CCNA 4 Final Exam The Best

SSH is unable to pass through NAT.

There are incorrect access control list entries.

The access list has the incorrect port number for SSH.

The ip helper command is required on S0/0/0 to allow inbound connections.

Wi-Fi

Satellite

WiMAX

Metro Ethernet

VPN link establishment and maintenance is provided by LCP.

DLCI addresses are used to identify each end of the VPN tunnel.

VPNs use virtual Layer 3 connections that are routed through the Internet.

Only IP packets can be encapsulated by a VPN for tunneling through the Internet.

Exploits a known vulnerability

Attaches to executable programs

Masquerades as a legitmate program

Lies dormant until triggered by an event, time, or date

All traffic that originates from 192.168.4.0/24 is permitted.

All TCP traffic is permitted, and all other traffic is denied.

All Telnet traffic from the 192.168.0.0/16 network is permitted.

All traffic from the 192.168.4.0/22 network is permitted on TCP port 23.

Use the copy tftp: flash: command

Boot the router to bootROM mode and enter the b command to load the IOS manually

Telnet from another router and issue the show running-config command to view the password

Boot the router to ROM monitor mode and configure the router to ignore the startup configuration when it initializes

The commands overwrite the existing Managers ACL.

The commands are added at the end of the existing Managers ACL.

The network administrator receives an error stating that the ACL already exists.

The commands will create a duplicate Managers ACL containing only the new commands being entered.

Configure DHCP and static NAT.

Configure dynamic NAT for ten users.

Configure static NAT for all ten users.

Configure dynamic NAT with overload.

Traffic that is destined for 10.10.4.1 and 10.10.4.5 will be dropped by the router.

Traffic will not be routed from clients with addresses between 10.10.4.1 and 10.10.4.5.

The DHCP server will not issue the addresses ranging from 10.10.4.1 to 10.10.4.5.

The router will ignore all traffic that comes from the DHCP servers with addresses 10.10.4.1 and 10.10.4.5.

The router matches the incoming packet to the statement that is created by access-list 201 permit ip any any command and allows the packet into the router.

The router reaches the end of ACL 101 without matching a condition and drops the packet because there is no statement that was created by access-list 101 permit ip any any command.

The router matches the incoming packet to the statement that was created by the access-list 101 permit ip any 172.16.1.0 0.0.0.255 command, ignores the remaining statements in ACL 101, and allows the packet into the router.

The router matches the incoming packet to the statement that was created by the access-list 201 deny icmp 172.16.1.0 0.0.0.255 any command, continues comparing the packet to the remaining statements in ACL 201 to ensure that no subsequent statements allow FTP, and then the router drops the packet.

When the remote router is a non-Cisco router

When the local router is configured with subinterfaces

When globally significant rather than locally significant DLCIs are being used

When the local router and the remote router are using different LMI protocols

Proxy ARP

CDP updates

SNMP services

RIP authentication

Disable IP source routing.

Configure passive interfaces

Configure routing protocol authentication.

Secure administrative lines with Secure Shell.

When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are over-written in favor of the newer technology.

Incorrect IPv4 addresses are entered on the router interfaces.

RIPng is incompatible with dual-stack technology.

IPv4 is incompatible with RIPng.

The username and password are not configured correctly.

The authentication method is not configured correctly.

The HTTP timeout policy is not configured correctly.

The vtys are not configured correctly.

Interface Fa0/0, inbound

Interface Fa0/0, outbound

Interface Fa0/1, inbound

Interface Fa0/1, outbound

Named ACLs are less efficient than numbered ACLs.

Standard ACLs should be applied closest to the core layer.

ACLs applied to outbound interfaces are the most efficient.

Extended ACLs should be applied closest to the source that is specified by the ACL.

Queuing strategy

Serial cable type

Interface IP address

Encapsulation method

The crossover cable is faulty.

The IP addressing is incorrect

There is a Layer 2 problem with the router connection.

The upper layers are experiencing an unspecified problem.

One or both of the Ethernet interfaces are not working correctly.

The serial interfaces are in different subnets.

The RIPng process is not enabled on interfaces.

The RIPng processes do not match between Router1 and Router2.

The RIPng network command is missing from the IPv6 RIP configuration.

PPP

SLIP

HDLC

Frame Relay

Demilitarized zone (DMZ)

Demarcation point

Local loop

Cloud

Protocol type

Source IP address

Source MAC address

Destination IP address

Destination MAC address

Apply the ACL in the inbound direction.

Apply the ACL on the FastEthernet 0/0 interface.

Reverse the order of the TCP protocol statements in the ACL.

Modify the second entry in the list to permit tcp host 172.16.10.10 any eq telnet .

Access control list

Routing protocol

Inbound interface

ARP cache

Traffic is only forwarded from SDM-trusted Cisco routers.

Security testing is performed and the results are saved as a text file stored in NVRAM.

The router is tested for potential security problems and any necessary changes are made.

All traffic entering the router is quarantined and checked for viruses before being forwarded.

Scheduling will be easy if the network and software teams work independently.

It will be difficult to isolate the problem if two teams are implementing changes independently.

Results from changes will be easier to reconcile and document if each team works in isolation.

Only results from the software package should be tested as the network is designed to accommodate the proposed software platform.

DLCI 123

DLCI 321

10.10.10.25

10.10.10.26

MAC address of the Orlando router

The 10.1.1.225 host is exchanging packets with the 192.168.0.10 host.

The native 10.1.200.254 address is being translated to 192.168.0.10.

The 192.168.0.0/24 network is the inside network.

Port address translation is in effect.

Inverting the subnet mask will always create the wildcard mask.

A wildcard mask identifies a network or subnet bit by using a "1".

The same function is performed by both a wildcard mask and a subnet mask.

When a "0" is encountered in a wildcard mask, the IP address bit must be checked.

Application

Transport

Network

Data link

Antivirus application

Operating system patches

Intrusion prevention system

Cisco Adaptive Security Appliance

Conduct a performance test and compare with the baseline that was established previously.

Determine performance on the intranet by monitoring load times of company web pages from remote sites.

Interview departmental administrative assistants and determine if they think load time for web pages has improved.

Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.

The PVC to R3 must be point-to-point.

LMI types cannot be different on each end of a PVC.

A single port can only support one encapsulation type.

The IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command.

The source addresses are not correctly designated.

The translated address pool is not correctly sized.

The access-list command is referencing the wrong addresses.

The wrong interface is designated as the source for translations.

The clock rate is incorrect.

The usernames are misconfigured.

The IP addresses are on different subnets.

The clock rate is configured on the wrong end of the link.

10.1.1.2:80

10.1.1.2:1234

172.30.20.1:1234

172.30.20.1:3333

Application

Transport

Network

Data link

Physical

PPP with PAP

PPP with CHAP

HDLC with PAP

HDLC with CHAP

The address 192.168.3.17 address is already in use by Fa0/0.

The pool of addresses for the 192Network pool is configured incorrectly.

The ip helper-address command should be used on the Fa0/0 interface.

The 192.168.3.17 address has not been excluded from the 192Network pool.

Company 1 only uses microfilters at branch locations.

Company 1 has a lower volume of POTS traffic than company 2 has.

Company 2 is located farther from the service provider than company 1 is.

Company 2 shares the connection to the DSLAM with more clients than company 1 shares with.

PAP uses a two-way handshake.

The password is unique and random.

PAP conducts periodic password challenges.

PAP uses MD5 hashing to keep the password secure.

Improper LMI type

Interface reset

PPP negotiation failure

Unplugged cable