EWAN Practice Exam Quiz!

1. Which type of ACL will permit traffic inbound into a private network only if an outbound session has already been established between the source and destination?

Extended

Reflexive

Standard

Time-based

A reflexive ACL is used to permit traffic inbound into a private network only if an outbound session has already been established between the source and destination. This means that the ACL will track the state of the connection and allow the return traffic for an already established session. It helps in enhancing security by ensuring that only legitimate traffic is allowed into the network.

Explanation

A reflexive ACL is used to permit traffic inbound into a private network only if an outbound session has already been established between the source and destination. This means that the ACL will track the state of the connection and allow the return traffic for an already established session. It helps in enhancing security by ensuring that only legitimate traffic is allowed into the network.

2. An administrator learns of an e-mail that has been received by a number of users in the company. This e-mail appears to come from the office of the administrator. The e-mail asks the users to confirm their account and password information. Which type of security threat does this e-mail represent?

Cracking

Phishing

Phreaking

Spamming

This e-mail represents a phishing threat. Phishing is a type of cyber attack where attackers impersonate a legitimate entity, such as an administrator or a trusted company, to trick users into revealing sensitive information like account credentials or financial details. In this case, the e-mail appears to come from the office of the administrator and asks users to confirm their account and password information, which is a common tactic used in phishing attacks.

Explanation

This e-mail represents a phishing threat. Phishing is a type of cyber attack where attackers impersonate a legitimate entity, such as an administrator or a trusted company, to trick users into revealing sensitive information like account credentials or financial details. In this case, the e-mail appears to come from the office of the administrator and asks users to confirm their account and password information, which is a common tactic used in phishing attacks.

3. A network administrator has changed the VLAN configurations on his network switches over the past weekend. How can the administrator determine if the additions and changes improved performance and availability on the company intranet?

Conduct a performance test and compare with the baseline that was established previously.

Interview departmental secretaries and determine if they think load time for web pages has improved.

Determine performance on the intranet by monitoring load times of company web pages from remote sites.

To determine if the changes in VLAN configurations have improved performance and availability on the company intranet, the network administrator should conduct a performance test and compare it with the previously established baseline. This will provide objective data on any improvements or degradation in performance. Interviewing departmental secretaries may provide subjective opinions but may not accurately reflect the overall performance. Monitoring load times of company web pages from remote sites will give insights into the actual performance on the intranet. Comparing hit counts on the company web server can provide information on website popularity but may not directly indicate improvements in performance and availability.

Explanation

To determine if the changes in VLAN configurations have improved performance and availability on the company intranet, the network administrator should conduct a performance test and compare it with the previously established baseline. This will provide objective data on any improvements or degradation in performance. Interviewing departmental secretaries may provide subjective opinions but may not accurately reflect the overall performance. Monitoring load times of company web pages from remote sites will give insights into the actual performance on the intranet. Comparing hit counts on the company web server can provide information on website popularity but may not directly indicate improvements in performance and availability.

4. At what physical location does the responsibility for a WAN connection change from the service provider to the user?

DMZ

Local loop

CSU/DSU

Demarcation point

The demarcation point is the physical location where the responsibility for a WAN connection changes from the service provider to the user. It is the point where the service provider's network ends and the user's network begins. At this point, the service provider is responsible for the connection up to the demarcation point, while the user is responsible for the connection beyond it. This demarcation point is typically located at the customer premises and is often marked by a demarcation device, such as a network interface device or a demarcation jack.

Explanation

The demarcation point is the physical location where the responsibility for a WAN connection changes from the service provider to the user. It is the point where the service provider's network ends and the user's network begins. At this point, the service provider is responsible for the connection up to the demarcation point, while the user is responsible for the connection beyond it. This demarcation point is typically located at the customer premises and is often marked by a demarcation device, such as a network interface device or a demarcation jack.

5.

Refer to the exhibit. All devices are configured as shown in the exhibit. PC1 is unable to ping the default gateway. What is the cause of the problem?

The default gateway is in the wrong subnet.

STP has blocked the port that PC1 is connected to.

Port Fa0/2 on S2 is assigned to the wrong VLAN.

S2 has the wrong IP address assigned to the VLAN30 interface.

The cause of the problem is that Port Fa0/2 on S2 is assigned to the wrong VLAN. This means that PC1 is not in the correct VLAN and therefore cannot communicate with the default gateway.

Explanation

The cause of the problem is that Port Fa0/2 on S2 is assigned to the wrong VLAN. This means that PC1 is not in the correct VLAN and therefore cannot communicate with the default gateway.

6. What will be the result of adding the command IP DHCP excluded-address 192.168.24.1 192.168.24.5 to the configuration of a local router that has been configured as a DHCP server?

Traffic that is destined for 192.168.24.1 and 192.168.24.5 will be dropped by the router.

Traffic will not be routed from clients with addresses between 192.168.24.1 and 192.168.24.5.

The DHCP server will not issue the addresses ranging from 192.168.24.1 to 192.168.24.5.

The router will ignore all traffic that comes from the DHCP servers with addresses 192.168.24.1 and 192.168.24.5.

Adding the command "IP DHCP excluded-address 192.168.24.1 192.168.24.5" to the configuration of a local router that is acting as a DHCP server will prevent the DHCP server from assigning the addresses within the specified range (192.168.24.1 to 192.168.24.5) to any clients. In other words, these addresses will be excluded from the pool of available addresses that the DHCP server can assign to clients.

Explanation

Adding the command "IP DHCP excluded-address 192.168.24.1 192.168.24.5" to the configuration of a local router that is acting as a DHCP server will prevent the DHCP server from assigning the addresses within the specified range (192.168.24.1 to 192.168.24.5) to any clients. In other words, these addresses will be excluded from the pool of available addresses that the DHCP server can assign to clients.

7. Which type of ACL will permit traffic inbound into a private network only if an outbound session has already been established between the source and destination?

Extended

Reflexive

Standard

Time-based

A reflexive ACL is the correct answer because it allows inbound traffic into a private network only if there is an established outbound session between the source and destination. This means that the ACL keeps track of the state of connections and only permits traffic that is part of an existing session. Reflexive ACLs provide an additional layer of security by ensuring that incoming traffic is legitimate and associated with an ongoing connection.

Explanation

A reflexive ACL is the correct answer because it allows inbound traffic into a private network only if there is an established outbound session between the source and destination. This means that the ACL keeps track of the state of connections and only permits traffic that is part of an existing session. Reflexive ACLs provide an additional layer of security by ensuring that incoming traffic is legitimate and associated with an ongoing connection.

8. Which characteristic of VPN technology prevents the contents of data communications from being read by unauthorized parties?

QoS

Latency

Reliability

Confidentiality

Confidentiality is the characteristic of VPN technology that prevents the contents of data communications from being read by unauthorized parties. This means that the information transmitted through the VPN is encrypted and can only be accessed by authorized individuals with the proper decryption keys. This ensures that sensitive data remains secure and private, protecting it from interception and unauthorized access.

Explanation

Confidentiality is the characteristic of VPN technology that prevents the contents of data communications from being read by unauthorized parties. This means that the information transmitted through the VPN is encrypted and can only be accessed by authorized individuals with the proper decryption keys. This ensures that sensitive data remains secure and private, protecting it from interception and unauthorized access.

9.

Refer to the exhibit. R1 is performing NAT overload for the 10.1.1.0/24 inside network. Host A has sent a packet to the Web Server. What is the destination IP address of the return packet from Web Server when received at R1?

10.1.1.2:80

10.1.1.2:1234

172.30.20.1:1234

172.30.20.1:3333

When R1 performs NAT overload, it replaces the source IP address of outgoing packets with its own IP address and assigns a unique port number. In this scenario, when Host A sends a packet to the Web Server, R1 will replace the source IP address with its own IP address (172.30.20.1) and assign a unique port number (3333). Therefore, the destination IP address of the return packet from the Web Server, when received at R1, will be 172.30.20.1:3333.

Explanation

When R1 performs NAT overload, it replaces the source IP address of outgoing packets with its own IP address and assigns a unique port number. In this scenario, when Host A sends a packet to the Web Server, R1 will replace the source IP address with its own IP address (172.30.20.1) and assign a unique port number (3333). Therefore, the destination IP address of the return packet from the Web Server, when received at R1, will be 172.30.20.1:3333.

10.

Refer to the exhibit. Branch A has a non-Cisco router that is using IETF encapsulation and Branch B has a Cisco router. After the commands that are shown are entered, R1 and R2 fail to establish the PVC. The R2 LMI is Cisco, and the R1 LMI is ANSI. The LMI is successfully established at both locations. Why is PVC failing?

The PVC to R1 must be point-to-point.

LMI types must match on each end of a PVC.

The frame relay PVCs cannot be established between Cisco and non-Cisco routers.

The IETF parameter is missing from the frame-relay map ip 10.10.10.1 201 command.

The PVC is failing because the IETF parameter is missing from the frame-relay map ip 10.10.10.1 201 command. This parameter is necessary for the non-Cisco router at Branch A to understand the encapsulation being used by the Cisco router at Branch B. Without this parameter, the routers are unable to establish the PVC successfully.

Explanation

The PVC is failing because the IETF parameter is missing from the frame-relay map ip 10.10.10.1 201 command. This parameter is necessary for the non-Cisco router at Branch A to understand the encapsulation being used by the Cisco router at Branch B. Without this parameter, the routers are unable to establish the PVC successfully.

11.

Refer to the exhibit. A network administrator has been asked to configure PPP with CHAP authentication over the serial link between routers R1 and R2. What additional configuration should be included on both routers to complete the task?

To configure PPP with CHAP authentication over the serial link between routers R1 and R2, both routers should have the same CHAP password configured. This password should be configured using the "ppp chap password" command under the serial interface configuration mode on both routers. Additionally, the "ppp authentication chap" command should be configured under the serial interface configuration mode to enable CHAP authentication.

Explanation

To configure PPP with CHAP authentication over the serial link between routers R1 and R2, both routers should have the same CHAP password configured. This password should be configured using the "ppp chap password" command under the serial interface configuration mode on both routers. Additionally, the "ppp authentication chap" command should be configured under the serial interface configuration mode to enable CHAP authentication.

