CCNA 2 v5.0 Routing Protocols Chapter 9

CCNA 2 v5.0 Routing Protocols Chapter 9

1 
A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)

Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0* 
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255
Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255
Router1(config)# access-list 10 permit host 192.168.15.23*

2

Refer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?

Manually add the new deny ACE with a sequence number of 5.* 
Manually add the new deny ACE with a sequence number of 15.
Add a deny any any ACE to access-list 1.
Create a second access list denying the host and apply it to the same interface.

3

Launch PT   –    Hide and Save PT
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

Why is the ACL not working?

The ACL is missing a deny ip any any ACE.
The ACL is applied in the wrong direction.
The access-list 105 command or commands are incorrect.
The ACL is applied to the wrong interface.* 
No ACL is needed for this scenario.

4 
Which statement describes a characteristic of standard IPv4 ACLs?

They are configured in the interface configuration mode.
They can be created with a number but not with a name.
They filter traffic based on source IP addresses only.* 
They can be configured to filter traffic based on both source IP addresses and source ports.

5

Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)

access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any

R1(config)# interface s0/0/0
R1(config-if)# ip access-group 105 out

R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out ******************

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any ********************

access-list 105 permit tcp host 10.0.54.5 any eq www
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21

R2(config)# interface gi0/0
R2(config-if)# ip access-group 105 in
6 
What are two possible uses of access control lists in an enterprise network? (Choose two.)

limiting debug outputs* 
reducing the processing load on routers
controlling the physical status of router interfaces
controlling virtual terminal access to routers* 
allowing Layer 2 traffic to be filtered by a router

7 
An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?

R1(config-line)# access-class 1 out
R1(config-line)# access-class 1 in* 
R1(config-if)# ip access-group 1 out
R1(config-if)# ip access-group 1 in

8 
Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)

Place extended ACLs close to the source IP address of the traffic.* 
For every inbound ACL placed on an interface, there should be a matching outbound ACL.
Place extended ACLs close to the destination IP address of the traffic.
Place standard ACLs close to the destination IP address of the traffic.*
Filter unwanted traffic before it travels onto a low-bandwidth link.* 
Place standard ACLs close to the source IP address of the traffic.

9 
Which three implicit access control entries are automatically added to the end of an IPv6 ACL? (Choose three.)

deny icmp any any
deny ipv6 any any* 
permit icmp any any nd-ns* 
permit ipv6 any any
deny ip any any
permit icmp any any nd-na*

10 
Which two characteristics are shared by both standard and extended ACLs? (Choose two.)

Both filter packets for a specific destination host IP address.
Both can be created by using either a descriptive name or number.* 
Both include an implicit deny as a final ACE.* 
Both can permit or deny specific services by port number.
Both kinds of ACLs can filter based on protocol type.

11

Place the options in the following order:

the first valid host address in a subnet 
subnetwork address of a subnet with 14 valid host addresses 
all IP address bits must match exactly 
hosts in a subnet with the subnet mask 255.255.252.0 
addresses with a subnet mask of 255.255.255.248 
– not scored -
12 
Consider the following access list that allows IP phone configuration file transfers from a particular host to a TFTP server:

R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out

Which method would allow the network administrator to modify the ACL and include FTP transfers from any source IP address?

R1(config)# interface gi0/0
R1(config-if)# no ip access-group 105 out
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out

R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21

R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any

R1(config)# interface gi0/0
R1(config-if)# no ip access-group 105 out
R1(config)# no access-list 105
R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out ******************

13 
What two functions describe uses of an access control list? (Choose two.)

ACLs provide a basic level of security for network access.* 
ACLs can control which areas a host can access on a network.* 
Standard ACLs can restrict access to specific applications and ports.
ACLs can permit or deny traffic based upon the MAC address originating on the router.
ACLs assist the router in determining the best path to a destination.

14 
Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?

an implicit permit of neighbor discovery packets* 
an implicit deny any any ACE
the use of named ACL entries
the use of wildcard masks

15 
Which three statements describe ACL processing of packets? (Choose three.)

Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made.
A packet that has been denied by one ACE can be permitted by a subsequent ACE.
Each statement is checked only until a match is detected or until the end of the ACE list.* 
An implicit deny any rejects any packet that does not match any ACE.* 
A packet that does not match the conditions of any ACE will be forwarded by default.
A packet can either be rejected or forwarded as directed by the ACE that is matched.*

16 
Which statement describes a difference between the operation of inbound and outbound ACLs?

On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured.
In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria.
Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.* 
Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers.

