Define which addresses can be translated
Define which addresses are assigned to a NAT pool
Define which addresses are allowed out the router
Define which addresses can be accessed from the inside network
Once a good password is created, do not change it.
Deliberately misspell words when creating passwords.
Create passwords that are at least 8 characters in length.
Use combinations of upper case, lower case, and special characters.
Write passwords in locations that can be easily retrieved to avoid being locked out.
Use long words found in the dictionary to make passwords that are easy to remember.
There is insufficient RAM for the IOS to load on this router.
A password recovery process should be done on this router.
The bootstrap version and the version of the IOS are different.
The IOS image is damaged and must be reloaded using tftpdnld.
The configuration register is set to ignore the startup configuration.
The 10.1.1.1 address is already configured on Fa0/0.
The default router for the 10Network pool is incorrect.
The ip helper-address must be added to Fa0/0 interface.
The pool of addresses for the 10Network pool is incorrect.
The router matches the incoming packet to the statement that was created by the access-list 201 deny icmp 192.168.1.0 0.0.0.255 any command, continues comparing the packet to the remaining statements in ACL 201 to ensure that no subsequent statements allow FTP, and then the router drops the packet.
The router reaches the end of ACL 101 without matching a condition and drops the packet because there is no statement that was created by the access-list 101 permit ip any any command.
The router matches the incoming packet to the statement that was created by the access-list 101 permit ip any 192.168.1.0 0.0.0.255 command and allows the packet into the router.
It matches the incoming packet to the statement that was created by the access-list 201 permit ip any any command and allows the packet into the router.
Detect potential attacks
Stop the detected attack from executing
Update OS patches for computer systems
Scan computer systems for viruses and spyware
Conduct a performance test and compare with the baseline that was established previously.
Interview departmental secretaries and determine if they think load time for web pages has improved.
Determine performance on the intranet by monitoring load times of company web pages from remote sites.
Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.
The bandwidth capability of the interface increases and decreases automatically based on BECNs.
The Serial0/0/1 interface acquired 172.16.3.1 from a DHCP server.
The mapping between DLCI 100 and 172.16.3.1 was learned through Inverse ARP.
DLCI 100 will automatically adapt to changes in the Frame Relay cloud.
They begin with the 2000::/3 prefix.
They begin with the FE80::/10 prefix.
They are assigned by IANA to an organization.
They must be manually configured by the administrator.
They are assigned to a host by a stateless autoconfiguration process.
The ability to burst above guaranteed bandwidth
The ability to borrow unused bandwidth from the leased lines of other customers
Failure to connect due to Telnet not being enabled
Failure to connect due to incomplete configuration for Telnet
A successful connection and ability to make configuration changes
A successful connection but inability to make configuration changes because of the absence of an enable secret password
Protect all active router interfaces by configuring them as passive interfaces.
Configure remote administration through VTY lines for Telnet access.
Use quotes or phrases to create pass phrases.
Disable the HTTP server service.
Enable SNMP traps.
Scheduling will be easy if the network and software teams work independently.
It will be difficult to isolate the problem if two teams are implementing changes independently.
Results from changes will be easier to reconcile and document if each team works in isolation.
Only results from the software package should be tested as the network is designed to accommodate the proposed software platform.
There is a Layer 2 loop.
The VTP domain names do not match.
Only one switch can be in server mode.
S2 has a higher spanning-tree priority for VLAN 11 than S1 does.
Line passwords are encrypted with type 7 encryption.
Enable passwords are encrypted with type 5 encryption.
All services must provide an encrypted password to function.
Only encrypted messages are allowed for router communication.
Data link layer
Physical layerphysical layer
DTE cable on router
Traffic that is destined for 192.168.24.1 and 192.168.24.5 will be dropped by the router.
Traffic will not be routed from clients with addresses between 192.168.24.1 and 192.168.24.5.
