New CCNA HSRP VRRP GLBP

Question 1: Which one of these is a valid HSRP Virtual Mac Address?

A. 0000.0C07.AC01
B. 0000.5E00.0110
C. 0007.B400.1203
D. 0000.C007.0201

Answer: A

Explanation

With HSRP, two or more devices support a virtual router with a fictitious MAC address and unique IP
address. There are two version of HSRP.

+ With HSRP version 1, the virtual routers MAC address is 0000.0c07.ACxx , in which xx is the HSRP
group.
+ With HSRP version 2, the virtual MAC address if 0000.0C9F.Fxxx, in which xxx is the HSRP group.

Note: Another case is HSRP for IPv6, in which the MAC address range from 0005.73A0.0000 through
0005.73A0.0FFF.

-> A is correct.

Question 2: Which three statements about HSRP operation are true? (Choose three)

A. The virtual IP address and virtual MAC address are active on the HSRP Master router.
B. The HSRP default timers are a 3 second hello interval and a 10 second dead interval.
C. HSRP supports only clear-text authentication.
D. The HSRP virtual IP address must be on a different subnet than the routers interfaces on the same LAN.
E. The HSRP virtual IP address must be the same as one of the routers interface addresses on the LAN.
F. HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing.

Answer: A B F

Explanation

The virtual MAC address of HSRP version 1 is 0000.0C07.ACxx, where xx is the HSRP group number in
hexadecimal based on the respective interface. For example, HSRP group 10 uses the HSRP virtual MAC
address of 0000.0C07.AC0A. HSRP version 2 uses a virtual MAC address of 0000.0C9F.FXXX (XXX:
HSRP group in hexadecimal)

Question 3: Which statement describes VRRP object tracking?

A. It monitors traffic flow and link utilization.

B. It ensures the best VRRP router is the virtual router master for the group.
C. It causes traffic to dynamically move to higher bandwidth links
D. It thwarts man-in-the-middle attacks.

Answer: B
Explanation

Object tracking is the process of tracking the state of a configured object and uses that state to determine the
priority of the VRRP router in a VRRP group -> B is correct.

Note: Unlike HSRP which can track interface status directly, VRRP can only track interface status through a
tracked object.

Question 4: In GLBP, which router will respond to client ARP requests?

A. The active virtual gateway will reply with one of four possible virtual MAC addresses.
B. All GLBP member routers will reply in round-robin fashion.
C. The active virtual gateway will reply with its own hardware MAC address.
D. The GLBP member routers will reply with one of four possible burned in hardware addresses.

Answer: A

Explanation

One disadvantage of HSRP and VRRP is that only one router is in use, other routers must wait for the primary
to fail because they can be used. However, Gateway Load Balancing Protocol (GLBP) can use of up to four
routers simultaneously. In GLBP, there is still only one virtual IP address but each router has a different
virtual MAC address. First a GLBP group must elect an Active Virtual Gateway (AVG). The AVG is
responsible for replying ARP requests from hosts/clients. It replies with different virtual MAC addresses that
correspond to different routers (known as Active Virtual Forwarders AVFs) so that clients can send traffic to
different routers in that GLBP group (load sharing).

Question 5: In a GLBP network, who is responsible for the arp request?

A. AVF
B. AVG
C. Active Router
D. Standby Router

Answer: B

Question 6: What are three benefits of GLBP? (Choose three)

A. GLBP supports up to eight virtual forwarders per GLBP group.

B. GLBP supports clear text and MD5 password authentication between GLBP group members.
C. GLBP is an open source standardized protocol that can be used with multiple vendors.
D. GLBP supports up to 1024 virtual routers.
E. GLBP can load share traffic across a maximum of four routers.
F. GLBP elects two AVGs and two standby AVGs for redundancy.

Answer: B D E
New CCNA SNMP Questions
Question 1: Which three are the components of SNMP? (Choose three)

A. MIB
B. SNMP Manager
C. SysLog Server
D. SNMP Agent

Answer: A B D

Explanation

SNMP is an application-layer protocol that provides a message format for communication between SNMP
managers and agents. SNMP provides a standardized framework and a common language used for the
monitoring and management of devices in a network.
The SNMP framework has three parts:

+ An SNMP manager
+ An SNMP agent
+ A Management Information Base (MIB)

The SNMP manager is the system used to control and monitor the activities of network hosts using SNMP.
The most common managing system is called a Network Management System (NMS). The term NMS can be
applied to either a dedicated device used for network management, or the applications used on such a device.
A variety of network management applications are available for use with SNMP. These features range from
simple command-line applications to feature-rich graphical user interfaces (such as the CiscoWorks2000 line
of products).

