Informative Quiz On CCNA 4 Final Exam

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Ankushmahajan
A
Ankushmahajan
Community Contributor
Quizzes Created: 1 | Total Attempts: 143
Questions: 49 | Attempts: 143

SettingsSettingsSettings
CCNA Quizzes & Trivia

Cisco Certified Network Associate is an information technology certification from Cisco. CCNA certification is an associate-level Cisco Career certification. The informative on CCNA 4 final exam below is designed to help you know what to expect and how the questions are designed. Give it a try and all the best!


Questions and Answers
  • 1. 

    Refer to the exhibit. The SSH connections between the remote user and the server are failing. The correct configuration of NAT has been verified. What is the most likely cause of the problem?

    • A.

      SSH is unable to pass through NAT.

    • B.

      There are incorrect access control list entries.

    • C.

      The access list has the incorrect port number for SSH.

    • D.

      The ip helper command is required on S0/0/0 to allow inbound connections.

    Correct Answer
    B. There are incorrect access control list entries.
    Explanation
    The most likely cause of the problem is that there are incorrect access control list entries. This means that the access control list is not properly configured to allow SSH connections to pass through.

    Rate this question:

  • 2. 

    Which IEEE 802.16 broadband wireless technology allows users to connect to the ISP at speeds comparable to DSL and cable?

    • A.

      Wi-Fi

    • B.

      Satellite

    • C.

      WiMAX

    • D.

      Metro Ethernet

    Correct Answer
    C. WiMAX
    Explanation
    WiMAX is the correct answer because it is an IEEE 802.16 broadband wireless technology that enables users to connect to the internet service provider (ISP) at speeds comparable to DSL and cable. WiMAX provides high-speed wireless internet access over a wide area, allowing users to access the internet from anywhere within the WiMAX coverage area using compatible devices. It offers faster data transfer rates and greater coverage compared to Wi-Fi, satellite, and Metro Ethernet technologies.

    Rate this question:

  • 3. 

    Which statement about a VPN is true?

    • A.

      VPN link establishment and maintenance is provided by LCP.

    • B.

      DLCI addresses are used to identify each end of the VPN tunnel.

    • C.

      VPNs use virtual Layer 3 connections that are routed through the Internet.

    • D.

      Only IP packets can be encapsulated by a VPN for tunneling through the Internet.

    Correct Answer
    C. VPNs use virtual Layer 3 connections that are routed through the Internet.
    Explanation
    VPNs use virtual Layer 3 connections that are routed through the Internet. This means that VPNs create a secure connection over the internet by encapsulating and encrypting data at the network layer (Layer 3). This allows users to access a private network remotely and securely, as if they were directly connected to the network. VPNs are commonly used for remote access, site-to-site connectivity, and to enhance security and privacy while browsing the internet.

    Rate this question:

  • 4. 

    What is a characteristic feature of a worm?

    • A.

      Exploits a known vulnerability

    • B.

      Attaches to executable programs

    • C.

      Masquerades as a legitmate program

    • D.

      Lies dormant until triggered by an event, time, or date

    Correct Answer
    A. Exploits a known vulnerability
    Explanation
    A characteristic feature of a worm is that it exploits a known vulnerability. This means that it takes advantage of a weakness or flaw in a computer system or software in order to gain unauthorized access or spread itself. Worms are designed to specifically target and exploit these vulnerabilities, allowing them to easily infect and spread within a network or system. This characteristic sets worms apart from other types of malware, such as viruses or trojans, which may use different methods to infiltrate and propagate.

    Rate this question:

  • 5. 

    What is the result when the command permit tcp 192.168.4.0 0.0.3.255 any eq telnet is entered in an access control list and applied on the inbound interface of a router?

    • A.

      All traffic that originates from 192.168.4.0/24 is permitted.

    • B.

      All TCP traffic is permitted, and all other traffic is denied.

    • C.

      All Telnet traffic from the 192.168.0.0/16 network is permitted.

    • D.

      All traffic from the 192.168.4.0/22 network is permitted on TCP port 23.

    Correct Answer
    D. All traffic from the 192.168.4.0/22 network is permitted on TCP port 23.
    Explanation
    The command "permit tcp 192.168.4.0 0.0.3.255 any eq telnet" in an access control list allows all traffic from the 192.168.4.0/22 network to be permitted on TCP port 23. The wildcard mask 0.0.3.255 indicates that the first 22 bits of the network address (192.168.4.0) are fixed, allowing any value for the last 2 bits. The "eq telnet" specifies that only traffic on TCP port 23 (Telnet) is permitted. Therefore, any traffic originating from the 192.168.4.0/22 network on TCP port 23 will be allowed, while all other traffic will be denied.

    Rate this question:

  • 6. 

    What can a network administrator do to recover from a lost router password?

    • A.

      Use the copy tftp: flash: command

    • B.

      Boot the router to bootROM mode and enter the b command to load the IOS manually

    • C.

      Telnet from another router and issue the show running-config command to view the password

    • D.

