Hotspot 2: Topology Question
640-802 CCNA Hotspot Topology Exhibit
Question 1:
Note: host 172.30.4.4 is wrongly given in Question the correct host must be 172.30.0.4
Answers: 702
Explanation:
The destination layer 2 address is a DLCI for frame-relay network. The destination host packet address is 172.30.0.4 corresponding DLCI is 702.
This can be confirmed by looking at the show frame-relay map output which shows the frame-relay map statements for layer 3 address to its corresponding layer 2 address IP 172.30.0.4 is mapped to DLCI 702 .
Question 2:
Question 1:
Note: host 172.30.4.4 is wrongly given in Question the correct host must be 172.30.0.4
Answers: 702
Explanation:
The destination layer 2 address is a DLCI for frame-relay network. The destination host packet address is 172.30.0.4 corresponding DLCI is 702.
This can be confirmed by looking at the show frame-relay map output which shows the frame-relay map statements for layer 3 address to its corresponding layer 2 address IP 172.30.0.4 is mapped to DLCI 702 .
Question 2:
Answers: frame-relay map ip 172.30.0.3 196 broadcast
Explanation:
The show frame-relay map command above output provides the dynamic mapping for S-AMER (.3 as per topology the complete address is 172.30.0.3) to DLCI 196.
To create a static frame-relay map on dubai router to S-AMER we use the following command
Syntax: frame-relay map protocol protocol-address dlci [broadcast]
frame-relay map ip 172.30.0.3 196 broadcast
Question 3:
Answers: The serial connection to the MidEast branch office
Explanation:
By seeing the partial running config provided for Dubai router ... We can identify what encapuslation type is configured on each interface
Interface serial 1/0 : encapsulation frame-relay
Interface serial 1/2 and serial 1/3 : Both have encapsulation ppp
Interaface serial 1/1: Has no config info on encapsulation type this determines the default encapsulation (HDLC) is not changed on this interface.
Serial 1/1 is connection to MidEast branch office from Dubai router which has the default encapsulation.
Question 4:
Answers: T1net
17. Explain and select tasks required for WLAN
CCNA (640-802) exam topic Explain and select the appropriate administrative tasks required for a WLAN
Question1:
A single 802.11g access point has been configured and installed in the center of a square office. A few wireless users are experiencing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem? (Choose three.)
A:mismatched TKIP encryption
B:null SSID
C:cordless phones
D:mismatched SSID
E:metal file cabinets
F:antenna type or direction
Answers: C, E, F
Explanation:
Cordless phones also work on RF so they conflict with WLAN RF and reduce the performance.
metal file cabinets also act as obstacles for Radio waves in WLAN results in performane loss.
Antenna adds power gain for radio waves if Antenna selected is not correct type or direction is not exact then performance will effect.
Question 2:
Refer to the exhibit. What two facts can be determined from the WLAN diagram? (Choose two.)
A:The area of overlap of the two cells represents a basic service set (BSS).
B:The network diagram represents an extended service set (ESS).
C:Access points in each cell must be configured to use channel 1.
D:The area of overlap must be less than 10% of the area to ensure connectivity.
E:The two APs should be configured to operate on different channels.
Answers: B, E
Explanation:
The Extended Service Set (ESS) uses multiple APs with overlapping microcells to
cover all clients. Microcells should overlap by 10–15 percent for data, and 15–20 percent for voice traffic. Each AP should use a different
channel.
Question 3:
Which spread spectrum technology does the 802.11b standard define for operation?
A: IR
B: DSSS
C: FHSS
D: DSSS and FHSS
E: IR, FHSS, and DSSS
Answers: B
Explanation:
802.11b is a widely adopted standard that operates in the 2.4 GHz
range and uses Direct Sequence Spread Spectrum (DSSS).
Question 4:
What is the maximum data rate specified for IEEE 802.11b WLANs?
A: 10 Mbps
B: 11 Mbps
C: 54 Mbps
D: 100 Mbps
Answers: B
Explanation:
802.11b supports four data rates: 1, 2, 5.5, and 11 Mbps.
Question 5:
Which two statements best describe the wireless security standard that is defined by WPA? (Choose two.)
A:It specifies use of a static encryption key that must be changed frequently to enhance
B:It requires use of an open authentication method.
C:It specifies the use of dynamic encryption keys that change each time a client establishes a connection.
D:It requires that all access points and wireless devices use the same encryption key.
E:It includes authentication by PSK.
Answers: C, E
Explanation:
Wi-Fi Protected Access (WPA) is a Wi-Fi Alliance standard.
Uses Temporal Key Integrity Protocol (TKIP) for encryption,
dynamic keys, and 802.1x user authentication.
