Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 2)
What can be done to secure the virtual terminal interfaces on a router? (Choose two.)
A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.
Answer: D,E
Explanation:
It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces -> A is not correct.
We can not physically secure a virtual interface because it is “virtual” -> B is not correct.
To apply an access list to a virtual terminal interface we must use the “access-class” command. The “access-group” command is only used to apply an access list to a physical interface -> C is not correct; E is correct.
The most simple way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login -> D is correct.
Q2. - (Topic 2)
Refer to the exhibit.
C-router is to be used as a "router-on-a-stick" to route between the VLANs. All the interfaces have been properly configured and IP routing is operational. The hosts in the VLANs have been configured with the appropriate default gateway. What is true about this configuration?
A. These commands need to be added to the configuration: C-router(config)# router eigrp 123 C-router(config-router)# network 172.19.0.0
B. These commands need to be added to the configuration: C-router(config)# router ospf 1 C-router(config-router)# network 172.19.0.0 0.0.3.255 area 0
C. These commands need to be added to the configuration: C-router(config)# router rip C-router(config-router)# network 172.19.0.0
D. No further routing configuration is required.
Answer: D
Explanation:
http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a 00800949fd.shtml https://learningnetwork.cisco.com/servlet/JiveServlet/download/5669-2461/Router%20on%20a%20Stick.pdf.
Q3. - (Topic 3)
What is the advantage of using a multipoint interface instead of point-to-point subinterfaces when configuring a Frame Relay hub in a hub-and-spoke topology?
A. It avoids split-horizon issues with distance vector routing protocols.
B. IP addresses can be conserved if VLSM is not being used for subnetting.
C. A multipoint interface offers greater security compared to point-to-point subinterface configurations.
D. The multiple IP network addresses required for a multipoint interface provide greater addressing flexibility over point-to-point configurations.
Answer: B
Explanation:
You do not have to assign a separate subnet per sub-interface .if you're using a Class A network (10.x.x.x/8), you blow the whole network on a few connections (if you used VLSM, you could use a better mask, limit the addresses used). if you used 10.0.0.0/8, you would not be assigning the entire /8 to a single network. You would select a subnet mask for the network and then, you would have to use that mask with all subnets of the network. So if you chose a /24 mask, that would mean that you would have to use a /24 mask for even point-to-point links.
Q4. - (Topic 2)
A router is running three routing processes: RIP, OSPF, and EIGRP, each configured with default characteristics. Each process learns a route to the same remote network.
If there are no static routes to the destination and none of the routes were redistributed, which route will be placed in the IP routing table?
A. the route learned through EIGRP
B. the route learned through OSPF
C. the route learned through RIP
D. the route with the lowest metric
E. all three routes with the router load balancing
Answer: A
Reference:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094195.shtml
Administrative distance is the feature that routers use in order to select the best path.
Administrative distance defines the reliability of a routing protocol. Each routing protocol is prioritized in order of most to least reliable (believable) with the help of an administrative distance value. Lowest Administrative distance will be chosen first.
Q5. DRAG DROP - (Topic 2)
Answer: Explanation:
poison reverse: A router learns from its neighbor that a route is down and the router sends an update back to the neighbor with an infinite metric to that routeLSA: The packets flooded when a topology change occurs, causing network routers to update their topological databases and recalculate routes split horizon: This prevents sending information about a routeback out the same interface that originally learned about the route holddown timer: For a given period, this causes the router to ignore any updates with poorer metrics to a lost network
The internetwork infrastructure of company XYZ consists of a single OSPF area as shown in the graphic. There is concern that a lack of router resources is impeding internetwork performance. As part of examining the router resources, the OSPF DRs need to be known. All the router OSPF priorities are at the default and the router IDs are shown with each router.
Which routers are likely to have been elected as DR? (Choose two.)
A. Corp-1
B. Corp-2
C. Corp-3
D. Corp-4
E. Branch-1
F. Branch-2
Q6. - (Topic 3)
Which command is used to enable CHAP authentication, with PAP as the fallback method, on a serial interface?
A. Router(config-if)# ppp authentication chap fallback ppp
B. Router(config-if)# ppp authentication chap pap
C. Router(config-if)# authentication ppp chap fallback ppp
D. Router(config-if)# authentication ppp chap pap
Answer: B
Explanation:
The command “ppp authentication chap pap” command indicates the CHAP authentication is used first. If it fails or is rejected by other side then uses PAP instead. If you want to use PAP first (then CHAP) you can use the “ppp authentication pap chap” command
Reference: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html
Q7. - (Topic 2)
What are two benefits of using a single OSPF area network design? (Choose two.)
