Chapter 1: Internetworking 

1. A. The device shown is a hub and hubs place all ports in the same broadcast domain and the same collision domain.
2. B. The contents of a protocol data unit (PDU) depend on the PDU because they are created in a specific order and their contents are based on that order. A packet will contain IP addresses but not MAC addresses because MAC addresses are not present until the PDU becomes a frame.
3. C. You should select a router to connect the two groups. When computers are in different subnets, as these two groups are, you will require a device that can make decisions based on IP addresses. Routers operate at layer 3 of the Open Systems Interconnect (OSI) model and make data-forwarding decisions based on layer 3 networking information, which are IP addresses. They create routing tables that guide them in forwarding traffic out of the proper interface to the proper subnet.
4. C. Replacing the hub with a switch would reduce collisions and retransmissions, which would have the most impact on reducing congestion.
5. Answer:

   

   The given layers of the OSI model use the PDUs shown in the above diagram.

6. B. Wireless LAN Controllers are used to manage anywhere from a few access points to thousands. The AP's are completely managed from the controller and are considered lightweight or dumb AP's as they have no configuration on the AP itself.
7. B. You should use a switch to accomplish the task in this scenario. A switch is used to provide dedicated bandwidth to each node by eliminating the possibility of collisions on the switch port where the node resides. Switches work at layer 2 in the Open Systems Interconnection (OSI) model and perform the function of separating collision domains.

8. 

   The listed layers of the OSI model have the functions shown in the diagram above.

9. C. Firewalls are used to connect our trusted internal network such as the DMZ, to the untrusted outside network—typically the internet.
10. D. The Application layer is responsible for identifying and establishing the availability of the intended communication partner and determining whether sufficient resources for the intended communication exist.
11. A, D. The Transport layer segments data into smaller pieces for transport. Each segment is assigned a sequence number so that the receiving device can reassemble the data on arrival. The Network layer (layer 3) has two key responsibilities. First, this layer controls the logical addressing of devices. Second, the Network layer determines the best path to a particular destination network and routes the data appropriately.
12. C. The IEEE Ethernet Data Link layer has two sublayers, the Media Access Control (MAC) layer and the Logical Link Control (LLC) layer.
13. C. Wireless AP's are very popular today and will be going away about the same time that rock n' roll does. The idea behind these devices (which are layer 2 bridge devices) is to connect wireless products to the wired Ethernet network. The wireless AP will create a single collision domain and is typically its own dedicated broadcast domain as well.
14. A. Hubs operate on the Physical Layer as they have no intelligence and send all traffic in all directions.
15. C. While it is true that the OSI model's primary purpose is to allow different vendors' networks to interoperate, there is no requirement that vendors follow the model.
16. A. Routers by default do NOT forward broadcasts.
17. C. Switches create separate collision domains within a single broadcast domain. Routers provide a separate broadcast domain for each interface.
18. B. The all-hub network at the bottom is one collision domain; the bridge network on top equals three collision domains. Add in the switch network of five collision domains—one for each switch port—and you get a total of nine.
19. A. The top three layers define how the applications within the end stations will communicate with each other as well as with users.
20. A. The following network devices operate at all seven layers of the OSI model: network management stations (NMSs), gateways (not default gateways), servers, and network hosts.

Chapter 2: Ethernet Networking and Data Encapsulation 

1. D. The organizationally unique identifier (OUI) is assigned by the IEEE to an organization composed of 24 bits, or 3 bytes, which in turn assigns a globally administered address also comprising 24 bits, or 3 bytes, that's supposedly unique to each and every adapter it manufactures.
2. A. Backoff on an Ethernet network is the retransmission delay that's enforced when a collision occurs. When that happens, a host will only resume transmission after the forced time delay has expired. Keep in mind that after the backoff has elapsed, all stations have equal priority to transmit data.
3. A. When using a hub, all ports are in the same collision domain, which will introduce collisions as shown between devices connected to the same hub.
4. B. FCS is a field at the end of the frame that's used to store the cyclic redundancy check (CRC) answer. The CRC is a mathematical algorithm that's based on the data in the frame and run when each frame is built. When a receiving host receives the frame and runs the CRC, the answer should be the same. If not, the frame is discarded, assuming errors have occurred.
5. C. Half-duplex Ethernet networking uses a protocol called Carrier Sense Multiple Access with Collision Detection (CSMA/CD), which helps devices share the bandwidth evenly while preventing two devices from transmitting simultaneously on the same network medium.
6. A, E. Physical addresses or MAC addresses are used to identify devices at layer 2. MAC addresses are only used to communicate on the same network. To communicate on different network, we have to use layer 3 addresses (IP addresses).
7. D. The cable shown is a straight-through cable, which is used between dissimilar devices.
8. C, D. An Ethernet network is a shared environment, so all devices have the right to access the medium. If more than one device transmits simultaneously, the signals collide and cannot reach the destination.If a device detects another device is sending, it will wait for a specified amount of time before attempting to transmit. When there is no traffic detected, a device will transmit its message. While this transmission is occurring, the device continues to listen for traffic or collisions on the LAN. After the message is sent, the device returns to its default listening mode.
9. B. In creating the gigabit crossover cable, you'd still cross 1 to 3 and 2 to 6, but you would add 4 to 7 and 5 to 8.
10. D. When you set up the connection, use these settings:
    • Bits per sec: 9600
    • Data bits: 8
    • Parity: None
    • Stop bits: 1
    • Flow control: None
11. D. When set to 0, this bit represents a globally administered address, as specified by the IEEE, but when it's a 1, it represents a locally governed and administered address.
12. B. You can use a rolled Ethernet cable to connect a host EIA-TIA 232 interface to a router console serial communication (COM) port.
13. B. The collision will invoke a backoff algorithm on all systems, not just the ones involved in the collision.
14. A. There are no collisions in full-duplex mode.
15. B. The connection between the two switches requires a crossover and the connection from the hosts to the switches requires a straight-through.
16. The given cable types are matched with their standards in the following table.