WPA-PSK (Pre shared Key) is a special mode of WPA for home users without an enterprise authentication server and provides the same strong encryption protection.
Question 6:
Which additional configuration step is necessary in order to connect to an access point that has SSID broadcasting disabled?
A: Set the SSID value in the client software to public.
B: Configure open authentication on the AP and the client.
C: Set the SSID value on the client to the SSID configured on the AP.
D: Configure MAC address filtering to permit the client to connect to the AP.
Answers: C
Explanation:
Since access point has SSID broadcasting disabled here we need to manually configure client the same SSID value configured on AP so that client can associate with the AP.
Question 7:
You and a co-worker have established wireless communication directly between your wireless laptops. What type of wireless topology has been created?
A: BSS
B: ESS
C: IBSS
D: SSID
Answers: C
Explanation:
Ad-hoc mode or Independent Basic Service Set [IBSS] is simply a group of computers talking wirelessly to each other with no access point (AP).
Question 8:
What is one reason that WPA encryption is preferred over WEP?
A: A WPA key is longer and requires more special characters than the WEP key.
B: The access point and the client are manually configured with different WPA key values.
C: WPA key values remain the same until the client configuration is changed.
D: The values of WPA keys can change dynamically while the system is used.
Answers: D
Explanation:
WPA uses dynamic keys ; WEP uses static keys.
Question 9:
Which two devices can interfere with the operation of a wireless network because they operate on similar frequencies? (Choose two.)
A:copier
B:microwave oven
C:toaster
D:cordless phone
E:IP phone
F:AM radio
Answers: B, D
Question 10:
Which encryption type does WPA 2 use ?
A: AES-CCMP
B: PPK via IV
C: PSK
D: TKIP/MIC
Answers: A
Explanation:
WPA 2 uses AES-CCMP encryption . AES-CCMP incorporates two sophisticated cryptographic techniques (counter mode and CBC-MAC) and adapts them to Ethernet frames to provide a robust security protocol between the mobile client and the access point.
CCNA (640-802) exam topic Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network .
Question1:
What are two reasons that a network administrator would use access lists? (Choose two.)
A:to control vty access into a router
B:to control broadcast traffic through a router
C:to filter traffic as it passes through a router
D:to filter traffic that originates from the router
E:to replace passwords as a line of defense against security incursions
Answers: A, C
Question 2:
Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)
access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
access-list 101 permit ip any any
A:source ip address: 192.168.15.5; destination port: 21
B:source ip address:, 192.168.15.37 destination port: 21
C:source ip address:, 192.168.15.41 destination port: 21
D:source ip address:, 192.168.15.36 destination port: 23
E:source ip address: 192.168.15.46; destination port: 23
F:source ip address:, 192.168.15.49 destination port: 23
Answers: D, E
Explanation:
access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
access-list 101 permit ip any any
The above two access-list statements are configured on RTB router and placed in outbound direction on S 0/0 interface.
First ACL statement denies all telnet ( port 23) connections from source address range 192.168.15.32 - 192.168.15.47 to any destination hosts.
Since we need to find the two packets that will be denied when routed outside s 0/0 interface .
source ip address:, 192.168.15.36 destination port: 23 this matches the ACL statement so this packet is denied.
source ip address: 192.168.15.46; destination port: 23 also matches the ACL statment so this packet is denied.
Question 3:
Refer to the exhibit. Why would the network administrator configure RA in this manner?
A: to give students access to the Internet
B: to prevent students from accessing the command prompt of RA
C: to prevent administrators from accessing the console of RA
D: to give administrators access to the Internet
E: to prevent students from accessing the Internet
F: to prevent students from accessing the Admin network
Answers: B
Explanation:
The above config entered on RA by administrator is to allow only Admin people (10.1.1.0) to access RA command prompt using telnet . Since there is an implicit deny any statement at the end of access-list 2, so rest all (students) are prevented from accessing command prompt of RA using telnet.
Question 4:
What is the function of the Cisco IOS command ip nat inside source static 10.1.1.5 172.35.16.5?
A: It creates a global address pool for all outside NAT transactions.
B: It establishes a dynamic address pool for an inside static address.
C: It creates dynamic source translations for all inside local PAT transactions.
D: It creates a one-to-one mapping between an inside local address and an inside global address. E: It maps one inside source address to a range of outside global addresses.
Answers: D
Explanation:
This command creates a static NAT translation entry for inside local address(10.1.1.5) to inside global address(172.35.16.5) .