The SNMP agent is the software component within the managed device that maintains the data for the device
and reports these data, as needed, to managing systems. The agent and MIB reside on the routing device
(router, access server, or switch). To enable the SNMP agent on a Cisco routing device, you must define the
relationship between the manager and the agent.

The Management Information Base (MIB) is a virtual information storage area for network management
information, which consists of collections of managed objects.

Question 2: Which protocol can cause overload on a CPU of a managed device?

A. Netflow
B. WCCP
C. IP SLA
D. SNMP

Answer: D

Explanation

Sometimes, messages like this might appear in the router console:

%SNMP-3-CPUHOG: Processing [chars] of [chars]

They mean that the SNMP agent on the device has taken too much time to process a request.

You can determine the cause of high CPU use in a router by using the output of the show process cpu
command.

Note: A managed device is a part of the network that requires some form of monitoring and management
(routers, switches, servers, workstations, printers).

Question 3: What is the alert message generated by SNMP agents called ?

A. TRAP
B. INFORM
C. GET
D. SET

Answer: A B

Explanation

A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their
purpose is merely to notify the other application that something has happened, has been noticed, etc. The big
problem with TRAPs is that theyre unacknowledged so you dont actually know if the remote application
received your oh-so-important message to it. SNMPv2 PDUs fixed this by introducing the notion of an
INFORM, which is nothing more than an acknowledged TRAP.

Question 4: Which three features are added in SNMPv3 over SNMPv2?

A. Message Integrity
B. Compression
C. Authentication
D. Encryption
E. Error Detection

Answer: A C D

Explanation

Cisco IOS software supports the following versions of SNMP:

+ SNMPv1 The Simple Network Management Protocol: A Full Internet Standard, defined in RFC 1157.
(RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based
on community strings.

+ SNMPv2c The community-string based Administrative Framework for SNMPv2. SNMPv2c (the c
stands for community) is an Experimental Internet Protocol defined in RFC 1901, RFC 1905, and RFC
1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic), and
uses the community-based security model of SNMPv1.

+ SNMPv3 Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs

2273 to 2275. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting
packets over the network. The security features provided in SNMPv3 are as follows:

Message integrity: Ensuring that a packet has not been tampered with in transit.
Authentication: Determining that the message is from a valid source.
Encryption: Scrambling the contents of a packet prevent it from being learned by an unauthorized source.

Question 5: What is SNMPv3 authentication protocol?

Answer: HMAC-MD5 or HMAC-SHA (Maybe either of them will appear in the exam)

Question 6: Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose
three)

A. SNMPv3 enhanced SNMPv2 security features

B. SNMPv3 added the Inform protocol message to SNMP.
C. SNMPv2 added the Inform protocol message to SNMP.
D. SNMPv3 added the GetBulk protocol messages to SNMP.
E. SNMPv2 added the GetBulk protocol message to SNMP.
F. SNMPv2 added the GetNext protocol message to SNMP.

Answer: A C E

Explanation

SNMPv1/v2 can neither authenticate the source of a management message nor provide encryption. Without
authentication, it is possible for nonauthorized users to exercise SNMP network management functions. It is
also possible for nonauthorized users to eavesdrop on management information as it passes from managed
systems to the management system. Because of these deficiencies, many SNMPv1/v2 implementations are
limited to simply a read-only capability, reducing their utility to that of a network monitor; no network control
applications can be supported. To correct the security deficiencies of SNMPv1/v2, SNMPv3 was issued as a
set of Proposed Standards in January 1998. -> A is correct.

The two additional messages are added in SNMP2 (compared to SNMPv1)

GetBulkRequest The GetBulkRequest message enables an SNMP manager to access large chunks of data.
GetBulkRequest allows an agent to respond with as much information as will fit in the response PDU. Agents
that cannot provide values for all variables in a list will send partial information. -> E is correct.

InformRequest The InformRequest message allows NMS stations to share trap information. (Traps are
issued by SNMP agents when a device change occurs.) InformRequest messages are generally used between
NMS stations, not between NMS stations and agents. -> C is correct.

