Q21. DRAG DROP - (Topic 7)

A user is unable to connect to the Internet. Based on the layered approach to troubleshooting and beginning with the lowest layer, drag each procedure on the left to its proper category on the right.

Answer:

Explanation:

The question asks us to “begin with the lowest layer” so we have to begin with Layer 1: verify physical connection; in this case an Ethernet cable connection. For your information, “verify Ethernet cable connection” means that we check if the type of connection (crossover, straight-through, rollover…) is correct, the RJ45 headers are plugged in, the signal on the cable is acceptable…

Next we “verify NIC operation”. We do this by simply making a ping to the loopback interface 127.0.0.1. If it works then the NIC card (layer 1, 2) and TCP/IP stack (layer 3) are working properly.

Verify IP configuration belongs to layer 3. For example, checking if the IP can be assignable for host, the PC’s IP is in the same network with the gateway…

Verifying the URL by typing in your browser some popular websites like google.com, microsoft.com to assure that the far end server is not down (it sometimes make we think we can’t access to the Internet). We are using a URL so this step belongs to layer 7 of the OSI model.


Q22.  - (Topic 8)

Why is the Branch2 network 10.1 0.20.0/24 unable to communicate with the Server farm1 network 10.1 0.10.0/24 over the GRE tunnel?

A. The GRE tunnel destination is not configured on the R2 router.

B. The GRE tunnel destination is not configured on the Branch2 router.

C. The static route points to the tunnel0 interface that is misconfigured on the Branch2 router.

D. The static route points to the tunnel0 interface that is misconfigured on the R2 router.

Answer: C


Q23.  - (Topic 7)

Scenario

Refer to the topology. Your company has decided to connect the main office with three other remote branch offices using point-to-point serial links.

You are required to troubleshoot and resolve OSPF neighbor adjacency issues between the main office and the routers located in the remote branch offices.

An OSPF neighbor adjacency is not formed between R3 in the main office and R5 in the Branch2 office. What is causing the problem?

A. There is an area ID mismatch.

B. There is a PPP authentication issue; a password mismatch.

C. There is an OSPF hello and dead interval mismatch.

D. There is a missing network command in the OSPF process on R5.

Answer: C

Explanation:

The “show ip ospf interface command on R3 and R5 shows that the hello and dead intervals do not match. They are 50 and 200 on R3 and 10 and 40 on R5.


Q24. CORRECT TEXT - (Topic 6)

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host. All passwords have been temporarily set to "cisco".

The Core connection uses an IP address of 198.18.196.65.

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 - 192.168.33.254

✑ host A 192.168.33.1

✑ host B 192.168.33.2

✑ host C 192.168.33.3

✑ host D 192.168.33.4

The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30.

The Finance Web Server is assigned an IP address of 172.22.242.23.

Answer: 

Select the console on Corp1 router Configuring ACL

Corp1>enable Corp1#configure terminal

comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 comment: To deny any source to access finance server address (172.22.242.23)

{destination addr} on port number 80 (web)

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.

Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interface

comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.

Corp1(config)#interface fa 0/1

If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work

type this commands at interface mode :

no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask)

Configure Correct IP Address and subnet mask:

ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 - 172.22.242.30 )

Comment: Place the ACL to check for packets going outside the interface towards the

finance web server.

Corp1(config-if)#ip access-group 100 out Corp1(config-if)#end

Important: To save your running config to startup before exit. Corp1#copy running-config startup-config

Verifying the Configuration:

Step1: show ip interface brief command identifies the interface on which to apply access list.

Step2: Click on each host A, B, C, & D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server (172.22.242.23) to test whether it permits /deny access to the finance web Server.

Step 3: Only Host C (192.168.33.3) has access to the server. If the other host can also access then maybe something went wrong in your configuration. Check whether you configured correctly and in order.

Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.


Q25.  - (Topic 3)

Refer to the exhibit.

The speed of all serial links is E1 and the speed of all Ethernet links is 100 Mb/s. A static route will be established on the Manchester router to direct traffic toward the Internet over the most direct path available. What configuration on the Manchester router will establish a route toward the Internet for traffic that originates from workstations on the Manchester LAN?

