7

You have a TCP/IP network with 50 hosts. There have been inconsistent communications problems between hosts. You run a protocol analyzer and discover that two hosts have the same IP address assigned. Which protocol can you implement on your network to help prevent problems such as this?
DHCP
Which two of the following statements about the Dynamic Host Configuration Protocol (DHCP) are true?
It can deliver other configuration information in addition to IP addresses.
A DHCP server assigns addresses to requesting hosts.
You are setting up a new branch office for your company. You would like to implement solutions to provide the following services:
Hosts should be able to contact other hosts using names such as server1.westsim.com.
IP address assignment should be centrally managed.
Which services should you implement on your network to meet the requirements? (Select two.)
DNS
DHCP
You have a DHCP server on your network. Which of the following is the correct order of DHCP messages exchanged between a client and server when the client obtains an IP address?
DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, DHCPACK
You have a small network as shown in the exhibit. You configure DHCP on Router 1 to provide IP addresses to all hosts connected to Switch A. Following the configuration, you verify that Wrk1 has received an IP address from the DHCP service. Wrk1 can ping every host on the subnet, but cannot communicate with any hosts connected to Switch B or on the Internet. What should you do?
Configure the DHCP server to deliver the default gateway address along with the IP address.
You have a small network connected to the Internet as shown in the exhibit. Router1 will provide NAT services to all hosts on the private network, and DHCP services to hosts connected to SubnetA.
Srv1 is located on SubnetA. You want to make sure that this server is assigned the same IP address every time it boots, but you still want to centrally manage the address that it uses. What should you do?
Configure a DHCP binding for Srv1.
You want to configure DHCP on your Cisco router to provide automatic IP address assignment to a single subnet. You will use 192.168.12.0/27 for the subnet address. The router interface has been configured with an IP address of 192.168.12.1. Additionally, you want to make sure that a specific server, called SrvFS, always gets the last IP address on the subnet as its IP address. How should you configure DHCP on the router? (Select two.)
Create an address pool with start address of 192.168.12.2 and end address of 192.168.12.30
Create a DHCP binding for address 192.168.12.30
You have a Cisco router connected to a local ISP. The ISP dictates that the router use DHCP to receive its IP address and other configuration information. Which command should you use?
ip address dhcp
You have three hosts on network 192.168.10.0/24 as shown in the exhibit. If int Fa 0/0 on RouterB has the ip helper-address 172.17.10.20 configuration command in its running configuration which of the following are true? (Select two.)
The hosts may receive their IP address information through DHCP.
RouterB will forward broadcast packets sent to the following ports: Time, DNS, BOOTP, and TFTP.
Which of the following statements apply only to extended IP access lists and not to both standard and extended lists? (Select two.)
You can filter traffic based on destination IP addresses.
You can filter traffic for a specific TCP/IP protocol.
Which of the following statements about access lists are true? (Select two.)
An access list without a permit traffic will not allow any traffic.
Inbound access lists are applied before the routing process.
You want to create an access list that prevents traffic from network A that is sent to host 1. You want the access list applied after the routing decision is made. Which of the following would be part of your design? (Select two.)
Outbound filter
Extended access list
Which of the following describes how access lists can be used to improve network security?
An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.
You want to create an access list that prevents all traffic sent from network 178.68.48.0/20. Which wildcard mask value would you use?
0.0.15.255
You want to create an access list statement that allows traffic from any network. Which network address and wildcard mask value should you use?
0.0.0.0 255.255.255.255
You are configuring ACLs on a router and want to deny traffic being sent to the 10.10.16.0/21 network. Which wildcard mask should you use with the access-list statement?
0.0.7.255
You are configuring ACLs for a router. You need to create an extended IP access list that rejects any packets sent from a host with an IP address of 10.1.1.1 to a host with an IP address of 15.1.1.1. All other traffic should be allowed. To verify that the ACL is configured correctly and functioning as intended, you want to view extended information about matches for each line in the ACL as packets are processed by the router. Which commands should you use? (Select two. Each option is part of the complete solution.)
access-list 101 permit ip any any log
access-list 101 deny ip 10.1.1.1 0.0.0.0 15.1.1.1 0.0.0.0 log
Your router currently has two access lists:
One list denies SAP broadcasts and allows all other traffic. This list is applied to outbound traffic on Serial0.