Note: These two messages are carried over SNMPv3.

New CCNA NetFlow Questions
Question 1: What are the benefit of using Netflow? (Choose three)

A. Network, Application & User Monitoring

B. Network Planning
C. Security Analysis
D. Accounting/Billing

Answer: A C D

Explanation

NetFlow traditionally enables several key customer applications including:

+ Network Monitoring NetFlow data enables extensive near real time network monitoring capabilities.
Flow-based analysis techniques may be utilized to visualize traffic patterns associated with individual routers
and switches as well as on a network-wide basis (providing aggregate traffic or application based views) to
provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.

+ Application Monitoring and Profiling NetFlow data enables network managers to gain a detailed, time-
based, view of application usage over the network. This information is used to plan, understand new services,
and allocate network and application resources (e.g. Web server sizing and VoIP deployment) to responsively
meet customer demands.

+ User Monitoring and Profiling NetFlow data enables network engineers to gain detailed understanding
of customer/user utilization of network and application resources. This information may then be utilized to
efficiently plan and allocate access, backbone and application resources as well as to detect and resolve
potential security and policy violations.

+ Network Planning NetFlow can be used to capture data over a long period of time producing the
opportunity to track and anticipate network growth and plan upgrades to increase the number of routing
devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including
peering, backbone upgrade planning, and routing policy planning. NetFlow helps to minimize the total cost of
network operations while maximizing network performance, capacity, and reliability. NetFlow detects
unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new
network applications. NetFlow will give you valuable information to reduce the cost of operating your
network.

+ Security Analysis NetFlow identifies and classifies DDOS attacks, viruses and worms in real-time.
Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is
also a valuable forensic tool to understand and replay the history of security incidents.

+ Accounting/Billing NetFlow data provides fine-grained metering (e.g. flow data includes details such as
IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.) for highly
flexible and detailed resource utilization accounting. Service providers may utilize the information for billing
based on time-of-day, bandwidth usage, application usage, quality of service, etc. Enterprise customers may
utilize the information for departmental charge-back or cost allocation for resource utilization.
Question 2: What are the three things that the NetFlow uses to consider the traffic to be in a same flow?

A. IP address
B. Interface name
C. Port numbers
D. L3 protocol type
E. MAC address

Answer: A C D

Explanation

What is an IP Flow?
Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These
attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar
to other packets.
Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes.
IP Packet attributes used by NetFlow:
+ IP source address
+ IP destination address
+ Source port
+ Destination port
+ Layer 3 protocol type
+ Class of Service
+ Router or switch interface

Question 3: What NetFlow component can be applied to an interface to track IPv4 traffic?

A. flow monitor
B. flow record
C. flow sampler
D. flow exporter

Answer: A

Explanation

Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic
monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you
create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is
applied to the first interface. Flow data is collected from the network traffic during the monitoring process
based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the
flow monitor cache.
For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible
NetFlow flow monitor configuration mode:
Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)#
Question 4: What command visualizes the general NetFlow data on the command line?

A. show ip flow export

B. show ip flow top-talkers
C. show ip cache flow
D. show mls sampling
E. show mls netflow ip

Answer: C

Explanation

The show ip cache flow command displays a summary of the NetFlow accounting statistics.

Question 5: What are three reasons to collect NetFlow data on a company network? (Choose three)

A. To identify applications causing congestion.

B. To authorize user network access.
C. To report and alert link up / down instances.
D. To diagnose slow network performance, bandwidth hogs, and bandwidth utilization.
E. To detect suboptimal routing in the network.
F. To confirm the appropriate amount of bandwidth that has been allocated to each Class of Service.

Answer: A D F

Explanation

NetFlow facilitates solutions to many common problems encountered by IT professionals.

+ Analyze new applications and their network impact
Identify new application network loads such as VoIP or remote site additions.
+ Reduction in peak WAN traffic
Use NetFlow statistics to measure WAN traffic improvement from application-policy changes; understand
who is utilizing the network and the network top talkers.
+ Troubleshooting and understanding network pain points
Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line
interface or reporting tools. -> D is correct.
+ Detection of unauthorized WAN traffic
Avoid costly upgrades by identifying the applications causing congestion. -> A is correct.
+ Security and anomaly detection
NetFlow can be used for anomaly detection and worm diagnosis along with applications such as Cisco CS-
Mars.
+ Validation of QoS parameters
Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is
over- or under-subscribed.-> F is correct.