      Boot the router to ROM monitor mode and configure the router to ignore the startup configuration when it initializes

    Correct Answer
    D. Boot the router to ROM monitor mode and configure the router to ignore the startup configuration when it initializes
    Explanation
    By booting the router to ROM monitor mode and configuring it to ignore the startup configuration, the network administrator can bypass the lost router password and gain access to the router. This allows them to make necessary changes or reset the password without being locked out of the device.

    Rate this question:

  • 7. 

    Refer to the exhibit. What happens if the network administrator issues the commands shown when an ACL called Managers already exists on the router?

    • A.

      The commands overwrite the existing Managers ACL.

    • B.

      The commands are added at the end of the existing Managers ACL.

    • C.

      The network administrator receives an error stating that the ACL already exists.

    • D.

      The commands will create a duplicate Managers ACL containing only the new commands being entered.

    Correct Answer
    A. The commands overwrite the existing Managers ACL.
    Explanation
    The given answer states that the commands will overwrite the existing Managers ACL. This means that when the network administrator issues the commands shown, the existing Managers ACL will be replaced with the new commands being entered.

    Rate this question:

  • 8. 

    Which two statements are true about IPv6? (Choose two.)

    • A.

      Security options are build into IPv6.

    • B.

      IPv6 addresses require less router overhead to process.

    • C.

      IPv6 can only be configured on an interface that does not have IPv4 on it.

    • D.

      There is no way to translate between IPv4 addresses and IPv6 addresses.

    • E.

      When enabled on a router, IPv6 can automatically configure link-local IPv6 addresses on all interfaces.

    Correct Answer(s)
    A. Security options are build into IPv6.
    E. When enabled on a router, IPv6 can automatically configure link-local IPv6 addresses on all interfaces.
    Explanation
    IPv6 includes built-in security options, such as IPsec, which provides authentication and encryption for network traffic. This helps enhance the security of IPv6 networks. Additionally, when enabled on a router, IPv6 can automatically configure link-local IPv6 addresses on all interfaces. This allows devices on the network to communicate with each other using these automatically generated addresses without the need for manual configuration.

    Rate this question:

  • 9. 

    A system administrator must provide Internet connectivity for ten hosts in a small remote office. The ISP has assigned two public IP addresses to this remote office. How can the system administrator configure the router to provide Internet access to all ten users at the same time?

    • A.

      Configure DHCP and static NAT.

    • B.

      Configure dynamic NAT for ten users.

    • C.

      Configure static NAT for all ten users.

    • D.

      Configure dynamic NAT with overload.

    Correct Answer
    D. Configure dynamic NAT with overload.
    Explanation
    By configuring dynamic NAT with overload, the system administrator can provide Internet access to all ten users at the same time using the limited two public IP addresses assigned by the ISP. Dynamic NAT allows the router to dynamically assign one of the available public IP addresses to each user when they request Internet access. With overload, also known as Port Address Translation (PAT), the router can use multiple private IP addresses from the internal network and map them to the limited number of public IP addresses. This allows multiple users to share a single public IP address, maximizing the utilization of the available IP addresses.

    Rate this question:

  • 10. 

    What will be the result of adding the command ip dhcp excluded-address 10.10.4.1 10.10.4.5 to the configuration of a local router that has been configured as a DHCP server?

    • A.

      Traffic that is destined for 10.10.4.1 and 10.10.4.5 will be dropped by the router.

    • B.

      Traffic will not be routed from clients with addresses between 10.10.4.1 and 10.10.4.5.

    • C.

      The DHCP server will not issue the addresses ranging from 10.10.4.1 to 10.10.4.5.

    • D.

      The router will ignore all traffic that comes from the DHCP servers with addresses 10.10.4.1 and 10.10.4.5.

    Correct Answer
    C. The DHCP server will not issue the addresses ranging from 10.10.4.1 to 10.10.4.5.
    Explanation
    Adding the command "ip dhcp excluded-address 10.10.4.1 10.10.4.5" to the configuration of a local router that has been configured as a DHCP server means that the DHCP server will not assign the addresses ranging from 10.10.4.1 to 10.10.4.5 to any clients. These addresses will be excluded from the pool of available addresses that the DHCP server can assign to clients.

    Rate this question:

  • 11. 

    Refer to the exhibit. Which statement correctly describes how Router1 processes an FTP request packet that enters interface S0/0/0, and is destined for an FTP server at IP address 172.16.1.5?

    • A.

      The router matches the incoming packet to the statement that is created by access-list 201 permit ip any any command and allows the packet into the router.

    • B.

      The router reaches the end of ACL 101 without matching a condition and drops the packet because there is no statement that was created by access-list 101 permit ip any any command.

    • C.

      The router matches the incoming packet to the statement that was created by the access-list 101 permit ip any 172.16.1.0 0.0.0.255 command, ignores the remaining statements in ACL 101, and allows the packet into the router.

    • D.

      The router matches the incoming packet to the statement that was created by the access-list 201 deny icmp 172.16.1.0 0.0.0.255 any command, continues comparing the packet to the remaining statements in ACL 201 to ensure that no subsequent statements allow FTP, and then the router drops the packet.

