Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. CORRECT TEXT - (Topic 7)
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.
The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to "cisco".
The Core connection uses an IP address of 198.18.247.65
The computers in the Hosts LAN have been assigned addresses of 192.168.240.1 - 192.168.240.254
✑ host A 192.168.240.1
✑ host B 192.168.240.2
✑ host C 192.168.240.3
Answer:
Corp1#conf t
Corp1(config)# access-list 128 permit tcp host 192.168.240.1 host 172.22.141.26 eq www Corp1(config)# access-list 128 deny tcp any host 172.22.141.26 eq www
Corp1(config)# access-list 128 permit ip any any Corp1(config)#int fa0/1
Corp1(config-if)#ip access-group 128 out Corp1(config-if)#end
Corp1#copy run startup-config
Q2. - (Topic 7)
Scenario
Refer to the topology. Your company has connected the routers R1, R2, and R3 with serial links. R2 and R3 are connected to the switches SW1 and SW2, respectively. SW1 and SW2 are also connected to the routers R4 and R5.
The EIGRP routing protocol is configured.
You are required to troubleshoot and resolve the EIGRP issues between the various routers.
Use the appropriate show commands to troubleshoot the issues.
The loopback interfaces on R4 with the IP addresses of 10.4.4.4/32, 10.4.4.5/32, and 10.4.4.6/32 are not appearing in the routing table of R5. Why are the interfaces missing?
A. The interfaces are shutdown, so they are not being advertised.
B. R4 has been incorrectly configured to be in another AS, so it does not peer with R5.
C. Automatic summarization is enabled, so only the 10.0.0.0 network is displayed.
D. The loopback addresses haven't been advertised, and the network command is missing on R4.
Answer: B
Explanation:
For an EIGRP neighbor to form, the following must match:
- Neighbors must be in the same subnet
- K values
- AS numbers
- Authentication method and key strings
Here, we see that R4 is configured for EIGRP AS 2, when it should be AS 1.
Topic 8, Mixed Questions
316. - (Topic 8)
Two hosts are attached to a switch with the default configuration. Which statement about the configuration is true?
A. IP routing must be enabled to allow the two hosts to communicate.
B. The two hosts are in the same broadcast domain.
C. The switch must be configured with a VLAN to allow the two hosts to communicate.
D. Port security prevents the hosts from connecting to the switch.
Q3. - (Topic 6)
When you are troubleshooting an ACL issue on a router, which command would you use to verify which interfaces are affected by the ACL?
A. show ip access-lists
B. show access-lists
C. show interface
D. show ip interface
E. list ip interface
Answer: D
Explanation:
Incorrect Answer
show ip access-lists does not show interfaces affected by an ACL.
Q4. - (Topic 5)
How is an EUI-64 format interface ID created from a 48-bit MAC address?
A. by appending 0xFF to the MAC address
B. by prefixing the MAC address with 0xFFEE
C. by prefixing the MAC address with 0xFF and appending 0xFF to it
D. by inserting 0xFFFE between the upper three bytes and the lower three bytes of the MAC address
E. by prefixing the MAC address with 0xF and inserting 0xF after each of its first three bytes
Answer: D
Explanation:
The modified EUI-64 format interface identifier is derived from the 48-bit link-layer (MAC) address by inserting the hexadecimal number FFFE between the upper three bytes (OUI field) and the lower three bytes (serial number) of the link layer address.
Q5. - (Topic 4)
What command is used to verify the DLCI destination address in a Frame Relay static configuration?
A. show frame-relay pvc
B. show frame-relay lmi
C. show frame-relay map
D. show frame relay end-to-end
Answer: C
Explanation:
Sample “show frame-relay map” output: R1#sh frame map
Serial0/0 (up): ip 10.4.4.1 dlci 401(0x191,0x6410), dynamic, broadcast,, status defined, active
Serial0/0 (up): ip 10.4.4.3 dlci 403(0x193,0x6430), dynamic, broadcast,, status defined, active
Serial0/0 (up): ip 10.4.4.4 dlci 401(0x191,0x6410), static, CISCO, status defined, active
Q6. - (Topic 8)
Refer to the exhibit.
What is the result of setting the no login command?