12. A recently patched application server is experiencing response time problems. The network on which the application server is located has been experiencing occasional outages that the network team believes may be related to recent routing changes. Network and application teams have been notified to work on their respective issues. Which statement applies to this situation?

Only results from the software package should be tested as the network is designed to accommodate the proposed software platform.

Scheduling will be easy if the network and software teams work independently.

It will be difficult to isolate the problem if two teams are implementing changes independently.

Results from changes will be easier to reconcile and document if each team works in isolation.

The correct answer states that it will be difficult to isolate the problem if two teams are implementing changes independently. This means that if both the network and application teams are making changes to their respective areas without coordinating with each other, it will be challenging to determine the root cause of the response time problems. By working independently, the teams may inadvertently introduce conflicting changes or overlook potential interactions between the network and application that could be causing the issues. Therefore, collaboration and coordination between the two teams are necessary to effectively troubleshoot and resolve the problem.

Explanation

The correct answer states that it will be difficult to isolate the problem if two teams are implementing changes independently. This means that if both the network and application teams are making changes to their respective areas without coordinating with each other, it will be challenging to determine the root cause of the response time problems. By working independently, the teams may inadvertently introduce conflicting changes or overlook potential interactions between the network and application that could be causing the issues. Therefore, collaboration and coordination between the two teams are necessary to effectively troubleshoot and resolve the problem.

13. Which wireless solution can provide mobile users with non line-of-sight broadband Internet access at speeds comparable to DSL or cable?

Wi-Fi

WiMAX

Satellite

Metro Ethernet

WiMAX is the correct answer because it is a wireless solution that can provide mobile users with non line-of-sight broadband Internet access at speeds comparable to DSL or cable. WiMAX stands for Worldwide Interoperability for Microwave Access and is a technology that allows for long-range wireless communication. It can provide high-speed internet access over a wide area, making it suitable for mobile users who require broadband connectivity without the need for direct line-of-sight.

Explanation

WiMAX is the correct answer because it is a wireless solution that can provide mobile users with non line-of-sight broadband Internet access at speeds comparable to DSL or cable. WiMAX stands for Worldwide Interoperability for Microwave Access and is a technology that allows for long-range wireless communication. It can provide high-speed internet access over a wide area, making it suitable for mobile users who require broadband connectivity without the need for direct line-of-sight.

14.

Refer to the exhibit. A network administrator is creating a prototype to verify the new WAN design. However, the communication between the two routers cannot be established. Based on the output of the commands, what can be done to solve the problem?

Replace the serial cable .

Replace the WIC on RA.

Configure RA with a clock rate command.

Issue a no shutdown interface command on RB.

Based on the output of the "show controllers serial" command, it can be observed that the DCE cable is connected to Router RA. This means that Router RA should have the clock rate command configured in order to establish communication with Router RB. Therefore, the correct solution to solve the problem is to configure Router RA with a clock rate command.

Explanation

Based on the output of the "show controllers serial" command, it can be observed that the DCE cable is connected to Router RA. This means that Router RA should have the clock rate command configured in order to establish communication with Router RB. Therefore, the correct solution to solve the problem is to configure Router RA with a clock rate command.

15.

Refer to the exhibit. Router1 and Router2 each support separate areas of a data center, and are connected via a crossover cable. Resources attached to Router1 are unable to connect to resources attached to Router2. What is the likely cause?

The crossover cable is faulty.

The IP addressing is incorrect.

There is a Layer 2 problem with the router connection.

The upper layers are experiencing an unspecified problem.

One or both of the Ethernet interfaces are not working correctly.

The likely cause of the issue is that the IP addressing is incorrect. This means that the devices connected to Router1 and Router2 are not assigned proper IP addresses or are assigned conflicting IP addresses. As a result, the devices are unable to communicate with each other.

Explanation

The likely cause of the issue is that the IP addressing is incorrect. This means that the devices connected to Router1 and Router2 are not assigned proper IP addresses or are assigned conflicting IP addresses. As a result, the devices are unable to communicate with each other.

16. A network administrator is instructing a technician on best practices for applying ACLs. Which suggestion should the administrator provide?

Named ACLs are less efficient than numbered ACLs.

Standard ACLs should be applied closest to the core layer.

ACLs applied to outbound interfaces are the most efficient.

Extended ACLs should be applied closest to the source that is specified by the ACL.

not-available-via-ai

Explanation

not-available-via-ai

17. Where does a service provider assume responsibility from a customer for a WAN connection?

Local loop

DTE cable on router

Demarcation point

Demilitarized zone

The demarcation point is where a service provider assumes responsibility for a WAN connection from a customer. This is the point where the customer's network equipment connects to the service provider's network. It marks the boundary between the two networks and is typically located at the customer premises. At the demarcation point, any issues or responsibilities for the WAN connection are transferred from the customer to the service provider.

Explanation

The demarcation point is where a service provider assumes responsibility for a WAN connection from a customer. This is the point where the customer's network equipment connects to the service provider's network. It marks the boundary between the two networks and is typically located at the customer premises. At the demarcation point, any issues or responsibilities for the WAN connection are transferred from the customer to the service provider.

18. A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. How can the administrator determine how this change has affected performance and availability on the company intranet?

Conduct a performance test and compare with the baseline that was established previously.

Determine performance on the intranet by monitoring load times of company web pages from remote sites.

Interview departmental administrative assistants and determine if they think load time for web pages has improved.

The best way for the network administrator to determine how the change has affected performance and availability on the company intranet is to conduct a performance test and compare it with the baseline that was established previously. This will provide a direct comparison of the performance before and after the change, allowing the administrator to identify any improvements or issues. Monitoring load times of company web pages from remote sites or interviewing departmental administrative assistants may provide some insight, but they are not as reliable or objective as conducting a performance test. Comparing hit counts on the company web server does not directly measure performance or availability.

Explanation

The best way for the network administrator to determine how the change has affected performance and availability on the company intranet is to conduct a performance test and compare it with the baseline that was established previously. This will provide a direct comparison of the performance before and after the change, allowing the administrator to identify any improvements or issues. Monitoring load times of company web pages from remote sites or interviewing departmental administrative assistants may provide some insight, but they are not as reliable or objective as conducting a performance test. Comparing hit counts on the company web server does not directly measure performance or availability.

19. A network administrator is tasked with maintaining two remote locations in the same city. Both locations use the same service provider and have the same service plan for DSL service. When comparing download rates, it is noticed that the location on the East side of town has a faster download rate than the location on the West side of town. How can this be explained?

The West side has a high volume of POTS traffic.

The West side of town is downloading larger packets.

The service provider is closer to the location on the East side.

More clients share a connection to the DSLAM on the West side.

The East side of town has a faster download rate because the service provider is located closer to that location. The proximity to the service provider allows for a stronger and more stable connection, resulting in faster download speeds.

Explanation

The East side of town has a faster download rate because the service provider is located closer to that location. The proximity to the service provider allows for a stronger and more stable connection, resulting in faster download speeds.

20. What will be the result of adding the command ip dhcp excluded-address 192.168.24.1 192.168.24.5 to the configuration of a local router that has been configured as a DHCP server?

Traffic that is destined for 192.168.24.1 and 192.168.24.5 will be dropped by the router.

Traffic will not be routed from clients with addresses between 192.168.24.1 and 192.168.24.5.

The DHCP server will not issue the addresses ranging from 192.168.24.1 to 192.168.24.5.

The router will ignore all traffic that comes from the DHCP servers with addresses 192.168.24.1 and 192.168.24.5.

By adding the command "ip dhcp excluded-address 192.168.24.1 192.168.24.5" to the configuration of a local router that is a DHCP server, the router will exclude the addresses ranging from 192.168.24.1 to 192.168.24.5 from being assigned by the DHCP server. This means that the DHCP server will not allocate these addresses to clients, ensuring that they are not used by any devices on the network.

Explanation

By adding the command "ip dhcp excluded-address 192.168.24.1 192.168.24.5" to the configuration of a local router that is a DHCP server, the router will exclude the addresses ranging from 192.168.24.1 to 192.168.24.5 from being assigned by the DHCP server. This means that the DHCP server will not allocate these addresses to clients, ensuring that they are not used by any devices on the network.

21.

Refer to the exhibit. All devices are configured as shown in the exhibit. PC1 is unable to ping the default gateway. What is the cause of the problem?

The default gateway is in the wrong subnet.

STP has blocked the port that PC1 is connected to.

Port Fa0/2 on S2 is assigned to the wrong VLAN.

S2 has the wrong IP address assigned to the VLAN30 interface.

The cause of the problem is that Port Fa0/2 on S2 is assigned to the wrong VLAN. This means that PC1 and the default gateway are in different VLANs, preventing communication between them.

Explanation

The cause of the problem is that Port Fa0/2 on S2 is assigned to the wrong VLAN. This means that PC1 and the default gateway are in different VLANs, preventing communication between them.

22. Which data link layer encapsulation protocol is used by default for serial connections between two Cisco routers?

ATM

Frame Relay

HDLC

PPP

SDLC

HDLC (High-Level Data Link Control) is the default data link layer encapsulation protocol used for serial connections between two Cisco routers. HDLC is a bit-oriented protocol that provides both connection-oriented and connectionless services. It is simple, efficient, and widely supported by Cisco devices. HDLC is used for synchronous serial communication and offers features like error detection and flow control. It is the default protocol for Cisco routers but can be replaced with other protocols like PPP or Frame Relay if needed.

Explanation

HDLC (High-Level Data Link Control) is the default data link layer encapsulation protocol used for serial connections between two Cisco routers. HDLC is a bit-oriented protocol that provides both connection-oriented and connectionless services. It is simple, efficient, and widely supported by Cisco devices. HDLC is used for synchronous serial communication and offers features like error detection and flow control. It is the default protocol for Cisco routers but can be replaced with other protocols like PPP or Frame Relay if needed.

23. Which variable is permitted or denied by a standard access control list?

Protocol type

Source IP address

Source MAC address

Destination IP address

Destination MAC address

A standard access control list permits or denies access based on the source IP address. This means that the access control list allows or blocks traffic based on the IP address of the device or network trying to access a particular resource. The source IP address is an important factor in determining whether a device or network is allowed or denied access to a network resource.

