Cisco Routing and Switching Pro Chapter 8

8.1.9 Practice exam
You have a TCP/IP network with 50 hosts. There have been inconsistent communication problems between hosts. You run a protocol analyzer and discover that two hosts have the same IP address assigned. Which protocol can you implement on your network to help prevent problems such as this?
DHCP
Which of the following statements about the dynamic host configurations protocol (DHCP) are true? select two
A DHCP server assigns addresses to requested hosts
It can deliver other configuration information in addition to IP addresses
You are setting ups a new branch office for you r company. You will like to implement solutions to provide the following services.
Hosts should be able to contact other hosts using names such as server1.westsim.com.
IP address assignment should be centrally managed
Which services should you implement on your network to meet the requirements? select two
DNS
DHCP
You have a DHCP server on your network. Which of the following is the correct order of DHCP messages exchanged between a client and server when the client obtains an IP address?
DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, DHCPACK
You have a small network as shown in the Exhibit. You configure DHCP on Router1 to provide IP addresses to all hosts connected to SwitchA. Following the configuration, you verify that Wrk1 has received an IP address from the DHCP service. Wrk1 can ping every host on the subnet, but cannot communicate with any hosts connected to Switch B or on the internet. What should you do.
Configure the DHCP server to deliver the default gateway address along with the IP address
You have a small network connected to the Internet as shown in the exhibit. Router1 will provide NAT services to all hosts on the private network, and DHCP services to hosts connected to SubnetA. Srv1 is located on SubnetA. You want to make sure that this server is assigned the same IP address every time it boots, but you still want to mentally manage the address that is uses. What should you do?
Configure a DHCP binding for Srv1
You want to configure DHCP on your Cisco router to provide automatic IP address assignment to a single subnet. You will use 192.168.12.0/27 for the subnet address. The router interface has been configured with an IP address of 192.168.12.1. Additionally, you want to make sure that a specific server, called SrvFS, always gets the last IP address on the subnet as its IP address. How should you configure DHCP on the router? select two
Create a DHCP finding for address 192.168.12.30
Create and address pool with start address of 192.168.12.2 and end address of 192.168.12.30
You have configured DHCP on your tour. A partial configurations is shown below:
Srv2 is a host connected to the fa0/1 interface of RouterA. When it boots, it does not receive and IP address from the DHCP service. What should you do?
Add a DHCP pool for network 192.168.12.0/24
You have configured DHCP on your tour. A partial configurations is shown below:
Srv2 is a host connected to the fa0/1 interface of RouterA. Its MAC address is 02c7.f800.0422. Srv2 is configured to use DHCP to request an IP address. Which of the following addresses could Srv2 receive when it boots?
192.168.12.166
You have configured DHCP on your tour. A partial configurations is shown below:
Srv2 is a host connected to the fa0/1 interface of RouterA. Its MAC address is 02c7.f800.0422. Srv2 is configured to use DHCP to request an IP address. Which of the following addresses could Srv2 receive when it boots?
It will not be assigned an IP address
You have configured DHCP on your tour. A partial configurations is shown below:
Srv2 is a host connected to the fa0/1 interface of RouterA. Its MAC address is 02c7.f800.0422. Srv2 is configured to use DHCP to request an IP address. When Srv2 boots, it is configured with an IP address of 169.254.0.55/16. IT needs to be assigned the address of 192.168.12.166. What should you do to correct the problem?
Change the IP address assigned to fa0/1
You have configured DHCP on your tour. A partial configurations is shown below:
Srv2 is a host connected to the fa0/1 interface of RouterA. When it boots, it is assigned the IP address of 192.168.11.166. However, it can only communicate with hosts on the same subnet. What should you do to correct the problem?
Add a default-router statement to dhcp pool 2
You have a Cisco router connected to a local ISP. The ISP dictates that the router use DHCP to receive its IP address and other configuration information. Which command should you use?
Ip address dhcp
You have three hosts on a network 192.168.10.0/24 as shown in the exhibit. If interface fa0/0 on RouterB has the ip helper-address 172.12.10.20 configuration command in its running configuration, which of the following statements are true? select two
RouterB will forward broadcast packets sent to the following ports: Time, DNS, BOOTP, and TFTP
The host may receive their IP address information through DHCP
You have a small network as shown in the exhibit. With the portion configuration shown below, which of the following stamens are true? select two
If HostA and HostB are the only hosts on the subnet to receive their IP address, HostC will receive 172.18.2.102 as an IP address if requested.