Question 5:
What is the effect of the following access list condition?
access-list 101 permit ip 10.25.30.0 0.0.0.255 any
A: permit all packets matching the first three octets of the source address to all destinations
B: permit all packets matching the last octet of the destination address and accept all source addresses
C: permit all packets from the third subnet of the network address to all destinations
D: permit all packets matching the host bits in the source address to all destinations
E: permit all packets to destinations matching the first three octets in the destination address
Answers: A
Explanation:
The wild card mask (0.0.0.255) " 0's in wildcard mask needs a definite match" .
So for the above access-list wildcard mask specifies that it need to match first three octets of source address.
Destination address for the ACL is any so it permits all packets that matches the first three octets of source address to all destinations
Question 6:
What does the "Inside Global" address represent in the configuration of NAT?
A: the summarized address for all of the internal subnetted addresses
B: the MAC address of the router used by inside hosts to connect to the Internet
C: a globally unique, private IP address assigned to a host on the inside network
D: a registered address that represents an inside host to an outside network
Answers: D
Explanation:
Inside global address— A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.
Question 7:
What three pieces of information can be used in an extended access list to filter traffic? (Choose three.)
A:protocol
B:VLAN number
C:TCP or UDP port numbers
D:source switch port number
E:source IP address and destination IP address
F:source MAC address and destination MAC address
Answers: A, C, E
Question 8:
An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect?
A: access-list 10 permit 172.29.16.0 0.0.0.255
B: access-list 10 permit 172.29.16.0 0.0.1.255
C: access-list 10 permit 172.29.16.0 0.0.3.255
D: access-list 10 permit 172.29.16.0 0.0.15.255
E: access-list 10 permit 172.29.0.0 0.0.255.255
Answers: C
Explanation:
To combine all four ACL statements into one ACL statement with same effect we need new network that matches all 4 statements network statement and new wildcard mask for the new network we will use.
New Network for the ACL statement: AND operation needs to be perform on all four statements.
AND operation: (AND: The output is true only when both inputs A and B are true.)
A - B = Output
0 -0 = 0; 0-1 = 0 ; 1-0 = 0; 1-1= 1
Following above AND operations procedure
172.29.16.0 = 10101100.00011101.00010000.00000000
172.29.17.0 = 10101100.00011101.00010001.00000000
172.29.18.0 = 10101100.00011101.00010010.00000000
172.29.19.0 = 10101100.00011101.00010011.00000000
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
172.29.16.0 = 10101100.00011101.00010000.00000000
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
new network after AND operation is 172.29.16.0
Now to find out Wildcard mask to match all four networks we need to perform XOR operations.
XOR operation: (XOR: The output is true when either inputs A or B are true, but not if both A and B are true.)
A - B = Output
0 - 0 = 0 ; 0 - 1 = 1 ; 1-0 = 1 ; 1 - 1 = 0
Following above XOR operations procedure
172.29.16.x = 10101100.00011101.00010000.x
172.29.17.x = 10101100.00011101.00010001.x
172.29.18.x = 10101100.00011101.00010010.x
172.29.19.x = 10101100.00011101.00010011.x
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
0.0.3.x = 00000000.00000000.00000011.x
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Since we are only concern about first three octets the last octet can be 255 so the new wildcard mask is 0.0.3.255
The complete single acl statement with new network and wildcard mask that matches all four networks is
access-list 10 permit 172.29.16.0 0.0.3.255
Question 9:
An inbound access list has been configured on a serial interface to deny packet entry for TCP and UDP ports 21, 23 and 25. What types of packets will be permitted by this ACL? (Choose three.)
A:FTP
B:Telnet
C:SMTP
D:DNS
E:HTTP
F:POP3
Answers: D, E, F
Explanation:
Ports 21, 23 and 25 are denied by ACL.
21 = FTP ; 23= Telnet ; 25= SMTP
Remaining ports are permited so DNS, HTTP and POP3 ports are permitted by ACL.
Quesstion 10:
Refer to the exhibit. The FMJ manufacturing company is concerned about unauthorized access to the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only computers with access to the Payroll Server. What two technologies should be implemented to help prevent unauthorized access to the server? (Choose two.)
A:access lists
B:encrypted router passwords
C:STP
D:VLANs
E:VTP
F:wireless LANs
Answers: A, D
Explanation:
Access-lists are created to permit only Accounting1, CEO, Mgr1, and Mgr2 workstations to Payroll server.
VLAN can be created which creates a separate Broadcast domain with vlan members only Accounting1, CEO, Mgr1, and Mgr2 workstations including Payroll server.
Question 11:
A network administrator would like to implement NAT in the network shown in the graphic to allow inside hosts to use a private addressing scheme. Where should NAT be configured?