Explanation

A standard access control list permits or denies access based on the source IP address. This means that the access control list allows or blocks traffic based on the IP address of the device or network trying to access a particular resource. The source IP address is an important factor in determining whether a device or network is allowed or denied access to a network resource.

24. A technician is talking to a colleague at a rival company and comparing DSL transfer rates between the two companies. Both companies are in the same city, use the same service provider, and have the same rate/service plan. What is the explanation for why company 1 reports higher download speeds than company 2 reports?

Company 1 only uses microfilters at branch locations.

Company 1 has a lower volume of POTS traffic than company 2 has.

Company 2 is located farther from the service provider than company 1 is.

Company 2 shares the connection to the DSLAM with more clients than company 1 shares with.

The explanation for why company 1 reports higher download speeds than company 2 is that company 2 is located farther from the service provider than company 1. The distance between a company's location and the service provider can affect the quality and speed of the DSL connection. The farther the distance, the more likely there will be signal degradation and slower transfer rates. Therefore, company 2, being located farther away, experiences slower download speeds compared to company 1.

Explanation

The explanation for why company 1 reports higher download speeds than company 2 is that company 2 is located farther from the service provider than company 1. The distance between a company's location and the service provider can affect the quality and speed of the DSL connection. The farther the distance, the more likely there will be signal degradation and slower transfer rates. Therefore, company 2, being located farther away, experiences slower download speeds compared to company 1.

25. Which combination of Layer 2 protocol and authentication should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router?

PPP with PAP

PPP with CHAP

HDLC with PAP

HDLC with CHAP

PPP with CHAP should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router. PPP (Point-to-Point Protocol) is a Layer 2 protocol that provides a secure and reliable connection between two devices. CHAP (Challenge Handshake Authentication Protocol) is an authentication protocol that uses a three-way handshake process to authenticate the devices. It does not send authentication information in plain text, making it a secure option for establishing a link between Cisco and non-Cisco routers.

Explanation

PPP with CHAP should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router. PPP (Point-to-Point Protocol) is a Layer 2 protocol that provides a secure and reliable connection between two devices. CHAP (Challenge Handshake Authentication Protocol) is an authentication protocol that uses a three-way handshake process to authenticate the devices. It does not send authentication information in plain text, making it a secure option for establishing a link between Cisco and non-Cisco routers.

26. A recently patched application server is experiencing response time problems. The network on which the application server is located has been experiencing occasional outages that the network team believes may be related to recent routing changes. Network and application teams have been notified to work on their respective issues. Which statement applies to this situation?

Only results from the software package should be tested as the network is designed to accommodate the proposed software platform.

Scheduling will be easy if the network and software teams work independently.

It will be difficult to isolate the problem if two teams are implementing changes independently.

Results from changes will be easier to reconcile and document if each team works in isolation.

The correct answer states that it will be difficult to isolate the problem if two teams are implementing changes independently. This means that if both the network and application teams are making changes without coordinating with each other, it will be challenging to determine which team's changes are causing the response time problems. By working independently, the teams may inadvertently create conflicting changes that make it harder to identify the root cause of the issue. Therefore, it is important for both teams to collaborate and coordinate their efforts to effectively isolate and resolve the problem.

Explanation

The correct answer states that it will be difficult to isolate the problem if two teams are implementing changes independently. This means that if both the network and application teams are making changes without coordinating with each other, it will be challenging to determine which team's changes are causing the response time problems. By working independently, the teams may inadvertently create conflicting changes that make it harder to identify the root cause of the issue. Therefore, it is important for both teams to collaborate and coordinate their efforts to effectively isolate and resolve the problem.

27. In addition to standard security procedures, what additional feature of VPN technology supports privacy between end users?

The implementation of a tunneling protocol

The use of only baseband connections

A requirement of active authentication via a RADIUS server

The use of a call-back procedure to verify user credentials

A tunneling protocol is a key feature of VPN technology that supports privacy between end users. It allows the creation of a secure and encrypted tunnel through which data is transmitted over the internet. This tunneling protocol encapsulates the data packets within another protocol, making it difficult for anyone to intercept or access the data being transmitted. By implementing a tunneling protocol, VPN technology ensures that the privacy and confidentiality of the data exchanged between end users are maintained.

Explanation

A tunneling protocol is a key feature of VPN technology that supports privacy between end users. It allows the creation of a secure and encrypted tunnel through which data is transmitted over the internet. This tunneling protocol encapsulates the data packets within another protocol, making it difficult for anyone to intercept or access the data being transmitted. By implementing a tunneling protocol, VPN technology ensures that the privacy and confidentiality of the data exchanged between end users are maintained.

28. What translation method will allow a server to always keep the same public address?

Static NAT

Dynamic NAT

Static NAT with overload

Dynamic NAT with overload

Static NAT is the translation method that allows a server to always keep the same public address. With static NAT, a specific private IP address is permanently mapped to a corresponding public IP address. This ensures that any inbound or outbound traffic to the server will always use the same public address, providing consistency and ease of access.

Explanation

Static NAT is the translation method that allows a server to always keep the same public address. With static NAT, a specific private IP address is permanently mapped to a corresponding public IP address. This ensures that any inbound or outbound traffic to the server will always use the same public address, providing consistency and ease of access.

29.

Refer to the exhibit. Branch A has a Cisco router and Branch B has a non-Cisco router that is using IETF encapsulation . After the commands that are shown are entered, R2 and R3 fail to establish the PVC. The R2 LMI is Cisco, and the R3 LMI is ANSI. The LMI is successfully established at both locations. Why is the PVC failing?

The PVC to R3 must be point-to-point.

LMI types cannot be different on each end of a PVC.

A single port can only support one encapsulation type.

The IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command.

The PVC is failing because the IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command. The IETF parameter is necessary for the router to understand that the encapsulation being used is IETF. Since Branch A has a Cisco router, it expects the IETF encapsulation by default. However, Branch B has a non-Cisco router that is using IETF encapsulation, so the IETF parameter needs to be explicitly specified in the command for the PVC to be established successfully.

Explanation

The PVC is failing because the IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command. The IETF parameter is necessary for the router to understand that the encapsulation being used is IETF. Since Branch A has a Cisco router, it expects the IETF encapsulation by default. However, Branch B has a non-Cisco router that is using IETF encapsulation, so the IETF parameter needs to be explicitly specified in the command for the PVC to be established successfully.

30.

Refer to the exhibit. R1 is performing NAT overload for the 10.1.1.0/24 inside network. Host A has sent a packet to Web Server. What is the destination IP address of the return packet from Web Server when received at R1?

10.1.1.2:80

10.1.1.2:1234

172.30.20.1:1234

172.30.20.1:3333

The return packet from the Web Server, when received at R1, will have a destination IP address of 172.30.20.1 and a destination port number of 3333. This is because R1 is performing NAT overload, which involves translating the source IP address and port number of outgoing packets from the inside network to a different IP address and port number. When the return packet is received at R1, it reverses the translation and restores the original destination IP address and port number.

Explanation

The return packet from the Web Server, when received at R1, will have a destination IP address of 172.30.20.1 and a destination port number of 3333. This is because R1 is performing NAT overload, which involves translating the source IP address and port number of outgoing packets from the inside network to a different IP address and port number. When the return packet is received at R1, it reverses the translation and restores the original destination IP address and port number.

31. Which protocol is implicitly denied at the end of an IPv4 access list?

IP

TCP

UDP

HTTP

At the end of an IPv4 access list, the protocol that is implicitly denied is IP. This means that any traffic using the IP protocol will be denied by default. The access list is used to control and filter network traffic, and at the end of the list, any protocol that is not explicitly allowed will be denied. TCP, UDP, and HTTP are all specific protocols that can be allowed or denied based on the configuration of the access list, but IP is the catch-all protocol that is denied implicitly.

Explanation

At the end of an IPv4 access list, the protocol that is implicitly denied is IP. This means that any traffic using the IP protocol will be denied by default. The access list is used to control and filter network traffic, and at the end of the list, any protocol that is not explicitly allowed will be denied. TCP, UDP, and HTTP are all specific protocols that can be allowed or denied based on the configuration of the access list, but IP is the catch-all protocol that is denied implicitly.

32. Refer to the exhibit. A host connected to Fa0/0 is unable to acquire an IP address from the DHCP server. The output of the debug IP DHCP server command shows "DHCPD: there is no address pool for 192.168.3.17″. What is the problem?

The address 192.168.3.17 address is already in use by Fa0/0.

The pool of addresses for the 192Network pool is configured incorrectly.

The ip helper-address command should be used on the Fa0/0 interface.

The 192.168.3.17 address has not been excluded from the 192Network pool.

The output of the debug IP DHCP server command indicates that there is no address pool for the IP address 192.168.3.17. This suggests that the pool of addresses for the 192Network pool is configured incorrectly, as it does not include the address 192.168.3.17. Therefore, the DHCP server is unable to assign this address to the host connected to Fa0/0.

Explanation

The output of the debug IP DHCP server command indicates that there is no address pool for the IP address 192.168.3.17. This suggests that the pool of addresses for the 192Network pool is configured incorrectly, as it does not include the address 192.168.3.17. Therefore, the DHCP server is unable to assign this address to the host connected to Fa0/0.

33.

Refer to the exhibit. Routers R1 and R2 have been configured with EIGRP in the same autonomous system. Computers PC1 and PC2 are not able to ping each other. Further investigation has revealed that the route to 192.168.10.0 is missing from the routing table on R2. What is the cause of the problem?

The networks are not correctly summarized.

The FastEthernet interfaces on R1 are configured as passive.

The network statements on R2 are incorrectly configured.

EIGRP on R1 does not recognize the 192.168.10.0 network.

The FastEthernet interfaces on R1 are configured as passive, which means they will not participate in the routing process. As a result, the route to the 192.168.10.0 network is not advertised to R2, causing the computers PC1 and PC2 to be unable to ping each other.

Explanation

The FastEthernet interfaces on R1 are configured as passive, which means they will not participate in the routing process. As a result, the route to the 192.168.10.0 network is not advertised to R2, causing the computers PC1 and PC2 to be unable to ping each other.

34. Which statement is true about PAP in the authentication of a PPP session?

PAP uses a two-way handshake.

The password is unique and random.

PAP conducts periodic password challenges.

