1. What type of address is 64.101.198.197?

* Any number not included in

the reserved private IP address range

10.0.0.0 — 10.255.255.255;
172.16.0.0 — 172.31.255.255;
192.168.0.0 — 192.168.255.255

1/1

a) Public

b) Private

2. An administrator is configuring single-area OSPF on a router. One of the

networks that must be advertised is 64.100.0.0 255.255.255.0. What
wildcard mask would the administrator use in the OSPF network
statement? * /24 255.255.255.0 wild card niya is 0.0.0.255

1/1

a) 0.0.0.31

b) 0.0.0.255

c) 0.0.0.63

d) 0.0.0.127

3.What indicates to a link-state router that a neighbor is unreachable? *

A HELLO packet is a special data packet (message) that is sent out
periodically from a router to establish and confirm network adjacency
relationships to other routers in the Open Shortest Path First (OSPF)
communications protocol.

OSPF routers send hello packets to monitor the state of a neighbor. When
a router stops receiving hello packets from a neighbor, that neighbor is
considered unreachable and the adjacency is broken.

1/1

a) if the router no longer receives hello packets

b) if the router receives an update with a hop count of 16

c) if the router receives an LSP with previously learned information

d) if the router no longer receives routing updates

4.What is a benefit of multiarea OSPF routing? *

With multiarea OSPF, only routers within an area share the same link-state
database. Changes to the network topology in one area do not impact
other areas, which reduces the number of SPF algorithm calculations and
the of link-state databases.

1/1

a) Topology changes in one area do not cause SPF recalculations in other areas.

b) Routers in all areas share the same link-state database and have a complete
picture of the entire network.

c) A backbone area is not required.

 d) Automatic route summarization occurs by default between areas.

5. In an OSPFv2 configuration, what is the effect of entering the command

network 192.168.1.1 0.0.0.0 area 0 ? *

1/1

Entering the command network 192.168.1.1 0.0.0.0 area 0 will turn on

only the interface with that IP address for OSPF routing. It does not
change the router ID. Instead, OSPF will use the network that is configured
on that interface.

a) It allows all 192.168.1.0 networks to be advertised.

b) It tells the router which interface to turn on for the OSPF routing process.

c) It changes the router ID of the router to 192.168.1.1.

d) It enables OSPF on all interfaces on the router.

6. After modifying the router ID on an OSPF router, what is the preferred

method to make the new router ID effective? *

1/1

To modify a router-id on an OSPF-enabled router, it is necessary to reset

the OSPF routing process by entering either the clear ip ospf
process command or the reload command.

a) HQ# copy running-config startup-config

b) HQ# resume
 c) HQ# clear ip route *

d) HQ# clear ip ospf process

7. What is the recommended Cisco best practice for configuring an OSPF-

enabled router so that each router can be easily identified when
troubleshooting routing issues? *

1/1

A Cisco router is assigned a router ID to uniquely identify it. It can be

automatically assigned and take the value of the highest configured IP
address on any interface, the value of a specifically-configured loopback
address, or the value assigned (which is in the exact form of an IP address)
using the router-id command. Cisco recommends using the router-
id command.

a) Configure a value using the router-id command.

b) Use the highest active interface IP address that is configured on the router.

c) Use a loopback interface configured with the highest IP address on the router.

d) Use the highest IP address assigned to an active interface participating in the

routing process.

8. Which command is used to verify that OSPF is enabled and also provides
a list of the networks that are being advertised by the network? *

1/1

a) show ip interface brief

b) show ip ospf interface

 c) show ip protocols

d) show ip route ospf

9. What command would be used to determine if a routing protocol-initiated

relationship had been made with an adjacent router? *

1/1

a) Ping

b) show ip ospf neighbor

c) show ip interface brief

d) show ip protocols

10. Refer to the exhibit. On which router or routers would a default route be
statically configured in a corporate environment that uses single area OSPF
as the routing protocol? *

1/1

The default route is applied to the router that connects to the Internet, or
R0-A in which kani si R0-A kay maoy naka connect kang internet service
provider. R0-A then distributes that default route using the OSPF routing
protocol.
 a) R0-A

b) ISP, R0-A, R0-B, and R0-C

c) ISP

d) R0-B and R0-C

11. Refer to the exhibit. What is the OSPF cost to reach the router A
LAN 172.16.1.0/24 from B? *

1/1

The formula used to calculate the OSPF cost is as follows:

Cost = reference bandwidth / interface bandwidth
The default reference bandwidth is 10^8 (100,000,000); therefore, the
formula is
Cost = 100,000,000 bps / interface bandwidth in bps
Thus the cost to reach the A LAN 172.16.1.0/24 from B is as follows:
Serial link (1544 Kbps) from B to A cost => 100,000,000 / 1,544,000 = 64
Gigabit Ethernet link on A cost => 100,000,000 / 1,000,000,000 = 1
Total cost to reach 172.16.1.0/24 = 64 + 1 = 65
 a) 782

b) 74

c) 128

d) 65

12. Refer to the exhibit. If the switch reboots and all routers have to re-
establish OSPF adjacencies, which routers will become the new DR and
BDR? *

1/1
 a) Router R4 will become the DR and router R1 will become the BDR.