A: Corporate router
B: Engineering router
C: Sales router
D: all routers
E: all routers and switches
Answers: A
A: permit ip any any
deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80
B: permit ip any any
deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80
C: deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80
permit ip any any
D: deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80
permit ip any any
Explanation:.
We need to create a ACL which denies Account department network from accessing HTTP on HR server.
Source address is account department network: 172.16.16.0 mask 255.255.255.0
Destination address is HR server : 172.17.17.252
Port number for HTTP traffic on destination addresss : 80
First create deny statement
access-list 100 deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 80
Since there is a implicit deny any any statement at the end of ACL we need to permit remaining traffic.
access-list 100 permit ip any any
CCNA (640-802) topic Implement and Verify WAN links answers the questions from this topic in exam.
Question 1:
A default Frame Relay WAN is classified as what type of physical network?
A: point-to-point
B: broadcast multi-access
C: nonbroadcast multi-access
D: nonbroadcast multipoint
E: broadcast point-to-multipoint
Answers: C
Question 2:
The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command?
A: This command should be executed from the global configuration mode.
B: The IP address 10.121.16.8 is the local router port used to forward data.
C: 102 is the remote DLCI that will receive the information.
D: This command is required for all Frame Relay configurations.
E: The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC.
Answers: E
Explanation:
When the frame-relay map command is included in the configuration with the broadcast keyword, it turns Frame Relay network as a broadcast network.
Question 3:
Refer to the exhibit. Which statement describes DLCI 17?
A: DLCI 17 describes the ISDN circuit between R2 and R3.
B: DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1.
C: DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3.
D: DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider.
Answers: C
Question 4:
How should a router that is being used in a Frame Relay network be configured to avoid split horizon issues from preventing routing updates?
A: Configure a separate sub-interface for each PVC with a unique DLCI and subnet assigned to the sub-interface.
B: Configure each Frame Relay circuit as a point-to-point line to support multicast and broadcast traffic.
C: Configure many sub-interfaces on the same subnet.
D: Configure a single sub-interface to establish multiple PVC connections to multiple remote router interfaces.
Answers: A
Question 5:
What can a network administrator utilize by using PPP Layer 2 encapsulation? (Choose three.)
A:VLAN support
B:compression
C:authentication
D:sliding windows
E:multilink support
F:quality of service
Answers: B, C, E
Question 6:
Refer to the exhibit. What is the meaning of the term dynamic as displayed in the output of the show frame-relay map command shown?
A: The Serial0/0 interface is passing traffic.
B: The DLCI 100 was dynamically allocated by the router.
C: The Serial0/0 interface acquired the IP address of 172.16.3.1 from a DHCP server.
D: The DLCI 100 will be dynamically changed as required to adapt to changes in the Frame Relay cloud.
E: The mapping between DLCI 100 and the end station IP address 172.16.3.1 was learned through Inverse ARP.
Answers: E
Explanation:
Inverse ARP allows a Frame Relay network to discover the protocol address associated with the virtual circuit dynamically.
Question 7:
Which of the following describes the roles of devices in a WAN? (Choose three.)
A:A CSU/DSU terminates a digital local loop.
B:A modem terminates a digital local loop.
C:A CSU/DSU terminates an analog local loop.
D:A modem terminates an analog local loop.
E:A router is commonly considered a DTE device.
F:A router is commonly considered a DCE device.
Answers: A, D, E
Question 8:
Which three Layer 2 encapsulation types would be used on a WAN rather than a LAN? (Choose three.)
A:HDLC
B:Ethernet
C:Token Ring
D:PPP
E:FDDI
F:Frame Relay
Answers: A, D, F
Question 9:
The Frame Relay network in the diagram is not functioning properly. What is the cause of the problem?
A: The Gallant router has the wrong LMI type configured.
B: Inverse ARP is providing the wrong PVC information to the Gallant router.
C: The S3 interface of the Steele router has been configured with the frame-relay encapsulation ietf command.
D: The frame-relay map statement in the Attalla router for the PVC to Steele is not correct.
E: The IP address on the serial interface of the Attalla router is configured incorrectly.
Answers: D
Explanation:
In above exhibit we need to look at the status of each PVC to identify the problem.
At atlanta we find the show command for first Map status deleted. Which is the PVC to Steele because the next map statement in show command is for Gallant and its status is active.
Question 10:
Which of the following are key characteristics of PPP? (Choose three.)
A:can be used over analog circuits
B:maps Layer 2 to Layer 3 address
C:encapsulates several routed protocols
D:supports IP only
E:provides error correction
Answers: A, C, E
Question 11:
A Cisco router that was providing Frame Relay connectivity at a remote site was replaced with a different vendor's frame relay router. Connectivity is now down between the central and remote site. What is the most likely cause of the problem?
