10
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
no shut
exit
int g0/1.15
encapsulation dot1Q 15
ip addr 10.10.15.1 255.255.255.0
no shut
exit
int g0/1.100
encapsulation dot1Q 100
ip addr 10.10.100.1 255.255.255.0
no shut
exit
int g0/1.199
encapsulation dot1Q 199
ip addr 10.10.199.1 255.255.255.0
no shut
exit
ip dhcp excluded-address 10.10.5.1 10.10.5.5
ip dhcp pool vlan5pool
network 10.10.5.0 255.255.255.0
default-router 10.10.5.1
dns-server 192.0.2.62
exit

ip dhcp excluded-address 10.10.10.1 10.10.10.5
ip dhcp pool vlan10pool
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 192.0.2.62
exit

ip dhcp excluded-address 10.10.15.1 10.10.15.5
ip dhcp pool vlan15pool
network 10.10.15.0 255.255.255.0
default-router 10.10.15.1
dns-server 192.0.2.62
exit
ip access-list standard 1
permit 10.10.100.0 0.0.0.255
exit
int g0/1.199
ip access-group 1 out

————————————————-

SW-B
en
conf t
hostname SW-B
no ip domain-lookup
banner motd “SW-B”
enable secret cisco
service password-encryption

line console 0
password cisco
login
Logging synchronous
exit

line vty 0 15
password cisco
login
exit

no logging console

vlan 5
name sales
exit
vlan 10
name prod
exit
vlan 15
name acct
exit
vlan 100
name admin
exit
vlan 199
name manage
exit
vlan 999
name null
exit
int f0/7
switchport mode access
switchport access vlan 5
no shutdown
exit

int f0/10
switchport mode access
switchport access vlan 10
no shutdown
exit

int f0/15
switchport mode access
switchport access vlan 15
no shutdown
exit

int f0/24
switchport mode access
switchport access vlan 100
no shutdown
exit

int vlan 199
ip address 10.10.199.253 255.255.255.0
ip default-gateway 10.10.199.1
int port-channel 2
exit
int range fa0/3-4
channel-group 2 mode active
exit

int port-channel 3
exit
int range fa0/5-6
channel-group 3 mode active
exit

int range fa0/3-6
switchport mode trunk
exit

spanning-tree mode rapid-pvst

int range fa0/1-2
switchport mode access
switchport access vlan 999
shutdown
exit

int range fa0/8-9
switchport mode access
switchport access vlan 999
shutdown
exit

int range fa0/11-14
switchport mode access
switchport access vlan 999
shutdown
exit

int range fa0/16-23
switchport mode access
switchport access vlan 999
shutdown
exit

Int range g1/1-2
switchport mode access
switchport access vlan 999
shutdown
exit
int fa0/7
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
exit

int fa0/10
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
exit

int fa0/15
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
exit

int fa0/24
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
exit

ip domain-name ccnaPTSA.com
crypto key generate rsa
1024
ip ssh version 2

line vty 0 4
login local
transport input ssh
exit

username netadmin secret SSH_secret9

—————————————————-
SW-A>
en
conf t

vlan 5
name sales
exit
vlan 10
name prod
exit
vlan 15
name acct
exit
vlan 100
name admin
exit
vlan 199
name manage
exit
vlan 999
name null
exit
int f0/5
switchport mode access
switchport access vlan 5
no shutdown
exit

int f0/10
switchport mode access
switchport access vlan 10
no shutdown
exit
int f0/15
switchport mode access
switchport access vlan 15
no shutdown
exit

int f0/24
switchport mode access
switchport access vlan 100
no shutdown
exit

int vlan 199
ip address 10.10.199.254 255.255.255.0
ip default-gateway 10.10.199.1
int port-channel 1
exit
int port-channel 2
exit

int range fa0/1-2
channel-group 1 mode active
exit

int range fa0/3-4
channel-group 2 mode active
exit

int range fa0/1-4
switchport mode trunk
exit

int gig1/1
no shutdown
switchport mode trunk
exit

spanning-tree mode rapid-pvst
spanning-tree vlan 5 root primary
spanning-tree vlan 10 root primary
spanning-tree vlan 15 root secondary
spanning-tree vlan 100 root secondary

————————————————–
SW-C

en
conf t

vlan 5
name sales
exit
vlan 10
name prod
exit
vlan 15
name acct
exit
vlan 100
name admin
exit
vlan 199
name manage
exit
vlan 999
name null
exit
int f0/7
switchport mode access
switchport access vlan 5
no shutdown
exit

int f0/10
switchport mode access
switchport access vlan 10
no shutdown
exit
int f0/15
switchport mode access
switchport access vlan 15
no shutdown
exit

int f0/24
switchport mode access
switchport access vlan 100
no shutdown
exit

int vlan 199
ip address 10.10.199.252 255.255.255.0
ip default-gateway 10.10.199.1
int port-channel 1
exit
int port-channel 3
exit

int range fa0/1-2
channel-group 1 mode active
exit

int range fa0/5-6
channel-group 3 mode passive
exit

int range fa0/1-2
switchport mode trunk
exit

int range fa0/5-6
switchport mode trunk
exit

spanning-tree mode rapid-pvst
spanning-tree vlan 15 root primary
spanning-tree vlan 100 root primary
spanning-tree vlan 5 root secondary
spanning-tree vlan 10 root secondary

int fa0/7
spanning-tree portfast
spanning-tree bpduguard enable
exit

int fa0/10
spanning-tree portfast
spanning-tree bpduguard enable
exit

int fa0/15
spanning-tree portfast
spanning-tree bpduguard enable
exit

int fa0/24
spanning-tree portfast
spanning-tree bpduguard enable
exit

CCNA v6.0 Routing and Switching Exam Answers 2017