Question 6: What are three factors a network administrator must consider before implementing
Netflow in the network? (Choose three)

A. CPU utilization
B. where Netflow data will be sent
C. number of devices exporting Netflow data
D. port availability
E. SNMP version
F. WAN encapsulation

Answer: A B C

Question 7: What Cisco IOS feature can be enabled to pinpoint an application that is causing slow
network performance?

A. SNMP
B. Netflow
C. WCCP
D. IP SLA

Answer: B
New CCNA Syslog Questions
Question 1: What are the popular destinations for Syslog messages to be saved?

A. Flash
B. The logging buffer RAM
C. The console terminal
D. Other terminals
E. Syslog server

Answer: B C E

Explanation

By default, switches send the output from system messages and debug privileged EXEC commands to a
logging process. The logging process controls the distribution of logging messages to various destinations,
such as the logging buffer (on RAM), terminal lines (console terminal), or a UNIX syslog server,
depending on your configuration. The process also sends messages to the console.

Note: Syslog messages can be written to a file in Flash memory although it is not a popular place to use. We
can configure this feature with the command logging file flash:filename.

Question 2: Syslog was configured with a level 3 trap. Which 3 types of logs would be generated (choose
four)

A. Emergencies
B. Alerts
C. Errors
D. Warnings
E. Critical

Answer: A B C E

Explanation

The Message Logging is divided into 8 levels as listed below:

Level Keyword Description

0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages
The highest level is level 0 (emergencies). The lowest level is level 7. If you specify a level with the logging
console level command, that level and all the higher levels will be displayed. For example, by using the
logging console warnings command, all the logging of emergencies, alerts, critical, errors, warnings will be
displayed.

In this question level 3 trap is configured so Emergencies, Alerts, critical and Errors messages are displayed.
Although this question only requires to choose 3 correct answers but maybe something is missing here.

Question 3: Which three statements about Syslog utilization are true? (Choose three)

A. Utilizing Syslog improves network performance.

B. The Syslog server automatically notifies the network administrator of network problems.
C. A Syslog server provides the storage space necessary to store log files without using router disk space.
D. There are more Syslog messages available within Cisco IOS than there are comparable SNMP trap
messages.
E. Enabling Syslog on a router automatically enables NTP for accurate time stamping.
F. A Syslog server helps in aggregation of logs and alerts.

Answer: C D F

Question 4: What command instructs the device to timestamp Syslog debug messages in milliseconds?

A. service timestamps log datetime localtime

B. service timestamps debug datetime msec
C. service timestamps debug datetime localtime
D. service timestamps log datetime msec

Answer: B

Explanation

The service timestamps debug command configures the system to apply a time stamp to debugging
messages. The time-stamp format for datetime is MMM DD HH:MM:SS, where MMM is the month, DD is
the date, HH is the hour (in 24-hour notation), MM is the minute, and SS is the second. With the additional
keyword msec, the system includes milliseconds in the time stamp, in the format HH:DD:MM:SS.mmm,
where .mmm is milliseconds

Question 5: What is the default Syslog facility level?

A. local4
B. local5
C. local6
D. local7

Answer: D
Question 6: What levels will be trapped if the administrator executes the command

router(config)# logging trap 4

A. Emergency
B. Notice
C. Alert
D. Error
E. Warning

Answer: A C D E

Explanation

The Message Logging is divided into 8 levels as listed below:

Level Keyword Description

0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages

If you specify a level with the logging trap level command, that level and all the higher levels will be
logged. For example, by using the logging trap 4 command, all the logging of emergencies, alerts, critical,
errors, warnings will be logged.

Question 7: A network administrator enters the following command on a router: logging trap 3. What
are three message types that will be sent to the Syslog server? (Choose three)

A. informational
B. emergency
C. warning
D. critical
E. debug
F. error

Answer: B D F
New CCNA Basic Questions

Question 1: What is the first 24 bits in a MAC address called?

A. NIC
B. BIA
C. OUI
D. VAI

Answer: C

Explanation: Organizational Unique Identifier (OUI) is the first 24 bits of a MAC address for a network
device, which indicates the specific vendor for that device as assigned by the Institute of Electrical and
Electronics Engineers, Incorporated (IEEE). This identifier uniquely identifies a vendor, manufacturer, or an
organization.