A: incorrect IP address mapping
B: mismatched encapsulation types
C: incorrect DLCI
D: mismatched LMI types
Answers: B
Question 12:
Refer to the exhibit. The network administrator must complete the connection between the RTA of the XYZ Company and the service provider. To accomplish this task, which two devices could be installed at the customer site to provide a connection through the local loop to the central office of the provider? (Choose two.)
A:WAN switch
B:PVC
C:ATM switch
D:multiplexer
E:CSU/DSU
F:modem
Answers: E, F
Question 13:
When a router is connected to a Frame Relay WAN link using a serial DTE interface, how is the interface clock rate determined?
A: It is supplied by the CSU/DSU.
B: It is supplied by the far end router.
C: It is determined by the clock rate command.
D: It is supplied by the Layer 1 bit stream timing.
Answers: A
Question1:
A single 802.11g access point has been configured and installed in the center of a square office. A few wireless users are experiencing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem? (Choose three.)
A:mismatched TKIP encryption
B:null SSID
C:cordless phones
D:mismatched SSID
E:metal file cabinets
F:antenna type or direction
Answers: C, E, F
Explanation:
Cordless phones also work on RF so they conflict with WLAN RF and reduce the performance.
metal file cabinets also act as obstacles for Radio waves in WLAN results in performane loss.
Antenna adds power gain for radio waves if Antenna selected is not correct type or direction is not exact then performance will effect.
Question 2:
Refer to the exhibit. What two facts can be determined from the WLAN diagram? (Choose two.)
A:The area of overlap of the two cells represents a basic service set (BSS).
B:The network diagram represents an extended service set (ESS).
C:Access points in each cell must be configured to use channel 1.
D:The area of overlap must be less than 10% of the area to ensure connectivity.
E:The two APs should be configured to operate on different channels.
Answers: B, E
Explanation:
The Extended Service Set (ESS) uses multiple APs with overlapping microcells to
cover all clients. Microcells should overlap by 10–15 percent for data, and 15–20 percent for voice traffic. Each AP should use a different
channel.
Question 3:
Which spread spectrum technology does the 802.11b standard define for operation?
A: IR
B: DSSS
C: FHSS
D: DSSS and FHSS
E: IR, FHSS, and DSSS
Answers: B
Explanation:
802.11b is a widely adopted standard that operates in the 2.4 GHz
range and uses Direct Sequence Spread Spectrum (DSSS).
Question 4:
What is the maximum data rate specified for IEEE 802.11b WLANs?
A: 10 Mbps
B: 11 Mbps
C: 54 Mbps
D: 100 Mbps
Answers: B
Explanation:
802.11b supports four data rates: 1, 2, 5.5, and 11 Mbps.
Question 5:
Which two statements best describe the wireless security standard that is defined by WPA? (Choose two.)
A:It specifies use of a static encryption key that must be changed frequently to enhance
B:It requires use of an open authentication method.
C:It specifies the use of dynamic encryption keys that change each time a client establishes a connection.
D:It requires that all access points and wireless devices use the same encryption key.
E:It includes authentication by PSK.
Answers: C, E
Explanation:
Wi-Fi Protected Access (WPA) is a Wi-Fi Alliance standard.
Uses Temporal Key Integrity Protocol (TKIP) for encryption,
dynamic keys, and 802.1x user authentication.
WPA-PSK (Pre shared Key) is a special mode of WPA for home users without an enterprise authentication server and provides the same strong encryption protection.
Question 6:
Which additional configuration step is necessary in order to connect to an access point that has SSID broadcasting disabled?
A: Set the SSID value in the client software to public.
B: Configure open authentication on the AP and the client.
C: Set the SSID value on the client to the SSID configured on the AP.
D: Configure MAC address filtering to permit the client to connect to the AP.
Answers: C
Explanation:
Since access point has SSID broadcasting disabled here we need to manually configure client the same SSID value configured on AP so that client can associate with the AP.
Question 7:
You and a co-worker have established wireless communication directly between your wireless laptops. What type of wireless topology has been created?
A: BSS
B: ESS
C: IBSS
D: SSID
Answers: C
Explanation:
Ad-hoc mode or Independent Basic Service Set [IBSS] is simply a group of computers talking wirelessly to each other with no access point (AP).
Question 8:
What is one reason that WPA encryption is preferred over WEP?
A: A WPA key is longer and requires more special characters than the WEP key.
B: The access point and the client are manually configured with different WPA key values.
C: WPA key values remain the same until the client configuration is changed.
D: The values of WPA keys can change dynamically while the system is used.