    IEEE 802.3u	100Base-Tx
    IEEE 802.3	10Base-T
    IEEE 802.3ab	1000Base-T
    IEEE 802.3z	1000Base-SX

17. B. Although rolled cable isn't used to connect any Ethernet connections together, you can use a rolled Ethernet cable to connect a host EIA-TIA 232 interface to a router console serial communication (COM) port.
18. B. If you're using TCP, the virtual circuit is defined by the source and destination port number plus the source and destination IP address and called a socket.
19. A. The hex value 1c is converted as 28 in decimal.
20. A. Fiber-optic cables are the only ones that have a core surrounded by a material called cladding.

Chapter 3: Introduction to TCP/IP 

1. C. If a DHCP conflict is detected, either by the server sending a ping and getting a response or by a host using a gratuitous ARP (arp'ing for its own IP address and seeing if a host responds), then the server will hold that address and not use it again until it is fixed by an administrator.
2. B. Secure Shell (SSH) protocol sets up a secure session that's similar to Telnet over a standard TCP/IP connection and is employed for doing things like logging into systems, running programs on remote systems, and moving files from one system to another.
3. C. A host uses something called a gratuitous ARP to help avoid a possible duplicate address. The DHCP client sends an ARP broadcast out on the local LAN or VLAN using its newly assigned address to help solve conflicts before they occur.
4. B. Address Resolution Protocol (ARP) is used to find the hardware address from a known IP address.
5. A, C, D. The listed answers are from the OSI model and the question asked about the TCP/IP protocol stack (DoD model). Yes, it is normal for the objectives to have this type of question. However, let's just look for what is wrong. First, the Session layer is not in the TCP/IP model; neither are the Data Link and Physical layers. This leaves us with the Transport layer (Host-to-Host in the DoD model), Internet layer (Network layer in the OSI), and Application layer (Application/Process in the DoD). Remember, the CCENT objectives can list the layers as OSI layers or DoD layers at any time, regardless of what the question is asking.
6. C. A Class C network address has only 8 bits for defining hosts: 2⁸ – 2 = 256.
7. A, B. A client that sends out a DHCP Discover message in order to receive an IP address sends out a broadcast at both layer 2 and layer 3. The layer 2 broadcast is all Fs in hex, or FF:FF:FF:FF:FF:FF. The layer 3 broadcast is 255.255.255.255, which means any networks and all hosts. DHCP is connectionless, which means it uses User Datagram Protocol (UDP) at the Transport layer, also called the Host-to-Host layer.
8. B. Although Telnet does use TCP and IP (TCP/IP), the question specifically asks about layer 4, and IP works at layer 3. Telnet uses TCP at layer 4.
9. RFC 1918. These addresses can be used on a private network, but they're not routable through the Internet.
10. B, D, E. SMTP, FTP, and HTTP use TCP.
11. C. Class C addresses devote 24 bits to the network portion and 8 bits to the host portion.
12. C. The range of multicast addresses starts with 224.0.0.0 and goes through 239.255.255.255.
13. C. First, you should know easily that only TCP and UDP work at the Transport layer, so now you have a 50/50 shot. However, since the header has sequencing, acknowledgment, and window numbers, the answer can only be TCP.
14. A. Both FTP and Telnet use TCP at the Transport layer; however, they both are Application layer protocols, so the Application layer is the best answer for this question.
15. C. The four layers of the DoD model are Application/Process, Host-to-Host, Internet, and Network Access. The Internet layer is equivalent to the Network layer of the OSI model.
16. C, E. The Class A private address range is 10.0.0.0 through 10.255.255.255. The Class B private address range is 172.16.0.0 through 172.31.255.255, and the Class C private address range is 192.168.0.0 through 192.168.255.255.
17. B. The four layers of the TCP/IP stack (also called the DoD model) are Application/Process, Host-to-Host (also called Transport on the objectives), Internet, and Network Access/Link. The Host-to-Host layer is equivalent to the Transport layer of the OSI model.
18. B, C. ICMP is used for diagnostics and destination unreachable messages. ICMP is encapsulated within IP datagrams, and because it is used for diagnostics, it will provide hosts with information about network problems.
19. C. The range of a Class B network address is 128–191. This makes our binary range 10xxxxxx.

20. 

    The steps are as shown in the answer diagram.