PAP uses MD5 hashing to keep the password secure.

PAP (Password Authentication Protocol) is a simple authentication protocol used in PPP (Point-to-Point Protocol) sessions. It involves a two-way handshake, where the client sends its username and password to the server, and the server verifies the credentials. This process does not involve any encryption or hashing methods, making it less secure compared to other authentication protocols. Therefore, the statement "PAP uses a two-way handshake" is true.

Explanation

PAP (Password Authentication Protocol) is a simple authentication protocol used in PPP (Point-to-Point Protocol) sessions. It involves a two-way handshake, where the client sends its username and password to the server, and the server verifies the credentials. This process does not involve any encryption or hashing methods, making it less secure compared to other authentication protocols. Therefore, the statement "PAP uses a two-way handshake" is true.

35. Which option correctly defines the capacity through the local loop guaranteed to a customer by the service provider?

BE

DE

CIR

CBIR

CIR stands for Committed Information Rate, which is the minimum guaranteed bandwidth or capacity that a service provider ensures to deliver to a customer through the local loop. This means that the service provider commits to providing a certain level of bandwidth consistently, regardless of the network congestion or other factors.

Explanation

CIR stands for Committed Information Rate, which is the minimum guaranteed bandwidth or capacity that a service provider ensures to deliver to a customer through the local loop. This means that the service provider commits to providing a certain level of bandwidth consistently, regardless of the network congestion or other factors.

36. Which Layer 2 access method separates traffic into time slots and is specified by DOCSIS for use with cable high speed Internet service?

TDMA

FDMA

CDMA

S-CDMA

TDMA, or Time Division Multiple Access, is the correct answer because it is a Layer 2 access method that separates traffic into time slots. It is specified by DOCSIS, which stands for Data Over Cable Service Interface Specification, for use with cable high-speed Internet service. TDMA allows multiple users to share the same frequency channel by dividing it into different time slots, enabling efficient use of the available bandwidth.

Explanation

TDMA, or Time Division Multiple Access, is the correct answer because it is a Layer 2 access method that separates traffic into time slots. It is specified by DOCSIS, which stands for Data Over Cable Service Interface Specification, for use with cable high-speed Internet service. TDMA allows multiple users to share the same frequency channel by dividing it into different time slots, enabling efficient use of the available bandwidth.

37. What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when implemented inbound on the f0/0 interface?

All TCP traffic is permitted, and all other traffic is denied.

The command is rejected by the router because it is incomplete.

All traffic from 172.16.4.0/24 is permitted anywhere on any port.

Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations.

The given command "permit tcp 172.16.4.0 0.0.0.255 any eq www" allows TCP traffic from the network 172.16.4.0/24 to any destination IP address on port 80 (www). This means that any traffic originating from the IP addresses within the specified network will be allowed to access web servers (TCP port 80) on any destination. All other traffic, including non-TCP traffic and TCP traffic on other ports, will be denied.

Explanation

The given command "permit tcp 172.16.4.0 0.0.0.255 any eq www" allows TCP traffic from the network 172.16.4.0/24 to any destination IP address on port 80 (www). This means that any traffic originating from the IP addresses within the specified network will be allowed to access web servers (TCP port 80) on any destination. All other traffic, including non-TCP traffic and TCP traffic on other ports, will be denied.

38.

Refer to the exhibit. An administrator has added the exhibited commands to routers A and B, but no routing updates are exchanged between the two routers. Based on the information that is given, what is the likely cause of the problem?

Router A is advertising the wrong network.

The authentication key strings do not match.

The serial interfaces of routers A and B are not on the same network.

The authentication key numbers do not match the EIGRP process number for both routers.

The likely cause of the problem is that the authentication key strings do not match. This could prevent the routers from exchanging routing updates because they are not able to authenticate each other. The other options mentioned in the question do not directly relate to the issue of routing updates not being exchanged between the routers.

Explanation

The likely cause of the problem is that the authentication key strings do not match. This could prevent the routers from exchanging routing updates because they are not able to authenticate each other. The other options mentioned in the question do not directly relate to the issue of routing updates not being exchanged between the routers.

39. An administrator issues the command confreg 0x2142 at the rommon 1> prompt. What is the effect when this router is rebooted?

Contents in RAM will be erased.

Contents in RAM will be ignored.

Contents in NVRAM will be erased.

Contents in NVRAM will be ignored.

When the command "confreg 0x2142" is issued at the rommon 1> prompt, it changes the configuration register value to 0x2142. This value tells the router to ignore the contents of the NVRAM (non-volatile random-access memory) during the boot process. As a result, the router will not load the startup configuration stored in the NVRAM, and instead, it will boot with a blank or default configuration. The contents in the NVRAM will be ignored, but the contents in the RAM (random-access memory) will not be affected or erased.

Explanation

When the command "confreg 0x2142" is issued at the rommon 1> prompt, it changes the configuration register value to 0x2142. This value tells the router to ignore the contents of the NVRAM (non-volatile random-access memory) during the boot process. As a result, the router will not load the startup configuration stored in the NVRAM, and instead, it will boot with a blank or default configuration. The contents in the NVRAM will be ignored, but the contents in the RAM (random-access memory) will not be affected or erased.

40. A company is looking for a WAN solution to connect its headquarters site to four remote sites. What are two advantages that dedicated leased lines provide compared to a shared Frame Relay solution?

Reduced jitter

Reduced costs

Reduced latency

The ability to burst above guaranteed bandwidth

The ability to borrow unused bandwidth from the leased lines of other customers

Dedicated leased lines provide two advantages compared to a shared Frame Relay solution: reduced jitter and reduced latency. Jitter refers to the variation in delay of packet transmission, and dedicated leased lines can provide a more consistent and predictable transmission, reducing jitter. Similarly, dedicated leased lines can also offer lower latency, which is the time it takes for data to travel from the source to the destination. These advantages can be beneficial for a company that requires reliable and fast communication between its headquarters and remote sites.

Explanation

Dedicated leased lines provide two advantages compared to a shared Frame Relay solution: reduced jitter and reduced latency. Jitter refers to the variation in delay of packet transmission, and dedicated leased lines can provide a more consistent and predictable transmission, reducing jitter. Similarly, dedicated leased lines can also offer lower latency, which is the time it takes for data to travel from the source to the destination. These advantages can be beneficial for a company that requires reliable and fast communication between its headquarters and remote sites.

Submit

41.

Refer to the exhibit. The link between the CTRL and BR_1 routers is configured as shown in the exhibit. Why are the routers unable to establish a PPP session?

The clock rate must be 56000.

The usernames are misconfigured.

The IP addresses are on different subnets.

The clock rate is configured on the wrong end of the link.

The CHAP passwords must be different on the two routers.

Interface serial 0/0/0 on CTRL must connect to interface serial 0/0/1 on BR_1.

The routers are unable to establish a PPP session because the usernames are misconfigured. This means that the usernames entered on both routers do not match, which is a requirement for establishing a PPP session.

Explanation

The routers are unable to establish a PPP session because the usernames are misconfigured. This means that the usernames entered on both routers do not match, which is a requirement for establishing a PPP session.

42.

Refer to the exhibit. An administrator is trying to connect Router1, a Cisco router, to a non-Cisco router using a serial connection. Why is the connection failing?

A loopback is not set.

The interface has been shut down.

The wrong encapsulation is being used.

Queuing cannot be used when connecting to non-Cisco devices.

The connection is failing because the wrong encapsulation is being used. Encapsulation refers to the method used to wrap data packets for transmission over a network. Different vendors may use different encapsulation methods, and in this case, the Cisco router is using a different encapsulation method than the non-Cisco router. As a result, the two routers are unable to establish a successful connection.

Explanation

The connection is failing because the wrong encapsulation is being used. Encapsulation refers to the method used to wrap data packets for transmission over a network. Different vendors may use different encapsulation methods, and in this case, the Cisco router is using a different encapsulation method than the non-Cisco router. As a result, the two routers are unable to establish a successful connection.

43.

Refer to the exhibit. An ACL numbered 101 already exists on this router. What happens if the network administrator issues the commands that are shown in the exhibit?

The new ACL overwrites the existing ACL.

The network administrator will receive an error message.

The existing ACL is modified to include the new commands.

A second ACL that is numbered 101 is created and contains only the new commands.

The given exhibit shows commands that are used to modify an existing ACL numbered 101. Instead of creating a new ACL or overwriting the existing one, the commands modify the existing ACL to include the new commands. Therefore, the correct answer is that the existing ACL is modified to include the new commands.

Explanation

The given exhibit shows commands that are used to modify an existing ACL numbered 101. Instead of creating a new ACL or overwriting the existing one, the commands modify the existing ACL to include the new commands. Therefore, the correct answer is that the existing ACL is modified to include the new commands.

44. An administrator is configuring a dual-stack router with IPv6 and IPv4 using RIPng. The administrator receives an error message when trying to enter the IPv4 routes into RIPng. What is the cause of the problem?

Incorrect IPv4 addresses are entered on the router interfaces.

RIPng is incompatible with dual-stack technology.

IPv4 is incompatible with RIPng.

not-available-via-ai

Explanation

not-available-via-ai

45.

Refer to the exhibit. Partial results of the show access-lists and show ip interface FastEthernet 0/1 commands for router R3 are shown. There are no other ACLs in effect. Host A is unable to telnet to host B. Which action will correct the problem but still restrict other traffic between the two networks?

Apply the ACL in the inbound direction.

Apply the ACL on the FastEthernet 0/0 interface.

Reverse the order of the TCP protocol statements in the ACL.

Modify the second entry in the list to permit tcp host 192.168.10.10 any eq telnet.

The correct answer is to reverse the order of the TCP protocol statements in the ACL. This is because the ACL is currently denying all traffic from host A to host B, including telnet traffic. By reversing the order of the TCP protocol statements, the ACL will first check for telnet traffic and permit it, allowing host A to telnet to host B while still restricting other traffic between the two networks.

Explanation

The correct answer is to reverse the order of the TCP protocol statements in the ACL. This is because the ACL is currently denying all traffic from host A to host B, including telnet traffic. By reversing the order of the TCP protocol statements, the ACL will first check for telnet traffic and permit it, allowing host A to telnet to host B while still restricting other traffic between the two networks.