Answers: D
Explanation:
WPA uses dynamic keys ; WEP uses static keys.
Question 9:
Which two devices can interfere with the operation of a wireless network because they operate on similar frequencies? (Choose two.)
A:copier
B:microwave oven
C:toaster
D:cordless phone
E:IP phone
F:AM radio
Answers: B, D
Question 10:
Which encryption type does WPA 2 use ?
A: AES-CCMP
B: PPK via IV
C: PSK
D: TKIP/MIC
Answers: A
Explanation:
WPA 2 uses AES-CCMP encryption . AES-CCMP incorporates two sophisticated cryptographic techniques (counter mode and CBC-MAC) and adapts them to Ethernet frames to provide a robust security protocol between the mobile client and the access point.
Implement, verify, and troubleshoot NAT and ACLs
CCNA (640-802) exam topic Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network .
Question1:
What are two reasons that a network administrator would use access lists? (Choose two.)
A:to control vty access into a router
B:to control broadcast traffic through a router
C:to filter traffic as it passes through a router
D:to filter traffic that originates from the router
E:to replace passwords as a line of defense against security incursions
Answers: A, C
Question 2:
Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)
access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
access-list 101 permit ip any any
A:source ip address: 192.168.15.5; destination port: 21
B:source ip address:, 192.168.15.37 destination port: 21
C:source ip address:, 192.168.15.41 destination port: 21
D:source ip address:, 192.168.15.36 destination port: 23
E:source ip address: 192.168.15.46; destination port: 23
F:source ip address:, 192.168.15.49 destination port: 23
Answers: D, E
Explanation:
access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
access-list 101 permit ip any any
The above two access-list statements are configured on RTB router and placed in outbound direction on S 0/0 interface.
First ACL statement denies all telnet ( port 23) connections from source address range 192.168.15.32 - 192.168.15.47 to any destination hosts.
Since we need to find the two packets that will be denied when routed outside s 0/0 interface .
source ip address:, 192.168.15.36 destination port: 23 this matches the ACL statement so this packet is denied.
source ip address: 192.168.15.46; destination port: 23 also matches the ACL statment so this packet is denied.
Question 3:
Refer to the exhibit. Why would the network administrator configure RA in this manner?
A: to give students access to the Internet
B: to prevent students from accessing the command prompt of RA
C: to prevent administrators from accessing the console of RA
D: to give administrators access to the Internet
E: to prevent students from accessing the Internet
F: to prevent students from accessing the Admin network
Answers: B
Explanation:
The above config entered on RA by administrator is to allow only Admin people (10.1.1.0) to access RA command prompt using telnet . Since there is an implicit deny any statement at the end of access-list 2, so rest all (students) are prevented from accessing command prompt of RA using telnet.
Question 4:
What is the function of the Cisco IOS command ip nat inside source static 10.1.1.5 172.35.16.5?
A: It creates a global address pool for all outside NAT transactions.
B: It establishes a dynamic address pool for an inside static address.
C: It creates dynamic source translations for all inside local PAT transactions.
D: It creates a one-to-one mapping between an inside local address and an inside global address. E: It maps one inside source address to a range of outside global addresses.
Answers: D
Explanation:
This command creates a static NAT translation entry for inside local address(10.1.1.5) to inside global address(172.35.16.5) .
Question 5:
What is the effect of the following access list condition?
access-list 101 permit ip 10.25.30.0 0.0.0.255 any
A: permit all packets matching the first three octets of the source address to all destinations
B: permit all packets matching the last octet of the destination address and accept all source addresses
C: permit all packets from the third subnet of the network address to all destinations
D: permit all packets matching the host bits in the source address to all destinations
E: permit all packets to destinations matching the first three octets in the destination address
Answers: A
Explanation:
The wild card mask (0.0.0.255) " 0's in wildcard mask needs a definite match" .
So for the above access-list wildcard mask specifies that it need to match first three octets of source address.
Destination address for the ACL is any so it permits all packets that matches the first three octets of source address to all destinations
Question 6:
What does the "Inside Global" address represent in the configuration of NAT?
A: the summarized address for all of the internal subnetted addresses
B: the MAC address of the router used by inside hosts to connect to the Internet
C: a globally unique, private IP address assigned to a host on the inside network
D: a registered address that represents an inside host to an outside network
Answers: D
Explanation:
Inside global address— A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.
Question 7:
What three pieces of information can be used in an extended access list to filter traffic? (Choose three.)
A:protocol
B:VLAN number
C:TCP or UDP port numbers
D:source switch port number
E:source IP address and destination IP address
F:source MAC address and destination MAC address
Answers: A, C, E
Question 8:
An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect?