HostD will have 172.18.1.132 as a DNS server configured through DHCP
8.2.6 Practice exam
Which of the following statements apply only to extended access lists (ACLs), not to standard ACLs? select two
You can filter traffic for a specific TCP/IP protocol
You can filter traffic based on destination IP addresses
Which of the following statements about ACLs are true? select two
Inbound ACLs are applied before the routing process
An ACL without a permit traffic will not allow any traffic.
You want to create an ACL that prevents traffic from network A that is sent to host 1. You want the ACL applied after the routing decision is made. Which of the following would be part of your design? select two
Outbound filter
Extended ACL
Which of the following describes how ACLs can be used to improve network security?
An ACL filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.
8.3.9 Practice exam
You are configuring ACLs for a router. You need to create an extended IP access list that rejects any packet sent from a host with an IP address of 10.1.1.1 to a host with an IP address of 15.1.1.1. All other traffic should be allowed. To verify that the ACL is configured correctly and Functioning as intended, you want to view extended information about matches for each line in the ACL as packets are processed by the router. Which two commands are needed to view the information. Select two
access-list 101 permit ip any any log
access-list 101 deny ip 10.1.1.1 15.1.1.1 0.0.0. log
Your router currently has two ACLs
one list denies SAP broadcast and allows all other traffic, This list is applied to outbound traffic on Serial0
The second list denies Telnet traffic and allows all other traffic. This list is applied to inborn traffic on Serial1.
You want to also restrict all outbound traffic sent through Serial0 from network 192.168.2.0/24. How should you configure ACLs on the router to meet all current and new requirements with an little effort as possible?
Create a new ACL that denies traffic from network 192.168.2.0/24 and permits all other traffic. Apply ACL on the Serial0 interface for outbound traffic.
Which of the following commands can you use to see which ACL is applied to the first ethernet interface?
sh ip int
Which of the following commands will show details about all ACLs configured on the router?
sh access-list
You have finished configuring ACL 101 and are ready to apply it to an interface. Before you do, however, you would like to view the ACL to ensure there are no mistakes. Which command displays access list 101?
show access-list 101
You want to control Telnet access to your router and allow only access from within the corporate network. You have subsetted your network so that all IP addresses use subnets of the 172.18.0.0/16 network. You want to apply the ACL to the VTY lines. Which of the following would be part of your design? select two
access-list 7 permit 172.18.0.0 0.0.255.255
ip access-class 7 in
You want to create an ACL that prevents all traffic sent from network 178.68.48.0/20. Which wildcard mask value would you use?
0.0.15.255
You want to create an ACL statement that allows traffic from any network. Which network address and wildcard mask value should you use?
0.0.0.0 255.255.255.255
You are configuring ACLs on a router and want to deny traffic being sent to the 10.10.16.0/21 network. Which wildcard mask should you use with the access-list statement?
0.0.7.255
8.4.3 Practice exam
When attempting to make a Telnet connection to a remote router, the connection fails. You check the interface statues on your local router and find the following.
Which of the following are likely causes of the problem? select two
An ACL is preventing Telnet traffic
The wrong IP address has been configured on the local or remote router
You have configured ACLs on your router. A partial configuration for the router is shown below. You want to block any traffic received on s0/1/0 that is sent to the host with address 192.168.1.155. However, you find that traffic sent to this host through that interface is still being allowed. What should you do?
Use an extended ACL instead of a standard ACL
You have configured ACLs on your router. A partial configuration for the router is shown below. You want to block any traffic received on s0/1/0 that has a source address that appears to be coming from the two internal networks. However, you find that no traffic is being accepted on the s0/1/0 interface. What should you do?
add a permit statement to the bottom of the ACL
You have configured ACLs on your router. A partial configuration for the router is shown below. You want to block any traffic received on s0/1/0 that has a source address that appears to be coming from the two internal networks. However, you find that no traffic is being accepted on the s0/1/0 interface. What should you do?
