Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 7)
What are three values that must be the same within a sequence of packets for Netflow to consider them a network flow? (Choose three.)
A. source IP address
B. source MAC address
C. egress interface
D. ingress interface
E. destination IP address
F. IP next-hop
Answer: A,D,E
Explanation:
Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.
Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes. IP Packet attributes used by NetFlow:
• IP source address
• IP destination address
• Source port
• Destination port
• Layer 3 protocol type
• Class of Service
• Router or switch interface
All packets with the same source/destination IP address, source/destination ports, protocol interface and class of service are grouped into a flow and then packets and bytes are tallied. This methodology of fingerprinting or determining a flow is scalable because a large amount of network information is condensed into a database of NetFlow information called the NetFlow cache.
Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios- netflow/prod_white_paper0900aecd80406232.html
Q2. - (Topic 3)
What are two benefits of using a single OSPF area network design? (Choose two.)
A. It is less CPU intensive for routers in the single area.
B. It reduces the types of LSAs that are generated.
C. It removes the need for virtual links.
D. It increases LSA response times.
E. It reduces the number of required OSPF neighbor adjacencies.
Answer: B,C
Explanation:
OSPF uses a LSDB (link state database) and fills this with LSAs (link state advertisement). The link types are as follows:
•LSA Type 1: Router LSA
•LSA Type 2: Network LSA
•LSA Type 3: Summary LSA
•LSA Type 4: Summary ASBR LSA
•LSA Type 5: Autonomous system external LSA
•LSA Type 6: Multicast OSPF LSA
•LSA Type 7: Not-so-stubby area LSA
•LSA Type 8: External attribute LSA for BGP
If all routers are in the same area, then many of these LSA types (Summary ASBR LSA, external LSA, etc) will not be used and will not be generated by any router.
All areas in an Open Shortest Path First (OSPF) autonomous system must be physically connected to the backbone area (Area 0). In some cases, where this is not possible, you can use a virtual link to connect to the backbone through a non-backbone area. You can also use virtual links to connect two parts of a partitioned backbone through a non- backbone area. The area through which you configure the virtual link, known as a transit area, must have full routing information. The transit area cannot be a stub area. Virtual links are not ideal and should really only be used for temporary network solutions or migrations. However, if all locations are in a single OSPF area this is not needed.
Q3. - (Topic 8)
If three devices are plugged into one port on a switch and two devices are plugged into a different port, how many collision domains are on the switch?
A. 2
B. 4
C. 5
D. 6
Answer: C
Q4. - (Topic 3)
Users on the 172.17.22.0 network cannot reach the server located on the 172.31.5.0 network. The network administrator connected to router Coffee via the console port, issued the show ip route command, and was able to ping the server.
Based on the output of the show ip route command and the topology shown in the graphic, what is the cause of the failure?
A. The network has not fully converged.
B. IP routing is not enabled.
C. A static route is configured incorrectly.
D. The FastEthernet interface on Coffee is disabled.
E. The neighbor relationship table is not correctly updated.
F. The routing table on Coffee has not updated.
Answer: C
Explanation:
The default route or the static route was configured with incorrect next-hop ip address 172.19.22.2. The correct IP address will be 172.18.22.2 to reach server located on 172.31.5.0 network. IP route 0.0.0.0 0.0.0.0 172.18.22.2
Q5. - (Topic 8)
Which feature can you use to monitor traffic on a switch by replicating it to another port or ports on the same switch?
A. copy run start
B. traceroute
C. the ICMP Echo IP SLA
D. SPAN
Answer: D
Explanation: A source port, also called a monitored port, is a switched or routed port that you monitor for network traffic analysis. In a single local SPAN session or RSPAN source session, you can monitor source port traffic, such as received (Rx), transmitted (Tx), or bidirectional (both). The switch supports any number of source ports (up to the maximum
number of available ports on the switch) and any number of source VLANs. A source port has these characteristics:
✑ It can be any port type, such as EtherChannel, Fast Ethernet, Gigabit Ethernet,
and so forth.
✑ It can be monitored in multiple SPAN sessions.
✑ It cannot be a destination port.
✑ Each source port can be configured with a direction (ingress, egress, or both) to monitor. For EtherChannel sources, the monitored direction applies to all physical ports in the group.
✑ Source ports can be in the same or different VLANs.
✑ For VLAN SPAN sources, all active ports in the source VLAN are included as source ports.
Q6. - (Topic 8)
Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in trunk mode, dynamic desirable mode, or desirable auto mode?
A. trunk
B. access
C. dynamic desirable
D. dynamic auto
Answer: C
Q7. - (Topic 6)
Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?
A. BackboneFast
B. UplinkFast
C. Root Guard
D. BPDU Guard
E. BPDU Filter
Answer: D
Explanation:
We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.
With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop.
Q8. - (Topic 5)
The network administrator has been asked to give reasons for moving from IPv4 to IPv6. What are two valid reasons for adopting IPv6 over IPv4? (Choose two.)