Chapter 4: Easy Subnetting 

1. D. A /27 (255.255.255.224) is 3 bits on and 5 bits off. This provides 8 subnets, each with 30 hosts. Does it matter if this mask is used with a Class A, B, or C network address? Not at all. The number of subnet bits would never change.
2. D. A 240 mask is 4 subnet bits and provides 16 subnets, each with 14 hosts. We need more subnets, so let's add subnet bits. One more subnet bit would be a 248 mask. This provides 5 subnet bits (32 subnets) with 3 host bits (6 hosts per subnet). This is the best answer.
3. C. This is a pretty simple question. A /28 is 255.255.255.240, which means that our block size is 16 in the fourth octet. 0, 16, 32, 48, 64, 80, etc. The host is in the 64 subnet.
4. C. A CIDR address of /19 is 255.255.224.0. This is a Class B address, so that is only 3 subnet bits, but it provides 13 host bits, or 8 subnets, each with 8,190 hosts.
5. B, D. The mask 255.255.254.0 (/23) used with a Class A address means that there are 15 subnet bits and 9 host bits. The block size in the third octet is 2 (256 – 254). So this makes the subnets in the interesting octet 0, 2, 4, 6, etc., all the way to 254. The host 10.16.3.65 is in the 2.0 subnet. The next subnet is 4.0, so the broadcast address for the 2.0 subnet is 3.255. The valid host addresses are 2.1 through 3.254.
6. D. A /30, regardless of the class of address, has a 252 in the fourth octet. This means we have a block size of 4 and our subnets are 0, 4, 8, 12, 16, etc. Address 14 is obviously in the 12 subnet.
7. D. A point-to-point link uses only two hosts. A /30, or 255.255.255.252, mask provides two hosts per subnet.
8. C. A /21 is 255.255.248.0, which means we have a block size of 8 in the third octet, so we just count by 8 until we reach 66. The subnet in this question is 64.0. The next subnet is 72.0, so the broadcast address of the 64 subnet is 71.255.
9. A. A /29 (255.255.255.248), regardless of the class of address, has only 3 host bits. Six is the maximum number of hosts on this LAN, including the router interface.
10. C. A /29 is 255.255.255.248, which is a block size of 8 in the fourth octet. The subnets are 0, 8, 16, 24, 32, 40, etc. 192.168.19.24 is the 24 subnet, and since 32 is the next subnet, the broadcast address for the 24 subnet is 31. 192.168.19.26 is the only correct answer.
11. A. A /29 (255.255.255.248) has a block size of 8 in the fourth octet. This means the subnets are 0, 8, 16, 24, etc. 10 is in the 8 subnet. The next subnet is 16, so 15 is the broadcast address.
12. B. You need 5 subnets, each with at least 16 hosts. The mask 255.255.255.240 provides 16 subnets with 14 hosts—this will not work. The mask 255.255.255.224 provides 8 subnets, each with 30 hosts. This is the best answer.
13. C. First, you cannot answer this question if you can't subnet. The 192.168.10.62 with a mask of 255.255.255.192 is a block size of 64 in the fourth octet. The host 192.168.10.62 is in the zero subnet, and the error occurred because ip subnet-zero is not enabled on the router.
14. A. A /25 mask is 255.255.255.128. Used with a Class B network, the third and fourth octets are used for subnetting with a total of 9 subnet bits, 8 bits in the third octet and 1 bit in the fourth octet. Since there is only 1 bit in the fourth octet, the bit is either off or on—which is a value of 0 or 128. The host in the question is in the 0 subnet, which has a broadcast address of 127 since 112.128 is the next subnet.
15. A. A /28 is a 255.255.255.240 mask. Let's count to the ninth subnet (we need to find the broadcast address of the eighth subnet, so we need to count to the ninth subnet). Starting at 16 (remember, the question stated that we will not use subnet zero, so we start at 16, not 0), we have 16, 32, 48, 64, 80, 96, 112, 128, 144, etc. The eighth subnet is 128 and the next subnet is 144, so our broadcast address of the 128 subnet is 143. This makes the host range 129–142. 142 is the last valid host.
16. C. A /28 is a 255.255.255.240 mask. The first subnet is 16 (remember that the question stated not to use subnet zero) and the next subnet is 32, so our broadcast address is 31. This makes our host range 17–30. 30 is the last valid host.
17. B. We need 9 host bits to answer this question, which is a /23.
18. E. A Class B network ID with a /22 mask is 255.255.252.0, with a block size of 4 in the third octet. The network address in the question is in subnet 172.16.16.0 with a broadcast address of 172.16.19.255. Only option E has the correct subnet mask listed, and 172.16.18.255 is a valid host.
19. D, E. The router's IP address on the E0 interface is 172.16.2.1/23, which is 255.255.254.0. This makes the third octet a block size of 2. The router's interface is in the 2.0 subnet, and the broadcast address is 3.255 because the next subnet is 4.0. The valid host range is 2.1 through 3.254. The router is using the first valid host address in the range.
20. A. For this example, the network range is 172.16.16.1 to 172.16.31.254, the network address is 172.16.16.0, and the broadcast IP address is 172.16.31.255.

Chapter 5: VLSMs, Summarization, and Troubleshooting TCP/IP 

1. D. A point-to-point link uses only two hosts. A /30, or 255.255.255.252, mask provides two hosts per subnet.
2. C. Using a /28 mask, there are 4 bits available for hosts. Two-to-the-fourth power minus 2 = 14, or block size −2.
3. D. For 6 hosts we need to leave 3 bits in the host portion since 2 to the third power = 8 and 8 minus 2 is 6. With 3 bits for the host portion, that leaves 29 bits for the mask, or /29.
4. C. To use VLSM, the routing protocols in use possess the capability to transmit subnet mask information.
5. D. In a question like this, you need to look for an interesting octet where you can combine networks. In this example, the third octet has all our subnets, so we just need to find our block size now. If we used a block of 8 starting at 172.16.0.0/19, then we cover 172.16.0.0 through 172.16.7.255. However, if we used 172.16.0.0/20, then we'd cover a block of 16, which would be from 172.16.0.0 through 172.16.15.255, which is the best answer.
6. C. The IP address of the station and the gateway are not in the same network. Since the address of the gateway is correct on the station, it is most likely the IP address of the station is incorrect.
7. B. With an incorrect gateway, Host A will not be able to communicate with the router or beyond the router but will be able to communicate within the subnet.
8. A. Pinging the remote computer would fail if any of the other steps fail.
9. C. When a ping to the local host IP address fails, you can assume the NIC is not functional.
10. C, D. If a ping to the local host succeeds, you can rule out IP stack or NIC failure.
11. E. A /29 mask yields only 6 addresses, so none of the networks could use it.
12. A. The most likely problem if you can ping a computer by IP address but not by name is a failure of DNS.
13. D. When you issue the ping command, you are using the ICMP protocol.
14. B. The traceroute command displays the networks traversed on a path to a network destination.
15. C. The ping command tests connectivity to another station. The full command is shown below.

    C:>ping 172.16.10.2
    Pinging 172.16.10.2 with 32 bytes of data:
    Reply from 172.16.10.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.10.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.10.2: bytes=32 time<1ms TTL=128
    Reply from 172.16.10.2: bytes=32 time<1ms TTL=128
    Ping statistics for 172.16.10.2:
              Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
              Minimum = 0ms, Maximum = 0ms, Average = 0ms

16. 

    The commands use the functions described in the answer table.

