Q1. - (Topic 8)
Which statement about named ACLs is true?
A. They support standard and extended ACLs.
B. They are used to filter usernames and passwords for Telnet and SSH.
C. They are used to filter Layer 7 traffic.
D. They support standard ACLs only.
E. They are used to rate limit traffic destined to targeted networks.
Answer: A
Explanation:
Named Access Control Lists (ACLs) allows standard and extended ACLs to be given names instead of numbers. Unlike in numbered Access Control Lists (ACLs), we can edit Named Access Control Lists. Another benefit of using named access configuration mode is that you can add new statements to the access list, and insert them wherever you like. With the legacy syntax, you must delete the entire access list before reapplying it using the updated rules.
Q2. - (Topic 6)
Refer to the exhibit.
The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)# switchport port-security
2950Switch(config-if)# switchport port-security mac-address sticky 2950Switch(config-if)# switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)
A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.
Answer: B,D
Explanation:
The configuration shown here is an example of port security, specifically port security using sticky addresses. You can use port security with dynamically learned and static MAC addresses to restrict a port's ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.
Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.
Q3. - (Topic 5)
What is known as "one-to-nearest" addressing in IPv6?
A. global unicast
B. anycast
C. multicast
D. unspecified address
Answer: B
Explanation:
IPv6 Anycast addresses are used for one-to-nearest communication, meaning an Anycast address is used by a device to send data to one specific recipient (interface) that is the closest out of a group of recipients (interfaces).
Q4. - (Topic 8)
Which command can you enter to determine whether a switch is operating in trunking mode?
A. show ip interface brief
B. show vlan
C. show interfaces
D. show interface switchport
Answer: D
Q5. - (Topic 8)
How can you disable DTP on a switch port?
A. Configure the switch port as a trunk.
B. Add an interface on the switch to a channel group.
C. Change the operational mode to static access.
D. Change the administrative mode to access.
Answer: A
Q6. . - (Topic 3)
A Cisco router is booting and has just completed the POST process. It is now ready to find and load an IOS image. What function does the router perform next?
A. It checks the configuration register.
B. It attempts to boot from a TFTP server.
C. It loads the first image file in flash memory.
D. It inspects the configuration file in NVRAM for boot instructions.
Answer: A
Explanation:
Default (normal) Boot Sequence
Power on Router - Router does POST - Bootstrap starts IOS load - Check configuration register to see what mode the router should boot up in (usually 0x2102 to read startup- config in NVRAM / or 0x2142 to start in "setup-mode") - check the startup-config file in NVRAM for boot-system commands - load IOS from Flash.
Q7. - (Topic 3)
What are two benefits of using a single OSPF area network design? (Choose two.)
A. It is less CPU intensive for routers in the single area.
B. It reduces the types of LSAs that are generated.
C. It removes the need for virtual links.
D. It increases LSA response times.
E. It reduces the number of required OSPF neighbor adjacencies.
Answer: B,C
Explanation:
OSPF uses a LSDB (link state database) and fills this with LSAs (link state advertisement). The link types are as follows:
•LSA Type 1: Router LSA
•LSA Type 2: Network LSA
•LSA Type 3: Summary LSA
•LSA Type 4: Summary ASBR LSA
•LSA Type 5: Autonomous system external LSA
•LSA Type 6: Multicast OSPF LSA
•LSA Type 7: Not-so-stubby area LSA
•LSA Type 8: External attribute LSA for BGP
If all routers are in the same area, then many of these LSA types (Summary ASBR LSA, external LSA, etc) will not be used and will not be generated by any router.
All areas in an Open Shortest Path First (OSPF) autonomous system must be physically connected to the backbone area (Area 0). In some cases, where this is not possible, you can use a virtual link to connect to the backbone through a non-backbone area. You can also use virtual links to connect two parts of a partitioned backbone through a non- backbone area. The area through which you configure the virtual link, known as a transit area, must have full routing information. The transit area cannot be a stub area. Virtual links are not ideal and should really only be used for temporary network solutions or migrations. However, if all locations are in a single OSPF area this is not needed.
Q8. - (Topic 6)
Refer to the exhibit.
A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.
Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)
A. Port security needs to be globally enabled.
B. Port security needs to be enabled on the interface.
C. Port security needs to be configured to shut down the interface in the event of a violation.
D. Port security needs to be configured to allow only one learned MAC address.
E. Port security interface counters need to be cleared before using the show command.
F. The port security configuration needs to be saved to NVRAM before it can become active.
Answer: B,D
Explanation:
From the output we can see that port security is disabled so this needs to be enabled. Also, the maximum number of devices is set to 2 so this needs to be just one if we want the single host to have access and nothing else.
Q9. - (Topic 3)
Which type of EIGRP route entry describes a feasible successor?
A. a backup route, stored in the routing table
B. a primary route, stored in the routing table
C. a backup route, stored in the topology table
D. a primary route, stored in the topology table
Answer: C
Explanation:
EIGRP uses the Neighbor Table to list adjacent routers. The Topology Table list all the learned routers to destination whilst the Routing Table contains the best route to a destination, which is known as the Successor. The Feasible Successor is a backup route to a destination which is kept in the Topology Table.
Q10. DRAG DROP - (Topic 6)
Drag the security features on the left to the specific security risks they help protect against on the right. (Not all options are used.)
Answer: