Are You Getting Bored? Take This Quiz On CCNA

Ethernet network is a shared environment so all devices have the right to access to the medium. If more than one device transmits simultaneously, the signals collide and can not reach the destination.

If a device detects another device is sending, it will wait for a specified amount of time before attempting to transmit.

When there is no traffic detected, a device will transmit its message. While this transmission is occurring, the device continues to listen for traffic or collisions on the LAN. After the message is sent, the device returns to its default listening mode.

So we can see C and D are the correct answers. But in fact “answer C – when they detect no other devices are sending” and “when the medium is idle” are nearly the same.

To check the connectivity between a host and a destination (through some networks) we can use both “tracert” and “ping” commands. But the difference between these 2 commands is the “tracert” command can display a list of near-side router interfaces in the path between the source and the destination. Therefore the best answer in this case is A – tracert address.

Note: “traceroute” command has the same function of the “tracert” command but it is used on Cisco routers only, not on a PC.

Routers perform two main functions in a network. The first function is packet switching, which involves receiving packets from one network and forwarding them to another network based on their destination IP addresses. This allows for efficient and reliable data transmission between different networks. The second function is path selection, where routers determine the best path for packets to travel through the network. This involves analyzing factors such as network congestion, link quality, and routing protocols to ensure that packets are delivered in the most efficient and reliable manner.

When upgrading new version of the IOS we need to copy the IOS to the Flash so first we have to check if the Flash has enough memory or not. Also running the new IOS may require more RAM than the older one so we should check the available RAM too. We can check both with the “show version” command.

The application layer in the OSI reference model is responsible for determining the availability of the receiving program and checking if enough resources exist for communication. This layer interacts directly with the software application, ensuring that the necessary resources are available for successful communication. The application layer also handles tasks such as data encryption, data compression, and protocol conversion.

The Network layer is responsible for network addressing and routing through the internetwork. So a ping fails, you may have an issue with the Network layer (although lower layers like Data Link & Physical may cause the problem).

The access list denies packet entry for TCP & UDP -> all the services on ports 21, 23 and 25 are disabled. Services on these ports are FTP (port 21), Telnet (port 23), SMTP (port 25). Other services are allowed so D E F are the correct answers.

The correct answer is C - ip access-group 101 in. This command would implement the access list on the interface of the R2 router. By using the "in" keyword, the access list will be applied to incoming traffic on the interface, preventing any traffic originating from the LAN from entering the R2 router.

From the “Pin” and “Color” in the exhibit we know that this is a straight-through cable so it can be used to connect PC to switch.

The standard access lists are ranged from 1 to 99 and from 1300 to 1999 so only access list 50 is a standard access list.

A router can segment a network by creating separate broadcast domains, which helps to reduce network congestion and improve performance. By doing so, it can filter network traffic based on Layer 3 information such as IP addresses, which allows for more granular control over network traffic and enhances network security. Additionally, routers do not forward broadcast traffic across different network segments, preventing unnecessary network traffic and improving overall network efficiency.

The following locations can be configured as a source for the IOS image:

+ Flash (the default location)
+ TFTP server
+ ROM (used if no other source is found)

The given question is asking about the layer at which the troubleshooting process should begin to fix the slow data transfer issue between the source and destination. The OSI reference model consists of seven layers, namely physical, data link, network, transport, session, presentation, and application. The network layer is responsible for routing and forwarding data packets between different networks. Since the problem is related to data transfer between the source and destination, it indicates an issue at the network layer. Therefore, the troubleshooting process should begin at the network layer (option D) to resolve the problem.

This frame is leaving host A so host A is the source of this frame. In this frame, the MAC destination is FFFF.FFFF.FFFF which is a broadcast address so Sw1 will flood this frame out all its ports except the port it received the frame -> Hosts B, C, D and the interface connected to Sw1 on R1 will receive this frame. When receiving this frame, they will pass the packet to Layer 3 (because they consider broadcast address “everyone, including me”). At Layer 3, the Destination IP will be checked and only the host (or the interface on the router) with correct IP will respond to Host A while others keep silence -> D is correct.