17. C. The interesting octet in this example is the second octet, and it is a block size of four starting at 10.0.0.0. By using a 255.252.0.0 mask, we are telling the summary to use a block size of four in the second octet. This will cover 10.0.0.0 through 10.3.255.255. This is the best answer.
18. A. The command that displays the ARP table on a Cisco router is show ip arp.
19. C. The /all switch must be added to the ipconfig command on a PC to verify DNS configuration.
20. C. If you start at 192.168.128.0 and go through 192.168.159.0, you can see this is a block of 32 in the third octet. Since the network address is always the first one in the range, the summary address is 192.168.128.0. What mask provides a block of 32 in the third octet? The answer is 255.255.224.0, or /19.

Chapter 6: Cisco's Internetworking Operating System (IOS) 

1. D. Typically, we'd see the input errors and CRC statistics increase with a duplex error, but it could be another Physical layer issue such as the cable might be receiving excessive interference or the network interface cards might have a failure. Typically, you can tell if it is interference when the CRC and input errors output grow but the collision counters do not, which is the case with this question.
2. C. Once the IOS is loaded and up and running, the startup-config will be copied from NVRAM into RAM and from then on, referred to as the running-config.
3. C, D. To configure SSH on your router, you need to set the username command, the ip domain-name, login local, and the transport input ssh under the VTY lines and the crypto key command. However, SSH version 2 is suggested but not required.
4. C. The show controllers serial 0/0 command will show you whether either a DTE or DCE cable is connected to the interface. If it is a DCE connection, you need to add clocking with the clock rate command.

5. 

   User exec mode is limited to basic monitoring commands; privileged exec mode provides access to all other router commands. Specific configuration modes include the commands that affect a specific interface or process, while global configuration mode allows commands that affect the entire system. Setup mode is where you access the interactive configuration dialog.

6. B. The bandwidth shown is 100000 kbits a second, which is a FastEthernet port, or 100 Mbs.
7. B. From global configuration mode, use the line vty 0 4 command to set all five default VTY lines. However, you would typically always set all lines, not just the defaults.
8. C. The enable secret password is case sensitive, so the second option is wrong. To set the enable secret password, use the enable secret password command from global configuration mode. This password is automatically encrypted.
9. C. The banner motd sets a message of the day for administrators when they login to a switch or router.
10. C. The prompts offered as options indicate the following modes:

    Switch(config)# is global configuration mode.
    Switch> is user mode.
    Switch# is privileged mode.
    Switch(config-if)# is interface configuration mode.

11. D. To copy the running-config to NVRAM so that it will be used if the router is restarted, use the copy running-config startup-config command in privileged mode (copy run start for short).
12. D. To allow a VTY (Telnet) session into your router, you must set the VTY password. Option C is wrong because it is setting the password on the wrong router. Notice that you have to set the password before you set the login command.
13. C. Wireless AP's are very popular today and will be going away about the same time that rock n' roll does. The idea behind these devices (which are layer 2 bridge devices) is to connect wireless products to the wired Ethernet network. The wireless AP will create a single collision domain and is typically its own dedicated broadcast domain as well.
14. B. If an interface is shut down, the show interface command will show the interface as administratively down. (It is possible that no cable is attached, but you can't tell that from this message.)
15. C. With the show interfaces command, you can view the configurable parameters, get statistics for the interfaces on the switch, check for input and CRC errors, and verify if the interfaces are shut down.
16. C. If you delete the startup-config and reload the switch, the device will automatically enter setup mode. You can also type setup from privileged mode at any time.
17. D. You can view the interface statistics from user mode, but the command is show interface fastethernet 0/0.
18. B. The % ambiguous command error means that there is more than one possible show command that starts with r. Use a question mark to find the correct command.
19. B, D. The commands show interfaces and show ip interface will show you the layer 1 and 2 status and the IP addresses of your router's interfaces.
20. A. If you see that a serial interface and the protocol are both down, then you have a Physical layer problem. If you see serial1 is up, line protocol is down, then you are not receiving (Data Link) keepalives from the remote end.

Chapter 7: Managing a Cisco Internetwork 

1. B. The IEEE created a new standardized discovery protocol called 802.1AB for Station and Media Access Control Connectivity Discovery. We'll just call it Link Layer Discovery Protocol (LLDP).
2. C. The show processes (or show processes cpu) is a good tool for determining a given router's CPU utilization. When it is high, it is not a good time to execute a debug command.
3. B. The command traceroute (trace for short), which can be issued from user mode or privileged mode, is used to find the path a packet takes through an internetwork and will also show you where the packet stops because of an error on a router.
4. C. Since the configuration looks correct, you probably didn't screw up the copy job. However, when you perform a copy from a network host to a router, the interfaces are automatically shut down and need to be manually enabled with the no shutdown command.
5. D. Specifying the address of the DHCP server allows the router to relay broadcast traffic destined for a DHCP server to that server.
6. C. Before you start to configure the router, you should erase the NVRAM with the erase startup-config command and then reload the router using the reload command.
7. C. This command can be run on both routers and switches and it displays detailed information about each device connected to the device you're running the command on, including the IP address.
8. C. The Port ID column describes the interfaces on the remote device end of the connection.
9. B. Syslog levels range from 0–7, and level 7 (known as Debugging or local7) is the default if you were to use the logging ip_address command from global config.
10. C. If you save a configuration and reload the router and it comes up either in setup mode or as a blank configuration, chances are the configuration register setting is incorrect.
11. D. To keep open one or more Telnet sessions, use the Ctrl+Shift+6 and then X keystroke combination.
12. B, D. The best answers, the ones you need to remember, are that either an access control list is filtering the Telnet session or the VTY password is not set on the remote device.
13. A, D. The show hosts command provides information on temporary DNS entries and permanent name-to-address mappings created using the ip host command.
14. A, B, D. The tracert command is a Windows command and will not work on a router or switch! IOS uses the traceroute command.
15. D. By default, Cisco IOS devices use facility local7. Moreover, most Cisco devices provide options to change the facility level from their default value.
16. C. To see console messages through your Telnet session, you must enter the terminal monitor command.
17. C, D, F. There are significantly more syslog messages available within IOS as compared to SNMP Trap messages. System logging is a method of collecting messages from devices to a server running a syslog daemon. Logging to a central syslog server helps in aggregation of logs and alerts.
18. E. Although option A is certainly the “best” answer, unfortunately option E will work just fine and your boss would probably prefer you to use the show cdp neighbors detail command.
19. D. To enable a device to be an NTP client, use the ntp server IP_address version number command at global configuration mode. That's all there is to it! Assuming your NTP server is working of course.
20. B, D, F. If you specify a level with the “logging trap level” command, that level and all the higher levels will be logged. For example, by using the logging trap 3 command, emergencies, alerts, critical, and error messages will be logged. Only three of these were listed as possible options.