OSPF elections of a DR are based on the following in order of precedence:

 highest pritority from 1 -255 (0 = never a DR)
 highest router ID
 highest IP address of a loopback or active interface in the absence
of a manually configured router ID. Loopback IP addresses take higher
precedence than other interfaces.
In this case routers R4 and R1 have the highest router priority. Between
the two, R3 has the higher router ID. Therefore, R4 will become the DR
and R1 will become the BDR.

b) Router R2 will become the DR and router R3 will become the BDR.

c) Router R1 will become the DR and router R2 will become the BDR.

d) Router R4 will become the DR and router R3 will become the BDR

13. An OSPF router has three directly connected

networks; 172.16.0.0/16, 172.16.1.0/16, and 172.16.2.0/16. Which OSPF
network command would advertise only the 172.16.1.0 network to
neighbors? *
1/1

a) router(config-router)# network 172.16.1.0 0.0.255.255 area 0

b) router(config-router)# network 172.16.0.0 0.0.15.255 area 0

c) router(config-router)# network 172.16.1.0 255.255.255.0 area 0

d) router(config-router)# network 172.16.1.0 0.0.0.0 area 0

14. A network technician issues the following commands when configuring a

router: R1(config)# router ospf 11. R1(config-router)# network 10.10.10.0
0.0.0.255 area 0. What does the number 11 represent? *

1/1

a) the OSPF process ID on R1

b) the cost of the link to R1

c) the autonomous system number to which R1 belongs

d) the administrative distance that is manually assigned to R1

15. Refer to the exhibit. If no router ID was manually configured, what would
router Branch1 use as its OSPF router ID? *

1/1
 a) 10.0.0.1

b) 10.1.0.1

c) 192.168.1.100

In OSPFv2, a Cisco router uses a three-tier method to derive its router ID.
The first choice is the manually configured router ID with the router-
id command. If the router ID is not manually configured, the router will
choose the highest IPv4 address of the configured loopback interfaces.
Finally if no loopback interfaces are configured, the router chooses the
highest active IPv4 address of its physical interfaces.

d) 209.165.201.1

16. What will an OSPF router prefer to use first as a router ID? *

1/1

a) a loopback interface that is configured with the highest IP address on the router

b) any IP address that is configured using the router-id command

c) the highest active interface IP that is configured on the router

 d) the highest active interface that participates in the routing process because of a
specifically configured network statement

17. When an OSPF network is converged and no network topology change

has been detected by a router, how often will LSU packets be sent to
neighboring routers? *

1/1

a) Every 5 minutes

b) Every 10 minutes

c) Every 30 minutes

d) Every 60 minutes

18. In an OSPF network when are DR and BDR elections required? *

1/1

a) when the two adjacent neighbors are interconnected over a point-to-point link

b) when all the routers in an OSPF area cannot form adjacencies

c) when the routers are interconnected over a common Ethernet network

d) when the two adjacent neighbors are in two different networks

19. A network engineer has manually configured the hello interval to 15
seconds on an interface of a router that is running OSPFv2. By default, how
will the dead interval on the interface be affected? *

1/1

a) The dead interval will not change from the default value.

b) The dead interval will now be 30 seconds.

c) The dead interval will now be 60 seconds.

d) The dead interval will now be 15 seconds.

20. What is used to facilitate hierarchical routing in OSPF? *

1/1

a) the use of multiple areas

b) frequent SPF calculations

c) autosummarization

d) the election of designated routers

21. The IT department is reporting that a company web server is receiving

an abnormally high number of web page requests from different locations
simultaneously. Which type of security attack is occurring? *