Just for your information, maybe you can ask “this is a broadcast message so why router R1 doesn’t drop it?”. Suppose this is an ARP Request message. In fact, R1 drops that packet but it also learns that it is an ARP Request so R1 looks up its routing table to find a route to that destination. If it can find one, it will send an ARP Reply back for host A”.

The first part of the “Serial0/0 is down, line protocol is down” indicates a layer 1 problem while the second part indicates a layer 2 problem -> A is correct.

Some popular layer 1 problems are listed below:

+ device power off
+ device power unplugged
+ loose network cable connection
+ incorrect cable type
+ faulty network cable

Answer B “The bandwidth is set too low” will not make a layer 1 problem.
Answer C is a layer 2 problem.
Answer E is a layer 3 problem.

By default, Cisco IOS does not send log messages to a terminal session over IP like Telnet, SSH but console connections do have logging feature enabled by default. To display debug command output and system error messages for Telnet or SSH session, use the “terminal monitor” command in privileged mode.

The address 127.0.0.1 is called loopback address. When we ping 127.0.0.1, in fact we are pinging the local network card and test the TCP/IP protocol suite on our device.

The two topologies that use the correct type of twisted-pair cables are Ethernet and Token Ring. Ethernet is a widely used local area network (LAN) technology that uses twisted-pair cables to transmit data. Token Ring is another LAN technology that also uses twisted-pair cables for data transmission. Both of these topologies rely on the use of twisted-pair cables to ensure reliable and efficient data transfer within the network.

The command "show file systems" helps a network administrator to manage memory by displaying flash memory and NVRAM utilization. This command provides information about the different file systems on the device, including their sizes and utilization. By using this command, the administrator can easily identify the amount of memory being used by the flash memory and NVRAM, allowing them to effectively manage and optimize memory usage on the device.

When powered on, the router first checks its hardware via Power-On Self Test (POST). Then it checks the configuration register to identify where to load the IOS image from. In the output above we learn that the Configuration register value is 0×2102 so the router will try to boot the system image from Flash memory first.

But we also see a line “System image file is “tftp://112.16.1.129/hampton/nitro/c7200-j-mz”. Please notice that this line tells us the image file that the device last started. In this case it is from a TFTP server. Therefore we can deduce that the router could not load the IOS image from the flash and the IOS image has been loaded from TFTP server.

Note:

If the startup-config file is missing or does not specify a location, it will check the following locations for the IOS image:

+ Flash (the default location)
+ TFTP server
+ ROM (used if no other source is found)

The ping command can be used to test if the local device can reach a specific destination -> A is correct.

“tracert” is not a valid command in Cisco IOS commands, the correct command should be “traceroute” -> B is not correct.

The ipconfig command is not a valid command in Cisco IOS too -> C is not correct.

The “show ip route” command can be used to view the routing table of the router. It is a very useful command to find out many connectivity problems (like directly connected networks, learned network via routing protocols…) -> D is correct.

“winipcfg” is an old tool in Windows 95/98 to view IP settings of the installed network interfaces. But it is not a valid command in Cisco IOS commands -> E is not correct.

The “show interfaces” command is used to check all the interfaces on the local device only. It has very limited information to trouble LAN connectivity problem but it is the most reasonable to choose -> F is acceptable.

Prior to backing up an IOS image to a TFTP server, it is important to ensure that the server can be reached across the network. This ensures that the backup process can establish a connection and transfer the image successfully. Additionally, it is necessary to assure that the network server has adequate space to store the IOS image. This ensures that the backup process can complete without any issues related to insufficient storage. Lastly, it is important to verify file naming and path requirements to ensure that the backup process follows the correct naming conventions and saves the image in the desired location.

Normally a client sends a DNS Query using UDP Protocol over Port 53. If it does not get response from a DNS Server, it must re-transmit the DNS Query using TCP after 3-5 seconds. So we can say DNS prefers using UDP to TCP -> the answer should be UDP.