Chapter 8: Managing Cisco Devices 

1. B. The default configuration setting is 0x2102, which tells the router to load the IOS from flash and the configuration from NVRAM. 0x2142 tells the router to bypass the configuration in NVRAM so that you can perform password recovery.
2. E. To copy the IOS to a backup host, which is stored in flash memory by default, use the copy flash tftp command.
3. B. To install a new license on an ISR G2 router, use the license install url command.
4. C. The configuration register provides the boot commands, and 0x2101 tells the router to boot the mini-IOS, if found, and not to load a file from flash memory. Many newer routers do not have a mini-IOS, so as an alternative, the router would end up in ROM monitor mode if the mini-IOS is not found. However, option C is the best answer for this question.
5. B. The show flash command will provide you with the current IOS name and size and the size of flash memory.
6. C. Before you start to configure the router, you should erase the NVRAM with the erase startup-config command and then reload the router using the reload command.
7. D. The command copy tftp flash will allow you to copy a new IOS into flash memory on your router.
8. C. The best answer is show version, which shows you the IOS file running currently on your router. The show flash command shows you the contents of flash memory, not which file is running.
9. C. All Cisco routers have a default configuration register setting of 0x2102, which tells the router to load the IOS from flash memory and the configuration from NVRAM.
10. C. If you save a configuration and reload the router and it comes up either in setup mode or as a blank configuration, chances are the configuration register setting is incorrect.
11. D. The license boot module command installs a Right-To-Use license feature on a router.
12. A. The show license command determines the licenses that are active on your system. It also displays a group of lines for each feature in the currently running IOS image along with several status variables related to software activation and licensing, both licensed and unlicensed features.
13. B. The show license feature command allows you to view the technology package licenses and feature licenses that are supported on your router along with several status variables related to software activation and licensing, both licensed and unlicensed features.
14. C. The show license udi command displays the unique device identifier (UDI) of the router, which comprises the product ID (PID) and serial number of the router.
15. D. The show version command displays various pieces of information about the current IOS version, including the licensing details at the end of the command's output.
16. C. The license save flash command allows you to back up your license to flash memory.
17. C. The show version command provides you with the current configuration register setting.
18. C, D. The two steps to remove a license are to first disable the technology package and then clear the license.
19. B, D, E. Before you back up an IOS image to a laptop directly connected to a router's Ethernet port, make sure that the TFTP server software is running on your laptop, that the Ethernet cable is a “crossover,” and that the laptop is in the same subnet as the router's Ethernet port, and then you can use the copy flash tftp command from your laptop.
20. C. The default configuration setting of 0x2102 tells the router to look in NVRAM for the boot sequence.

Chapter 9: IP Routing

1. show ip route

   The ip route command is used to display the routing table of a router.

2. B. In the new 15 IOS code, Cisco defines a different route called a local route. Each has a /32 prefix defining a route just for the one address, which is the router's interface.
3. A, B. Although option D almost seems right, it is not; the mask option is the mask used on the remote network, not the source network. Since there is no number at the end of the static route, it is using the default administrative distance of 1.
4. C, F. The switches are not used as either a default gateway or other destination. Switches have nothing to do with routing. It is very important to remember that the destination MAC address will always be the router's interface. The destination address of a frame, from HostA, will be the MAC address of the Fa0/0 interface of RouterA. The destination address of a packet will be the IP address of the network interface card (NIC) of the HTTPS server. The destination port number in the segment header will have a value of 443 (HTTPS).
5. B. This mapping was learned dynamically, which means it was learned through ARP.
6. B. Hybrid protocols use aspects of both distance vector and link state—for example, EIGRP. Be advised, however, that Cisco typically just calls EIGRP an advanced distance-vector routing protocol. Do not be misled by the way the question is worded. Yes, I know that MAC addresses are not in a packet. You must read the question to understand of what it is really asking.
7. A. Since the destination MAC address is different at each hop, it must keep changing. The IP address, which is used for the routing process, does not.
8. B, E. Classful routing means that all hosts in the internetwork use the same mask and that only default masks are in use. Classless routing means that you can use variable length subnet masks (VLSMs).
9. B, C. The distance-vector routing protocol sends its complete routing table out of all active interfaces at periodic time intervals. Link-state routing protocols send updates containing the state of their own links to all routers in the internetwork.
10. C. This is how most people see routers, and certainly they could do this type of plain ol' packet switching in 1990 when Cisco released their very first router and traffic was seriously slow, but not in today's networks! This process involves looking up every destination in the routing table and finding the exit interface for every packet.
11. A, C. The S* shows that this is a candidate for default route and that it was configured manually.
12. B. RIP has an administrative distance (AD) of 120, while EIGRP has an administrative distance of 90, so the router will discard any route with a higher AD than 90 to that same network.
13. D. Recovery from a lost route requires manual intervention by a human to replace the lost route.
14. A. RIPv1 and RIPv2 only use the lowest hop count to determine the best path to a remote network.
15. A. Since the routing table shows no route to the 192.168.22.0 network, the router will discard the packet and send an ICMP destination unreachable message out of interface FastEthernet 0/0, which is the source LAN from which the packet originated.
16. C. Static routes have an administrative distance of 1 by default. Unless you change this, a static route will always be used over any other dynamically learned route. EIGRP has an administrative distance of 90, and RIP has an administrative distance of 120, by default.
17. C. BGP is the only EGP listed.
18. A, B, C. Recovery from a lost route requires manual intervention by a human to replace the lost route. The advantages are less overhead on the router and network as well as more security.
19. C. The show ip interface brief command displays a concise summary of the interfaces.
20. B. The 150 at the end changes the default administrative distance (AD) of 1 to 150.