17 
What is the only type of ACL available for IPv6?

named standard
numbered extended
named extended* 
numbered standard

18 
Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?

permit tcp any host 2001:DB8:10:10::100 eq 23
permit tcp host 2001:DB8:10:10::100 any eq 23
permit tcp host 2001:DB8:10:10::100 any eq 25
permit tcp any host 2001:DB8:10:10::100 eq 25*

19

Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1?

neighbor advertisements that are received from the ISP router
ICMPv6 packets that are destined to PC1* 
packets that are destined to PC1 on port 80
HTTPS packets to PC1

20 
If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?

4
8*
6
16
12

21 
Which IPv4 address range covers all IP addresses that match the ACL filter specified by 172.16.2.0 with wildcard mask 0.0.1.255?

172.16.2.1 to 172.16.255.255
172.16.2.1 to 172.16.3.254
172.16.2.0 to 172.16.2.255
172.16.2.0 to 172.16.3.255*

Read more ...

CCNA 2 v5.0 Routing Protocols Chapter 8

CCNA 2 v5.0 Routing Protocols Chapter 8

1 
The network administrator has been asked to summarize the routes for a new OSPF area. The networks to be summarized are 172.16.8.0, 172.16.10.0, and 172.16.12.0 with subnet masks of 255.255.255.0 for each network. Which command should the administrator use to forward the summary route for area 15 into area 0?

area 15 range 172.16.8.0 255.255.255.248

area 0 range 172.16.8.0 255.255.248.0

area 0 range 172.16.8.0 255.255.255.248

area 15 range 172.16.8.0 255.255.248.0*

2 
Fill in the blank.
The ” backbone ” area interconnects with all other OSPF area types.

3

Place the options in the following order: 
backbone router 
– not scored – 
internal router 
Autonomous System Boundary Router 
Area Border Router

4 
Fill in the blank. Do not use acronyms.
OSPF type 2 LSA messages are only generated by the ”  DR  ” router to advertise routes in multiaccess networks.

5 
What is one advantage of using multiarea OSPF?

It improves the routing efficiency by reducing the routing table and link-state update overhead.*

It enables multiple routing protocols to be running in a large network.

It increases the routing performance by dividing the neighbor table into separate smaller ones.

It allows OSPFv2 and OSPFv3 to be running together.

6 
A network administrator is verifying a multi-area OSPF configuration by checking the routing table on a router in area 1. The administrator notices a route to a network that is connected to a router in area 2. Which code appears in front of this route in the routing table within area 1?

O IA*

O

C

O E2

7

Refer to the exhibit. What can be concluded about network 192.168.4.0 in the R2 routing table?

This network should be used to forward traffic toward external networks.

The network was learned from a router within the same area as R2.*

The network was learned through summary LSAs from an ABR.

The network can be reached through the GigabitEthernet0/0 interface.

8 
An ABR in a multiarea OSPF network receives LSAs from its neighbor that identify the neighbor as an ASBR with learned external networks from the Internet. Which LSA type would the ABR send to other areas to identify the ASBR, so that internal traffic that is destined for the Internet will be sent through the ASBR?

LSA type 1

LSA type 2

LSA type 3

LSA type 4*

LSA type 5

9 
Which three steps in the design and implementation of a multiarea OSPF network are considered planning steps? (Choose three.)

Configure OSPF.

Define the OSPF parameters.*

Troubleshoot the configurations.

Gather the required parameters.*

Define the network requirements.*

Verify OSPF.

10 
Fill in the blank. Use a number.
An ASBR generates type ” 5 ” LSAs for each of its external routes and floods them into the area that it is connected to.

11

Refer to the exhibit. What is indicated by the O IA in the router output?

The route was learned from within the area.

The route was learned from outside the internetwork.

The route was manually configured.

The route was learned from another area.*

12 
Which command can be used to verify the contents of the LSDB in an OSPF area?

show ip route ospf

show ip ospf database*

show ip ospf interface

show ip ospf neighbor

13 
Which statement describes a multiarea OSPF network?

It has a core backbone area with other areas connected to the backbone area.*

It has multiple routers that run multiple routing protocols simultaneously, and each protocol consists of an area.

It consists of multiple network areas that are daisy-chained together.

It requires a three-layer hierarchical network design approach.

14 
Which characteristic describes both ABRs and ASBRs that are implemented in a multiarea OSPF network?

They usually have many local networks attached.

They both run multiple routing protocols simultaneously.

They are required to perform any summarization or redistribution tasks.*

They are required to reload frequently and quickly in order to update the LSDB.

15 
Where can interarea route summarization be performed in an OSPF network?

ABR*

any router

DR

ASBR

16

Refer to the exhibit. Which two statements are correct? (Choose two.)

The entry for 172.16.200.1 represents a loopback interface.

To reach network 172.16.2.0, traffic will travel through the GigabitEthernet0/0 interface.

To reach network 192.168.1.0, traffic will exit via the Serial0/0/0 interface​.*

The routing table contains routes from multiple areas.*

The routing table contains two intra-area routes.