Question 2: Which of the following statements describe the network shown in the graphic? (Choose
two)

A. There are two broadcast domains in the network.

B. There are four broadcast domains in the network.
C. There are six broadcast domains in the network.
D. There are four collision domains in the network.
E. There are five collision domains in the network.
F. There are seven collision domains in the network.

Answer: A F

Explanation

Only router can break up broadcast domains so in the exhibit there are 2 broadcast domains: from e0 interface
to the left is a broadcast domain and from e1 interface to the right is another broadcast domain -> A is correct.
Both router and switch can break up collision domains so there is only 1 collision domain on the left of the
router (because hub doesnt break up collision domain) and there are 6 collision domains on the right of the
router (1 collision domain from e1 interface to the switch + 5 collision domains for 5 PCs in Production) -> F
is correct.

Question 3: Refer to the exhibit:

System flash director

File Length Name/status
1 3802992 c827v-y6-mz.121-1.XB
[3803056 bytes used,4585552 available, 8388608 total]
8192K bytes of processor board System flash(Read/Write)

The technician wants to upload a new IOS in the router while keeping the existing IOS. What is the maximum
size of an IOS file that could be loaded if the original IOS is also kept in flash?

A. 3MB
B. 5MB
C. 7MB
D. 4MB

Answer: D

Explanation

From the exhibit we learn there are 4585552 bytes (over 4MB) available so it is only enough space for an IOS
file of 4MB. If bigger file is copied then the existing IOS file will be erased (overwritten).

Question 4: Refer to the exhibit. What is the meaning of the output MTU 1500 bytes?

A. The maximum number of bytes that can traverse this interface per second is 1500.
B. The minimum segment size that can traverse this interface is 1500 bytes.
C. The minimum segment size that can traverse this interface is 1500 bytes.
D. The minimum packet size that can traverse this interface is 1500 bytes.
E. The maximum packet size that can traverse this interface is 1500 bytes.
F. The maximum frame size that can traverse this interface is 1500 bytes.

Answer: E
Explanation

The Maximum Transmission Unit (MTU) defines the maximum Layer 3 packet (in bytes) that the layer can
pass onwards.

Question 5: A network interface port has collision detection and carrier sensing enabled on a shared
twisted pair network. From this statement, what is known about the network interface port?

A. This is a 10 Mb/s switch port.

B. This is a 100 Mb/s switch port.
C. This is an Ethernet port operating at half duplex.
D. This is an Ethernet port operating at full duplex.
E. This is a port on a network interface card in a PC.

Answer: C

Explanation

Modern Ethernet networks built with switches and full-duplex connections no longer utilize CSMA/CD.
CSMA/CD is only used in obsolete shared media Ethernet (which uses repeater or hub).

Question 6: In an Ethernet network, under what two scenarios can devices transmit? (Choose two)

A. when they receive a special token

B. when there is a carrier
C. when they detect no other devices are sending
D. when the medium is idle
E. when the server grants access

Answer: C D

Explanation

Ethernet network is a shared environment so all devices have the right to access to the medium. If more than
one device transmits simultaneously, the signals collide and can not reach the destination.

If a device detects another device is sending, it will wait for a specified amount of time before attempting to
transmit.

When there is no traffic detected, a device will transmit its message. While this transmission is occurring, the
device continues to listen for traffic or collisions on the LAN. After the message is sent, the device returns to
its default listening mode.

So we can see C and D are the correct answers. But in fact answer C when they detect no other devices are
sending and when the medium is idle are nearly the same.
Question 7: For what two purposes does the Ethernet protocol use physical addresses? (Choose two)

A. to uniquely identify devices at Layer 2

B. to allow communication with devices on a different network
C. to differentiate a Layer 2 frame from a Layer 3 packet
D. to establish a priority system to determine which device gets to transmit first
E. to allow communication between different devices on the same network
F. to allow detection of a remote device when its physical address is unknown

Answer: A E

Explanation

Physical addresses or MAC addresses are used to identify devices at layer 2 -> A is correct.

MAC addresses are only used to communicate on the same network. To communicate on different network
we have to use Layer 3 addresses (IP addresses) -> B is not correct; E is correct.

Layer 2 frame and Layer 3 packet can be recognized via headers. Layer 3 packet also contains physical
address -> C is not correct.