    Correct Answer
    C. The router matches the incoming packet to the statement that was created by the access-list 101 permit ip any 172.16.1.0 0.0.0.255 command, ignores the remaining statements in ACL 101, and allows the packet into the router.
    Explanation
    The correct answer states that the router matches the incoming FTP request packet to the statement created by access-list 101, which permits any IP address to the IP address range 172.16.1.0/24. Since the packet matches this statement, the router ignores the remaining statements in ACL 101 and allows the packet into the router. This means that the FTP request packet is allowed to proceed further into the network.

    Rate this question:

  • 12. 

    When a Frame Relay connection is being configured, under which condition should the command frame-relay map be used?

    • A.

      When the remote router is a non-Cisco router

    • B.

      When the local router is configured with subinterfaces

    • C.

      When globally significant rather than locally significant DLCIs are being used

    • D.

      When the local router and the remote router are using different LMI protocols

    Correct Answer
    C. When globally significant rather than locally significant DLCIs are being used
    Explanation
    The command "frame-relay map" should be used when globally significant rather than locally significant DLCIs are being used. This command is used to map a locally significant DLCI to a globally significant DLCI, allowing communication between different Frame Relay networks. By using this command, the local router can associate the locally significant DLCI with the correct destination network, ensuring proper connectivity in a multi-network Frame Relay environment.

    Rate this question:

  • 13. 

    Refer to the exhibit. RIPv2 has been configured on all routers in the network. Routers R1 and R3 do not receive RIP routing updates. On the basis of the provided configuration, what should be enabled on router R2 to remedy the problem?

    • A.

      Proxy ARP

    • B.

      CDP updates

    • C.

      SNMP services

    • D.

      RIP authentication

    Correct Answer
    D. RIP authentication
  • 14. 

    What are two main components of data confidentiality? (Choose two.)

    • A.

      Checksum

    • B.

      Digital certificates

    • C.

      Encapsulation

    • D.

      Encryption

    • E.

      Harshing

    Correct Answer(s)
    C. Encapsulation
    D. Encryption
    Explanation
    Data confidentiality refers to the protection of sensitive information from unauthorized access. Encapsulation is a process that involves hiding the internal details of data and providing a protective layer around it. This helps in preventing unauthorized access to the data. Encryption is another important component of data confidentiality, where data is converted into a coded form using algorithms. This ensures that even if the data is intercepted, it cannot be understood without the proper decryption key. Therefore, both encapsulation and encryption are key components in maintaining data confidentiality.

    Rate this question:

  • 15. 

    Which method is most effective in protecting the routing information that is propagated between routers on the network?

    • A.

      Disable IP source routing.

    • B.

      Configure passive interfaces

    • C.

      Configure routing protocol authentication.

    • D.

      Secure administrative lines with Secure Shell.

    Correct Answer
    C. Configure routing protocol authentication.
    Explanation
    Configuring routing protocol authentication is the most effective method in protecting the routing information that is propagated between routers on the network. This method ensures that only authorized routers can participate in the routing process by requiring them to authenticate themselves using a shared key or digital certificate. By implementing authentication, the network can prevent unauthorized routers from injecting false routing information or manipulating the routing tables, thereby enhancing the overall security and integrity of the network.

    Rate this question:

  • 16. 

    An administrator is configuring a dual stack router with IPv6 and IPv4 using RIPng. The administrator receives an error message when trying to enter the IPv4 routes into RIPng. What is the cause of the problem?

    • A.

      When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are over-written in favor of the newer technology.

    • B.

      Incorrect IPv4 addresses are entered on the router interfaces.

    • C.

      RIPng is incompatible with dual-stack technology.

    • D.

      IPv4 is incompatible with RIPng.

    Correct Answer
    D. IPv4 is incompatible with RIPng.
  • 17. 

    Refer to the exhibit. A network administrator is trying to configure a router to use SDM but it is not functioning correctly. What could be the problem?

    • A.

      The username and password are not configured correctly.

    • B.

      The authentication method is not configured correctly.

    • C.

      The HTTP timeout policy is not configured correctly.

    • D.

      The vtys are not configured correctly.

    Correct Answer
    D. The vtys are not configured correctly.
    Explanation
    The exhibit suggests that the router is not functioning correctly when trying to configure SDM. The problem is likely related to the configuration of the vtys. VTYs (Virtual Terminal Lines) are used to allow remote access to the router. If the vtys are not configured correctly, it can prevent proper communication and access to the router, leading to the SDM not functioning correctly.

    Rate this question:

  • 18. 

    Refer to the exhibit. The network administrator creates a standard access control list on Router1 to prohibit traffic from the 172.16.1.0/24 network from reaching the 172.16.2.0/24 network while still permitting Internet access for all networks. On which router interface and in which direction should it be applied?

    • A.

      Interface Fa0/0, inbound

    • B.

      Interface Fa0/0, outbound

    • C.