17

Launch PT  Hide and Save PT
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
What is preventing users who are connected to router R2 from accessing resources located either within the network 192.168.1.0 or the internet?

The router R2 is not receiving any updates from either router R1 or R3.*

The default route is not redistributed correctly from the router R1 by OSPF.

The OSPF timers that are configured on routers R1, R2, and R3 are not compatible.

The interface that is connected to the ISP is down.

The OSPF network statements are misconfigured on one of the routers.

18 
Which two statements correctly describe OSPF type 3 LSAs? (Choose two.)

Type 3 LSAs are used to update routes between OSPF areas.*

Type 3 LSAs are known as router link entries​.

Type 3 LSAs are used for routes to networks outside the OSPF autonomous system​.

Type 3 LSAs are known as autonomous system external LSA entries.​

Type 3 LSAs are generated without requiring a full SPF calculation.​*

19 
A network administrator is implementing OSPF in a portion of the network and must ensure that only specific routes are advertised via OSPF. Which network statement would configure the OSPF process for networks 192.168.4.0, 192.168.5.0, 192.168.6.0, and 192.168.7.0, now located in the backbone area, and inject them into the OSPF domain?

r1(config-router)# network 192.168.0.0 0.0.0.255 area 1

r1(config-router)# network 192.168.4.0 0.0.255.255 area 0

r1(config-router)# network 192.168.4.0 0.0.15.255 area 1

r1(config-router)# network 192.168.0.0 0.0.3.255 area 0

r1(config-router)# network 192.168.4.0 0.0.3.255 area 0*

r1(config-router)# network 192.168.4.0 0.0.3.255 area 1

20 
Which two networks are part of the summary route 192.168.32.0/22? (Choose two.)

192.168.35.0/24*

192.168.36.0/24

192.168.33.0/24*

192.168.31.0/24

192.168.37.0/24

192.168.38.0/24

21

Refer to the exhibit. Fill in the blank. Do not use abbreviations.
The “network 192.168.10.128 0.0.0.127 area 1” command must be issued to configure R1 for multiarea OSPF.​

Read more ...

CCNA 2 v5.0 Routing Protocols Chapter 7

CCNA 2 v5.0 Routing Protocols Chapter 7

1 
A network administrator has just changed the router ID on a router that is working in an OSPFv2 environment. What should the administrator do to reset the adjacencies and use the new router ID?

Issue the clear ip ospf process privileged mode command.*

Configure the network statements.

Change the OSPFv2 process ID.

Change the interface priority.

2

Refer to the exhibit. What three conclusions can be drawn from the displayed output? (Choose three.)

The DR can be reached through the GigabitEthernet 0/0 interface.*

There have been 9 seconds since the last hello packet sent.*

The router ID on the DR router is 3.3.3.3

The BDR has three neighbors.

The router ID values were not the criteria used to select the DR and the BDR.*

This interface is using the default priority.

3 
When checking a routing table, a network technician notices the following entry:

O*E2 0.0.0.0/0 [110/1] via 192.168.16.3, 00:20:22, Serial0/0/0

What information can be gathered from this output?

This route is a propagated default route.*

The edge of the OSPF area 0 is the interface that is addressed 192.168.16.3.

The route is located two hops away.

The metric for this route is 110.

4 
Which command will a network engineer issue to verify the configured hello and dead timer intervals on a point-to-point WAN link between two routers that are running OSPFv2?

show ipv6 ospf interface serial 0/0/0

show ip ospf neighbor

show ip ospf interface serial 0/0/0*

show ip ospf interface fastethernet 0/1

5 
A network engineer has manually configured the hello interval to 15 seconds on an interface of a router that is running OSPFv2. By default, how will the dead interval on the interface be affected?

The dead interval will not change from the default value.

The dead interval will now be 30 seconds.

The dead interval will now be 15 seconds.

The dead interval will now be 60 seconds.*

6

Refer to the exhibit. An administrator is trying to configure R1 to run OSPFv3 but the neighbor adjacency is not forming with the router connected to Fa0/0. What is the cause of the problem?

FastEthernet0/0 has been configured as a passive interface.

No router ID has been configured.*

A link-local address has not been configured on interface FastEthernet0/0.

The OSPF process ID and area values are backwards in the interface configuration.

7

Refer to the exhibit. A network administrator has configured the OSPF timers to the values that are shown in the graphic. What is the result of having those manually configured timers?

The R1 dead timer expires between hello packets from R2.*

The neighbor adjacency has formed.

R1 automatically adjusts its own timers to match the R2 timers.

The hello timer on R2 expires every ten seconds.
8 
When OSPFv2 neighbors are establishing adjacencies, in which state do they elect a DR and BDR router?