46.

Refer to the exhibit. Headquarters is connected through the Internet to branch office A and branch office B. Which WAN technology would be best suited to provide secure connectivity between headquarters and both branch offices?

ATM

VPN

ISDN

Frame Relay

Broadband DSL

A VPN (Virtual Private Network) would be the best WAN technology to provide secure connectivity between headquarters and both branch offices. VPNs use encryption and tunneling protocols to create a secure and private network connection over the Internet. This would allow headquarters to securely communicate with branch office A and branch office B, ensuring the confidentiality and integrity of the data transmitted between them.

Explanation

A VPN (Virtual Private Network) would be the best WAN technology to provide secure connectivity between headquarters and both branch offices. VPNs use encryption and tunneling protocols to create a secure and private network connection over the Internet. This would allow headquarters to securely communicate with branch office A and branch office B, ensuring the confidentiality and integrity of the data transmitted between them.

47.

Refer to the exhibit. A host that is connected to Fa0/0 is unable to acquire an IP address dynamically from the DHCP server. The output of the debug ip dhcp server command shows "DHCPD: there is no address pool for 172.16.1.1". What is the problem?

The default router for the 172Network pool is incorrect.

The 172.16.1.1 address is already configured on Fa0/0.

The pool of addresses for the 172Network pool is incorrect.

The ip helper-address command should be implemented on the Fa0/0 interface.

The problem is that the pool of addresses for the 172Network pool is incorrect. This means that the DHCP server does not have a valid range of IP addresses to assign to the host connected to Fa0/0. As a result, the host is unable to acquire an IP address dynamically from the DHCP server.

Explanation

The problem is that the pool of addresses for the 172Network pool is incorrect. This means that the DHCP server does not have a valid range of IP addresses to assign to the host connected to Fa0/0. As a result, the host is unable to acquire an IP address dynamically from the DHCP server.

48. Which statement about a VPN is true?

VPN link establishment and maintenance is provided by LCP.

DLCI addresses are used to identify each end of the VPN tunnel.

VPNs use virtual Layer 3 connections that are routed through the Internet.

Only IP packets can be encapsulated by a VPN for tunneling through the Internet.

VPNs use virtual Layer 3 connections that are routed through the Internet. This means that VPNs create a secure and encrypted connection between two devices or networks over the Internet. The Layer 3 connection refers to the network layer in the OSI model, which deals with routing and forwarding of data packets. By establishing a virtual Layer 3 connection, VPNs can securely transmit data over public networks like the Internet, providing privacy and confidentiality.

Explanation

VPNs use virtual Layer 3 connections that are routed through the Internet. This means that VPNs create a secure and encrypted connection between two devices or networks over the Internet. The Layer 3 connection refers to the network layer in the OSI model, which deals with routing and forwarding of data packets. By establishing a virtual Layer 3 connection, VPNs can securely transmit data over public networks like the Internet, providing privacy and confidentiality.

49. Which statement is true about NCP?

Link termination is the responsibility of NCP.

Each network protocol has a corresponding NCP.

NCP establishes the initial link between PPP devices.

NCP tests the link to ensure that the link quality is sufficient.

Each network protocol has a corresponding NCP. NCP stands for Network Control Protocol, and it is responsible for establishing and configuring the network protocol for data transmission between devices. In a PPP (Point-to-Point Protocol) connection, NCP is used to negotiate and configure the specific network protocol that will be used for communication. Therefore, it is true that each network protocol has its own corresponding NCP.

Explanation

Each network protocol has a corresponding NCP. NCP stands for Network Control Protocol, and it is responsible for establishing and configuring the network protocol for data transmission between devices. In a PPP (Point-to-Point Protocol) connection, NCP is used to negotiate and configure the specific network protocol that will be used for communication. Therefore, it is true that each network protocol has its own corresponding NCP.

50.

Refer to the exhibit. What is placed in the address field in the header of a frame that will travel from the DC router to the Orlando router?

DLCI 123

DLCI 321

10.10.10.25

10.10.10.26

MAC address of the Orlando router

In this scenario, the correct answer is DLCI 321. DLCI stands for Data Link Connection Identifier, and it is used in Frame Relay networks to identify virtual circuits. The DLCI value is placed in the address field of the header of a frame to indicate the destination of the frame. In this case, the frame is traveling from the DC (Data Center) router to the Orlando router, and the DLCI 321 is the identifier for the virtual circuit connecting these two routers. Therefore, DLCI 321 is placed in the address field of the frame's header.

Explanation

In this scenario, the correct answer is DLCI 321. DLCI stands for Data Link Connection Identifier, and it is used in Frame Relay networks to identify virtual circuits. The DLCI value is placed in the address field of the header of a frame to indicate the destination of the frame. In this case, the frame is traveling from the DC (Data Center) router to the Orlando router, and the DLCI 321 is the identifier for the virtual circuit connecting these two routers. Therefore, DLCI 321 is placed in the address field of the frame's header.

51.

Refer to the exhibit. Which statement correctly describes how Router1 processes an FTP request entering interface s0/0/0, destined for an FTP server at IP address 192.168.1.5?

It matches the incoming packet to the access-list 201 permit any any statement and allows the packet into the router.

The correct answer is that Router1 matches the incoming packet to the access-list 101 permit ip any 192.168.1.0 0.0.0.255 statement, ignores the remaining statements in ACL 101, and allows the packet into the router. This means that the packet is allowed to pass through the router and reach its destination, the FTP server at IP address 192.168.1.5. The other options are incorrect because they either do not match the packet to the correct access-list or they result in dropping the packet.

Explanation

The correct answer is that Router1 matches the incoming packet to the access-list 101 permit ip any 192.168.1.0 0.0.0.255 statement, ignores the remaining statements in ACL 101, and allows the packet into the router. This means that the packet is allowed to pass through the router and reach its destination, the FTP server at IP address 192.168.1.5. The other options are incorrect because they either do not match the packet to the correct access-list or they result in dropping the packet.

52. A system administrator must provide Internet connectivity for ten hosts in a small remote office. The ISP has assigned two public IP addresses to this remote office. How can the system administrator configure the router to provide Internet access to all ten users at the same time?

Configure DHCP and static NAT.

Configure dynamic NAT for ten users.

Configure static NAT for all ten users.

Configure dynamic NAT with overload.

By configuring dynamic NAT with overload, the system administrator can provide Internet access to all ten users simultaneously. Dynamic NAT allows the router to dynamically assign one of the two public IP addresses to each user when they connect to the Internet. With overload, also known as Port Address Translation (PAT), multiple users can share a single public IP address by using different ports. This allows for efficient use of the limited number of public IP addresses assigned to the remote office.

Explanation

By configuring dynamic NAT with overload, the system administrator can provide Internet access to all ten users simultaneously. Dynamic NAT allows the router to dynamically assign one of the two public IP addresses to each user when they connect to the Internet. With overload, also known as Port Address Translation (PAT), multiple users can share a single public IP address by using different ports. This allows for efficient use of the limited number of public IP addresses assigned to the remote office.

53. What is a major characteristic of a worm?

Malicious software that copies itself into other executable programs

Tricks users into running the infected software

A set of computer instructions that lies dormant until triggered by a specific event

Exploits vulnerabilities with the intent of propagating itself across a network

A major characteristic of a worm is that it exploits vulnerabilities with the intent of propagating itself across a network. Unlike viruses, worms do not require user interaction to spread and can autonomously replicate and spread to other computers or networks. They take advantage of security weaknesses in computer systems to infect and propagate, often causing significant damage and disruption. This characteristic sets worms apart from other types of malicious software that may trick users or lie dormant until triggered.

Explanation

A major characteristic of a worm is that it exploits vulnerabilities with the intent of propagating itself across a network. Unlike viruses, worms do not require user interaction to spread and can autonomously replicate and spread to other computers or networks. They take advantage of security weaknesses in computer systems to infect and propagate, often causing significant damage and disruption. This characteristic sets worms apart from other types of malicious software that may trick users or lie dormant until triggered.

54. Which important piece of troubleshooting information can be discovered about a serial interface using the show controllers command?

Queuing strategy

Serial cable type

Interface IP address

Encapsulation method

The show controllers command can be used to discover the serial cable type of a serial interface. This command provides detailed information about the hardware components and characteristics of the interface, including the type of cable that is being used for the serial connection. This information is important for troubleshooting purposes, as it helps to ensure that the correct cable is being used and that it is properly connected.

Explanation

The show controllers command can be used to discover the serial cable type of a serial interface. This command provides detailed information about the hardware components and characteristics of the interface, including the type of cable that is being used for the serial connection. This information is important for troubleshooting purposes, as it helps to ensure that the correct cable is being used and that it is properly connected.

55. A network administrator is analyzing the data from a network performance baseline. Which condition will not be indicated in the baseline data?

The IP addressing scheme of the network

The most heavily used parts of the network

Congested areas of the network

Error rates in different parts of the network

The IP addressing scheme of the network will not be indicated in the baseline data. Baseline data is used to establish a benchmark for network performance, and it typically focuses on factors such as network utilization, congestion, and error rates. The IP addressing scheme is a separate aspect of network configuration and is not directly related to network performance. Therefore, it would not be included in the baseline data analysis.

Explanation

The IP addressing scheme of the network will not be indicated in the baseline data. Baseline data is used to establish a benchmark for network performance, and it typically focuses on factors such as network utilization, congestion, and error rates. The IP addressing scheme is a separate aspect of network configuration and is not directly related to network performance. Therefore, it would not be included in the baseline data analysis.

56. What are two characteristics of DSL technology? (Choose two.)

Uploads typically offer larger transfer rates than downloads.

Service providers deploy DSL in the local loop of the telephone network.

DSL download rates are reduced by large volumes of POTS voice traffic.

Filters and splitters allow POTS and DSL traffic to share the same medium.

DSL is a shared medium that allows many users to share bandwidth available from the DSLAM.

DSL technology is deployed in the local loop of the telephone network by service providers. This means that DSL is connected to the existing telephone infrastructure, allowing users to access the internet through their telephone lines. Additionally, filters and splitters are used to allow both POTS (Plain Old Telephone Service) and DSL traffic to share the same medium, ensuring that voice and data can be transmitted simultaneously without interference.