The second list denies Telnet traffic and allows all other traffic. This list is applied to inbound traffic on Serial1.
You want to also restrict all outbound traffic sent through Serial0 from network 192.168.2.0/24. How should you configure access lists on the router to meet all current and new requirements with as little effort as possible?
Create a new access list that denies traffic from network 192.168.2.0/24 and permits all other traffic. Apply the access list to the Serial0 interface for outbound traffic.
Which of the following commands can you use to see which IP access list is applied to the first Ethernet interface?
sh ip int
Which of the following commands will show details about all access lists configured on the router?
sh access-lists
You have just finished configuring access list 101 and are ready to apply it to an interface. Before you do, however, you would like to view the access list to ensure there are no mistakes. Which command displays access list 101?
show access-lists 101
You want to control Telnet access to your router and allow only access from within the corporate network. You have subnetted your network so that all IP addresses use subnets of the 172.18.0.0/16 network. You want to apply the access list to the VTY lines. Which of the following would be part of your design? (Select two.)
ip access-class 7 in
access-list 7 permit 172.18.0.0 0.0.255.255
Your company has two subnets, 172.16.1.0 and 172.16.2.0 as shown in the exhibit. Recent policy changes forbit FTP traffic from leaving your company; however, all other traffic is allowed. You’ve created the following access list to meet the new company requirements:
access-list 101 deny tcp any any eq 20
access-list 101 deny tcp any any eq 21
access-list 101 permit ip any any
Where should you apply this filter?
outbound side of S0
You have used the following commands at the router console to create an IP access list and switch to interface configuration mode:
Router(config)#access-list 122 permit tcp 10.6.0.0 0.0.255.255 any
Router(config)#int eth 0
Which of the following commands do you use to add the access list to this interface and filter incoming packets?
ip access-group 122 in
Your router has the following access lists:
List 91 denies all traffic from network 12.1.6.0/24 and allows all other traffic.
List 101 denies all Telnet traffic and allows all other traffic.
Access list 91 is applied to the Serial0 interface for outbound traffic. Access list 101 is applied to the Serial0 interface for inbound traffic.
You now want to modify the access list configuration to deny outbound ICMP traffic while keeping all other restrictions in place as closely as possible. How should you modify the access lists to accomplish your goal with the least amount of effort?
Create an access list 102 that denies ICMP traffic and traffic from network 12.1.6.0/24. Apply the list to Serial0 for outbound traffic.
Which of the following ACL statements allows all TCP/IP traffic?
access-list 101 permit ip any any
You need to block all tfp traffic through a router. Which of the following ACL statements accomplishes your task? (Select two.)
access-list 101 deny tcp any any eq 20
access-list 101 deny tcp any any eq 21
You company has an e-mail server with the IP address 172.16.2.13 as shown in the exhibit. you want to deny all traffic destined to this e-mail server except e-mail traffic. Which of the following set of statements will accomplish your goal?
access-list 101 permit tcp any 172.16.2.13 0.0.0.0 eq smtp
interface ethernet 1
ip access-group 101 out
Which command would you use to create an access list that denies all TCP traffic originating from any host on network 192.168.1.0 that is destined for any host on network 199.66.220.0?
access-list 122 deny tcp 192.168.1.0 0.0.0.255 199.66.220.0 0.0.0.255
You want to create an access list that permits and restricts traffic to meet the following specifications:
1. Allow all TCP/IP traffic coming from any host on network 10.0.0.0, while denying all TCP/IP traffic from other sources
2. Deny all TCP traffic coming from network 10.0.0.0
3. Allow TCP traffic coming from any source directed to host 10.1.1.2
4. Deny all TCP/IP traffic coming from host 10.1.1.1
Which access list statement should come last in the access list?
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
You want to create an access list that denies all traffic coming from network 12.0.0.0. However, you want to allow all OSPF traffic from host 12.1.1.1. All other traffic should be allowed. Which access list statement should come first in the access list?
access-list 101 permit ospf host 12.1.1.1 any
You have created an access list with the following command:
Router(config)#access-list 101 deny tcp 10.1.0.0 0.0.255.255 any
Which three of the following are identified by the various parts of this command?
It applies to all destination networks and all hosts.
It will deny only TCP traffic.