To prevent only PC1 from accessing Server1 while allowing all other traffic to flow normally, you need to use two commands. First, you need to apply an access control list (ACL) to the interface connecting the router to the network (fa0/0) using the "ip access-group" command. The ACL (101) should be applied "in" to the interface, which means it will filter incoming traffic. This will prevent PC1 from accessing the server. Second, you need to create an ACL (101) that denies IP traffic between the specific IP addresses of PC1 and Server1, and then permits any other IP traffic. This will further ensure that only PC1 is denied access while allowing other traffic to flow normally.

First the question asks to block only Telnet access so the port we have to use is 23 -> C is not correct.

Next we need to block traffic from hosts on the subnet 192.168.1.128/28, which is 192.168.1.128 0.0.0.15 if we convert to wildcard mask (just invert all bits of the subnet mask,from 0 to 1 and from 1 to 0 we will get the equivalent wildcard mask of that subnet mask) -> so B is incorrect

In this case, we have to use extended access list because we need to specify which type of traffic (TCP) and which port (23) we want to block -> so D is incorrect because it uses standard access list.

The access list configuration "access-list 101 permit ip 10.25.30.0 0.0.0.255 any" will permit all packets that have a source address with the first three octets as "10.25.30" to all destinations. The wildcard mask "0.0.0.255" allows for any value in the last octet of the source address. Therefore, any source address within the range of "10.25.30.0" to "10.25.30.255" will be permitted to all destinations.

We can have only 1 access list per protocol, per direction and per interface. It means:

+ We can not have 2 inbound access lists on an interface
+ We can have 1 inbound and 1 outbound access list on an interface

Three types of flow control are buffering, windowing & congestion avoidance:

+ Buffering: If a device receives packets too quickly for it to handle then it can store them in a memory section called a buffer and proceed them later.

+ Windowing: a window is the quantity of data segments that the transmitting device is allowed to send without receiving an acknowledgment for them. For example:

With the window size of 1, the sending device sends 1 segment and the receiving device must reply with 1 ACK before the sending device can send the next segment. This “waiting” takes some time.

By increasing the window size to 3, the sending device will send up to 3 segments before waiting an ACK -> helps reduce the waiting time.

+ Congestion avoidance: lower-priority traffic can be discarded when the network is overloaded -> minimize delays.

Below lists the cabling standards mentioned above

Standard Cabling Maximum length
1000BASE-CX Twinaxial cabling 25 meters
100BASE-FX Two strands, multimode 400 m
1000BASE-LX Long-wavelength laser, MM or
SM fiber 10 km (SM)
3 km (MM)
1000BASE-SX Short-wavelength laser, MM fiber 220 m with 62.5-micron fiber; 550 m
with 50-micron fiber
1000BASE-ZX Extended wavelength, SM fiber 100 km

Physical addresses or MAC addresses are used to identify devices at layer 2 -> A is correct.

MAC addresses are only used to communicate on the same network. To communicate on different network we have to use Layer 3 addresses (IP addresses) -> B is not correct; E is correct.

Layer 2 frame and Layer 3 packet can be recognized via headers. Layer 3 packet also contains physical address -> C is not correct.

On Ethernet, each frame has the same priority to transmit by default -> D is not correct.

All devices need a physical address to identify itself. If not, they can not communicate -> F is not correct.

The transport layer segments data into smaller pieces for transport. Each segment is assigned a sequence number, so that the receiving device can reassemble the data on arrival.

The transport layer also use flow control to maximize the transfer rate while minimizing the requirements to retransmit. For example, in TCP, basic flow control is implemented by acknowledgment by the receiver of the receipt of data; the sender waits for this acknowledgment before sending the next part.

-> A is correct.

The data link layer adds physical source and destination addresses and an Frame Check Sequence (FCS) to the packet (on Layer 3), not segment (on Layer 4) -> B is not correct.

Packets are created when network layer encapsulates a segment (not frame) with source and destination host addresses and protocol-related control information. Notice that the network layer encapsulates messages received from higher layers by placing them into datagrams (also called packets) with a network layer header -> C is not correct.

The Network layer (Layer 3) has two key responsibilities. First, this layer controls the logical addressing of devices. Second, the network layer determines the best path to a particular destination network, and routes the data appropriately.

-> D is correct.

The Physical layer (presentation layer) translates bits into voltages for transmission across the physical link -> E is not correct.