Explanation

DSL technology is deployed in the local loop of the telephone network by service providers. This means that DSL is connected to the existing telephone infrastructure, allowing users to access the internet through their telephone lines. Additionally, filters and splitters are used to allow both POTS (Plain Old Telephone Service) and DSL traffic to share the same medium, ensuring that voice and data can be transmitted simultaneously without interference.

Submit

57. A company is deciding which WAN connection type it should implement between its main office and branch offices. The company wants to use a cost-effective service that provides virtual circuits between each office. The company also wants to be able to transmit variable-length packets on these circuits. Which solution best meets these requirements?

ATM

HDLC

ISDN

Frame Relay

Frame Relay is the best solution for the company's requirements because it is a cost-effective service that provides virtual circuits between each office. It also allows for the transmission of variable-length packets, making it suitable for the company's needs. ATM, HDLC, and ISDN do not meet all of the specified requirements.

Explanation

Frame Relay is the best solution for the company's requirements because it is a cost-effective service that provides virtual circuits between each office. It also allows for the transmission of variable-length packets, making it suitable for the company's needs. ATM, HDLC, and ISDN do not meet all of the specified requirements.

58. Which method is most effective in protecting the routing information that is propagated between routers on the network?

Disable IP source routing.

Configure passive interfaces.

Configure routing protocol authentication.

Secure administrative lines with Secure Shell.

Configuring routing protocol authentication is the most effective method in protecting the routing information that is propagated between routers on the network. By enabling authentication, routers can verify the authenticity of routing updates and ensure that only trusted routers are allowed to participate in the routing process. This prevents unauthorized routers from injecting false or malicious routing information into the network, thus enhancing the overall security and integrity of the routing infrastructure. Disabling IP source routing, configuring passive interfaces, and securing administrative lines with Secure Shell are also important security measures, but they do not specifically address the protection of routing information.

Explanation

Configuring routing protocol authentication is the most effective method in protecting the routing information that is propagated between routers on the network. By enabling authentication, routers can verify the authenticity of routing updates and ensure that only trusted routers are allowed to participate in the routing process. This prevents unauthorized routers from injecting false or malicious routing information into the network, thus enhancing the overall security and integrity of the routing infrastructure. Disabling IP source routing, configuring passive interfaces, and securing administrative lines with Secure Shell are also important security measures, but they do not specifically address the protection of routing information.

59.

Refer to the exhibit. Communication between two peers has failed. Based on the output that is shown, what is the most likely cause?

Interface reset

Unplugged cable

Improper LMI type

PPP negotiation failure

Based on the given output, the most likely cause of the communication failure is PPP negotiation failure. This can be inferred from the fact that the exhibit does not show any indication of an interface reset or an unplugged cable. Additionally, there is no mention of an improper LMI type. Therefore, the most probable reason for the failure is a problem with the PPP negotiation process.

Explanation

Based on the given output, the most likely cause of the communication failure is PPP negotiation failure. This can be inferred from the fact that the exhibit does not show any indication of an interface reset or an unplugged cable. Additionally, there is no mention of an improper LMI type. Therefore, the most probable reason for the failure is a problem with the PPP negotiation process.

60.

Refer to the exhibit. An ACL called Managers already exists on this router. What happens if the network administrator issues the commands as shown in the exhibit?

The commands are added to the end of the existing ACL.

The existing Managers ACL will be overwritten by the new ACL.

The router will output an error message and no changes will be made.

A duplicate Managers ACL will be created that will contain only the new commands.

The given answer states that if the network administrator issues the commands shown in the exhibit, the commands will be added to the end of the existing ACL. This means that the new commands will be appended to the existing Managers ACL, rather than overwriting it or creating a duplicate ACL.

Explanation

The given answer states that if the network administrator issues the commands shown in the exhibit, the commands will be added to the end of the existing ACL. This means that the new commands will be appended to the existing Managers ACL, rather than overwriting it or creating a duplicate ACL.

61.

Refer to the exhibit. The SSH connections between the remote user and the server are failing. The correct configuration of NAT has been verified. What is the most likely cause of the problem?

SSH is unable to pass through NAT.

There are incorrect access control list entries.

The access list has the incorrect port number for SSH.

The ip helper command is required on S0/0/0 to allow inbound connections.

The most likely cause of the problem is that there are incorrect access control list entries. Access control lists (ACLs) are used to control traffic flow in a network, and if the ACL entries are not configured correctly, they can block the SSH traffic from passing through. This would result in the SSH connections between the remote user and the server failing. The correct configuration of NAT has been verified, so it is unlikely to be the cause of the problem. The incorrect port number for SSH and the absence of the ip helper command on S0/0/0 would not directly affect the SSH connections.

Explanation

The most likely cause of the problem is that there are incorrect access control list entries. Access control lists (ACLs) are used to control traffic flow in a network, and if the ACL entries are not configured correctly, they can block the SSH traffic from passing through. This would result in the SSH connections between the remote user and the server failing. The correct configuration of NAT has been verified, so it is unlikely to be the cause of the problem. The incorrect port number for SSH and the absence of the ip helper command on S0/0/0 would not directly affect the SSH connections.

62.

Refer to the exhibit. A network administrator has issued the commands that are shown on Router1 and Router2. A later review of the routing tables reveals that neither router is learning the LAN network of the neighbor router. What is most likely the problem with the RIPng configuration?

The serial interfaces are in different subnets.

The RIPng process is not enabled on interfaces.

The RIPng processes do not match between Router1 and Router2.

The RIPng network command is missing from the IPv6 RIP configuration.

The most likely problem with the RIPng configuration is that the RIPng process is not enabled on interfaces. This means that the routers are not actively participating in the RIPng routing protocol and therefore not learning the LAN network of the neighbor router. Enabling the RIPng process on the interfaces would allow the routers to exchange routing information and learn about the LAN network.

Explanation

The most likely problem with the RIPng configuration is that the RIPng process is not enabled on interfaces. This means that the routers are not actively participating in the RIPng routing protocol and therefore not learning the LAN network of the neighbor router. Enabling the RIPng process on the interfaces would allow the routers to exchange routing information and learn about the LAN network.

63.

Refer to the exhibit. Routers R1 and R2 are both configured for single area OSPF. Users who are connected to switch S1 are unable to access database applications that run on servers that are connected to S2. The network engineer is working remotely and only has the information that is shown in the exhibit to direct initial troubleshooting efforts. Based on the exhibit, which OSI layer is the most appropriate to start with for a divide-and-conquer approach?

Network layer

Application layer

Data-link layer

Physical layer

Based on the exhibit, the most appropriate OSI layer to start with for a divide-and-conquer approach is the data-link layer. The data-link layer is responsible for the reliable transfer of data between directly connected network devices. Since the issue is with users being unable to access servers connected to S2, which are in the same network segment, it is likely that there is an issue with the communication between the switch S1 and the routers R1 and R2. By starting troubleshooting at the data-link layer, the network engineer can check for any misconfigurations or faults in the physical connections, Ethernet frames, or VLAN configurations that may be causing the issue.

Explanation

Based on the exhibit, the most appropriate OSI layer to start with for a divide-and-conquer approach is the data-link layer. The data-link layer is responsible for the reliable transfer of data between directly connected network devices. Since the issue is with users being unable to access servers connected to S2, which are in the same network segment, it is likely that there is an issue with the communication between the switch S1 and the routers R1 and R2. By starting troubleshooting at the data-link layer, the network engineer can check for any misconfigurations or faults in the physical connections, Ethernet frames, or VLAN configurations that may be causing the issue.

64. Which two statements are true about IPv6 link-local addresses?

They begin with the 2000::/3 prefix.

They begin with the FE80::/10 prefix.

They must be manually configured by the administrator.

They are assigned to a host by a stateless autoconfiguration process.

IPv6 link-local addresses are used for communication within a single network segment and begin with the FE80::/10 prefix. These addresses are automatically assigned to a host by a stateless autoconfiguration process, eliminating the need for manual configuration by the administrator.

Explanation

IPv6 link-local addresses are used for communication within a single network segment and begin with the FE80::/10 prefix. These addresses are automatically assigned to a host by a stateless autoconfiguration process, eliminating the need for manual configuration by the administrator.

Submit

65.

Refer to the exhibit. Company ABC expanded its business and recently opened a new branch office in another country. IPv6 addresses have been used for the company network. The data servers Server1 and Server2 run applications that require end-to-end functionality, with unmodified packets that are forwarded from the source to the destination. The edge routers R1 and R2 support dual-stack configuration. What solution should be deployed at the edge of the company network in order to successfully interconnect both offices?

A new WAN service supporting only IPv6

NAT overload to map inside IPv6 addresses to outside IPv4 address

A manually configured IPv6 tunnel between the edge routers R1 and R2

Static NAT to map inside IPv6 addresses of the servers to an outside IPv4 ddress and dynamic

NAT for the rest of the inside IPv6 addresses

A manually configured IPv6 tunnel between the edge routers R1 and R2 should be deployed at the edge of the company network in order to successfully interconnect both offices. This solution allows for the transmission of IPv6 packets over an IPv4 network by encapsulating the IPv6 packets within IPv4 packets. This ensures end-to-end functionality and unmodified packet forwarding from the source to the destination, meeting the requirements of the applications running on Server1 and Server2.

Explanation

A manually configured IPv6 tunnel between the edge routers R1 and R2 should be deployed at the edge of the company network in order to successfully interconnect both offices. This solution allows for the transmission of IPv6 packets over an IPv4 network by encapsulating the IPv6 packets within IPv4 packets. This ensures end-to-end functionality and unmodified packet forwarding from the source to the destination, meeting the requirements of the applications running on Server1 and Server2.

66.

Refer to the exhibit. A network administrator has been asked to configure PPP with PAP authentication over the serial link between routers R1 and R2. What additional configuration should be included on both routers to complete the task?

To configure PPP with PAP authentication over the serial link between routers R1 and R2, the network administrator should include the "ppp authentication pap" command on both routers. This command enables PAP authentication for PPP on the routers.

Explanation

To configure PPP with PAP authentication over the serial link between routers R1 and R2, the network administrator should include the "ppp authentication pap" command on both routers. This command enables PAP authentication for PPP on the routers.