Chapter 10: Layer 2 Switching 

1. A. Layer 2 switches and bridges are faster than routers because they don't take up time looking at the Network Layer header information. They do make use of the Data Link layer information.
2. mac address-table static aaaa.bbbb.cccc vlan 1 int fa0/7

   You can set a static MAC address in the MAC address table, and when done, it will appear as a static entry in the table.

3. B, D, E. Since the MAC address is not present in the table, it will send the frame out of all ports in the same VLAN with the exception of the port on which it was received.
4. show mac address-table

   This command displays the forward filter table, also called a Content Addressable Memory (CAM) table.

5. 

   The three functions are address learning, forward/filter decisions, and loop avoidance.

6. A, D. In the output shown, you can see that the port is in Secure-shutdown mode and the light for the port would be amber. To enable the port again, you'd need to do the following:

   S3(config-if)#shutdown
   S3(config-if)#no shutdown

7. switchport port-security maximum 2

   The maximum setting of 2 means only two MAC addresses can be used on that port; if the user tries to add another host on that segment, the switch port will take the action specified. In the port-security violation command.

8. B. The switchport port-security command enables port security, which is a prerequisite for the other commands to function.
9. B. Gateway redundancy is not an issue addressed by STP.
10. A. If no loop avoidance schemes are put in place, the switches will flood broadcasts endlessly throughout the internetwork. This is sometimes referred to as a broadcast storm.
11. B, C. Shutdown and protect mode will alert you via SNMP that a violation has occurred on a port.
12. Spanning Tree Protocol (STP) STP is a switching loop avoidance scheme use by switches.
13. ip default-gateway

    If you want to manage your switches from outside your LAN, you need to set a default gateway on the switches, just as you would with a host.

14. C. The IP address is configured under a logical interface, called a management domain or VLAN 1.
15. B. The show port-security interface command displays the current port security and status of a switch port, as in this sample output:

    Switch# show port-security interface fastethernet0/1
    Port Security: Enabled
    Port status: SecureUp
    Violation mode: Shutdown
    Maximum MAC Addresses: 2
    Total MAC Addresses: 2
    Configured MAC Addresses: 2
    Aging Time: 30 mins
    Aging Type: Inactivity
    SecureStatic address aging: Enabled
    Security Violation count: 0

16. switchport port-security mac-address sticky

    Issuing the switchport port-security mac-address sticky command will allow a switch to save a dynamically learned MAC address in the running-configuration of the switch, which prevents the administrator from having to document or configure specific MAC addresses.

17. B, D. To limit connections to a specific host, you should configure the MAC address of the host as a static entry associated with the port, although be aware that this host can still connect to any other port, but no other port can connect to F0/3, in this example. Another solution would be to configure port security to accept traffic only from the MAC address of the host. By default, an unlimited number of MAC addresses can be learned on a single switch port, whether it is configured as an access port or a trunk port. Switch ports can be secured by defining one or more specific MAC addresses that should be allowed to connect and by defining violation policies (such as disabling the port) to be enacted if additional hosts try to gain a connection.
18. D. The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. By default, an unlimited number of MAC addresses can be learned on a single switch port, whether it is configured as an access port or a trunk port. Switch ports can be secured by defining one or more specific MAC addresses that should be allowed to connect, and violation policies (such as disabling the port) if additional hosts try to gain a connection.
19. D. You would not make the port a trunk. In this example, this switchport is a member of one VLAN. However, you can configure port security on a trunk port, but again, that's not valid for this question.
20. switchport port-security violation shutdown

    This command is used to set the reaction of the switch to a port violation of shutdown.

Chapter 11: VLANs and InterVLAN Routing 

1. D. Here's a list of ways VLANs simplify network management:
   • Network adds, moves, and changes are achieved with ease by just configuring a port into the appropriate VLAN.
   • A group of users that need an unusually high level of security can be put into its own VLAN so that users outside of the VLAN can't communicate with them.
   • As a logical grouping of users by function, VLANs can be considered independent from their physical or geographic locations.
   • VLANs greatly enhance network security if implemented correctly.
   • VLANs increase the number of broadcast domains while decreasing their size.
2. ip routing

   Routing must be enabled on the layer 3 switch.

3. C. VLANs can span across multiple switches by using trunk links, which carry traffic for multiple VLANs.
4. B. While in all other cases access ports can be a member of only one VLAN, most switches will allow you to add a second VLAN to an access port on a switch port for your voice traffic; it's called the voice VLAN. The voice VLAN used to be called the auxiliary VLAN, which allowed it to be overlaid on top of the data VLAN, enabling both types of traffic through the same port.
5. A. Yes, you have to do a no shutdown on the VLAN interface.
6. C. Unlike ISL which encapsulates the frame with control information, 802.1q inserts an 802.1q field along with tag control information.
7. D. Instead of using a router interface for each VLAN, you can use one FastEthernet interface and run ISL or 802.1q trunking. This allows all VLANs to communicate through one interface. Cisco calls this a “router on a stick.”
8. switchport access vlan 2

   This command is executed under the interface (switch port) that is being placed in the VLAN.

9. show vlan

   After you create the VLANs that you want, you can use the show vlan command to check them out.

10. B. The encapsulation command specifying the VLAN for the subinterface must be present under both subinterfaces.
11. A. With a multilayer switch, enable IP routing and create one logical interface for each VLAN using the interface vlan number command and you're now doing inter-VLAN routing on the backplane of the switch!
12. A. Ports Fa0/15–18 are not present in any VLANs. They are trunk ports.
13. C. Untagged frames are members of the native VLAN, which by default is VLAN 1.
14. sh interfaces fastEthernet 0/15 switchport

    This show interfaces interface switchport command shows us the administrative mode of dynamic desirable and that the port is a trunk port, DTP was used to negotiate the frame tagging method of ISL, and the native VLAN is the default of 1.