A. It is less CPU intensive for routers in the single area.
B. It reduces the types of LSAs that are generated.
C. It removes the need for virtual links.
D. It increases LSA response times.
E. It reduces the number of required OSPF neighbor adjacencies.
Answer: B,C
Explanation:
OSPF uses a LSDB (link state database) and fills this with LSAs (link state advertisement). The link types are as follows:
LSA Type 1:. Router LSA
LSA Type 2:.. . . . . . . . Network LSA
LSA Type 3:. Summary LSA
LSA Type 4:. Summary ASBR LSA
LSA Type 5:. Autonomous system external LSA
LSA Type 6:. Multicast OSPF LSA
LSA Type 7:. Not-so-stubby area LSA
LSA Type 8:. External attribute LSA for BGP
If all routers are in the same area, then many of these LSA types (Summary ASBR LSA, external LSA, etc) will not be used and will not be generated by any router.
All areas in an Open Shortest Path First (OSPF) autonomous system must be physically connected to the backbone area (Area 0). In some cases, where this is not possible, you can use a virtual link to connect to the backbone through a non-backbone area. You can also use virtual links to connect two parts of a partitioned backbone through a non-backbone area. The area through which you configure the virtual link, known as a transit area, must have full routing information. The transit area cannot be a stub area. Virtual links are not ideal and should really only be used for temporary network solutions or migrations. However, if all locations are in a single OSPF area this is not needed.
Q8. - (Topic 2)
Which commands are required to properly configure a router to run OSPF and to add network 192.168.16.0/24 to OSPF area 0? (Choose two.)
A. Router(config)# router ospf 0
B. Router(config)# router ospf 1
C. Router(config)# router ospf area 0
D. Router(config-router)# network 192.168.16.0 0.0.0.255 0
E. Router(config-router)# network 192.168.16.0 0.0.0.255 area 0
F. Router(config-router)# network 192.168.16.0 255.255.255.0 area 0
Answer: B,E
Explanation:
In the router ospf Command, the ranges from 1 to 65535 so o is an invalid number - B is correct but A is not correct. To configure OSPF, we need a wildcard in the “network” statement, not a subnet mask. We also need to assign an area to this process - E is correct.
Q9. - (Topic 3)
Which command allows you to verify the encapsulation type (CISCO or IETF) for a Frame Relay link?
A. show frame-relay lmi
B. show frame-relay map
C. show frame-relay pvc
D. show interfaces serial
Answer: B
Explanation: map will show frame relay encapsulation (cisco or ietf) http://www.cisco.com/en/US/docs/ios/12_2/wan/command/reference/wrffr4.html#wp102934
"show frame-relay map" will show frame relay encapsulation type (CISCO or IETF)
Q10. - (Topic 2)
Refer to the exhibit.
If the router R1 returns the given output and has not had its router ID set manually, what address will EIGRP use as its router ID?
A. 192.168.1.2
B. 172.16.4.1
C. 192.168.10.2
D. 1.1.1.1
Answer: D
Explanation:
The router ID is selected according to the following rules: manual configuration highest up/up loopback highest up/up physical interface
Q11. - (Topic 1)
What is one benefit of PVST+?
A. PVST+ supports Layer 3 load balancing without loops.
B. PVST+ reduces the CPU cycles for all the switches in the network.
C. PVST+ allows the root switch location to be optimized per VLAN.
D. PVST+ automatically selects the root bridge location, to provide optimized bandwidth usage.
Answer: C
Explanation:
Per VLAN Spanning Tree (PVST) Introduction http://www.cisco.com/en/US/tech/tk389/tk621/tk846/tsd_technology_support_sub-protocol_home.html Per VLAN Spanning Tree (PVST) maintains a spanning tree instance for each VLAN configured in the network. This means a switch can be the root bridge of a VLAN while another switch can be the root bridge of other VLANs in a common topology. For example, Switch 1 can be the root bridge for Voice data while Switch 2 can be the root bridge for Video data. If designed correctly, it can optimize the network traffic. http://www.ciscopress.com/articles/article.asp?p=102157&seqNum=4
Topic 2, Routing Technologies
Q12. - (Topic 3)
Refer to the exhibit.
What is the meaning of the term dynamic as displayed in the output of the show frame-relay map command shown?