      Interface Fa0/1, inbound

    • D.

      Interface Fa0/1, outbound

    Correct Answer
    D. Interface Fa0/1, outbound
    Explanation
    The correct answer is interface Fa0/1, outbound. This is because the access control list should be applied on the outbound interface of the router that is connected to the 172.16.2.0/24 network. By applying it outbound on interface Fa0/1, traffic from the 172.16.1.0/24 network will be blocked from reaching the 172.16.2.0/24 network, while still allowing Internet access for all networks.

    Rate this question:

  • 19. 

    A network administrator is instructing a technician on best practices for applying ACLs. Which suggestion should the administrator provide?

    • A.

      Named ACLs are less efficient than numbered ACLs.

    • B.

      Standard ACLs should be applied closest to the core layer.

    • C.

      ACLs applied to outbound interfaces are the most efficient.

    • D.

      Extended ACLs should be applied closest to the source that is specified by the ACL.

    Correct Answer
    D. Extended ACLs should be applied closest to the source that is specified by the ACL.
  • 20. 

    Which important piece of troubleshooting information can be discovered about a serial interface using the show controllers command?

    • A.

      Queuing strategy

    • B.

      Serial cable type

    • C.

      Interface IP address

    • D.

      Encapsulation method

    Correct Answer
    B. Serial cable type
    Explanation
    The show controllers command is used to display detailed information about the hardware and physical characteristics of a serial interface. By using this command, one can determine the type of serial cable that is connected to the interface. This information is crucial for troubleshooting purposes, as it helps in identifying any cable-related issues or mismatches that may be causing problems with the serial connection.

    Rate this question:

  • 21. 

    What three statements describe the roles of devices in a WAN? (Choose three.)

    • A.

      A CSU/DSU terminates a digital local loop.

    • B.

      A modem terminates a digital local loop.

    • C.

      A CSU/DSU terminates an analog local loop.

    • D.

      A modem terminates an analog local loop.

    • E.

      A router is commonly considered a DTE device.

    Correct Answer(s)
    A. A CSU/DSU terminates a digital local loop.
    D. A modem terminates an analog local loop.
    E. A router is commonly considered a DTE device.
    Explanation
    A CSU/DSU terminates a digital local loop. This means that it connects the customer's digital equipment to the digital carrier service. A modem terminates an analog local loop. This means that it converts the digital signals from a computer into analog signals that can be transmitted over a telephone line. A router is commonly considered a DTE (Data Terminal Equipment) device. This means that it is a device that communicates with the network and is typically located at the customer's premises.

    Rate this question:

  • 22. 

    Refer to the exhibit. Router1 and Router2 each support separate areas of a data center, and are connected via a crossover cable. Resources attached to Router1 are unable to connect to resources attached to Router2. What is the likely cause?

    • A.

      The crossover cable is faulty.

    • B.

      The IP addressing is incorrect

    • C.

      There is a Layer 2 problem with the router connection.

    • D.

      The upper layers are experiencing an unspecified problem.

    • E.

      One or both of the Ethernet interfaces are not working correctly.

    Correct Answer
    C. There is a Layer 2 problem with the router connection.
    Explanation
    The likely cause of the issue is a Layer 2 problem with the router connection. This means that there is an issue with the data link layer, which is responsible for the physical connection between devices. It could be a problem with the crossover cable, such as a faulty or damaged cable. This would prevent the proper transmission of data between Router1 and Router2, resulting in the inability for resources attached to Router1 to connect to resources attached to Router2.

    Rate this question:

  • 23. 

    Refer to the exhibit. A network administrator has issued the commands that are shown on Router1 and Router2. A later review of the routing tables reveals that neither router is learning the LAN network of the neighbor router. What is most likely the problem with the RIPng configuration?

    • A.

      The serial interfaces are in different subnets.

    • B.

      The RIPng process is not enabled on interfaces.

    • C.

      The RIPng processes do not match between Router1 and Router2.

    • D.

      The RIPng network command is missing from the IPv6 RIP configuration.

    Correct Answer
    B. The RIPng process is not enabled on interfaces.
    Explanation
    The most likely problem with the RIPng configuration is that the RIPng process is not enabled on interfaces. This means that the routers are not exchanging routing information for the LAN network because the RIPng process is not active on the interfaces connecting to the LAN.

    Rate this question:

  • 24. 

    Which encapsulation protocol when deployed on a Cisco router over a serial interface is only compatible with another Cisco router?

    • A.

      PPP

    • B.

      SLIP

    • C.

      HDLC

    • D.

      Frame Relay

    Correct Answer
    C. HDLC
    Explanation
    HDLC (High-Level Data Link Control) is an encapsulation protocol that is only compatible with another Cisco router. HDLC is a proprietary protocol developed by Cisco, and it is widely used in Cisco networking devices. It provides a reliable and efficient method for encapsulating data over a serial interface. Other protocols like PPP, SLIP, and Frame Relay are not limited to Cisco routers and can be used with different vendors' equipment as well.

    Rate this question:

  • 25. 