15. C. A VLAN is a broadcast domain on a layer 2 switch. You need a separate address space (subnet) for each VLAN. There are four VLANs, so that means four broadcast domains/subnets.
16. B. The host's default gateway should be set to the IP address of the subinterface that is associated with the VLAN of which the host is a member, in this case VLAN 2.
17. C. Frame tagging is used when VLAN traffic travels over a trunk link. Trunk links carry frames for multiple VLANs. Therefore, frame tags are used for identification of frames from different VLANs.
18. vlan 2

    To configure VLANs on a Cisco Catalyst switch, use the global config vlan command.

19. B. 802.1q uses the native VLAN.
20. switchport nonegotiate

    You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link.

Chapter 12: Security 

1. D. It's compared with lines of the access list only until a match is made. Once the packet matches the condition on a line of the access list, the packet is acted upon and no further comparisons take place.
2. C. The range of 192.168.160.0 to 192.168.191.0 is a block size of 32. The network address is 192.168.160.0 and the mask would be 255.255.224.0, which for an access list must be a wildcard format of 0.0.31.255. The 31 is used for a block size of 32. The wildcard is always one less than the block size.
3. C. Using a named access list just replaces the number used when applying the list to the router's interface. ip access-group Blocksales in is correct.
4. B. The list must specify TCP as the Transport layer protocol and use a correct wildcard mask (in this case 0.0.0.255), and it must specify the destination port (80). It also should specify any as the set of computers allowed to have this access.
5. A. The first thing to check in a question like this is the access-list number. Right away, you can see that the second option is wrong because it is using a standard IP access-list number. The second thing to check is the protocol. If you are filtering by upper-layer protocol, then you must be using either UDP or TCP; this eliminates the fourth option. The third and last answers have the wrong syntax.
6. C. Of the available choices, only the show ip interface command will tell you which interfaces have access lists applied. show access-lists will not show you which interfaces have an access list applied.

7. 

   The command show access-list displays all access lists and their parameters configured on the router; it does not show you which interface the list is set on. show access-list 110 shows only the parameters for the access list 110 and, again, does not tell you which interface the list is set on. show ip access-list reveals only the IP access lists configured on the router. Finally, show ip interface shows which interfaces have access lists set.

   The functions of each command are as shown in the solution graphic.

8. C. The extended access list ranges are 100–199 and 2000–2699, so the access-list number of 100 is valid. Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. Only the third option has the correct sequence of parameters. Option B may work, but the question specifically states “only” to network 192.168.10.0, and the wildcard in option B is too broad.
9. D. Extended IP access lists use numbers 100–199 and 2000–2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else.
10. D. First, you must know that a /20 is 255.255.240.0, which is a block size of 16 in the third octet. Counting by 16s, this makes our subnet 48 in the third octet, and the wildcard for the third octet would be 15 since the wildcard is always one less than the block size.
11. B. To find the wildcard (inverse) version of this mask, the zero and one bits are simply reversed as follows:
    11111111.11111111.11100000 (27 one bits, or /27)

    00000000.00000000.00000000.00011111 (wildcard/inverse mask)

12. A. First, you must know that a /19 is 255.255.224.0, which is a block size of 32 in the third octet. Counting by 32s, this makes our subnet 192 in the third octet, and the wildcard for the third octet would be 31 since the wildcard is always one less than the block size.
13. B, D. The scope of an access list is determined by the wildcard mask and the network address to which it is applied. For example, in this case the starting point of the list of addresses affected by the mask is the network ID 192.111.16.32. The wildcard mask is 0.0.0.31. Adding the value of the last octet in the mask to the network address (32 + 31 = 63) tells you where the effects of the access list ends, which is 199.111.16.63. Therefore, all addresses in the range 199.111.16.32–199.111.16.63 will be denied by this list.
14. C. To place an access list on an interface, use the ip access-group command in interface configuration mode.
15. B. With no permit statement, the ACL will deny all traffic.
16. D. If you add an access list to an interface and you do not have at least one permit statement, then you will effectively shut down the interface because of the implicit deny any at the end of every list.
17. C. Telnet access to the router is restricted by using either a standard or extended IP access list inbound on the VTY lines of the router. The command access-class is used to apply the access list to the VTY lines.
18. C. A Cisco router has rules regarding the placement of access lists on a router interface. You can place one access list per direction for each layer 3 protocol configured on an interface.
19. C. The most common attack on a network today is a denial of service (DoS) because it is the easiest attack to achieve.
20. C. Implementing intrusion detection services and intrusion prevention services will help notify you and stop attacks in real time.

Chapter 13: Network Address Translation (NAT)