On Ethernet, each frame has the same priority to transmit by default -> D is not correct.

All devices need a physical address to identify itself. If not, they can not communicate -> F is not correct.

Question 8: Which two locations can be configured as a source for the IOS image in the boot system
command? (Choose two)

A. RAM
B. NVRAM
C. flash memory
D. HTTP server
E. TFTP server
F. Telnet server

Answer: C E

Explanation

The following locations can be configured as a source for the IOS image:
+ Flash (the default location)
+ TFTP server
+ ROM (used if no other source is found)

Question 9: What is the difference between a CSU/DSU and a modem?

A. A CSU/DSU converts analog signals from a router to a leased line; a modem converts analog signals from
a router to a leased line.
B. A CSU/DSU converts analog signals from a router to a phone line; a modem converts digital signals from a
router to a leased line.
C. A CSU/DSU converts digital signals from a router to a phone line; a modem converts analog signals from a
router to a phone line.
D. A CSU/DSU converts digital signals from a router to a leased line; a modem converts digital signals from a
router to a phone line.

Answer: D

Question 10: A Cisco router is booting and has just completed the POST process. It is now ready to find
and load an IOS image. What function does the router perform next?

A. It checks the configuration register

B. It attempts to boot from a TFTP server
C. It loads the first image file in flash memory
D. It inspects the configuration file in NVRAM for boot instructions

Answer: A

Explanation

When you turn the router on, it runs through the following boot process.

The Power-On Self Test (POST) checks the routers hardware. When the POST completes successfully, the
System OK LED indicator comes on.
The router checks the configuration register to identify where to load the IOS image from. A setting of
02102 means that the router will use information in the startup-config file to locate the IOS image. If the
startup-config file is missing or does not specify a location, it will check the following locations for the IOS
image:

1. Flash (the default location)

2. TFTP server
3. ROM (used if no other source is found)

The router loads the configuration file into RAM (which configures the router). The router can load a
configuration file from:
New CCNA OSI & TCP/IP Model
Question 1: Where does routing occur within the DoD TCP/IP reference model?

A. application
B. internet
C. network
D. transport

Answer: B

Explanation

The picture below shows the comparison between TCP/IP model & OSI model. Notice that the Internet Layer
of TCP/IP is equivalent to the Network Layer which is responsible for routing decision.

Question 2: Refer to exhibit.

Router#show running-config
Building configuration
Current configuration : 659 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
duplex auto
speed auto
!
access-1ist 101 deny tcp any any eq 22
access-1ist 101 permit ip any any
!
line con 0
password 7 0822455D0A16
login
line vty 0 4
login
line vty 5 14
login
!
end

A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this
failure?

A. A Level 5 password is not set.

B. An ACL is blocking Telnet access.
C. The vty password is missing.
D. The console password is missing.

Answer: C

Question 3: Before installing a new, upgraded version of the IOS, what should be checked on the router,
and which command should be used to gather this information? (Choose two)

A. the amount of available ROM

B. the amount of available flash and RAM memory
C. the version of the bootstrap software present on the router
D. show version
E. show processes
F. show running-config

Answer: B D

Explanation

When upgrading new version of the IOS we need to copy the IOS to the Flash so first we have to check if the
Flash has enough memory or not. Also running the new IOS may require more RAM than the older one so we
should check the available RAM too. We can check both with the show version command.
Question 4: Refer to the exhibit. An administrator pings the default gateway at 10.10.10.1 and sees the
output as shown. At which OSI layer is the problem?

C:\> ping 10.10.10.1

Pinging 10.10.10.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.10.10.1:
Packets: sent 4, Received = 0, Lost 4 (100% loss)

A. data link layer

B. application layer
C. access layer
D. session layer
E. network layer

Answer: E

Explanation

The Network layer is responsible for network addressing and routing through the internetwork. So a ping
fails, you may have an issue with the Network layer (although lower layers like Data Link & Physical may
cause the problem).

Question 5: At which layer of the OSI model does PPP perform?

A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 5

Answer: A

Question 6: Which of the following correctly describe steps in the OSI data encapsulation process?
(Choose two)

A. The transport layer divides a data stream into segments and may add reliability and flow control
information.
B. The data link layer adds physical source and destination addresses and an FCS to the segment.
C. Packets are created when the network layer encapsulates a frame with source and destination host
addresses and protocol-related control information.
D. Packets are created when the network layer adds Layer 3 addresses and control information to a segment.
E. The presentation layer translates bits into voltages for transmission across the physical link.