Let’s analyze the access list 100:

+ 10 permit tcp 172.16.16.0 0.0.0.15 host 172.16.48.63 eq 22: allows TCP traffic from network 172.16.16.0/28 to access host 172.16.48.63 with a destination port of 22 (SSH)
+ 20 permit tcp 172.16.16.0 0.0.0.15 eq telnet host 172.16.48.63: allows TCP traffic from network 172.16.16.0/28 with a source port of 23 (telnet) to access host 172.16.48.63

Notice that if a device wants to telnet (or SSH) to SVR-A server it must use the destination port of 23 (or 22), not a source port of 23 (or 22).

Access list 100 is applied on the inbound direction of Fa0/0 so it will only filter traffic from 172.16.16.0 subnet to the SVR-A server.

Access list 101 is very similar to access list 100 but it is applied on the inbound direction of Fa0/1 so it will filter traffic from SVR-A server to 172.16.16.0 subnet. In ACL 101:

+ 10 permit tcp host 172.16.48.63 eq 22 172.16.16.0 0.0.0.15: allows TCP traffic from host 172.16.48.63 with a source port of 22 (SSH) to access network 172.16.16.0/28.
+ 20 permit tcp host 172.16.48.63 172.16.16.0 0.0.0.15 eq telnet: allows TCP traffic from host 172.16.48.63 to access network 172.16.16.0/28 with a destination port of telnet.

Notice that the returned traffic from SVR-A to network 172.16.16.0/28 (resulting from telnet or SSH session) will have a source port of 23 (Telnet) or 22 (SSH)

In conclusion, the first statements of each ACL will allow devices to “SSH” to SVR-A. But they can’t telnet because of the implicit deny all at the end of the ACL.

In this question, the second statements of each ACL can be considered “wrong” if we intend to filter telnet or SSH traffic and they have no effect on the Telnet or SSH traffic.

Only router can break up broadcast domains so in the exhibit there are 2 broadcast domains: from e0 interface to the left is a broadcast domain and from e1 interface to the right is another broadcast domain -> A is correct.

Both router and switch can break up collision domains so there is only 1 collision domain on the left of the router (because hub doesn’t break up collision domain) and there are 6 collision domains on the right of the router (1 collision domain from e1 interface to the switch + 5 collision domains for 5 PCs in Production) -> F is correct.

The two privileged mode Cisco IOS commands that can be used to determine a Cisco router chassis serial number are "show inventory" and "show diag". The "show inventory" command displays detailed information about the router's hardware components, including the chassis serial number. The "show diag" command provides diagnostic information about the router, including the chassis serial number. These commands can be used to retrieve the chassis serial number for identification or troubleshooting purposes.

The last known good router will try to inform you that the destination cannot be reached (with a Destination Unreachable message type) so from that information you can learn how far your packets can travel to and where the problem is.

Below is the simple syntax of an extended access list:

access-list access-list-number {deny | permit} {ip|tcp|udp|icmp} source [source-mask] dest [dest-mask] [eq dest-port]

Notice that this access list is applied to the Ethernet interface of R1 in the “in direction” so in this case, it will filter all the packets originated from E1 network (host PC1 and PC2) with these parameters:

Source network: 5.1.1.8 0.0.0.3 which means 5.1.1.8/252 (just invert all the wildcard bits to get the equivalent subnet mask) -> Packets from 5.1.1.8 to 5.1.1.11 will be filtered.

Destination network: 5.1.3.0 0.0.0.255 which means 5.1.3.0/24-> Packets to 5.1.3.0/24 will be filtered

Therefore packets originated from 5.1.1.8 to 5.1.1.11 and have the destination to the host 5.1.3.x (via Telnet) will be denied.

The syntax of an extended access list is:

access-list access-list-number {permit | deny} protocol source {source-mask} destination {destination-mask} [eq destination-port]

Notice that in our access list, the network 172.16.0.0 0.0.255.255 is specified as the source but the question asks about “HTTP traffic coming from the Internet that is destined for 172.16.12.10″, which means 172.16.0.0 0.0.255.255 is the destination network. So in this case there is no match in our access list and the traffic will be dropped because of the implicit deny all at the end of the ACL. It is surely a tricky question!

