Selasa, 27 Januari 2015

CCNA3 CAPTER 9

An employee called the help desk to report a laptop that could not access a web-based application on the Internet. The help desk technician asked the employee to open a Windows command prompt and type the ipconfig /all command. Which problem-solving technique did the technician choose?

top-down

bottom-up

substitution

divide-and-conquer



http://ev-iip.netacad.net/assessment/images/i152297n1v1.jpg
Refer to the exhibit. Given the output generated by the debug ppp negotiation command, which statement is true?

The line protocol of the local router is now up.

The hostname of the local router is Goleta.

The command ppp authentication pap is configured on both routers.

The local router requested to terminate the session.



http://ev-iip.netacad.net/assessment/images/11444.jpg
Refer to the exhibit. A network administrator has implemented subnetting using the network 192.168.25.0 and a /28 mask. Workstation 1 is not able to ping with Workstation 2. What is a possible cause for this lack of communication?

Workstation 1 and Workstation 2 are on the same subnet.

The serial connections are using addresses from the LAN subnets.

All hosts in the network must be in the same subnet to communicate.

Workstation 1 is not on the same network that the RTA router LAN interface is on.



http://ev-iip.netacad.net/assessment/images/17957.jpg
Refer to the exhibit. A lab technician connects two routers together via a serial cable using the default interface configuration values. The interfaces are up; however, the technician is unable to ping between the two devices. What is the most likely problem?

The lab technician used the wrong cable to connect the serial ports.

There is an IP mismatch between the serial ports.

There is an encapsulation mismatch between the serial ports.

No clock rate has been set on the DCE interface.



http://ev-iip.netacad.net/assessment/images/i131904n1v1.jpg
Refer to the exhibit. A network administrator is doing proactive network maintenance. The administrator pings 192.168.1.100 and compares the results to the baseline data. Based on the comparison of the two pings, what is one possibility?

There is an ACL applied, making the destination host unreachable.

There is a malfunctioning NIC on the destination host.

The sending host is unable to access the network.

There are congestion problems on the network.



http://ev-iip.netacad.net/assessment/images/19512.jpg
Refer to the exhibit. Host 192.168.1.14 is unable to download email from 192.168.2.200. After reviewing the output of the show running-config command, what problem is discovered?

Access to the SMTP server is denied.

The destination host address in an ACL statement is incorrect.

The ACL is applied to the interface in the wrong direction.

The implicit deny any any is blocking all access to email.



http://ev-iip.netacad.net/assessment/images/16499.jpg
Refer to the exhibit. An ACL is configured to prevent access by network 192.168.1.0 to network 192.168.2.0, but it is not working properly. What problem is discovered after observing the output of the show running-config command?

The protocol type specified in the ACL should be TCP, not IP.

The source and destination addresses are reversed in the statement.

The ACL is applied to the wrong interface, but the right direction.

The ACL is applied to the wrong interface and the wrong direction.

The permit ip any any statement allows network 192.168.1.0 access.



http://ev-iip.netacad.net/assessment/images/36219.png
Refer to the exhibit. Based on the network diagram and the output shown, which statement is true?

The command was entered on router R1.

The command was entered on router R2.

The command was entered on router R3.

The command could have been entered on either R1 or R2.



http://ev-iip.netacad.net/assessment/images/16337.jpg
Refer to the exhibit. ABC Company is using the 172.16.0.0/18 network. It is standard company practice to use the first 50 addresses for switches and servers and assign the last usable address to the router. The remaining addresses are assigned to the hosts. After assigning the addresses, the network technician tests connectivity from the host above and is not able to ping the router. What could be the problem?

The router was assigned the broadcast address.

The host is not in the same subnet as the switch and router.

The router interface is in the wrong subnet.

The host was assigned a network address.



http://ev-iip.netacad.net/assessment/images/16382.jpg
Refer to the exhibit. Based on the output shown, why is VTP information unable to propagate the network?

One of the two client mode switches must be reconfigured to Transparent mode.

Each switch must be synchronized to the network time server.

The VTP domain names are different.

VTP passwords must be set.

The configuration revision numbers are all the same.



http://ev-iip.netacad.net/assessment/images/17037.jpg
Refer to the exhibit. Based on the output shown, to which IP network should the workstations in the Support department belong?

192.168.1.0

172.16.1.0

172.16.3.0

172.16.5.0



http://ev-iip.netacad.net/assessment/images/16413.jpg
Refer to the exhibit. Users are reporting that they cannot access the Internet. Routers R1 and R2 are configured with RIP version 2 as shown. If R2 receives a packet with a destination address on the Internet, how is the packet routed?