1/1
 a) Adware

b) DDos

c) Phishing

d) Social engineering

22. Which objective of secure communications is achieved by encrypting

data? *

1/1

a) Authentication

b) Availability

c) Confidentiality

d) Integrity

23. What type of malware has the primary objective of spreading across the
network? *

1/1

a) Worm

b) Virus

c) Trojan horse
 d) Botnet

24. What commonly motivates cybercriminals to attack networks as

compared to hactivists or state-sponsored hackers? *

1/1

a) Financial gain

b) Fame seeking

c) Status among peers

d) Political reasons

25. Which type of hacker is motivated to protest against political and social
issues? *

1/1

a) Hacktivist

b) Cybercriminal

c) Script kiddie

d) Vulnerability broker

26. Which requirement of secure communications is ensured by the

implementation of MD5 or SHA hash generating algorithms? *
1/1

a) Nonrepudiation

b) Authentication

c) Integrity

d) Confidentiality

27. What type of ACL offers greater flexibility and control over network
access? *

1/1

a) Numbered standard

b) Named standard

c) Extended

d) Flexible

28. Refer to the exhibit. An ACL was configured on R1 with the intention of
denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All
other traffic into subnet 172.16.3.0/24 should be permitted. This standard
ACL was then applied outbound on interface Fa0/0. Which conclusion can
be drawn from this configuration? *

1/1
 a) The ACL should be applied outbound on all interfaces of R1.

b) The ACL should be applied to the FastEthernet 0/0 interface of R1 inbound to

accomplish the requirements.

c) All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.

Because of the implicit deny at the end of all ACLs, the access-list 1
permit any command must be included to ensure that only traffic from the
172.16.4.0/24 subnet is blocked and that all other traffic is allowed.​

d) Only traffic from the 172.16.4.0/24 subnet is blocked, and all other traffic is
allowed.

29. Which protocol is attacked when a cybercriminal provides an invalid

gateway in order to create a man-in-the-middle attack? *

1/1

a) DHCP

b) DNS

c) ICMP
 d) HTTP or HTTPS

30. Refer to the exhibit. An administrator has configured a standard ACL on

R1 and applied it to interface serial 0/0/0 in the outbound direction. What
happens to traffic leaving interface serial 0/0/0 that does not match the
configured ACL statements? *

1/1

a) The traffic is dropped.

Any traffic that does not match one of the statements in an ACL has the
implicit deny applied to it, which means the traffic is dropped.

b) The source IP address is checked and, if a match is not found, traffic is routed out
interface serial 0/0/1.

c) The resulting action is determined by the destination IP address.

d) The resulting action is determined by the destination IP address and port number.

31. Which set of access control entries would allow all users on
the 192.168.10.0/24 network to access a web server that is located at
172.17.80.1, but would not allow them to use Telnet? *

1/1
a

c
 d

Explanation: For an extended ACL to meet these requirements the

following need to be included in the access control entries:
 identification number in the range 100-199 or 2000-2699
 permit or deny parameter
 protocol
 source address and wildcard
 destination address and wildcard
 port number or name

32. What is the term used to describe a mechanism that takes advantage of
a vulnerability? *

1/1

a) mitigation

b) exploit

c) vulnerability

d) threat
33. A technician is tasked with using ACLs to secure a router. When would
the technician use the any configuration option or command? *

1/1

a) to add a text entry for documentation purposes

b) to generate and send an informational message whenever the ACE is matched

c) to identify any IP address

d) to identify one specific IP address

34. A user receives a phone call from a person who claims to represent IT
services and then asks that user for confirmation of username and password
for auditing purposes. Which security threat does this phone call
represent? *

1/1

a) Spam

b) Social engineering

c) DDos

d) Anonymous keylogging

35. In what way are zombies used in security attacks? *

1/1
 a) They target specific individuals to gain corporate or personal information.

b) They probe a group of machines for open ports to learn which services are
running.

c) They are maliciously formed code segments used to replace legitimate

applications.

d) They are infected machines that carry out a DDoS attack.

36. Which attack involves threat actors positioning themselves between a

source and destination with the intent of transparently monitoring, capturing,
and controlling the communication? *

1/1

a) man-in-the-middle attack

b) SYN flood attack

c) DoS attack

d) ICMP attack

37. Which statement describes a difference between the operation of

inbound and outbound ACLs? *

1/1

a) Inbound ACLs are processed before the packets are routed while outbound ACLs
are processed after the routing is completed.

With an inbound ACL, incoming packets are processed before they are
routed. With an outbound ACL, packets are first routed to the outbound
interface, then they are processed. Thus processing inbound is more
efficient from the router perspective. The structure, filtering methods, and
limitations (on an interface, only one inbound and one outbound ACL can
be configured) are the same for both types of ACLs.

b) In contrast to outbound ALCs, inbound ACLs can be used to filter packets with
multiple criteria.

c) On a network interface, more than one inbound ACL can be configured but only
one outbound ACL can be configured.

d) Inbound ACLs can be used in both routers and switches but outbound ACLs can
be used only on routers.