A. ip route 0.0.0.0 255.255.255.0 172.16.100.2

B. ip route 0.0.0.0 0.0.0.0 128.107.1.1

C. ip route 0.0.0.0 255.255.255.252 128.107.1.1

D. ip route 0.0.0.0 0.0.0.0 172.16.100.1

E. ip route 0.0.0.0 0.0.0.0 172.16.100.2

F. ip route 0.0.0.0 255.255.255.255 172.16.100.2

Answer: E

Explanation:

We use default routing to send packets with a remote destination network not in the routing table to the next-hop router. You should generally only use default routing on stub networks—those with only one exit path out of the network.

According to exhibit, all traffic towards Internet that originates from workstations should forward to Router R1.

Syntax for default route is:

ip route <Remote_Network> <Netmask> <Next_Hop_Address>.


Q26.  - (Topic 8)

What is the default VLAN on an access port?

A. 0

B. 1

C. 10

D. 1024

Answer: B


Q27.  - (Topic 8)

Which feature can you use to monitor traffic on a switch by replicating it to another port or ports on the same switch?

A. copy run start

B. traceroute

C. the ICMP Echo IP SLA

D. SPAN

Answer: D

Explanation: A source port, also called a monitored port, is a switched or routed port that you monitor for network traffic analysis. In a single local SPAN session or RSPAN source session, you can monitor source port traffic, such as received (Rx), transmitted (Tx), or bidirectional (both). The switch supports any number of source ports (up to the maximum

number of available ports on the switch) and any number of source VLANs. A source port has these characteristics:

✑ It can be any port type, such as EtherChannel, Fast Ethernet, Gigabit Ethernet,

and so forth.

✑ It can be monitored in multiple SPAN sessions.

✑ It cannot be a destination port.

✑ Each source port can be configured with a direction (ingress, egress, or both) to monitor. For EtherChannel sources, the monitored direction applies to all physical ports in the group.

✑ Source ports can be in the same or different VLANs.

✑ For VLAN SPAN sources, all active ports in the source VLAN are included as source ports.


Q28.  - (Topic 3)

Refer to the graphic.

A static route to the 10.5.6.0/24 network is to be configured on the HFD router. Which commands will accomplish this? (Choose two.)

A. HFD(config)# ip route 10.5.6.0 0.0.0.255 fa0/0

B. HFD(config)# ip route 10.5.6.0 0.0.0.255 10.5.4.6

C. HFD(config)# ip route 10.5.6.0 255.255.255.0 fa0/0

D. HFD(config)# ip route 10.5.6.0 255.255.255.0 10.5.4.6

E. HFD(config)# ip route 10.5.4.6 0.0.0.255 10.5.6.0

F. HFD(config)# ip route 10.5.4.6 255.255.255.0 10.5.6.0

Answer: C,D

Explanation:

The simple syntax of static route:

ip route destination-network-address subnet-mask {next-hop-IP-address | exit-interface}

+ destination-network-address: destination network address of the remote network

+ subnet mask: subnet mask of the destination network

+ next-hop-IP-address: the IP address of the receiving interface on the next-hop router

+ exit-interface: the local interface of this router where the packets will go out In the statement “ip route 10.5.6.0 255.255.255.0 fa0/0:

+ 10.5.6.0 255.255.255.0: the destination network

+fa0/0: the exit-interface


Q29.  - (Topic 5)

What is known as "one-to-nearest" addressing in IPv6?

A. global unicast

B. anycast

C. multicast

D. unspecified address

Answer: B

Explanation:

IPv6 Anycast addresses are used for one-to-nearest communication, meaning an Anycast address is used by a device to send data to one specific recipient (interface) that is the closest out of a group of recipients (interfaces).


Q30.  - (Topic 6)

Refer to the exhibit.

Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?

A. ACDB

B. BADC

C. DBAC

D. CDBA

Answer: D

Explanation:

Routers go line by line through an access list until a match is found and then will not look any further, even if a more specific of better match is found later on in the access list. So, it it best to begin with the most specific entries first, in this cast the two hosts in line C and D. Then, include the subnet (B) and then finally the rest of the traffic (A).