The packet is routed to the ISP router and then to network 10.1.1.0/24.

The packet is routed to the ISP router and then to the Internet.

The packet is routed to R1 and then forwarded out Fa0/0 on R1.

The packet will not be routed because R2 does not have a valid default route.



http://ev-iip.netacad.net/assessment/images/i131839n1v1.jpg
Refer to the exhibit. The network administrator is unable to ping from the console of router R3 to host 10.10.4.63. What is the problem?

RIPv1 does not support VLSM.

Router R2 does not have RIP correctly configured.

Router R3 is missing a network statement for network 10.0.0.0.

There is an addressing problem on the link between routers R2 and R3.


What is important to consider while configuring the subinterfaces of a router when implementing inter-VLAN routing?

The subinterface numbers must match the VLAN ID number.

The physical interface must have an IP address configured.

The IP address of each subinterface must be the default gateway address for each VLAN subnet.

The no shutdown command must be given on each subinterface.


A network at a large building failed, causing a severe disruption in business activities. The problem was eventually detected and resolved by replacing a piece of failed network equipment. Investigation led to the conclusion that a network design problem was the main cause of the disruption. Loss of a single piece of equipment should not have been able to cause such a large problem. What two terms best describe this type of design weakness? (Choose two.)

bottleneck

limited availability

limited scalability

large failure domain

single point of failure

limited staff capabilities


Which two statements describe when a network administrator should perform a network baseline? (Choose two.)

It should be done monthly as a minimum standard.

It should be performed when all switch Cisco IOS versions are upgraded.

It should be done when all network printers are upgraded to a new model.

It should be done when the network is performing at normal activity levels.

It should be done whenever an SLA has been signed with a new service provider.



http://ev-iip.netacad.net/assessment/images/17045.jpg
Refer to the exhibit. A network administrator is troubleshooting a problem. No users are able to access the 10.10.2.0/24 network, but are able to access all other networks. Assuming R3 is configured correctly and based on the output shown, what is most likely the problem?

There is congestion on the 10.10.2.0 network.

The EIGRP process number on R2 is incorrect.

The Fa0/0 interface on R2 is shut down.

The Fa0/0 interface on R2 has an incorrect IP address or subnet mask.



http://ev-iip.netacad.net/assessment/images/i121302n1v1.jpg
Refer to the exhibit. Both routers are configured using RIPv1. Both routers are sending updates about the directly connected routes. R1 can successfully ping the serial interface of R2. The routing table on R1 does not contain any dynamically learned routes from R2, and the routing table on R2 shows no dynamically learned routes from R1. What is the problem?

Subnetting is not supported by RIPv1.

One of the routers needs a clock rate on the serial interface.

The serial link between the two routers is unstable.

VLSM is not supported by RIPv1.


The enterprise mail server software recently went through a minor update. A network administrator notices an excessive amount of traffic between a database server and the newly updated mail server, compared to the baseline data. What is the first action the administrator should do to investigate the problem?

Wait to see if the recent update will stabilize after a while.

Redo the baseline data to include the minor upgrade.

Check the log to see what software components are producing the excess traffic.

Check for viruses and spyware on the database server.



http://ev-iip.netacad.net/assessment/images/18896.jpg
Although all networks are reachable, the network administrator notices abnormal routing behavior after configuring OSPF on each router. According to the partial output from the debug ip ospf events command, which statement is true about the contents of the routing table in RA?

It will show network 172.16.3.0 learned from RB.

It will show network 172.16.3.0 learned from RC.

It will show two equal routes to network 192.168.1.4/30.

It will show two equal routes to network 192.168.1.8/30.



http://ev-iip.netacad.net/assessment/images/18282.jpg
Refer to the exhibit. The network administrator is troubleshooting the connectivity issue between RA and RB. According to the partial configuration, what is the cause of the problem?

password mismatch for PPP authentication

username mismatch for PPP authentication

encapsulation method mismatch for PPP authentication

authentication method mismatch for PPP authentication



http://ev-iip.netacad.net/assessment/images/i131840n1v1.jpg
Refer to the exhibit. The network administrator correctly configures RTA to perform inter-VLAN routing. Using the show vlan command, the administrator verifies that port Fast Ethernet 0/4 is the first available port in the default VLAN on SW2. The administrator connects RTA to port 0/4 on SW2, but inter-VLAN routing does not work. What could be the possible cause of the problem with the SW2 configuration?

Port 0/4 is not active.

Port 0/4 must be a member of VLAN1.

Port 0/4 is configured in access mode.

Port 0/4 is configured as a trunk port.

CCNA3 CAPTER 8

Which wildcard mask would match the host range for the subnet 192.16.5.32 /27?