A: access-list 10 permit 172.29.16.0 0.0.0.255
B: access-list 10 permit 172.29.16.0 0.0.1.255
C: access-list 10 permit 172.29.16.0 0.0.3.255
D: access-list 10 permit 172.29.16.0 0.0.15.255
E: access-list 10 permit 172.29.0.0 0.0.255.255
Answers: C
Explanation:
To combine all four ACL statements into one ACL statement with same effect we need new network that matches all 4 statements network statement and new wildcard mask for the new network we will use.
New Network for the ACL statement: AND operation needs to be perform on all four statements.
AND operation: (AND: The output is true only when both inputs A and B are true.)
A - B = Output
0 -0 = 0; 0-1 = 0 ; 1-0 = 0; 1-1= 1
Following above AND operations procedure
172.29.16.0 = 10101100.00011101.00010000.00000000
172.29.17.0 = 10101100.00011101.00010001.00000000
172.29.18.0 = 10101100.00011101.00010010.00000000
172.29.19.0 = 10101100.00011101.00010011.00000000
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
172.29.16.0 = 10101100.00011101.00010000.00000000
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
new network after AND operation is 172.29.16.0
Now to find out Wildcard mask to match all four networks we need to perform XOR operations.
XOR operation: (XOR: The output is true when either inputs A or B are true, but not if both A and B are true.)
A - B = Output
0 - 0 = 0 ; 0 - 1 = 1 ; 1-0 = 1 ; 1 - 1 = 0
Following above XOR operations procedure
172.29.16.x = 10101100.00011101.00010000.x
172.29.17.x = 10101100.00011101.00010001.x
172.29.18.x = 10101100.00011101.00010010.x
172.29.19.x = 10101100.00011101.00010011.x
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
0.0.3.x = 00000000.00000000.00000011.x
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Since we are only concern about first three octets the last octet can be 255 so the new wildcard mask is 0.0.3.255
The complete single acl statement with new network and wildcard mask that matches all four networks is
access-list 10 permit 172.29.16.0 0.0.3.255
Question 9:
An inbound access list has been configured on a serial interface to deny packet entry for TCP and UDP ports 21, 23 and 25. What types of packets will be permitted by this ACL? (Choose three.)
A:FTP
B:Telnet
C:SMTP
D:DNS
E:HTTP
F:POP3
Answers: D, E, F
Explanation:
Ports 21, 23 and 25 are denied by ACL.
21 = FTP ; 23= Telnet ; 25= SMTP
Remaining ports are permited so DNS, HTTP and POP3 ports are permitted by ACL.
Quesstion 10:
Refer to the exhibit. The FMJ manufacturing company is concerned about unauthorized access to the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only computers with access to the Payroll Server. What two technologies should be implemented to help prevent unauthorized access to the server? (Choose two.)
A:access lists
B:encrypted router passwords
C:STP
D:VLANs
E:VTP
F:wireless LANs
Answers: A, D
Explanation:
Access-lists are created to permit only Accounting1, CEO, Mgr1, and Mgr2 workstations to Payroll server.
VLAN can be created which creates a separate Broadcast domain with vlan members only Accounting1, CEO, Mgr1, and Mgr2 workstations including Payroll server.
Question 11:
A network administrator would like to implement NAT in the network shown in the graphic to allow inside hosts to use a private addressing scheme. Where should NAT be configured?
A: Corporate router
B: Engineering router
C: Sales router
D: all routers
E: all routers and switches
Answers: A
Question 12:
An access list has been designed to prevent HTTP traffic from the Accounting Department from reaching the HR server attached to the Holyoke router. Which of the following access lists will accomplish this task when grouped with the e0 interface on the Chicopee router?
A: permit ip any any
deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80
B: permit ip any any
deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80
C: deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80
permit ip any any
D: deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80
permit ip any any
Answers: D
Explanation:.
We need to create a ACL which denies Account department network from accessing HTTP on HR server.
Source address is account department network: 172.16.16.0 mask 255.255.255.0
Destination address is HR server : 172.17.17.252
Port number for HTTP traffic on destination addresss : 80
First create deny statement
access-list 100 deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 80
Since there is a implicit deny any any statement at the end of ACL we need to permit remaining traffic.
access-list 100 permit ip any any
Implement and verify WAN links
CCNA (640-802) topic Implement and Verify WAN links answers the questions from this topic in exam.
Question 1:
A default Frame Relay WAN is classified as what type of physical network?
A: point-to-point
B: broadcast multi-access
C: nonbroadcast multi-access
D: nonbroadcast multipoint
E: broadcast point-to-multipoint
Answers: C
Question 2:
The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command?