A. Telnet access is denied.
B. Telnet access requires a new password at the first login.
C. Telnet access requires a new password.
D. no password is required for telnet access.
Answer: D
Q7. - (Topic 4)
It has become necessary to configure an existing serial interface to accept a second Frame Relay virtual circuit. Which of the following procedures are required to accomplish this task? (Choose three.)
A. Remove the IP address from the physical interface.
B. Encapsulate the physical interface with multipoint PPP.
C. Create the virtual interfaces with the interface command.
D. Configure each subinterface with its own IP address.
E. Disable split horizon to prevent routing loops between the subinterface networks.
F. Configure static Frame Relay map entries for each subinterface network.
Answer: A,C,D
Explanation:
For multiple PVC’s on a single interface, you must use subinterfaces, with each subinterface configured for each PVC. Each subinterface will then have its own IP address, and no IP address will be assigned to the main interface.
Q8. - (Topic 5)
What are three benefits of GLBP? (Choose three.)
A. GLBP supports up to eight virtual forwarders per GLBP group.
B. GLBP supports clear text and MD5 password authentication between GLBP group members.
C. GLBP is an open source standardized protocol that can be used with multiple vendors.
D. GLBP supports up to 1024 virtual routers.
E. GLBP can load share traffic across a maximum of four routers.
F. GLBP elects two AVGs and two standby AVGs for redundancy.
Answer: B,D,E
Q9. - (Topic 6)
How does using the service password-encryption command on a router provide additional security?
A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router
Answer: B
Explanation:
By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file
Q10. - (Topic 8)
Which command can you enter to determine whether serial interface 0/2/0 has been configured using HDLC encapsulation?
A. router#show platform
B. router#show interfaces Serial 0/2/0
C. router#show ip interface s0/2/0
D. router#\show ip interface brief
Answer: C
Q11. - (Topic 5)
How many bits are contained in each field of an IPv6 address?
A. 24
B. 4
C. 8
D. 16
Answer: D
Explanation:
An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). An example of an IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
Q12. DRAG DROP - (Topic 7)
A user is unable to connect to the Internet. Based on the layered approach to troubleshooting and beginning with the lowest layer, drag each procedure on the left to its proper category on the right.
Answer:
Explanation:
The question asks us to “begin with the lowest layer” so we have to begin with Layer 1: verify physical connection; in this case an Ethernet cable connection. For your information, “verify Ethernet cable connection” means that we check if the type of connection (crossover, straight-through, rollover…) is correct, the RJ45 headers are plugged in, the signal on the cable is acceptable…
Next we “verify NIC operation”. We do this by simply making a ping to the loopback interface 127.0.0.1. If it works then the NIC card (layer 1, 2) and TCP/IP stack (layer 3) are working properly.
Verify IP configuration belongs to layer 3. For example, checking if the IP can be assignable for host, the PC’s IP is in the same network with the gateway…
Verifying the URL by typing in your browser some popular websites like google.com, microsoft.com to assure that the far end server is not down (it sometimes make we think we can’t access to the Internet). We are using a URL so this step belongs to layer 7 of the OSI model.
Q13. - (Topic 3)
Refer to the exhibit.
What can be determined about the router from the console output?
A. No configuration file was found in NVRAM.
B. No configuration file was found in flash.
C. No configuration file was found in the PCMCIA card.
D. Configuration file is normal and will load in 15 seconds.
Answer: A
Explanation:
When no startup configuration file is found in NVRAM, the System Configuration Dialog will appear to ask if we want to enter the initial configuration dialog or not.
Q14. - (Topic 8)
Which NAT function can map multiple inside addresses to a single outside address?
A. PAT
B. SFTP
C. RARP
D. ARP
E. TFTP
Answer: A
Q15. - (Topic 5)
Which two of these statements are true of IPv6 address representation? (Choose two.)
A. There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast.
B. A single interface may be assigned multiple IPv6 addresses of any type.
C. Every IPv6 interface contains at least one loopback address.
D. The first 64 bits represent the dynamically created interface ID.
E. Leading zeros in an IPv6 16 bit hexadecimal field are mandatory.
Answer: B,C
Explanation:
✑ A single interface may be assigned multiple addresses of any type (unicast, anycast, multicast).
✑ Every IPv6-enabled interface must contain at least one loopback and one link-local
address.
✑ Optionally, every interface can have multiple unique local and global addresses.
Reference: IPv6 Addressing at a Glance – Cisco PDF