A. no broadcast
B. change of source address in the IPv6 header
C. change of destination address in the IPv6 header
D. Telnet access does not require a password
E. autoconfiguration
F. NAT
Answer: A,E
Explanation:
IPv6 does not use broadcasts, and autoconfiguration is a feature of IPV6 that allows for hosts to automatically obtain an IPv6 address.
Q9. - (Topic 7)
An administrator is trying to ping and telnet from SwitchC to RouterC with the results shown below.
Click the console connected to RouterC and issue the appropriate commands to answer the questions.
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A. Attempts to telnet to the router would fail.
B. It would allow all traffic from the 10.4.4.0 network.
C. IP traffic would be passed through the interface but TCP and UDP traffic would not.
D. Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface.
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Q10. - (Topic 4)
At which layer of the OSI model does PPP perform?
A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 5
Answer: A
Explanation:
The Point-to-Point Protocol (PPP) provides a standard method for transporting multi- protocol datagrams over point-to-point links. PPP was originally emerged as an encapsulation protocol for transporting IP traffic between two peers. It is a data link layer protocol (layer 2 in the OSI model)
Q11. - (Topic 3)
Which command encrypts all plaintext passwords?
A. Router# service password-encryption
B. Router(config)# password-encryption
C. Router(config)# service password-encryption
D. Router# password-encryption
Answer: C
Explanation:
Command
The “service password-encryption” command allows you to encrypt all passwords on your router so they cannot be easily guessed from your running-config. This command uses a very weak encryption because the router has to be very quickly decode the passwords for its operation.
It is meant to prevent someone from looking over your shoulder and seeing the password, that is all. This is configured in global configuration mode.
Q12. - (Topic 8)
Scenario:
You are a junior network engineer for a financial company, and the main office network is experiencing network issues. Troubleshoot the network issues.
Router R1 connects the main office to the internet, and routers R2 and R3 are internal routers.
NAT is enabled on router R1.
The routing protocol that is enabled between routers R1, R2 and R3 is RIPv2.
R1 sends the default route into RIPv2 for the internal routers to forward internet traffic to R1.
You have console access on R1, R2 and R3 devices. Use only show commands to troubleshoot the issues.
Examine the DHCP configuration between R2 and R3; R2 is configured as the DHCP server and R3 as the client. What is the reason R3 is not receiving the IP address via DHCP?
A. On R2. The network statement In the DHCP pool configuration is incorrectly configured.
B. On R3. DHCP is not enabled on the interface that is connected to R2.
C. On R2, the interface that is connected to R3 is in shutdown condition.
D. On R3, the interface that is connected to R2 is in shutdown condition.
Answer: B
Explanation:
Please check the below:
Q13. - (Topic 8)
Scenario:
You are a junior network engineer for a financial company, and the main office network is experiencing network issues. Troubleshoot the network issues.
Router R1 connects the main office to the internet, and routers R2 and R3 are internal routers.
NAT is enabled on router R1.
The routing protocol that is enabled between routers R1, R2 and R3 is RIPv2.
R1 sends the default route into RIPv2 for the internal routers to forward internet traffic to R1.
You have console access on R1, R2 and R3 devices. Use only show commands to troubleshoot the issues.
Users complain that they are unable to reach internet sites. You are troubleshooting internet connectivity problem at main office. Which statement correctly identifies the problem on Router R1?
A. Interesting traffic for NAT ACL is incorrectly configured.
B. NAT configurations on the interfaces are incorrectly configured
C. NAT translation statement incorrectly configured.
D. Only static NAT translation configured for the server, missing Dynamic NAT or Dynamic NAT overloading for internal networks.
Answer: B
Q14. CORRECT TEXT - (Topic 8)
Which protocol authenticates connected devices before allowing them to access the LAN?
A. 802.1d
B. 802.11
C. 802.1w
D. 802.1x
Answer: D
Explanation:
802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN. The term 'supplicant' is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The
authenticator is a network device, such as an Ethernet switch or wireless access point; and the authentication server is typically a host running software supporting the RADIUS and EAP protocols.
The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity has been validated and authorized. An analogy to this is providing a valid visa at the airport's arrival immigration before being allowed to enter the country. With 802.1X port-based authentication, the supplicant provides credentials, such as user name/password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification. If the authentication server determines the credentials are valid, the supplicant (client device) is allowed to access resources located on the protected side of the network.
Q15. - (Topic 5)
Which command can you use to manually assign a static IPv6 address to a router interface?
A. ipv6 autoconfig 2001:db8:2222:7272::72/64
B. ipv6 address 2001:db8:2222:7272::72/64
C. ipv6 address PREFIX_1 ::1/64
D. ipv6 autoconfig
Answer: B
Explanation:
To assign an IPv6 address to an interface, use the “ipv6 address” command and specify the IP address you wish to use.