A. The Serial0/0 interface is passing traffic.
B. The DLCI 100 was dynamically allocated by the router
C. The Serial0/0 interface acquired the IP address of 172.16.3.1 from a DHCP server
D. The DLCI 100 will be dynamically changed as required to adapt to changes in the Frame Relay cloud
E. The mapping between DLCI 100 and the end station IP address 172.16.3.1 was learned through Inverse ARP
Answer: E
Explanation:
The term dynamic indicates that the DLCI number and the remote router IP address
172.16.3.1 are learned via the Inverse ARP process.
Inverse ARP is a technique by which dynamic mappings are constructed in a network, allowing a device such as a router to locate the logical network address and associate it with a permanent virtual circuit (PVC).
Q13. - (Topic 3)
Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)
A. CHAP uses a two-way handshake.
B. CHAP uses a three-way handshake.
C. CHAP authentication periodically occurs after link establishment.
D. CHAP authentication passwords are sent in plaintext.
E. CHAP authentication is performed only upon link establishment.
F. CHAP has no protection from playback attacks.
Answer: B,C
Explanation:
Understanding and Configuring PPP CHAP Authentication http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131. shtml
One-Way and Two-Way Authentication CHAP is defined as a one-way authentication method. However, you use CHAP in both directions to create a two-way authentication. Hence, with two-way CHAP, a separate three-way handshake is initiated by each side. In the Cisco CHAP implementation, by default, the called party must authenticate the calling party (unless authentication is completely turned off). Therefore, a one-way authentication initiated by the called party is the minimum possible authentication. However, the calling party can also verify the identity of the called party, and this results in a two-way authentication. One-way authentication is often required when you connect to non-Cisco devices.
Q14. - (Topic 1)
Refer to the exhibit.
The output that is shown is generated at a switch. Which three statements are true? (Choose three.)
A. All ports will be in a state of discarding, learning, or forwarding.
B. Thirty VLANs have been configured on this switch.
C. The bridge priority is lower than the default value for spanning tree.
D. All interfaces that are shown are on shared media.
E. All designated ports are in a forwarding state.
F. This switch must be the root bridge for all VLANs on this switch.
Answer: A,C,E
Explanation:
From the output, we see that all ports are in Designated role (forwarding state) -> A and E
are correct.
The command “show spanning-tree vlan 30 only shows us information about VLAN 30. We
don’t know how many VLAN exists in this switch -> B is not correct.
The bridge priority of this switch is 24606 which is lower than the default value bridge
priority 32768 -> C is correct.
All three interfaces on this switch have the connection type “p2p”, which means Point-to-point environment – not a shared media -> D is not correct.
The only thing we can specify is this switch is the root bridge for VLAN 3o but we can not
guarantee it is also the root bridge for other VLANs -> F is not correct.
Q15. - (Topic 2)
Refer to the exhibit.
RTA is configured with a basic configuration. The link between the two routers is operational and no routing protocols are configured on either router. The line shown in the exhibit is then added to router RTA. Should interface Fa0/0 on router RTB shut down, what effect will the shutdown have on router RTA?
A. A route to 172.16.14.0/24 will remain in the RTA routing table.
B. A packet to host 172.16.14.225 will be dropped by router RTA.
C. Router RTA will send an ICMP packet to attempt to verify the route.
D. Because router RTB will send a poison reverse packet to router RTA, RTA will remove the route.
Answer: A
Explanation:
Static routes remain in the routing table even if the specified gateway becomes unavailable. If the specified gateway becomes unavailable, you need to remove the static route from the routing table manually. However, static routes are removed from the routing table if the specified interface goes down, and are reinstated when the interface comes back up. Therefore the static route will only be removed from the routing table if the S0/0 interface on RTA is shutdown.
Reference: http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/route_static.html)
Q16. - (Topic 3)
The output of the show frame-relay pvc command shows "PVC STATUS = INACTIVE". What does this mean?
A. The PVC is configured correctly and is operating normally, but no data packets have been detected for more than five minutes.
B. The PVC is configured correctly, is operating normally, and is no longer actively seeking the address of the remote router.
C. The PVC is configured correctly, is operating normally, and is waiting for interesting traffic to trigger a call to the remote router.
D. The PVC is configured correctly on the local switch, but there is a problem on the remote end of the PVC.
E. The PVC is not configured on the local switch.
Answer: D
Explanation: The PVC STATUS displays the status of the PVC. The DCE device creates and sends the report to the DTE devices. There are 4 statuses: ACTIVE: the PVC is operational and can transmit dataINACTIVE: the connection from the local router to the switch is working, but the connection to the remote router is not availableDELETED: the PVC is not present and no LMI information is being received from the Frame Relay switch STATIC: the Local Management Interface (LMI) mechanism on the interface is disabled (by using the “no keepalive” command). This status is rarely seen.