Is applies to traffic originating from all hosts on network 10.1.0.0
You have issued the following commands at the server console:
Router(config)#access-list 122 permit tcp 10.6.0.0 0.0.0.255 any
Router(config)#int eth 0
Router(config-if)#ip access-group 122 out
From which three of the following addresses will TCP traffic be forwarded out the eth 0 interface?
10.6.0.12
10.6.0.224
10.6.0.11
You have issued the following commands at the server console:
Router(config)#access-list 122 permit tcp 10.6.0.0 0.0.255.255 any
Router(config)#int eth 0
Router(config-if)#ip access-group 122 out
Which of the following statements is true?
TCP packets received from host 10.6.12.45 on the serial 1 interface can be forwarded out the eth 0 interface.
Your company has two subnets, 172.16.1.0 and 172.16.2.0 as shown in the exhibit. You want to prevent public Telnet traffic from entering your company but allow all other traffic. Which of the following set of statements will accomplish your goal?
access-list 101 deny tcp any 172.16.0.0 0.0.255.255 eq 23
access-list 101 permit ip any 172.16.2.0 0.0.255.255
interface serial 0
ip access-group 101 in
You are the administrator for the 172.16.0.0 network shown in the exhibit. You need to block Telnet traffic from entering your network while allowing other traffic to pass through. You decide to apply an access list to the incoming side of the Serial 0 interface. Which statements should be included in your access-list? (Select two.)
access-list 101 deny tcp any any eq 23
access-list 101 permit ip any any
Your company has two subnets, 172.16.1.0 and 172.16.2.0 as shown in the exhibit. You want to protect your 172.16.2.0 subnet from all traffic except that originating from subnet 172.16.1.0; however, you don’t’ want anyone to telnet into host 172.16.2.13. You currently have no filters applied to your router. You’ve created the following access list:
access-list 101 deny tcp 172.16.1.0 0.0.255.255 host 172.16.2.13 eq 23
access-list 101 permit ip 172.16.1.0 0.0.255.255 172.16.2.0 0.0.0.255
Where should you apply this filter?
outbound side of E1
which of the following benefits are offered to organization using Network Address Translation(NAT)?
NAT provides a measure of network security
which of the following is not a benefit of NAT?
improving the throughput rate of traffic
you have a small network as shown in the exhibit. router 2 is connected to the internet through a fiber optic fastethernet connection and is to be configured with NAT to provide internet connectivity to your private network.
what type of address would you assign to the fa0/1 interface on router 2?
outside global
you have a small network as shown in the exhibit. router 2 is connected to the internet through a fiber optic fastethernet connection and is to be configured with NAT to provide internet connectivity to your private network.
what type of address would you assign to host Wrk1 on your private network?
inside local
you are the network administrator for a medium-sized company that owns a Class C IP address block. you do not have enough registered IP addresses for the 1000 hosts in your network; however, you’ve determined that no more than 20% of your hosts use the internet. and the bandwidth you’ve budgeted cannot support more than this number anyway. so you decide to implement NAT and allocate 200 of your registered IP addresses to support external translation.
which method of NAT translation should you implement?
Dynamic
you are the network administrator for a small company that implements NAT to access the internet. however, you recently acquired 5 severs that must be accessible from outside your network. your ISP has provided you with 5 additional registered IP addresses to support these new servers but you don’t want the public to access these severs directly. you want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside.
thich method of NAT translation should you implement for these 5 servers?
static
you are designing a new network that will support 6000 computers. you only have 8 registered IP addresses that can be allocated to the employees for external network communication so you decide to implement NAT and share the addresses. you want all of these computers to be able to access the internet at the same time if necessary.
which method of NAT translation should you implement?
overloading
you have a small network connected to the internet as shown in the exhibit.
which of the following statements is true?(selected two)
view image
the router must be configured for NAT for Srv1 to communicate on the internet.
internet hosts can reach Srv2 without the need for NAT being configured.
you have a small business network a single subnet connected to the internet through a Cisco router (Router A). ip addresses have been assigned as shown in the exhibit.
a browser session on the workstation tries to connect to the www.westsim.com Web server using the ip address 16.177.85.116 and port of 80.
what ip address and port number will the web server use as the destination address when responding to the workstation’s request?
ip address 199.67.111.89 and a dynamic port assigned by RouterA
you have a small business network with a single subnet connected to the internet. your ISP has assigned your router an IP address of 199.211.77.5 for its serial interface. you have chosen to use a network address of 172.15.1.0/24 on your private network.