    At what physical location does the responsibilty for a WAN connection change from the user to the service provider?

    • A.

      Demilitarized zone (DMZ)

    • B.

      Demarcation point

    • C.

      Local loop

    • D.

      Cloud

    Correct Answer
    B. Demarcation point
    Explanation
    The demarcation point is the physical location where the responsibility for a WAN connection shifts from the user to the service provider. It is the point where the service provider's network ends and the user's network begins. At this point, the service provider is responsible for maintaining and managing the connection up to the demarcation point, while the user is responsible for their network beyond that point.

    Rate this question:

  • 26. 

    Which three guidelines would help contribute to creating a strong password policy? (Choose three.)

    • A.

      Once a good password is created, do not change it.

    • B.

      Deliberately misspell words when creating passwords.

    • C.

      Create passwords that are at least 8 characters in length.

    • D.

      Use combinations of upper case, lower case, and special characters.

    • E.

      Write passwords in locations that can be easily retrieved to avoid being locked out.

    Correct Answer(s)
    B. Deliberately misspell words when creating passwords.
    C. Create passwords that are at least 8 characters in length.
    D. Use combinations of upper case, lower case, and special characters.
    Explanation
    The three guidelines that would contribute to creating a strong password policy are deliberately misspelling words when creating passwords, creating passwords that are at least 8 characters in length, and using combinations of upper case, lower case, and special characters. These guidelines help increase the complexity and uniqueness of passwords, making them harder for attackers to guess or crack. Deliberately misspelling words adds an extra layer of obfuscation, while the length requirement and combination of character types increase the password's strength. Writing passwords in easily retrievable locations is not recommended as it compromises security.

    Rate this question:

  • 27. 

    Which variable is permitted or denied by a standard access control list?

    • A.

      Protocol type

    • B.

      Source IP address

    • C.

      Source MAC address

    • D.

      Destination IP address

    • E.

      Destination MAC address

    Correct Answer
    B. Source IP address
    Explanation
    A standard access control list permits or denies access based on the source IP address. Access control lists are used to filter network traffic and determine whether certain packets are allowed or denied based on specific criteria. In this case, the source IP address is the variable that is considered when making access control decisions. The access control list can be configured to permit or deny access based on the source IP address of incoming packets.

    Rate this question:

  • 28. 

    Refer to the exhibit. Partial results of the show access-lists and show ip interface FastEthernet 0/1 commands for router Router1 are shown. There are no other ACLs in effect. Host A is unable to telnet to host B. Which action will correct the problem but still restrict other traffic between the two networks?

    • A.

      Apply the ACL in the inbound direction.

    • B.

      Apply the ACL on the FastEthernet 0/0 interface.

    • C.

      Reverse the order of the TCP protocol statements in the ACL.

    • D.

      Modify the second entry in the list to permit tcp host 172.16.10.10 any eq telnet .

    Correct Answer
    C. Reverse the order of the TCP protocol statements in the ACL.
    Explanation
    The correct answer is to reverse the order of the TCP protocol statements in the ACL. By reversing the order, the ACL will first check for the telnet traffic and allow it, and then check for other traffic and deny it. This will allow host A to telnet to host B while still restricting other traffic between the two networks.

    Rate this question:

  • 29. 

    When NAT is in use, what is used to determine the addresses that can be translated on a Cisco router?

    • A.

      Access control list

    • B.

      Routing protocol

    • C.

      Inbound interface

    • D.

      ARP cache

    Correct Answer
    D. ARP cache
    Explanation
    When NAT (Network Address Translation) is in use on a Cisco router, the addresses that can be translated are determined by the ARP (Address Resolution Protocol) cache. The ARP cache is a table that maps IP addresses to MAC addresses, and it is used to determine the physical address of a device on the network. In the context of NAT, the router uses the ARP cache to determine which addresses can be translated, allowing it to perform the necessary address translation for incoming and outgoing packets.

    Rate this question:

  • 30. 

    Which two statements are true about creating and applying access lists? (Choose two.)

    • A.

      There is an implicit deny at the end of all access lists.

    • B.

      One access list per port, per protocol, per direction is permitted.

    • C.

      Access list entries should filter in the order from general to specific.

    • D.

      The term "inbound" refers to traffic that enters the network from the router interface where the ACL is applied.

    • E.

      Standard ACLs should be applied closest to the source while extended ACLs should be applied closest to the destination.

    Correct Answer(s)
    A. There is an implicit deny at the end of all access lists.
    D. The term "inbound" refers to traffic that enters the network from the router interface where the ACL is applied.
    Explanation
    The first statement is true because there is always an implicit deny at the end of all access lists, which means that if a packet does not match any of the permit statements in the access list, it will be denied by default.

    The second statement is true because it is recommended to have one access list per port, per protocol, per direction to have more granular control over the traffic. This allows for better security and flexibility in managing network traffic.

    The two true statements about creating and applying access lists are that there is an implicit deny at the end of all access lists and the term "inbound" refers to traffic that enters the network from the router interface where the ACL is applied.