0.0.0.32

0.0.0.63

0.0.63.255

0.0.0.31



http://ev-iip.netacad.net/assessment/images/7985.jpg
Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN to the Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/1 on the Marketing router to implement the new security policy?

access-list 197 permit ip 192.0.2.0 0.0.0.255 any
access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www

access-list 165 permit ip 192.0.2.0 0.0.0.255 any
access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www
access-list 165 permit ip any any

access-list 137 permit ip 192.0.2.0 0.0.0.255 any
access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www

access-list 89 permit 192.0.2.0 0.0.0.255 any
access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www



http://ev-iip.netacad.net/assessment/images/i131838n1v1.jpg
Refer to the exhibit. Hosts from 172.19.123.0 are not allowed access to 192.0.2.0 but should be able to access the Internet. Which set of commands will create a standard ACL that will apply to traffic outbound on the Shannon router interface Fa0/0 implementing this security?

access-list 142 deny ip 172.19.123.0 0.0.0.255 192.0.2.0 0.0.0.255
access-list 142 permit ip any any

access-list 56 deny 172.19.123.0 0.0.0.255
access-list 56 permit any

access-list 61 deny 172.19.123.0 0.0.0.0
access-list 61 permit any

access-list 87 deny 192.0.2.0 0.0.0.255
access-list 87 permit any



http://ev-iip.netacad.net/assessment/images/18895.jpg
Refer to the exhibit. An administrator notes a significant increase in the amount of traffic that is entering the network from the ISP. The administrator clears the counters. After a few minutes, the administrator again checks the access-list table. What can be concluded from the output that is shown?

A small amount of HTTP traffic is an indication that the web server was not configured correctly.

A larger amount of POP3 traffic, compared with SMTP traffic, indicates that there are more POP3 e-mail clients than SMTP clients in the enterprise.

A large amount of ICMP traffic is being denied at the interface, which can be an indication of a DoS attack.

A larger amount of e-mail traffic, compared with web traffic, is an indication that attackers mainly targeted the e-mail server.



http://ev-iip.netacad.net/assessment/images/16623.jpg
Refer to the exhibit. A network administrator needs to add the command deny ip 10.0.0.0 0.255.255.255 any log to R3. After adding the command, the administrator verifies the change using the show access-list command. What sequence number does the new entry have?

0

10, and all other items are shifted down to the next sequence number

50

60


A security administrator wants to secure password exchanges on the vty lines on all routers in the enterprise. What option should be implemented to ensure that passwords are not sent in clear text across the public network?

Use Telnet with an authentication server to ensure effective authentication.

Apply an access list on the router interfaces to allow only authorized computers.

Apply an access list on the vty line to allow only authorized computers.

Use only Secure Shell (SSH) on the vty lines.

What is the best option an administrator can choose to ensure that ICMP DoS attacks from the outside are contained as much as possible, without restricting connectivity tests initiated from the inside out?

Create an access list that permits only echo reply and destination unreachable packets from the outside.

Create an access list that denies all TCP traffic coming from the outside.

Permit TCP traffic from only known external sources.

Create an access list with the established keyword at the end of the line.


Traffic from the 64.104.48.0 to 64.104.63.255 range must be denied access to the network. What wildcard mask would the network administrator configure in the access list to cover this range?

0.0.15.255

0.0.47.255

0.0.63.255

255.255.240.0


A network administrator enters the following commands on router RTB.

RTB(config)# access-list 4 deny 192.168.20.16 0.0.0.15
RTB(config)# access-list 4 permit any
RTB(config)# interface serial 0/0/0
RTB(config-if)# ip access-group 4 in

Which addresses are blocked from entering RTB?

192.168.20.17 to 192.168.20.31

192.168.20.16 to 192.168.20.31

192.168.20.16 to 192.168.20.32

192.168.20.17 to 192.168.20.32


Why are inbound ACLs more efficient for the router than outbound ACLs?

Inbound ACLs deny packets before routing lookups are required.

Inbound ACL operation requires less network bandwidth than outbound.

Inbound ACLs permit or deny packets to LANs, which are typically more efficient than WANs.

Inbound ACLs are applied to Ethernet interfaces, while outbound ACLs are applied to slower serial interfaces.


http://ev-iip.netacad.net/assessment/images/17036.jpg
Refer to the exhibit. The network administrator of a company needs to configure the router RTA to allow its business partner (Partner A) to access the web server located in the internal network. The web server is assigned a private IP address, and a static NAT is configured on the router for its public IP address. Finally, the administrator adds the ACL. However, Partner A is denied access to the web server. What is the cause of the problem?