Rewrite the ACL statement to use the format: access-list 107 deny ip 192.168.1.0 0.0.0.255 any
You have decided to use ACLs on your router to restrict NTP traffic between networks. Specifically, you want to allow only the server with an IP address of 172.17.8.1 to synchronize time with an NTP time provider with an IP address of 10.0.0.1 on a different network. The NTP protocol runs on UDP port 123. To accomplish this, you create the following ACL on the router connecting the two networks.
After applying the ACL to inbound traffic on the interface connected to the 172.17.8.0/24 network, you find that now only 172.17.8.1 can synchronize rime with 10.0.0.1 using the NTP protocol, as intended. No otters NTp time clients on the 172.17.8.0/24 network can synchronize time with 10.0.0.1.
However, you also quickly notice that no other host on the 172.17.8.0/24 network can communicate with hosts on any other network using any IP protocol. What can you do to fix this issue?
Add an additional ACL line of access-list 100 permit IP any any
You have decided to use ACLs on your router to restrict TFTP between networks.
What can you do to fix the issue?
Apply the ACL to outbound traffic on the router interface connected to the 10.0.0.0/8 network
To reduce your networks exposure to denial-of-service attacks, you have decided to use ACLs on your router to restrict ICMP traffic between networks.
What can you do to fix the issue?
Apply the ACL to inbound traffic on the router interface connected to the 192.168.1.0/24 network
You have decided to use ACLs on your router to restrict TFTP traffic between networks. Which of the following options can be used to fix this issue? select two
Modify the first line to access-list 100 permit ups host 172.17.8.1 host 10.0.0.1 eq 69
Modify the first ACL line to access-list 100 permit ups 172.17.8.1 0.0.0.0 host 10.0.0.1 eq 69
You are configuring ACLs for a router. You need to create a standard IP access list that permits all traffic except traffic from the 192.168.1.0/24 network. Which two commands are needed to view the information you need to see? select two
access-list 1 deny 192.168.1.0 0.0.0.255 log
access-list permit any log
8.5.3 Practice exam
Which of the following benefits are offered to an organization using network addresses translation (NAT)?
NAT provides a measure of network security
Which of the following is not a benefit of NAT
Improving the throughput rate of traffic
You have a small network as shown in the exhibit. Router2 connected to the internet through a fiber optic fast ethernet connection and is to be configured with NAT to provide internet connectivity to your private network. What type of address would you adding to the fa0/1 interface on router2?
outside global
You have a small network as shown in the exhibit. Router2 is connected to the internet rhtpugh a fiber optic fastehternet connection and is to be configured with NAY to provide internet connectivity to your private network. What type of address would you assign to host Wrk1 on your private network?
inside local
You are the network administrator for a medium-sized company the owns a Class C IP address block. You do not have enough registered IP address for the 1000 hosts in your network; however, you’ve determined that no more then 20% of your hosts use the internet. And the bandwidth you’ve budgeted cannot support more then this number anyway. So you decide to implement NAT and allocate 200 of your registered IP address to support external translations. Which method of NAT translations should you implement?
Dynamic
You are the network administrator for a small company tat implements NAT to access the internet. However, you recently acquired 5 servers that must be accessible from outside your network. Your ISP has provided you with 5 additional registered IP address to support these new servers but you dont want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these 5 servers.
Static
You are designing a new network that will support 6000 computers You only have 8 registered IP addresses that can be allocated to the employees for external network communications so you decide to implement NAT and share the addresses. You want all of these computers to be able to access the internet at the same time if necessary. Which method of NAT translation should you implement?
Overloading
You have a small network connected to the internet as shown in the exhibit. Which of the following statements is true? select two
The router must be configured for NAT for Srv1 to communicate to the internet
Internet hosts can reach Srv2 with the need for NAT being configured
You have a small business network with a single subnet connected to the internet rhtpugh a Cisco router (RouterA). IP addresses have been assigned as shown in the exhibit. A browser session on the workstation tries to connect to the www.westsim.com web server using 16.177.85.116 and port 80. What IP address and port number will the Web server use as the destination address when responding to the workstation request?
IP address 199.67.111.89 and a dynamic port assigned by RouterA
8.6.10 Practice exam
You have a small business network with a single subnet connected to the internet. You ISP has assigned your router an IP address of 199.211.77.5 for its serial interface. You have chosen to use a network address of 172.15.1.0/24 on your private network. You use the SDM interface to configure basic NAT on the router with a single default route to the ISP. What is the most likely result of this configurations?