    Rate this question:

  • 31. 

    A technician has been asked to run Cisco SDM one-step lockdown on the router of a customer. What will be the result of this process?

    • A.

      Traffic is only forwarded from SDM-trusted Cisco routers.

    • B.

      Security testing is performed and the results are saved as a text file stored in NVRAM.

    • C.

      The router is tested for potential security problems and any necessary changes are made.

    • D.

      All traffic entering the router is quarantined and checked for viruses before being forwarded.

    Correct Answer
    C. The router is tested for potential security problems and any necessary changes are made.
    Explanation
    Running Cisco SDM one-step lockdown on a router involves testing the router for potential security problems and making any necessary changes. This process helps to ensure that the router is secure and protected against any potential security threats. It does not involve forwarding traffic only from SDM-trusted Cisco routers, performing security testing and saving the results, or quarantining and checking all traffic for viruses before forwarding.

    Rate this question:

  • 32. 

    An issue of response time has recently arisen on an application server. The new release of a software package has also been installed on the server. The configuration of the network has changed recently. To identify the problem, individuals from both teams responsible for the recent changes begin to investigate the source of the problem. Which statement applies to this situation?

    • A.

      Scheduling will be easy if the network and software teams work independently.

    • B.

      It will be difficult to isolate the problem if two teams are implementing changes independently.

    • C.

      Results from changes will be easier to reconcile and document if each team works in isolation.

    • D.

      Only results from the software package should be tested as the network is designed to accommodate the proposed software platform.

    Correct Answer
    A. Scheduling will be easy if the network and software teams work independently.
    Explanation
    It will be difficult to isolate the problem if two teams are implementing changes independently. When there is an issue with response time on an application server and both the network and software teams have made recent changes, it becomes crucial for the teams to collaborate and investigate together. Working independently can make it harder to identify the source of the problem as the changes made by each team may interact and impact the overall performance. By working together, the teams can analyze the changes made and their effects, allowing them to isolate and resolve the problem more effectively.

    Rate this question:

  • 33. 

    Refer to the exhibit. What is placed in the address field in the header of a frame that will travel from the DC router to the Orlando router?

    • A.

      DLCI 123

    • B.

      DLCI 321

    • C.

      10.10.10.25

    • D.

      10.10.10.26

    • E.

      MAC address of the Orlando router

    Correct Answer
    B. DLCI 321
    Explanation
    The DLCI 321 is placed in the address field in the header of a frame that will travel from the DC router to the Orlando router. The DLCI (Data Link Connection Identifier) is used in Frame Relay networks to identify the virtual circuit between two routers. In this case, DLCI 321 is the identifier for the circuit between the DC router and the Orlando router, so it is placed in the address field to ensure that the frame is correctly delivered to the Orlando router.

    Rate this question:

  • 34. 

    Refer to the exhibit. What can be concluded from the exhibited output of the debug ip nat command?

    • A.

      The 10.1.1.225 host is exchanging packets with the 192.168.0.10 host.

    • B.

      The native 10.1.200.254 address is being translated to 192.168.0.10.

    • C.

      The 192.168.0.0/24 network is the inside network.

    • D.

      Port address translation is in effect.

    Correct Answer
    C. The 192.168.0.0/24 network is the inside network.
    Explanation
    The exhibited output of the debug ip nat command indicates that the 192.168.0.0/24 network is the inside network. This conclusion can be drawn from the fact that the NAT translation is occurring between the native address 10.1.200.254 and the translated address 192.168.0.10. Since the translation is happening from the native address to the inside network address, it can be inferred that the 192.168.0.0/24 network is the inside network. Additionally, the fact that the 10.1.1.225 host is exchanging packets with the 192.168.0.10 host further supports this conclusion.

    Rate this question:

  • 35. 

    Which statement is true about wildcard masks?

    • A.

      Inverting the subnet mask will always create the wildcard mask.

    • B.

      A wildcard mask identifies a network or subnet bit by using a "1".

    • C.

      The same function is performed by both a wildcard mask and a subnet mask.

    • D.

      When a "0" is encountered in a wildcard mask, the IP address bit must be checked.

    Correct Answer
    D. When a "0" is encountered in a wildcard mask, the IP address bit must be checked.
    Explanation
    A wildcard mask is used in network addressing to specify which bits in an IP address should be considered when matching a network or subnet. In a wildcard mask, a "0" indicates that the corresponding bit in the IP address must be checked, while a "1" indicates that the bit can be ignored. Therefore, when a "0" is encountered in a wildcard mask, it means that the IP address bit must be checked to determine if it matches the network or subnet being specified.

    Rate this question:

  • 36. 

    An administrator is unable to receive e-mail. While troubleshooting the problem, the administrator is able to ping the local mail server IP address successfully from a remote network and can successfully resolve the mail server name to an IP address via the use of the nslookup command. At what layer of the OSI model is the problem most likely to be found?

    • A.

      Application

    • B.

      Transport

    • C.

      Network

    • D.