Port 80 should be specified in the ACL.

The public IP address of the server, 209.165.201.5, should be specified as the destination.

The ACL should be applied on the s0/0 outbound interface.

The source address should be specified as 198.133.219.0 255.255.255.0 in the ACL.


ACL logging generates what type of syslog message?

unstable network

warning

informational

critical situation



http://ev-iip.netacad.net/assessment/images/17001.jpg
Refer to the exhibit. Company policy for the network that is shown indicates the following guidelines:

1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the 192.168.2.0/24 network.
2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network.
3) All other traffic originating from the 192.168.3.0 network should be denied.

Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0 interface of router R2 in the inbound direction?

access-list 101 deny ip any any
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip any any

access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255


Which ACL statement permits host 10.220.158.10 access to the web server 192.168.3.224?

access-list 101 permit tcp host 10.220.158.10 eq 80 host 192.168.3.224

access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80

access-list 101 permit host 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80

access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80


Which two statements are true about standard and extended ACLs? (Choose two.)

Extended ACLs filter only on source addresses and must be placed near the destination address.

Standard ACLs are usually placed so that all packets go through the network and are filtered at the destination.

Standard ACLs are used when filtering complex requirements, such as specific protocols.

Extended ACLs filter with many possible factors, and are placed near the source address to reduce traffic across the network.

Properly designed ACLs have a negative impact on network availability and performance.



http://ev-iip.netacad.net/assessment/images/17865.jpg
Refer to the exhibit. What happens if the network administrator issues the exhibited commands when an ACL named Managers already exists on the router?

The new commands overwrite the current Managers ACL.

The new commands are added to the end of the current Managers ACL.

The new commands are added to the beginning of the current Managers ACL.

An error appears stating that the ACL already exists.


What effect does the command reload in 30 have when entered into a router?

If a router process freezes, the router reloads automatically.

If a packet from a denied source attempts to enter an interface where an ACL is applied, the router reloads in 30 minutes.

If a remote connection lasts for longer than 30 minutes, the router forces the remote user off.

A router automatically reloads in 30 minutes.



http://ev-iip.netacad.net/assessment/images/18847.jpg
Refer to the exhibit. Which two host addresses from the 172.16.31.64/27 subnet are able to telnet into the router to make configuration changes? (Choose two.)

172.16.31.33

172.16.31.64

172.16.31.77

172.16.31.92

172.16.31.95

172.16.31.96


ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.)

specifying source addresses for authentication

specifying internal hosts for NAT

identifying traffic for QoS

reorganizing traffic into VLANs

filtering VTP packets



http://ev-iip.netacad.net/assessment/images/17207.jpg
Refer to the exhibit. A network administrator needs to configure an access list that will allow the management host with an IP address of 192.168.10.25/24 to be the only host to remotely access and configure router RTA. All vty and enable passwords are configured on the router. Which group of commands will accomplish this task?

Router(config)# access-list 101 permit tcp any 192.168.10.25 0.0.0.0 eq telnet
Router(config)# access-list 101 deny ip any any
Router(config)# int s0/0
Router(config-if)# ip access-group 101 in
Router(config-if)# int fa0/0
Router(config-if)#ip access-group 101 in

Router(config)# access-list 10 permit 192.168.10.25 eq telnet
Router(config)# access-list 10 deny any
Router(config)# line vty 0 4
Router(config-line)#access-group 10 in

Router(config)# access-list 86 permit host 192.168.10.25
Router(config)# line vty 0 4
Router(config-line)# access-class 86 in

Router(config)# access-list 125 permit tcp 192.168.10.25 any eq telnet
Router(config)# access-list 125 deny ip any any
Router(config)# int s0/0
Router(config-if)# ip access-group 125 in


What are two possible uses of access control lists in an enterprise network? (Choose two.)

limiting debug outputs

reducing the processing load on routers

allowing Layer 2 traffic to be filtered by a router

controlling virtual terminal access to routers

controlling the physical status of router interfaces



http://ev-iip.netacad.net/assessment/images/19141.jpg
Refer to the exhibit. The access list has been applied inbound to interface S0/0/0 on R2. Which two traffic types will reach the server?(Choose two.)

IP traffic from host 10.1.1.20

web traffic from HostA

IP traffic from host 192.168.1.1

UDP traffic from network 10.1.2.0

HTTP traffic from network 10.1.1.0


If the established keyword is appended to a line in an extended ACL, what will determine if packets are sent between the source and destination specified by the line?

if authentication is enabled via CHAP

if MD5 encryption algorithm is in effect

if a TCP three-way handshake was successfully completed

if HTML packets are specifically allowed within the ACL