you use the SDM interface to configure basic NAT on the router with a single default route to the ISP. what is the most likely result of this configuration?
your network has internet connectivity , but some web sites might be unreachable.
you have a small network connected to the internet as shown in the exhibit.
both Srv1 and Srv2 need to be contacted by internet host. which of the following tasks are required parts of the solution?(select two)
define Fa0/0 as an inside NAT interface.
configure a static NAT mapping for Srv1.
you have a business network connected to the internet as shown in the exhibit.
you have configured NAT on router C. which of the following addressing schemes could you use on each subnet on the private network?
view image
subnet1 = 192.168.1.0/24
subnet2 = 10..3.0.0/16
subnet3 = 172.16.1.0/16
you have an office network connected to the internet as shown in the exhibit. the network has three subnets, all with client computers.
the web 1 server on subnet1 hosts a small website used for traveling employees. employees must be able to contact the web server from the internet. all other hosts on the private network need to have full internet connectivity for browsing the web and sending e-mail.
on which routers should you configure NAT?
view image
ROUTER C
you are the network administrator for a company that has a small block of registered IP addresses ranging from 24.1.2.32 through 24.1.2.47. you want to assign these addresses to a dynamic pool in NAT. which command should you use?
ip nat pool net-1 24.1.2.32 24.1.2.47
you want to configure static NAT so that packets from host 192.168.2.100 will always be assigned the registered IP address 24.1.2.11 as shown in the exhibit. match the missing lines with the required commands.
view image
router(config)# ip nat inside source static 192.168.2.100 24.1
router(config-if)# ip nat inside
router (config-if)# ip nat outside
you want to configure NAT so that packets from all hosts on network 192.168.2.0 will share the registered ip address 24.1.2.8 as shown in the exhibit. you have already identified the inside and outside NAT interfaces on the router. which of the following commands will translate all in side host addresses to the single registered IP address?
access-list 1 permit 192.168.2.0 0.0.0.255
ip nat inside source list 1 interface serial 0 overload
you have configured NAT on your router to connect your small company network to the internet. shown below is a partial configuration for the router:
hostname routerA
!
ip address 192…….
following the configuration, you find that no hosts on fa0/0 or fa0/1 can connect to the internet.
what should you do so that hosts can connect to the internet?
create an access list 7 that permits network 192.168.11.0/24 and 192.168.12.0/24
which of the following statements are true regarding NTP when implemented on Cisco devices?(select two)
when NTP is enabled, NTP packets are received on all interfaces.
NTP runs over UDP port 123 on an IP network
you check the time on a router and find that it is off by several minutes. to fix issue, you configure NTP on the router to get time from a Stratum 2 time provider on the internet.
however, the time difference is large and it is taking some time for NTP to synchronize the time on the local router. to speed synchronization, you use NTP commands to immediately synchronize the time on the router with the time on the time provider.
which NTP term best describes this process?
slam
you check the time on a router and find that it is off by about 10 minutes. to fix this issue, you configure NTP on the router to get time from a stratum 2 time provider on the internet.
it is taking some time for NTP to synchronize the time on the local router. after about 15 minutes, the time finally synchronizes.
which NTP term best describes this process?
slew
you check the time on a router and find that it is behind by several minutes. to fix this issue, you decide configure NTP on the router to get time from a stratum 2 time provider on the internet with a hostname of 0.pool.nto.org.
which command should you use?
ntp sever 0.pool.ntp.org
you check the time on a router and find that it is out of sync with the time on the other routers and switches in your network. to fix this issue, you decide configure NTP on the router to get time from an internal authoritative (master) NTP server with an IP address of 172.17.8.254.
which command should you use?
ntp sever 172.17.8.254
currently, all of the routers in your network are configured to use NTP to synchronize time with a public stratum 2 time provider on the internet. to reduce redundant network traffic, you decide to configure one internal router as an authoritative NTP time provider with a stratum value of 5 and then configure all other routers to synchronize time with it. this router has an IP address of 172.17.8.254 assigned.
which commands should you use?(select two. each response is a part of the complete solution.)
ntp ,aster 5 on the NTP time provider router
ntp sever 172.17.8.254 on all routers except the time provider
you need to verify that time is synchronized on a router.
which commands could you use to do this?(selected two. each response is a complete solution.)
show ntp status
show ntp associations