38. What is the term used to describe a potential danger to a company’s

assets, data, or network functionality? *

1/1

a) Vulnerability

b) Threat

c) Asset

d) Exploit

39. In which type of attack is falsified information used to redirect users to

malicious Internet sites? *

1/1

a) DNS amplification and reflection

b) ARP cache poisoning

c) DNS cache poisoning

 d) domain generation

40. What is the term used to describe the same pre-shared key or secret key,
known by both the sender and receiver to encrypt and decrypt data? *

1/1

a) symmetric encryption algorithm

b) data integrity

c) exploit

d) risk

41. A network administrator wants to examine the active NAT translations on

a border router. Which command would perform the task? *

1/1

a) Router# show ip nat translations

The clear ip nat translations command clears all dynamic address

translation entries from the NAT translation table. The debug ip
nat command is used to verify the operation of NAT. The show ip nat
statistics command displays information about the total number of
active translations, NAT configuration parameters, the number of
addresses in the pool, and the number that have been allocated.
The show ip nat translations command displays the active NAT
translations.

b) Router# show ip nat statistics

 c) Router# clear ip nat translations

d) Router# debug ip nat translations

42. Refer to the exhibit. NAT is configured on RT1 and RT2. The PC is
sending a request to the web server. What IPv4 address is the source IP
address in the packet between RT2 and the web server? *

1/1

a) 192.168.1.5

b) 203.0.113.10

c) 172.16.1.10

d) 209.165.200.245

Because the packet is between RT2 and the web server, the source IP
address is the inside global address of PC, 209.165.200.245.

43. What is the purpose of the overload keyword in the ip nat inside source
list 1 pool NAT_POOL overload command? *

1/1
 a) It allows many inside hosts to share one or a few inside global addresses.

Explanation: Dynamic NAT uses a pool of inside global addresses that

are assigned to outgoing sessions. If there are more internal hosts than
public addresses in the pool, then an administrator can enable port
address translation with the addition of the overload keyword. With port
address translation, many internal hosts can share a single inside global
address because the NAT device will track the individual sessions by
Layer 4 port number.
Explanation: The primary difference between this configuration and the
configuration for dynamic, one-to-one NAT is that the overload keyword is
used. The overload keyword enables PAT.

b) It allows a list of internal hosts to communicate with a specific group of external

hosts.

c) It allows external hosts to initiate sessions with internal hosts.

d) It allows a pool of inside global addresses to be used by internal hosts.

44. Which situation describes data transmissions over a WAN connection? *

1/1

a) A network administrator in the office remotely accesses a web server that is

located in the data center at the edge of the campus.

b) A manager sends an email to all employees in the department with offices that are
located in several buildings.

c) An employee prints a file through a networked printer that is located in another

building.

d) An employee shares a database file with a co-worker who is located in a branch

office on the other side of the city.

When two offices across a city are communicating , it is most likely that
the data transmissions are over some type of WAN connection. Data
communications within a campus are typically over LAN connections.
45. What does NAT overloading use to track multiple internal hosts that use
one inside global address? *

1/1

a) port numbers

Explanation: NAT overloading, also known as Port Address

Translation (PAT), uses port numbers to differentiate between
multiple internal hosts.

b) IP addresses

c) autonomous system numbers

d) MAC addresses

46. Refer to the exhibit. What has to be done in order to complete the static
NAT configuration on R1? *

1/1

a) Interface Fa0/0 should be configured with the command no ip nat inside.

b) Interface S0/0/0 should be configured with the command ip nat outside.

In order for NAT translations to work properly, both an inside and

outside interface must be configured for NAT translation on the router.

c) R1 should be configured with the command ip nat inside source static

209.165.200.200 192.168.11.11.

d) R1 should be configured with the command ip nat inside source static

209.165.200.1 192.168.11.11.

47. Which circumstance would result in an enterprise deciding to implement

a corporate WAN? *
1/1

a) when the enterprise decides to secure its corporate LAN

b) when its employees become distributed across many branch locations

c) when the number of employees exceeds the capacity of the LAN

d) when the network will span multiple buildings

48. What two addresses are specified in a static NAT configuration? *

1/1

a) the outside global and the outside local

b) the inside local and the outside global

c) the inside global and the outside local

d) the inside local and the inside global

49. What type of address is 198.133.219.148? *

1/1

a) Private

b) Public
50. What is a disadvantage when both sides of a communication use PAT? *

1/1

a) End-to-end IPv4 traceability is lost.

With the use of NAT, especially PAT, end-to-end traceability is lost. This is
because the host IP address in the packets during a communication is
translated when it leaves and enters the network. With the use of NAT/PAT,
both the flexibility of connections to the Internet and security are actually
enhanced. Host IPv4 addressing is provided by DHCP and not related to
NAT/PAT.

b) The flexibility of connections to the Internet is reduced.

c) The security of the communication is negatively impacted.

d) Host IPv4 addressing is complicated.