A: This command should be executed from the global configuration mode.
B: The IP address 10.121.16.8 is the local router port used to forward data.
C: 102 is the remote DLCI that will receive the information.
D: This command is required for all Frame Relay configurations.
E: The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC.
Answers: E
Explanation:
When the frame-relay map command is included in the configuration with the broadcast keyword, it turns Frame Relay network as a broadcast network.
Question 3:
Refer to the exhibit. Which statement describes DLCI 17?
A: DLCI 17 describes the ISDN circuit between R2 and R3.
B: DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1.
C: DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3.
D: DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider.
Answers: C
Question 4:
How should a router that is being used in a Frame Relay network be configured to avoid split horizon issues from preventing routing updates?
A: Configure a separate sub-interface for each PVC with a unique DLCI and subnet assigned to the sub-interface.
B: Configure each Frame Relay circuit as a point-to-point line to support multicast and broadcast traffic.
C: Configure many sub-interfaces on the same subnet.
D: Configure a single sub-interface to establish multiple PVC connections to multiple remote router interfaces.
Answers: A
Question 5:
What can a network administrator utilize by using PPP Layer 2 encapsulation? (Choose three.)
A:VLAN support
B:compression
C:authentication
D:sliding windows
E:multilink support
F:quality of service
Answers: B, C, E
Question 6:
Refer to the exhibit. What is the meaning of the term dynamic as displayed in the output of the show frame-relay map command shown?
A: The Serial0/0 interface is passing traffic.
B: The DLCI 100 was dynamically allocated by the router.
C: The Serial0/0 interface acquired the IP address of 172.16.3.1 from a DHCP server.
D: The DLCI 100 will be dynamically changed as required to adapt to changes in the Frame Relay cloud.
E: The mapping between DLCI 100 and the end station IP address 172.16.3.1 was learned through Inverse ARP.
Answers: E
Explanation:
Inverse ARP allows a Frame Relay network to discover the protocol address associated with the virtual circuit dynamically.
Question 7:
Which of the following describes the roles of devices in a WAN? (Choose three.)
A:A CSU/DSU terminates a digital local loop.
B:A modem terminates a digital local loop.
C:A CSU/DSU terminates an analog local loop.
D:A modem terminates an analog local loop.
E:A router is commonly considered a DTE device.
F:A router is commonly considered a DCE device.
Answers: A, D, E
Question 8:
Which three Layer 2 encapsulation types would be used on a WAN rather than a LAN? (Choose three.)
A:HDLC
B:Ethernet
C:Token Ring
D:PPP
E:FDDI
F:Frame Relay
Answers: A, D, F
Question 9:
The Frame Relay network in the diagram is not functioning properly. What is the cause of the problem?
A: The Gallant router has the wrong LMI type configured.
B: Inverse ARP is providing the wrong PVC information to the Gallant router.
C: The S3 interface of the Steele router has been configured with the frame-relay encapsulation ietf command.
D: The frame-relay map statement in the Attalla router for the PVC to Steele is not correct.
E: The IP address on the serial interface of the Attalla router is configured incorrectly.
Answers: D
Explanation:
In above exhibit we need to look at the status of each PVC to identify the problem.
At atlanta we find the show command for first Map status deleted. Which is the PVC to Steele because the next map statement in show command is for Gallant and its status is active.
Question 10:
Which of the following are key characteristics of PPP? (Choose three.)
A:can be used over analog circuits
B:maps Layer 2 to Layer 3 address
C:encapsulates several routed protocols
D:supports IP only
E:provides error correction
Answers: A, C, E
Question 11:
A Cisco router that was providing Frame Relay connectivity at a remote site was replaced with a different vendor's frame relay router. Connectivity is now down between the central and remote site. What is the most likely cause of the problem?
A: incorrect IP address mapping
B: mismatched encapsulation types
C: incorrect DLCI
D: mismatched LMI types
Answers: B
Question 12:
Refer to the exhibit. The network administrator must complete the connection between the RTA of the XYZ Company and the service provider. To accomplish this task, which two devices could be installed at the customer site to provide a connection through the local loop to the central office of the provider? (Choose two.)
A:WAN switch
B:PVC
C:ATM switch
D:multiplexer
E:CSU/DSU
F:modem
Answers: E, F
Question 13:
When a router is connected to a Frame Relay WAN link using a serial DTE interface, how is the interface clock rate determined?
A: It is supplied by the CSU/DSU.
B: It is supplied by the far end router.
C: It is determined by the clock rate command.
D: It is supplied by the Layer 1 bit stream timing.
Answers: A
Tidak ada komentar:
Posting Komentar