You network has internet connectivity, but some websites might be unreachable
You have a small network connected to the internet as shown in the exhibit. Both Srv1 and Srv2 need to be contacted by internet hosts. Which of the following task are required part so this solution? select two
Configure a static NAT mapping for Srv1
Define fa0/0 as an inside NAT interface
You have a business network connected to the internet as shown in the exhibit. You have configured NAT on RouterC. Which of the following addressing schemes could you use on each subnet on the private network?
Subnet1= 192.168.1.0/24
Subnet2= 10.3.0.0/16
Subnet3= 172.16.1.0/16
You have an office connected to the internet as shown in the exhibit. The network has three subnets, all with client computers. The Web1 server on subnet1 host as small website used for traveling employees. Employees must be able to contact the web server from the internet. All other hosts on the private networked to have full internet connectivity for browsing the web and sending email. On which routers should you configure NAT?
RouterC
You are the network administrator for a company that has a small clock of registered IP addresses ranging from 24.1.2.32 to 24.1.2.47. You want to assign these addresses to a dynamic pool in NAT. Which command should you use?
ip nat pool net-1 24.1.2.32 24.1.2.47
You want to configure static NAT so that packets from host 192.168.2.100 will always be assigned the registered IP address 24.1.2.11 as shown in the exhibit. Match the missing lines with the required commands.
Router(config)#
ip nat inside source static 192.168.2.100 24.1.2.11
Router(config)# interface ethernet 0
Router(config-if)#
ip nat inside
Router(config-if) interface serial 0
Router)config-if)#
Ip nat outside
You want to configure NAT so that packets from all hosts on network 192.168.2.0 will share the registered IP address 24.1.2.8 as shown in the exhibit. You have already identified the inside and outside NAT interface on the router. Which of the following command options will translate all inside host addresses to the single registered IP address?
access-list 1 permit 192.168.2.0 0.0.0.255 ip nat inside source list 1 interface serial 0 overload
You have configured NAT on your router to connect your small company network to the internet. Shown below is a partial configuration for the router. Following the configuration, you find that no hosts on fa0/0 or fa0/1 can connect to the internet. What should you do so that hosts can connect to the internet?
Create an access list 7 that permits networks 192.168.11.0/24 and 192.168.12.0/24
8.7.3 Practice exam
Which of the following statements are true regarding NTP when implemented on Cisco devices? select two
When NTP is enabled, NTP packets are received on all interfaces
NTP runs over UDP port 123 on an IP network
You check the time on router and find that it is off by several minutes. To fix this issue, you configure NTP on the router to get time from Stratum 2 time provider on the internet. However, the time difference is large and it is taking some time for NTP to synchronize the time on the leave router. To speed synchronization, you use NTP commands to immediately synchronize the time on the router with the time on the time provider. Which NTp term best describes this process?
slam
You check the time on a router and find that it is off by about 10 minutes. To fix the issue, you configure NTP on the router to get time from a Stratum 2 time provider on the internet. It is taking some time for NTP to synchronize the time on the local router. After about 15 minutes, the time finally synchronizes. Which NTP term best describes this process?
slew
You check the time on a router and find that it is behind by several minutes. To fix this issue, you decide to configure NTP on the router to get time from a Stratum 2 provider on the internet with a hostname of 0.pool.ntp.org. Which command should you use?
ntp server 0.pool.ntp.org
You check the time on a router and find that it is out of sync with the time on the other routers and switches in your network. TO fix this issue, you decide to configure NTP on the router to get time from an internal authoritative (master0 NTP server with an ip address of 172.17.8.254. Which command should you use?
ntp server 172.17.8.254
Currently, all of the routers in your network are configured to use NTP to synchronize time with a public Stratum 2 time provider on the internet. To reduce redundant network traffic, you decide to configure one internal router as an authoritative NTP time provider with a stratum value of 5 and then configure all other routers to synchronize time with it. This router has an ip address of 172.17.8.254 assigned. Which commands should you use? select two
ntp master 5 on NTP time prover router
ntp server 172.17.8.254 on all routers except the time provider
You need to verify that time is synchronized on a router. Which commands could you use to do this? select two
show ntp association
show ntp status