Answer: A D
Explanation

The transport layer segments data into smaller pieces for transport. Each segment is assigned a sequence
number, so that the receiving device can reassemble the data on arrival.

The transport layer also use flow control to maximize the transfer rate while minimizing the requirements to
retransmit. For example, in TCP, basic flow control is implemented by acknowledgment by the receiver of the
receipt of data; the sender waits for this acknowledgment before sending the next part.

-> A is correct.

The data link layer adds physical source and destination addresses and an Frame Check Sequence (FCS) to
the packet (on Layer 3), not segment (on Layer 4) -> B is not correct.

Packets are created when network layer encapsulates a segment (not frame) with source and destination host
addresses and protocol-related control information. Notice that the network layer encapsulates messages
received from higher layers by placing them into datagrams (also called packets) with a network layer header
-> C is not correct.

The Network layer (Layer 3) has two key responsibilities. First, this layer controls the logical addressing of
devices. Second, the network layer determines the best path to a particular destination network, and routes the
data appropriately.

-> D is correct.

The Physical layer (presentation layer) translates bits into voltages for transmission across the physical link ->
E is not correct.

Question 7: A network administrator is verifying the configuration of a newly installed host by

establishing an FTP connection to a remote server. What is the highest layer of the protocol stack that
the network administrator is using for this operation?

A. application
B. presentation
C. session
D. transport
E. internet
F. data link

Answer: A

Explanation

FTP belongs to Application layer and it is also the highest layer of the OSI model.
Question 8: At which layer of the OSI model is RSTP used to prevent loops?

A. data link
B. network
C. physical
D. transport

Answer: A

Question 9: Which layer in the OSI reference model is responsible for determining the availability of
the receiving program and checking to see if enough resources exist for that communication?

A. transport
B. network
C. presentation
D. session
E. application

Answer: E

Question 10: A receiving host computes the checksum on a frame and determines that the frame is
damaged. The frame is then discarded. At which OSI layer did this happen?

A. session
B. network
C. physical
D. data link
E. transport

Answer: D

Explanation

When using the term frame we can easily recognize it belongs to the Data Link layer. In this layer, an
Frame Check Sequence (FCS) field is added to the frame to verify that the frame data is received correctly.
New CCNA IOS Questions
Question 1: Which command encrypts all plaintext passwords?

A. Router# service password-encryption

B. Router(config)# password-encryption
C. Router(config)# service password-encryption
D. Router# password-encryption

Answer: C

Question 2: What can be done to secure the virtual terminal interfaces on a router? (Choose two)

A. Administratively shut down the interface.

B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.

Answer: D E

Explanation

It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual
terminal interfaces via other interfaces -> A is not correct.

We can not physically secure a virtual interface because it is virtual -> B is not correct.

To apply an access list to a virtual terminal interface we must use the access-class command. The access-
group command is only used to apply an access list to a physical interface -> C is not correct; E is correct.

The most simple way to secure the virtual terminal interface is to configure a username & password to
prevent unauthorized login -> D is correct.

Question 3: Refer to the exhibit. Why is flash memory erased prior to upgrading the IOS image from
the TFTP server?

Router# copy tftp flash

Address or name of remote host []? 192.168.2.167
Source filename []? c1600-k8sy-mz.123-16a.bin
Destination filename [c1600-k8sy-mz.123-16a.bin]?
Accessing tftp://192.168.2.167/ c1600-k8sy-mz.l23-16a.bin
Erasing flash before copying? [confirm]
Erasing the flash filesystem will remove all files! continue? [confirm]
Erasing device
Eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
Eeeeeeeeeeeeeeeeeeeeeeeeeeeeeee erased
Erase of flash: complete
Loading c1600-k8sy-mz.l23-16a.bin from 192.168.2.167 (via Ethernet0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 6888962/13777920 bytes]

verifying checksum OK (0x7BF3)

6888962 bytes copied in 209.920 secs (32961 bytes/sec)
Router#

A. The router cannot verify that the Cisco IOS image currently in flash is valid
B. Flash memory on Cisco routers can contain only a single IOS image.
C. Erasing current flash content is requested during the copy dialog.
D. In order for the router to use the new image as the default, it must be the only IOS image in flash.