      Data link

    Correct Answer
    A. Application
    Explanation
    The problem is most likely to be found at the application layer of the OSI model. This is because the administrator is unable to receive emails, which is a function performed at the application layer. The fact that the administrator is able to ping the local mail server IP address and resolve the mail server name to an IP address indicates that the lower layers of the OSI model, such as the network and data link layers, are functioning correctly. Therefore, the issue is likely related to the application layer.

    Rate this question:

  • 37. 

    Which security solution has the responsibility of monitoring suspicious processes that are running on a host and that might indicate infection of Trojan horse applications?

    • A.

      Antivirus application

    • B.

      Operating system patches

    • C.

      Intrusion prevention system

    • D.

      Cisco Adaptive Security Appliance

    Correct Answer
    C. Intrusion prevention system
    Explanation
    An intrusion prevention system is responsible for monitoring suspicious processes that are running on a host and may indicate the presence of Trojan horse applications. It actively identifies and blocks any unauthorized or malicious activities, providing an additional layer of security to the host. This solution helps to prevent potential infections and safeguard the system from cyber threats.

    Rate this question:

  • 38. 

    A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. How can the administrator determine how this change has affected performance and availability on the company intranet?

    • A.

      Conduct a performance test and compare with the baseline that was established previously.

    • B.

      Determine performance on the intranet by monitoring load times of company web pages from remote sites.

    • C.

      Interview departmental administrative assistants and determine if they think load time for web pages has improved.

    • D.

      Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.

    Correct Answer
    A. Conduct a performance test and compare with the baseline that was established previously.
    Explanation
    The correct answer suggests that the network administrator should conduct a performance test and compare it with the baseline that was established previously. This will help determine how the change of moving the company intranet web server to a dedicated router interface has affected performance and availability. By comparing the performance test results with the baseline, the administrator can identify any improvements or degradation in performance and make necessary adjustments or optimizations.

    Rate this question:

  • 39. 

    Refer to the exhibit. Branch A has a Cisco router and Branch B has a non-Cisco router that is using IETF encapsulation . After the commands that are shown are entered, R2 and R3 fail to establish the PVC. The R2 LMI is Cisco, and the R3 LMI is ANSI. The LMI is successfully established at both locations. Why is the PVC failing?

    • A.

      The PVC to R3 must be point-to-point.

    • B.

      LMI types cannot be different on each end of a PVC.

    • C.

      A single port can only support one encapsulation type.

    • D.

      The IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command.

    Correct Answer
    D. The IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command.
    Explanation
    The PVC is failing because the IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command. This parameter is necessary to specify the encapsulation type as IETF, which is being used by the non-Cisco router at Branch B. Without this parameter, the Cisco router at Branch A is unable to establish the PVC with the non-Cisco router at Branch B.

    Rate this question:

  • 40. 

    Refer to the exhibit. A system administrator must provide connectivity to a foreign network for ten hosts in a small remote office. The commands that are listed in the exhibit were entered into the router that connects the foreign network. The users in the remote office report occasional failure to connect to resources in the foreign network. What is the likely problem?

    • A.

      The source addresses are not correctly designated.

    • B.

      The translated address pool is not correctly sized.

    • C.

      The access-list command is referencing the wrong addresses.

    • D.

      The wrong interface is designated as the source for translations.

    Correct Answer
    B. The translated address pool is not correctly sized.
    Explanation
    The likely problem is that the translated address pool is not correctly sized. This means that there are not enough available IP addresses in the pool to provide connectivity for all ten hosts in the remote office. As a result, some hosts may occasionally fail to connect to resources in the foreign network.

    Rate this question:

  • 41. 

    Refer to the exhibit. The link between the CTRL and BR_1 routers is configured as shown in the exhibit. Why are the routers unable to establish a PPP session?

    • A.

      The clock rate is incorrect.

    • B.

      The usernames are misconfigured.

    • C.

      The IP addresses are on different subnets.

    • D.

      The clock rate is configured on the wrong end of the link.

    Correct Answer
    B. The usernames are misconfigured.
    Explanation
    The routers are unable to establish a PPP session because the usernames are misconfigured. PPP authentication requires the correct usernames and passwords to be configured on both ends of the link. If the usernames are not properly configured, the routers will not be able to authenticate each other and establish a PPP session.

    Rate this question:

  • 42. 

    Refer to the exhibit. R1 is performing NAT overload for the 10.1.1.0/24 inside network. Host A has sent a packet to Web Server. What is the destination IP address of the return packet from Web Server when received at R1?

    • A.

      10.1.1.2:80

    • B.

      10.1.1.2:1234

    • C.

      172.30.20.1:1234

    • D.

      172.30.20.1:3333

    Correct Answer
    D. 172.30.20.1:3333
    Explanation
    The destination IP address of the return packet from the Web Server when received at R1 is 172.30.20.1:3333. This is because R1 is performing NAT overload, which means that it is translating the source IP address and port number of the packets from the inside network to its own IP address and a unique port number. When the Web Server sends the return packet, it will use the translated IP address and port number, which is 172.30.20.1:3333.