67. What is an accurate description of CHAP when used with PPP on a serial connection between two routers?

A username and password are sent to the peer router, which replies with an accept or reject message.

not-available-via-ai

Explanation

not-available-via-ai

68.

Refer to the exhibit. From the output of the show interfaces and ping commands, at which layer of the OSI model is a fault indicated?

Application

Transport

Network

Data link

Physical

Based on the output of the show interfaces and ping commands, a fault is indicated at the network layer of the OSI model. This can be inferred because the network layer is responsible for routing and forwarding data packets between different networks. Since the ping command is used to test connectivity between devices on different networks, any issues or faults encountered during the ping command would suggest a problem at the network layer.

Explanation

Based on the output of the show interfaces and ping commands, a fault is indicated at the network layer of the OSI model. This can be inferred because the network layer is responsible for routing and forwarding data packets between different networks. Since the ping command is used to test connectivity between devices on different networks, any issues or faults encountered during the ping command would suggest a problem at the network layer.

69.

Refer to the exhibit. Router1 is not able to communicate with its peer that is connected to this interface. Based on the output as shown, what is the most likely cause?

Interface reset

Unplugged cable

Improper LMI type

PPP negotiation failure

The most likely cause for Router1 not being able to communicate with its peer is an unplugged cable. This can be inferred from the given exhibit, which does not show any error messages or issues related to interface reset, improper LMI type, or PPP negotiation failure. Therefore, the absence of a physical connection, indicated by an unplugged cable, is the most probable cause for the communication problem.

Explanation

The most likely cause for Router1 not being able to communicate with its peer is an unplugged cable. This can be inferred from the given exhibit, which does not show any error messages or issues related to interface reset, improper LMI type, or PPP negotiation failure. Therefore, the absence of a physical connection, indicated by an unplugged cable, is the most probable cause for the communication problem.

70. What is the function of an intrusion detection system on a network?

To restrict access to only authorized users

To detect attacks against a network and send logs to a management console

To prevents attack against the network and provide active defense mechanisms

To detect and prevent most viruses and many Trojan horse applications from spreading in the network

An intrusion detection system (IDS) is designed to detect attacks against a network and send logs to a management console. It does not restrict access to authorized users, prevent attacks, or detect/prevent viruses and Trojan horse applications. Instead, an IDS monitors network traffic and analyzes it for any suspicious activity or patterns that may indicate an attack. When an attack is detected, the IDS sends logs or alerts to a management console, allowing administrators to take appropriate action and mitigate the threat.

Explanation

An intrusion detection system (IDS) is designed to detect attacks against a network and send logs to a management console. It does not restrict access to authorized users, prevent attacks, or detect/prevent viruses and Trojan horse applications. Instead, an IDS monitors network traffic and analyzes it for any suspicious activity or patterns that may indicate an attack. When an attack is detected, the IDS sends logs or alerts to a management console, allowing administrators to take appropriate action and mitigate the threat.

71.

Refer to the exhibit. Which VLAN will carry untagged traffic on FastEthernet 0/1?

VLAN 1

VLAN 2

VLAN 11

VLAN 12

VLAN 30

VLAN 999

The VLAN that will carry untagged traffic on FastEthernet 0/1 is VLAN 2.

Explanation

The VLAN that will carry untagged traffic on FastEthernet 0/1 is VLAN 2.

72. Which functions are provided by LCP and NCP as part of the PPP layered architecture?

LCP sets up the PPP connection and its parameters. NCP terminates the PPP connection.

LCP sets up the PPP connection and its parameters. NCP handles higher layer protocol configurations.

LCP includes the link-establishment phase. NCP includes link-maintenance and link-termination phases.

LCP negotiates options for multiple network layer protocols. NCP agrees automatically on encapsulation formats.

LCP (Link Control Protocol) is responsible for setting up the PPP (Point-to-Point Protocol) connection and its parameters. This includes establishing the link, negotiating options for multiple network layer protocols, and agreeing on encapsulation formats. NCP (Network Control Protocol) on the other hand, handles higher layer protocol configurations. This means that NCP is responsible for configuring and managing the network protocols that will be used over the PPP connection.

Explanation

LCP (Link Control Protocol) is responsible for setting up the PPP (Point-to-Point Protocol) connection and its parameters. This includes establishing the link, negotiating options for multiple network layer protocols, and agreeing on encapsulation formats. NCP (Network Control Protocol) on the other hand, handles higher layer protocol configurations. This means that NCP is responsible for configuring and managing the network protocols that will be used over the PPP connection.

73. While configuring a Frame Relay connection, when should a static Frame Relay map be used?

The remote router is a non-Cisco router

The local router is configured with subinterfaces

Broadcast traffic and multicast traffic over the PVC must be controlled

Globally significant rather than locally significant DLCIs are being used

A static Frame Relay map should be used when there is a need to control broadcast traffic and multicast traffic over the PVC. This means that the network administrator wants to have control over which devices can send and receive broadcast and multicast traffic over the Frame Relay connection. By using a static Frame Relay map, the administrator can specify which devices are allowed to send and receive such traffic, ensuring that it is controlled and managed according to the network's requirements.

Explanation

A static Frame Relay map should be used when there is a need to control broadcast traffic and multicast traffic over the PVC. This means that the network administrator wants to have control over which devices can send and receive broadcast and multicast traffic over the Frame Relay connection. By using a static Frame Relay map, the administrator can specify which devices are allowed to send and receive such traffic, ensuring that it is controlled and managed according to the network's requirements.

74.

Refer to the exhibit. You are a network administrator who has been tasked with completing the Frame Relay topology that interconnects two remote sites. How should the point-to-point subinterfaces be configured on HQ to complete the topology?

HQ(config-subif)#frame-relay interface-dlci 103 on Serial 0/0/0.1HQ(config-subif)#frame-relay interface-dlci 203 on Serial 0/0/0.2

HQ(config-subif)#frame-relay interface-dlci 301 on Serial 0/0/0.1 HQ(config-subif)# frame-relay interface-dlci 302 on Serial 0/0/0.2

HQ(config-subif)#frame-relay map ip 172.16.1.1 103 broadcast on Serial 0/0/0.1 HQ(config-subif)#frame-relay map ip 172.16.2.2 203 broadcast on Serial 0/0/0.2

HQ(config-subif)#frame-relay map ip 172.16.1.1 301 broadcast on Serial 0/0/0.1 HQ(config-subif)#frame-relay map ip 172.16.2.2 302 broadcast on Serial 0/0/0.2

The correct answer is to configure DLCI 301 on Serial 0/0/0.1 and DLCI 302 on Serial 0/0/0.2. This is because DLCI 301 and DLCI 302 are used to map the IP addresses 172.16.1.1 and 172.16.2.2 respectively, which are the IP addresses of the remote sites. By configuring these DLCIs on the correct subinterfaces, the Frame Relay topology will be completed and the two remote sites will be interconnected.

Explanation

The correct answer is to configure DLCI 301 on Serial 0/0/0.1 and DLCI 302 on Serial 0/0/0.2. This is because DLCI 301 and DLCI 302 are used to map the IP addresses 172.16.1.1 and 172.16.2.2 respectively, which are the IP addresses of the remote sites. By configuring these DLCIs on the correct subinterfaces, the Frame Relay topology will be completed and the two remote sites will be interconnected.

75. What are two effective measures for securing routers? (Choose two.)

Enable SNMP traps.

Disable the HTTP server service.

Use quotes, phrases, or poems to create passphrases.

Configure remote administration through VTY lines for Telnet access.

Protect all active router interfaces by configuring them as passive interfaces.

not-available-via-ai

Explanation

not-available-via-ai

Submit

76. When Frame Relay encapsulation is used, what feature provides flow control and exchanges information about the status of virtual circuits?

LCP

LMI

DLCI

Inverse ARP

LMI stands for Local Management Interface, which is a protocol used in Frame Relay networks to provide flow control and exchange information about the status of virtual circuits. It allows the devices in the network to communicate with each other and keep track of the connections. LMI is responsible for monitoring the status of virtual circuits, detecting errors, and managing the flow of data between the devices. It ensures that the network operates efficiently and effectively by providing the necessary control and management capabilities.

Explanation

LMI stands for Local Management Interface, which is a protocol used in Frame Relay networks to provide flow control and exchange information about the status of virtual circuits. It allows the devices in the network to communicate with each other and keep track of the connections. LMI is responsible for monitoring the status of virtual circuits, detecting errors, and managing the flow of data between the devices. It ensures that the network operates efficiently and effectively by providing the necessary control and management capabilities.

77. When would the multipoint keyword be used in Frame Relay PVCs configuration?

When global DLCIs are in use

When using physical interfaces

When multicasts must be supported

When participating routers are in the same subnet

The multipoint keyword is used in Frame Relay PVCs configuration when participating routers are in the same subnet. This means that multiple routers can communicate with each other using a single PVC, which reduces the number of PVCs required and simplifies the configuration. Using the multipoint configuration allows for efficient communication between routers on the same subnet without the need for individual point-to-point connections.

Explanation

The multipoint keyword is used in Frame Relay PVCs configuration when participating routers are in the same subnet. This means that multiple routers can communicate with each other using a single PVC, which reduces the number of PVCs required and simplifies the configuration. Using the multipoint configuration allows for efficient communication between routers on the same subnet without the need for individual point-to-point connections.

78. Which three statements accurately describe attributes of a security policy? (Choose three.)

It creates a basis for legal action if necessary.

It should not be altered once it is implemented.

It defines a process for managing security violations.

It focuses primarily on threats from outside of the organization.

It defines acceptable and unacceptable use of network resources.

It provides step-by-step procedures to harden routers and other network devices.

A security policy creates a basis for legal action if necessary by clearly outlining the rules and guidelines for protecting the organization's assets. It defines a process for managing security violations by specifying the steps to be taken in case of a security breach or incident. It also defines acceptable and unacceptable use of network resources, setting clear expectations for employees regarding the use of company resources and preventing misuse or unauthorized access.

Explanation

A security policy creates a basis for legal action if necessary by clearly outlining the rules and guidelines for protecting the organization's assets. It defines a process for managing security violations by specifying the steps to be taken in case of a security breach or incident. It also defines acceptable and unacceptable use of network resources, setting clear expectations for employees regarding the use of company resources and preventing misuse or unauthorized access.