Answer: C

Explanation

During the copy process, the router asked Erasing flash before copying? [confirm] and the administrator
confirmed (by pressing Enter) so the flash was deleted.

Note: In this case, the flash has enough space to copy a new IOS without deleting the current one. The current
IOS is deleted just because the administrator wants to do so. If the flash does not have enough space you will
see an error message like this:

%Error copying tftp://192.168.2.167/ c1600-k8sy-mz.l23-16a.bin (Not enough space on device)

Question 4: How does using the service password encryption command on a router provide additional
security?

A. by encrypting all passwords passing through the router

B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router

Answer: B

Explanation

By using this command, all the (current and future) passwords are encrypted. This command is primarily
useful for keeping unauthorized individuals from viewing your password in your configuration file.
Question 5: What is a global command?

A. a command that is available in every release of IOS, regardless of the version or deployment status
B. a command that can be entered in any configuration mode
C. a command that is universal in application and supports all protocols
D. a command that is implemented in all foreign and domestic IOS versions
E. a command that is set once and affects the entire router

Answer: E

Explanation

A global command is a command in this form:

Device(config)#

This mode can affect the entire router/switch.

Question 6: Refer to the exhibit.

line vty 0 4
password 7 030752180599
login
transport input ssh

What is the effect of the configuration that is shown?

A. It configures SSH globally for all logins.
B. It tells the router or switch to try to establish an SSh connection first and if that foils to use Telnet.
C. It configures the virtual terminal lines with the password 030752180500.
D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual
terminal ports.
E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.

Answer: D

Question 7: Which router IOS commands can be used to troubleshoot LAN connectivity problems?
(Choose three)

A. ping
B. tracert
C. ipconfig
D. show ip route
E. winipcfg
F. show interfaces

Answer: A D F
Explanation

The ping command can be used to test if the local device can reach a specific destination -> A is correct.

tracert is not a valid command in Cisco IOS commands, the correct command should be traceroute -> B
is not correct.

The ipconfig command is not a valid command in Cisco IOS too -> C is not correct.

The show ip route command can be used to view the routing table of the router. It is a very useful command
to find out many connectivity problems (like directly connected networks, learned network via routing
protocols) -> D is correct.

winipcfg is an old tool in Windows 95/98 to view IP settings of the installed network interfaces. But it is not
a valid command in Cisco IOS commands -> E is not correct.

The show interfaces command is used to check all the interfaces on the local device only. It has very limited
information to trouble LAN connectivity problem but it is the most reasonable to choose -> F is acceptable.

Question 8: Which command shows your active Telnet connections?

A. show sessions
B. show cdp neighbors
C. show users
D. show queue

Answer: A

Question 9: Which command would you configure globally on a Cisco router that would allow you to
view directly connected Cisco devices?

A. enable cdp
B. cdp enable
C. cdp run
D. run cdp

Answer: C

Question 10: A network administrator needs to allow only one Telnet connection to a router. For anyone
viewing the confguration and issuing the show run command, the password for Telnet access should be
encrypted. Which set of commands will accomplish this task?

A. service password-encryption
access-list 1 permit 192.168.1.0 0.0.0.255
line vty 0 4
login
password cisco
access-class 1

B. enable password secret

line vty 0
login
password cisco

C. service password-encryption
line vty 1
login
password cisco

D. service password-encryption
line vty 0 4
login
password cisco

Answer: C

Question 11: What is the effect of using the service password-encryption command?

A. Only passwords configured after the command has been entered will be encrypted.
B. Only the enable password will be encrypted.
C. Only the enable secret password will be encrypted
D. It will encrypt the secret password and remove the enable secret password from the configuration.
E. It will encrypt all current and future passwords.

Answer: E

Explanation

The secret password (configured by the command enable secret ) is always encrypted even if the service
password-encryption command is not used. Moreover, the secret password is not removed from the
configuration with this command, we still see it in encrypted form in the running-config -> D is not correct.

The enable password does not encrypt the password and can be viewed in clear text in the running-config.
By using the service password-encryption command, that password is encrypted (both current and future
passwords) -> A is not correct, E is correct.

Answer B Only the enable password will be encrypted seems to be correct but it implies the secret password
will not be encrypted and stay in clear text, which is not correct.

For your information, the secret password is encrypted with MD5 one-way hash algorithm which is harder to
break than the encryption algorithm used by the service password-encryption command.