    Rate this question:

  • 43. 

    Refer to the exhibit. From the output of the show interface commands, at which OSI layer is a fault indicated?

    • A.

      Application

    • B.

      Transport

    • C.

      Network

    • D.

      Data link

    • E.

      Physical

    Correct Answer
    D. Data link
    Explanation
    Based on the output of the show interface commands, a fault is indicated at the data link layer of the OSI model. The show interface commands provide information about the status and statistics of the network interface, including data link layer protocols such as Ethernet. Therefore, any issues or errors related to the data link layer would be indicated in the output of these commands.

    Rate this question:

  • 44. 

    What are two LCP options that can be configured for PPP? (Choose two.)

    • A.

      EAP

    • B.

      CHAP

    • C.

      IPCP

    • D.

      CDPCP

    • E.

      Stacker

    Correct Answer(s)
    B. CHAP
    E. Stacker
  • 45. 

    Which combination of Layer 2 protocol and authentication should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router?

    • A.

      PPP with PAP

    • B.

      PPP with CHAP

    • C.

      HDLC with PAP

    • D.

      HDLC with CHAP

    Correct Answer
    B. PPP with CHAP
    Explanation
    PPP with CHAP should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router. CHAP (Challenge Handshake Authentication Protocol) provides a secure method of authentication by using a three-way handshake process and encrypting the authentication information. This ensures that the authentication information is not sent in plain text over the link. PPP (Point-to-Point Protocol) is a Layer 2 protocol commonly used for establishing connections between routers.

    Rate this question:

  • 46. 

    Refer to the exhibit. A host connected to Fa0/0 is unable to acquire an IP address from the DHCP server. The output of the debug ip dhcp server command shows "DHCPD: there is no address pool for 192.168.3.17". What is the problem?

    • A.

      The address 192.168.3.17 address is already in use by Fa0/0.

    • B.

      The pool of addresses for the 192Network pool is configured incorrectly.

    • C.

      The ip helper-address command should be used on the Fa0/0 interface.

    • D.

      The 192.168.3.17 address has not been excluded from the 192Network pool.

    Correct Answer
    B. The pool of addresses for the 192Network pool is configured incorrectly.
    Explanation
    The problem is that the pool of addresses for the 192Network pool is configured incorrectly. This means that the DHCP server is not able to assign an IP address to the host because there is no valid address range specified in the pool configuration. As a result, the host connected to Fa0/0 is unable to acquire an IP address from the DHCP server.

    Rate this question:

  • 47. 

    A technician is talking to a colleague at a rival company and comparing DSL transfer rates between the two companies. Both companies are in the same city, use the same service provider, and have the same rate/service plan. What is the explanation for why company 1 reports higher download speeds than company 2 reports?

    • A.

      Company 1 only uses microfilters at branch locations.

    • B.

      Company 1 has a lower volume of POTS traffic than company 2 has.

    • C.

      Company 2 is located farther from the service provider than company 1 is.

    • D.

      Company 2 shares the connection to the DSLAM with more clients than company 1 shares with.

    Correct Answer
    C. Company 2 is located farther from the service provider than company 1 is.
    Explanation
    The explanation for why company 1 reports higher download speeds than company 2 reports is that company 2 is located farther from the service provider than company 1 is. The distance between a company's location and the service provider can affect the quality and speed of the DSL connection. The farther the distance, the more likely it is for the signal to degrade, resulting in slower download speeds.

    Rate this question:

  • 48. 

    Which statement is true about PAP in the authentication of a PPP session?

    • A.

      PAP uses a two-way handshake.

    • B.

      The password is unique and random.

    • C.

      PAP conducts periodic password challenges.

    • D.

      PAP uses MD5 hashing to keep the password secure.

    Correct Answer
    A. PAP uses a two-way handshake.
    Explanation
    PAP (Password Authentication Protocol) is a simple authentication protocol used in PPP (Point-to-Point Protocol) sessions. It uses a two-way handshake, meaning that both the client and the server exchange authentication information before the connection is established. This handshake involves the client sending its username and password to the server, and the server verifying the credentials. The password being unique and random, periodic password challenges, and the use of MD5 hashing to keep the password secure are not characteristics of PAP.

    Rate this question:

  • 49. 

    Refer to the exhibit. This serial interface is not functioning correctly. Based on the output shown, what is the most likely cause?

    • A.

      Improper LMI type

    • B.

      Interface reset

    • C.

      PPP negotiation failure

    • D.

      Unplugged cable

    Correct Answer
    C. PPP negotiation failure
    Explanation
    Based on the output shown, the most likely cause for the malfunctioning serial interface is a PPP negotiation failure. This can be inferred from the "Serial0:0 LCP: O CONFREQ [Closed] id 1 len 10" message, which indicates that the LCP (Link Control Protocol) configuration request was not successfully established. PPP negotiation failure can occur due to various reasons such as misconfigured settings, incompatible authentication methods, or network connectivity issues.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jan 21, 2012
    Quiz Created by
    Ankushmahajan
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.