Submit

79. Which two devices can be used by teleworkers who need to connect to the company network across the PSTN for a few hours a day?

Router

CSU/DSU

DSL modem

Cable modem

Access server

Dialup modem

Teleworkers who need to connect to the company network across the PSTN (Public Switched Telephone Network) for a few hours a day can use a CSU/DSU (Channel Service Unit/Data Service Unit) and a DSL modem. A CSU/DSU is used to connect a router to a digital line provided by the telephone company, which is necessary for connecting to the PSTN. A DSL modem, on the other hand, is used to establish a high-speed internet connection over existing telephone lines. Both devices are suitable for teleworkers who require temporary access to the company network.

Explanation

Teleworkers who need to connect to the company network across the PSTN (Public Switched Telephone Network) for a few hours a day can use a CSU/DSU (Channel Service Unit/Data Service Unit) and a DSL modem. A CSU/DSU is used to connect a router to a digital line provided by the telephone company, which is necessary for connecting to the PSTN. A DSL modem, on the other hand, is used to establish a high-speed internet connection over existing telephone lines. Both devices are suitable for teleworkers who require temporary access to the company network.

Submit

80.

Refer to the exhibit. What would be the result of entering the exhibited configuration on a Frame Relay router?

The local interface DLCI will be set to 102.

All traffic that is destined to 172.16.16.8 will be sent as broadcast.

Only broadcast traffic will be recieved on the Frame Relay interface.

Routing protocol multicast updates can be forwarded across the Frame Relay PVC.

Entering the exhibited configuration on a Frame Relay router will result in the local interface DLCI being set to 102.

Explanation

Entering the exhibited configuration on a Frame Relay router will result in the local interface DLCI being set to 102.

81. A router in a Frame Relay network needs to forward a message received from a host. What two methods does the router use to identify the correct VC to forward the message? (Choose two.)

The router forwards the frame to all ports in the network and learns the address from the reply frame.

The destination host IP address is embedded in the DLCI.

The router searches Inverse ARP tables for maps of DLCIs to IP addresses.

A table of static mappings can be searched.

The router broadcasts a request for the required IP address.

The router uses two methods to identify the correct VC to forward the message. First, it searches the Inverse ARP tables for maps of DLCIs (Data Link Connection Identifiers) to IP addresses. This allows the router to determine the appropriate VC based on the IP address of the destination host. Second, the router can search a table of static mappings, which provides a direct mapping between DLCIs and IP addresses. These methods enable the router to correctly route the message to the intended destination in the Frame Relay network.

Explanation

The router uses two methods to identify the correct VC to forward the message. First, it searches the Inverse ARP tables for maps of DLCIs (Data Link Connection Identifiers) to IP addresses. This allows the router to determine the appropriate VC based on the IP address of the destination host. Second, the router can search a table of static mappings, which provides a direct mapping between DLCIs and IP addresses. These methods enable the router to correctly route the message to the intended destination in the Frame Relay network.

Submit

82.

Refer to the exhibit. This router is being configured to use SDM, but the SDM interface of the router cannot be accessed. What is the cause of the problem?

The VTY lines are not configured correctly.

The HTTP timeout policy is not configured correctly.

The authentication method is not configured correctly.

The username and password are not configured correctly.

The cause of the problem is that the username and password are not configured correctly. This means that the router is not able to authenticate the user trying to access the SDM interface, resulting in the inability to access it.

Explanation

The cause of the problem is that the username and password are not configured correctly. This means that the router is not able to authenticate the user trying to access the SDM interface, resulting in the inability to access it.

83.

Refer to the exhibit. A network administrator is tasked with completing the Frame Relay topology that interconnects two remote sites. How should the point-to-point subinterfaces be configured on HQ to complete the topology?

Frame-relay interface-dlci 103 on Serial 0/0/0.1frame-relay interface-dlci 203 on Serial 0/0/0.2

Frame-relay interface-dlci 301 on Serial 0/0/0.1frame-relay interface-dlci 302 on Serial 0/0/0.2

Frame-relay map ip 192.168.1.1 103 broadcast on Serial 0/0/0.1frame-relay map ip 192.168.2.2 203 broadcast on Serial 0/0/0.2

Frame-relay map ip 192.168.1.1 301 broadcast on Serial 0/0/0.1frame-relay map ip 192.168.2.2 302 broadcast on Serial 0/0/0.2

The correct answer is to configure the point-to-point subinterfaces on HQ by mapping the IP addresses 192.168.1.1 and 192.168.2.2 to DLCIs 301 and 302 respectively. This means that traffic destined for IP address 192.168.1.1 will be sent through DLCI 301 on Serial 0/0/0.1, and traffic destined for IP address 192.168.2.2 will be sent through DLCI 302 on Serial 0/0/0.2. This configuration ensures that the correct subinterfaces are used to establish the connection between the two remote sites.

Explanation

The correct answer is to configure the point-to-point subinterfaces on HQ by mapping the IP addresses 192.168.1.1 and 192.168.2.2 to DLCIs 301 and 302 respectively. This means that traffic destined for IP address 192.168.1.1 will be sent through DLCI 301 on Serial 0/0/0.1, and traffic destined for IP address 192.168.2.2 will be sent through DLCI 302 on Serial 0/0/0.2. This configuration ensures that the correct subinterfaces are used to establish the connection between the two remote sites.

84. What three questions can be answered using data gathered from a baseline on a new network?

Are areas of the network experiencing high error rates?

Will the disaster recovery procedures work correctly?

What parts of the network have the highest volume?

Does the organization require more network technicians?

How does the network perform during peak periods?

Are there any devices working at top capacity?

What networks are the most susceptible to security attacks?

The three questions that can be answered using data gathered from a baseline on a new network are:
1. What parts of the network have the highest volume? This question helps identify areas of the network that experience high traffic, allowing for optimization and resource allocation.
2. How does the network perform during peak periods? This question helps assess the network's performance under heavy load, ensuring it can handle peak usage without degradation.
3. Are there any devices working at top capacity? This question helps identify devices that may be overloaded or reaching their maximum capacity, allowing for proactive maintenance or upgrades.

Explanation

The three questions that can be answered using data gathered from a baseline on a new network are:
1. What parts of the network have the highest volume? This question helps identify areas of the network that experience high traffic, allowing for optimization and resource allocation.
2. How does the network perform during peak periods? This question helps assess the network's performance under heavy load, ensuring it can handle peak usage without degradation.
3. Are there any devices working at top capacity? This question helps identify devices that may be overloaded or reaching their maximum capacity, allowing for proactive maintenance or upgrades.

Submit

85.

Refer to the exhibit. In the partial router configuration that is shown, what is the purpose of access list BLOCK_XYZ?

To prevent source IP address spoofing by hosts on the Fa0/0 LAN

To block access by Fa0/0 LAN hosts to all network services beyond the router

To prevent users on the Fa0/0 LAN from opening Telnet sessions on the router

To secure Fa0/0 hosts by allowing only locally sourced traffic into the Fa0/0 LAN

The purpose of access list BLOCK_XYZ is to prevent users on the Fa0/0 LAN from opening Telnet sessions on the router.

Explanation

The purpose of access list BLOCK_XYZ is to prevent users on the Fa0/0 LAN from opening Telnet sessions on the router.

86. An administrator issues the command show interfaces s0/1/0 on a router that is configured for Frame Relay. Which console output may indicate an LMI mismatch?

Serial0/1/0 is administratively down

Serial0/1/0 is up, line protocol is up

Serial0/1/0 is up, line protocol is down

Serial0/1/0 is down, line protocol is down

If the line protocol is down while the interface is up, it indicates an LMI mismatch. In Frame Relay, the Local Management Interface (LMI) is used to exchange information between the router and the Frame Relay switch. When there is a mismatch in the LMI configuration between the router and the switch, the line protocol will be down even though the interface itself is up. Therefore, the console output "Serial0/1/0 is up, line protocol is down" and "Serial0/1/0 is down, line protocol is down" both indicate an LMI mismatch.

Explanation

If the line protocol is down while the interface is up, it indicates an LMI mismatch. In Frame Relay, the Local Management Interface (LMI) is used to exchange information between the router and the Frame Relay switch. When there is a mismatch in the LMI configuration between the router and the switch, the line protocol will be down even though the interface itself is up. Therefore, the console output "Serial0/1/0 is up, line protocol is down" and "Serial0/1/0 is down, line protocol is down" both indicate an LMI mismatch.

Submit

87. Which combination of Layer 2 protocol and authentication should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router?

PPP with PAP

PPP with CHAP

HDLC with PAP

HDLC with CHAP

PPP with PAP should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router because PAP (Password Authentication Protocol) is a simple authentication method that sends the username and password in plain text. PPP (Point-to-Point Protocol) is a widely used Layer 2 protocol that provides authentication, encryption, and compression. Using PPP with PAP ensures that the authentication information is not sent in plain text, thus enhancing security.

Explanation

PPP with PAP should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router because PAP (Password Authentication Protocol) is a simple authentication method that sends the username and password in plain text. PPP (Point-to-Point Protocol) is a widely used Layer 2 protocol that provides authentication, encryption, and compression. Using PPP with PAP ensures that the authentication information is not sent in plain text, thus enhancing security.

88. Which three statements accurately describe a security policy?

It creates a basis for legal action if necessary.

It defines a process for managing security violations.

It defines acceptable and unacceptable use of network resources.

The remote access policy is a component of the security policy that governs acceptable use of e-mail systems.

It is kept private from users to prevent the possibility of circumventing security measures.

It provides step-by-step procedures to harden routers and other network devices.

A security policy creates a basis for legal action if necessary. This means that the policy outlines the rules and regulations that need to be followed in order to maintain security, and if these rules are violated, legal action can be taken. This helps in ensuring that individuals are aware of the consequences of not adhering to the security policy, and it provides a framework to deal with security breaches and violations.

Explanation

A security policy creates a basis for legal action if necessary. This means that the policy outlines the rules and regulations that need to be followed in order to maintain security, and if these rules are violated, legal action can be taken. This helps in ensuring that individuals are aware of the consequences of not adhering to the security policy, and it provides a framework to deal with security breaches and violations.