The DHCP server will not issue the addresses ranging from 192.168.24.1 to 192.168.24.5.
The router will ignore all traffic that comes from the DHCP servers with addresses 192.168.24.1 and 192.168.24.5.
Apply the ACL in the inbound direction.
Apply the ACL on the FastEthernet 0/0 interface.
Reverse the order of the TCP protocol statements in the ACL.
Modify the second entry in the list to permit tcp host 172.16.10.10 any eq telnet .
Enable RIP authentication on R2.
Issue the ip directed-broadcast command on R2.
Change the subnet masks to 10.11.12.0/8 and 172.16.40.0/16 on R2.
Enable CDP on R2 so that the other routers will receive routing updates.
Improper LMI type
PPP negotiation failure
PAP uses a two-way handshake.
The password is unique and random.
PAP conducts periodic password challenges.PAP conducts periodic password challenges.
PAP uses MD5 hashing to keep the password secure.
When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are over-written in favor of the newer technology.
Incorrect IPv4 addresses are entered on the router interfaces.
RIPng is incompatible with dual-stack technology.
IPv4 is incompatible with RIPng.
Using digital certificates to ensure that data endpoints are authentic
Creating a hash to ensure the integrity of data as it traverses a network
Using alternate paths to avoid access control lists and bypass security measures
Encapsulating an entire packet within another packet for transmission over a network
Link termination is the responsibility of NCP.
Each network protocol has a corresponding NCP.
NCP establishes the initial link between PPP devices.
NCP tests the link to ensure that the link quality is sufficient.
Replace the serial cable .
Replace the WIC on RA.
Configure RA with a clock rate command.
Issue a no shutdown interface command on RB.
Telnet to 172.16.10.0/24 is denied.
Telnet to 172.16.20.0/24 is denied.
Telnet to 172.16.0.0/24 is permitted.
Telnet to 172.16.10.0/24 is permitted.
Telnet to 172.16.20.0/24 is permitted.
Interface Fa0/0, inbound
Interface Fa0/0, outbound
Interface S0/0/0, inbound
Interface S0/0/0, outbound
The 10.1.1.225 host is exchanging packets with the 192.168.0.10 host.
The native 10.1.200.254 address is being translated to 192.168.0.10.
The 192.168.0.0/24 network is the inside network.
Port address translation is in effect.
Named ACLs are less efficient than numbered ACLs.
Standard ACLs should be applied closest to the core layer.
ACLs applied to outbound interfaces are the most efficient.
Extended ACLs should be applied closest to the source that is specified by the ACL.
High collision counts
STP failures and loops
Address mapping errors
High CPU utilization rates
Excess packets that are filtered by the firewall
The incorrect DLCI numbers are being configured on R2.
The S0/0/0 interface on R2 needs to be point-to-point.
The frame-relay map commands are missing the cisco keyword at the end.
A single router interface cannot connect to more than one Frame Relay peer at a time.
Access-list 10 deny 192.168.16.0 0.0.0.31
Access-list 10 deny 192.168.16.16 0.0.0.31
Access-list 10 deny 192.168.16.32 0.0.0.16
Access-list 10 deny 192.168.16.32 0.0.0.15
Access-list 10 deny 192.168.16.43 0.0.0.16
PPP with PAP
PPP with CHAP
HDLC with PAP
HDLC with CHAP
When global DLCIs are in use
When using physical interfaces
When multicasts must be supported
When participating routers are in the same subnet
Faulty switch port
Web server CPU overload
Faulty NIC in the web server
Misconfiguration of web server services
The default gateway is in the wrong subnet.
STP has blocked the port that PC1 is connected to.
Port Fa0/2 on S2 is assigned to the wrong VLAN.
S2 has the wrong IP address assigned to the VLAN30 interface.
The West side has a high volume of POTS traffic.
The West side of town is downloading larger packets.
The service provider is closer to the location on the East side.
More clients share a connection to the DSLAM on the West side.