1. A, C, E. NAT is not perfect and can cause some issues in some networks, but most networks work just fine. NAT can cause delays and troubleshooting problems, and some applications just won't work.
2. B, D, F. NAT is not perfect, but there are some advantages. It conserves global addresses, which allow us to add millions of hosts to the Internet without “real” IP addresses. This provides flexibility in our corporate networks. NAT can also allow you to use the same subnet more than once in the same network without overlapping networks.
3. C. The command debug ip nat will show you in real time the translations occurring on your router.
4. A. The command show ip nat translations will show you the translation table containing all the active NAT entries.
5. D. The command clear ip nat translations * will clear all the active NAT entries in your translation table.
6. B. The show ip nat statistics command displays a summary of the NAT configuration as well as counts of active translation types, hits to an existing mapping, misses (an attempt to create a mapping), and expired translations.
7. B. The command ip nat pool name creates the pool that hosts can use to get onto the global Internet. What makes option B correct is that the range 171.16.10.65 through 171.16.10.94 includes 30 hosts, but the mask has to match 30 hosts as well, and that mask is 255.255.255.224. Option C is wrong because there is a lowercase t in the pool name. Pool names are case sensitive.
8. A, C, E. You can configure NAT three ways on a Cisco router: static, dynamic, and NAT Overload (PAT).
9. B. Instead of the netmask command, you can use the prefix-length length statement.
10. C. In order for NAT to provide translation services, you must have ip nat inside and ip nat outside configured on your router's interfaces.
11. A, B, D. The most popular use of NAT is if you want to connect to the Internet and you don't want hosts to have global (real) IP addresses, but options B and D are correct as well.
12. C. An inside global address is considered to be the IP address of the host on the private network after translation.
13. A. An inside local address is considered to be the IP address of the host on the private network before translation.
14. D. What we need to figure out for this question is only the inside global pool. Basically we start at 1.1.128.1 and end at 1.1.135.174; our block size is 8 in the third octet, or /21. Always look for your block size and the interesting octet and you can find your answer every time.
15. B. Once you create your pool, the command ip nat inside source must be used to say which inside locals are allowed to use the pool. In this question we need to see if access-list 100 is configured correctly, if at all, so show access-list is the best answer.
16. A. You must configure your interfaces before NAT will provide any translations. On the inside network interfaces, you would use the command ip nat inside. On the outside network interfaces, you will use the command ip nat outside.
17. B. You must configure your interfaces before NAT will provide any translations. On the inside networks you would use the command ip nat inside. On the outside network interfaces, you will use the command ip nat outside.
18. C. Another term for Port Address Translation is NAT Overload because that is the keyword used to enable port address translation.
19. B. Fast-switching is used on Cisco routers to create a type of route cache in order to quickly forward packets through a router without having to parse the routing table for every packet. As packets are processed-switched (looked up in the routing table), this information is stored in the cache for later use if needed for faster routing processing.
20. B. Once you create a pool for the inside locals to use to get out to the global Internet, you must configure the command to allow them access to the pool. The ip nat inside source list number pool-name overload command has the correct sequence for this question.

Chapter 14: Internet Protocol Version 6 (IPv6) 

1. D. The modified EUI-64 format interface identifier is derived from the 48-bit link-layer (MAC) address by inserting the hexadecimal number FFFE between the upper 3 bytes (OUI field) and the lower 3 bytes (serial number) of the link layer address.
2. D. An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). Option A has two double colons, B doesn't have 8 fields, and option C has invalid hex characters.
3. A, B, C. This question is easier to answer if you just take out the wrong options. First, the loopback is only ::1, so that makes option D wrong. Link local is FE80::/10, not /8 and there are no broadcasts..
4. A, C, D. Several methods are used in terms of migration, including tunneling, translators, and dual-stack. Tunnels are used to carry one protocol inside another, while translators simply translate IPv6 packets into IPv4 packets. Dual-stack uses a combination of both native IPv4 and IPv6. With dual-stack, devices are able to run IPv4 and IPv6 together, and if IPv6 communication is possible, that is the preferred protocol. Hosts can simultaneously reach IPv4 and IPv6 content.
5. A, B. ICMPv6 router advertisements use type 134 and must be at least 64 bits in length.
6. B, E, F. Anycast addresses identify multiple interfaces, which is somewhat similar to multicast addresses; however, the big difference is that the anycast packet is only delivered to one address, the first one it finds defined in terms of routing distance. This address can also be called one-to-one-of-many, or one-to-nearest.
7. C. The loopback address with IPv4 is 127.0.0.1. With IPv6, that address is ::1.
8. B, C, E. An important feature of IPv6 is that it allows the plug-and-play option to the network devices by allowing them to configure themselves independently. It is possible to plug a node into an IPv6 network without requiring any human intervention. IPv6 does not implement traditional IP broadcasts.
9. A, D. The loopback address is ::1, link-local starts with FE80::/10, site-local addresses start with FEC0::/10, global addresses start with 200::/3, and multicast addresses start with FF00::/8.
10. C. A router solicitation is sent out using the all-routers multicast address of FF02::2. The router can send a router advertisement to all hosts using the FF02::1 multicast address.
11. A, E. IPv6 does not use broadcasts, and autoconfiguration is a feature of IPV6 that allows for hosts to automatically obtain an IPv6 address.
12. A. The NDP neighbor advertisement (NA) contains the MAC address. A neighbor solicitation (NS) was initially sent asking for the MAC address.
13. B. IPv6 anycast addresses are used for one-to-nearest communication, meaning an anycast address is used by a device to send data to one specific recipient (interface) that is the closest out of a group of recipients (interfaces).
14. B, D. To shorten the written length of an IPv6 address, successive fields of zeros may be replaced by double colons. In trying to shorten the address further, leading zeros may also be removed. Just as with IPv4, a single device's interface can have more than one address; with IPv6 there are more types of addresses and the same rule applies. There can be link-local, global unicast, multicast, and anycast addresses all assigned to the same interface.
15. A, B, C. The Internet Header Length field was removed because it is no longer required. Unlike the variable-length IPv4 header, the IPv6 header is fixed at 40 bytes. Fragmentation is processed differently in IPv6 and does not need the Flags field in the basic IPv4 header. In IPv6, routers no longer process fragmentation; the host is responsible for fragmentation. The Header Checksum field at the IP layer was removed because most Data Link layer technologies already perform checksum and error control, which forces formerly optional upper-layer checksums (UDP, for example) to become mandatory.
16. B. There are no broadcasts with IPv6. Unicast, multicast, anycast, global, and link-local unicast are used.
17. D. This question asked how many bits in a field, not how many bits in an IPv6 address. There are 16 bits (four hex characters) in an IPv6 field and there are eight fields.
18. A, D. Global addresses start with 2000::/3, link-locals start with FE80::/10, loopback is ::1, and unspecified is just two colons (::). Each interface will have a loopback address automatically configured.
19. B, C. If you verify your IP configuration on your host, you'll see that you have multiple IPv6 addresses, including a loopback address. The last 64 bits represent the dynamically created interface ID, and leading zeros are not mandatory in a 16-bit IPv6 field.
20. C. To enable IPv6 routing on the Cisco router, use the following command from global config:

ipv6 unicast-routing

If this command is not recognized, your version of IOS does not support IPv6.