The Maximum Transmission Unit (MTU) defines the maximum Layer 3 packet (in bytes) that the layer can pass onwards.

The Layer 2 encapsulation information can change when a frame leaves a Layer 3 device for two reasons. First, the WAN encapsulation type can change, which means that the frame is being sent over a different type of wide area network connection. Second, the source and destination MAC addresses can change, indicating that the frame is being sent between different devices on the network.

In this question we are not sure the host 192.168.2.5 is in or outside the local network. But in both cases the ARP protocol are used to get the MAC address:

+ If host 192.168.2.5 is inside the local network, our device will broadcast an ARP Request to ask the MAC address of the host 192.168.2.5 (something like “If your IP is 192.168.2.5, please send me your MAC address”).
+ If host 192.168.2.5 is outside the local network, our device will broadcast an ARP Request to ask the MAC address of the local port (the port in the same subnet with our device) of the default gateway. Notice that the IP of the default gateway has been already configured in our device.

-> In both cases, our device must broadcast an ARP Request -> A is correct.

After getting the ARP of the destination device, our device will use ICMP protocol to send the “ping” -> E is correct.

Note: The question states “the host has been newly connected to the network” which means our device hasn’t had the MAC address of this host in its ARP table -> it needs to send ARP Request.

There is one situation which makes answer A incorrect: the newly connected host is outside the network but our device has already learned the MAC address of the default gateway -> in this case no ARP Request will be sent. So I assume the question wants to imply the newly connected host is in the local network.

Look at the figure below:

In the figure, router R1 has two point-to-point subinterfaces. The s0.1 subinterface connects to router R3 and the s0.2 subinterface connects to router R2. Each subinterface is on a different subnet.

The line “Cisco 2621 (MPC860) processor (revision 0×600) with 53248K/12288K bytes of memory” tells how much RAM in your router. The first parameter (53248) specifies how much Dynamic RAM (DRAM) in your router while the second parameter (12288K) indicates how much DRAM is being used for Packet memory (used by incoming and outgoing packets) in your router. Therefore you have to add both numbers to find the amount of DRAM available on your router -> C is correct.

Note: Cisco 4000, 4500, 4700, and 7500 routers have separate DRAM and Packet memory, so you only need to look at the first number to find out the DRAM in that router.

The flash size is straightforward from the line “16384K bytes of processor board system flash (Read/Write)” -> E is correct.

DLCI stands for Data Link Connection Identifier. DLCI values are used on Frame Relay interfaces to distinguish between different virtual circuits. DLCIs have local significance because the identifier references the point between the local router and the local Frame Relay switch to which the DLCI is connected.

We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server

Four statements above allow 4 networks (from 172.29.16.0/24 to 172.29.19.0/24) to go through so we can summary them as network 172.29.16.0/22.

/22 = 255.255.252.0 so it equals 0.0.3.255 when converting into wildcard mask -> C is correct.

A, B, D are not correct as their wildcard masks are false. For example:
Answer A allows from 172.29.16.0 to 172.29.16.255
Answer B allows from 172.29.16.0 to 172.29.17.255
Answer D allows from 172.29.16.0 to 172.29.31.255

Both the network address and wildcard mask of answer E are false as it allows the whole major network 172.29.0.0/16 to go through.

There are 3 routers we can place this access list: Router 1, Router Main and Router 3 but in theory, an extended access list should be placed close to the source -> Router 3 is the best choice -> B is correct.

The traffic we need to filter here is “securely browsing the internet” so it is HTTPS -> C is correct.

Finally we should apply this access list to the inbound direction so that Router 3 will filter this traffic before making routing decision. It helps save processing resources on Router 3 -> D is correct.

Non-Broadcast Multi-Access (NBMA) networks are types such as Frame Relay, X.25, and Asynchronous Transfer Mode (ATM). These networks allow for multi-access, but have no broadcast ability like Ethernet

The output of “show ip interface [interface]” command is shown below:

A standard access list takes into consideration the source IP address for traffic filtering decisions. This means that the access list will evaluate the source IP address of incoming packets and make filtering decisions based on that information. The source IP address is an important parameter for traffic filtering as it helps in identifying the origin of the traffic and allows or denies access based on predefined rules.