Two-Way state*

Loading state

Init state

Exchange state

9

Refer to the exhibit. R1 and R2 are connected to the same LAN segment and are configured to run OSPFv3. They are not forming a neighbor adjacency. What is the cause of the problem?

The OSPFv3 process IDs of R1 and R2 are different.

The priority value of both R1 and R2 is 1.

The timer intervals of R1 and R2 do not match.*

The IPv6 addresses of R1 and R2 are not in the same subnet.

10

Refer to the exhibit. What kind of OSPF authentication has been configured on this interface?

null

simple

MD5*

plain text

11 
Why is MD5 authentication more secure than simple authentication for OSPF updates?

MD5 does not send the password to the neighbor router.*

MD5 requires passwords that are at least 8 characters long.

MD5 uses both a username and a password to authenticate the neighbor.

MD5 employs IPsec to keep the updates from being intercepted.
12 
Which two pieces of information are used by the OSPF MD5 algorithm to generate a signature? (Choose two.)

OSPF router ID

secret key*

router hostname

interface IP address

OSPF message*

13 
A network engineer is troubleshooting convergence and adjacency issues in an OSPFv2 network and has noted that some expected network route entries are not displayed in the routing table. Which two commands will provide additional information about the state of router adjacencies, timer intervals, and the area ID? (Choose two.)

show running-configuration

show ip ospf neighbor*

show ip ospf interface*

show ip route ospf

show ip protocols

14 
Why do OSPF serial interfaces usually require manual bandwidth configuration?

OSPF uses the bandwidth value to compute routes for its routing table.*

All serial interfaces default to a value of 1.544 Mb/s.

Each side of an OSPF serial link should be configured with a unique value.

Bandwidth value affects the actual speed of the link.

15 
A network engineer is troubleshooting an OSPFv2 network and discovers that two routers connected by a point-to-point WAN serial link are not establishing an adjacency. The OSPF routing process, network commands and area ID are all confirmed as correct, and the interfaces are not passive. Testing shows that the cabling is correct, that the link is up, and pings between the interfaces are successful. What is most likely the problem?

A clock rate has not been set on the DCE interface of the serial link.

The OSPFv2 process IDs on each router do not match.

A DR election has not taken place.

The subnet masks on the two connected serial interfaces do not match.*

16 
A network engineer is troubleshooting OSPFv2 routing issues on two connected routers. Which two requirements to form an adjacency need to be verified? (Choose two.)

Verify that the interfaces that connect the two routers are in the same area.*

Verify that one of the routers is the DR or BDR and the other router a DRother.

Verify that one of the interfaces that connects the two routers is active and the other passive.

Verify that the interfaces that connect the two routers are in the same subnet.*

Verify that both routers are using the same OSPFv2 process ID.

17 
Which command is used to verify that OSPF is enabled and also provides a list of the networks that are being advertised by the network?​

show ip protocols*

show ip ospf interface

show ip interface brief

show ip route ospf

18

Refer to the exhibit. Four routers are connected to an Ethernet LAN segment and are configured to run OSPFv3. However, none of the routers are receiving routing updates. What is the cause of the problem?

The routers are using IPv6 link local addresses to communicate.

The network type has been set to BROADCAST instead of NBMA.

The routers are using IPv4 addresses for router IDs.

All of the routers have an OSPFv3 interface priority of 0.*

19

Refer to the exhibit. These two routers are configured to run OSPFv3 but they are not forming a neighbor adjacency. What is the cause of the problem?

The routers do not have global IPv6 addresses that are configured on the Fa0/0 interfaces.

The routers have both been elected as the DR.

The routers are configured with the same router ID.*

The routers have the same priority.

20 
A network engineer suspects that OSPFv3 routers are not forming neighbor adjacencies because there are interface timer mismatches. Which two commands can be issued on the interface of each OSFPv3 router to resolve all timer mismatches? (Choose two.)

no ipv6 ospf dead-interval*

no ipv6 router ospf 10

ip ospf dead-interval 40

no ipv6 ospf hello-interval*

no ipv6 ospf cost 10

ip ospf hello-interval 10

21

Refer to the exhibit. Fill in the blank. Do not use abbreviations.
The command ” show ipv6 route ” can be issued on router R2 to verify the propagation of a static default route from R1 to R2.

22 
Fill in the blank. Do not use abbreviations.
When IPv4 and OSPFv2 are being used, the command “ show ip ospf neighbor ” is used to verify that a router has formed an adjacency with its neighboring routers.

23

Place the options in the following order:

- not scored -

full state

loading state

ExStart state

24

Place the options in the following order: 
[+] third 
[+] second 
– not scored – 
[+] first 
[+] fourth

[+] Order does not matter within this group.

Read more ...