A router ACL is used for filtering packets that are passing through a router. ACL stands for Access Control List, which is a set of rules that determines what traffic is allowed or denied based on specific criteria such as source IP address, destination IP address, protocol, or port number. By using ACLs, routers can selectively permit or deny traffic, providing security and control over network traffic flow. This helps in protecting the network from unauthorized access, preventing malicious traffic from entering the network, and ensuring that only desired traffic is allowed to pass through the router.

The ports on the switch are not up indicating it is a layer 1 (physical) problem so we should check cable type, power and how they are plugged in.

When using the term “frame” we can easily recognize it belongs to the Data Link layer. In this layer, an Frame Check Sequence (FCS) field is added to the frame to verify that the frame data is received correctly.

There is always an implicit “deny all” command at the end of every access list, so if an access list doesn’t have any “permit” command, it will block all the traffic. If we use the command “access-list 135 permit ip any any” at the end of this access list then the answer should be C – FTP traffic from 192.169.1.9 to any host will be denied.

Below is some more information about PPP:

PPP (Point-to-Point Protocol) allows authentication such as Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) and multilink connections (allow several separate physical paths to appear to be one logical path at layer 3) and can be run over asynchronous and synchronous links.

PPP can work with numerous network layer protocols, including Internet Protocol (IP), Novell’s Internetwork Packet Exchange (IPX), NBF and AppleTalk.

PPP only supports error detection, not error correction so answer E should be understood as “provides error detection”. It is a mistake of this question.

HDLC, PPP, and Frame Relay are Layer 2 encapsulation types that are commonly used on WANs (Wide Area Networks) rather than LANs (Local Area Networks). Ethernet, Token Ring, and FDDI are typically used on LANs.

The command frame-relay map ip 10.121.16.8 102 broadcast means to mapping the distal IP 10.121.16.8 102 to the local DLCI 102. When the “broadcast” keyword is included, it turns Frame Relay network as a broadcast network, which can forward broadcasts

First we notice that telnet uses port 23 so only D, E & F can satisfy this requirement.

The purpose of this access-list is to deny traffic from network 192.168.15.32 255.255.255.240 (to find out the subnet mask just convert all bit “0″ to “1″ and all bit “1″ to “0″ of the wildcard mask) to telnet to any device. So we need to figure out the range of this network to learn which ip address will be denied.

Increment: 16
Network address: 192.168.15.32
Broadcast address: 192.168.15.47

-> Only 192.168.15.36 (Answer D) & 192.168.15.46 (Answer E) belong to this range so they are the correct answer.

The term dynamic indicates that the DLCI number and the remote router IP address 172.16.3.1 are learned via the Inverse ARP process.

Inverse ARP is a technique by which dynamic mappings are constructed in a network, allowing a device such as a router to locate the logical network address and associate it with a permanent virtual circuit (PVC).

At Attalla router, we find a deleted status but the next map statement indicates an active status, which if for Gallant. Therefore we can deduce the map statement for the PVC from Attalla to Steele is incorrect. Incorrect DLCI assignments that are configured normally shown up as “deleted” in the frame relay maps.

A network administrator can utilize PPP Layer 2 encapsulation to enable compression, authentication, and multilink support. Compression allows for the reduction of data size, improving network efficiency. Authentication ensures that only authorized users can access the network. Multilink support enables the use of multiple physical links to increase bandwidth and redundancy. VLAN support, sliding windows, and quality of service are not directly related to PPP Layer 2 encapsulation.

Dynamic ACLs have the following security benefits over standard and static extended ACLs:
+ Use of a challenge mechanism to authenticate individual users
+ Simplified management in large internetworks
+ In many cases, reduction of the amount of router processing that is required for ACLs
+ Reduction of the opportunity for network break-ins by network hackers
+ Creation of dynamic user access through a firewall, without compromising other configured security restrictions

The idea behind a WAN is to be able to connect two DTE networks together through a DCE network. The network’s DCE device (includes CSU/DSU) provides clocking to the DTE-connected interface (the router’s serial interface).