CCNA Discovery 3 Module 4 Exam Answers Version 4.0

1. A network engineer is implementing a network design using VLSM for network 192.168.1.0/24. After subnetting the network, the engineer has decided to take one of the subnets, 192.168.1.16/28 and subnet it further to provide for point-to-point serial link addresses. What is the maximum number of subnets that can be created from the 192.168.1.16/28 subnet for serial connections?
• 1
• 2
• 4
• 6
• 8
• 16

2. When running NAT, what is the purpose of address overloading?
• limit the number of hosts that can connect to the WAN
• allow multiple inside addresses to share a single global address
• force hosts to wait for an available address
• allow an outside host to share inside global addresses


3. What two advantages does CIDR provide to a network? (Choose two.)
• reduced routing table size
• dynamic address assignment
• automatic route redistribution
• reduced routing update traffic
• automatic summarization at classful boundaries

4. How does a router keep track of which inside local address is used when NAT overload is configured?
• The router adds an additional bit to the source IP address and maintains a separate table.
• The router modifies the QoS field.
• The router uses TCP or UDP port numbers.
• The router uses a manual entry that is created and maintained in the database of the router.

5. What is a characteristic of a classful routing protocol on the network?
• All subnets are seen by all routers.
• CIDR addresses are advertised.
• A subnet can be further subnetted down and advertised correctly.
• Updates received by a router in a different major network have the default mask applied.

6. Refer to the exhibit. Which address is an inside global address?
• 10.1.1.1
• 10.1.1.2
• 198.18.1.55
• 64.100.0.1

7. Refer to the exhibit. All networks that are shown have a /24 prefix. Assuming that all routes have been discovered by all routers in the network, which address will successfully summarize only the networks that are shown?
• 192.168.8.0/21
• 192.168.8.0/24
• 192.168.16.0/20
• 192.168.16.0/21
• 192.168.16.0/24

8. What is the CIDR prefix designation that summarizes the entire reserved Class B RFC 1918 internal address range?
• /4
• /8
• /12
• /16
• /20

9. Which NAT term refers to the IP address of your inside host as it appears to the outside network?
• inside global IP address
• outside global IP address
• inside local IP address
• outside local IP address

10. A network administrator is asked to design a new addressing scheme for a corporate network. Presently, there are 500 users at the head office, 200 users at sales, 425 at manufacturing, and 50 at the research site. Which statement defines the correct VLSM addressing map with minimal waste using the 172.16.0.0/16 network?

• 172.16.0.0/20 head office
172.16.1.0/21 manufacturing
172.16.1.0/22 sales
172.16.3.0/26 research

• 172.16.48.0/19 head office
172.16.16.0/20 manufacturing
172.16.48.128 sales
172.16.48.0/26 research

• 172.16.2.0/23 head office
172.16.4.0/23 manufacturing
172.16.6.0/24 sales
172.16.7.0/26 research

• 172.16.2.0/22 head office
172.16.3.0/23 manufacturing
172.16.4.0/26 sales
172.16.4.128/25 research

11. A company using a Class B IP addressing scheme needs as many as 100 subnetworks. Assuming that variable length subnetting is not used and all subnets require at least 300 hosts, what subnet mask is appropriate to use?
• 255.255.0.0
• 255.255.240.0
• 255.255.254.0
• 255.255.255.0
• 255.255.255.128
• 255.255.255.192

12. Host A in the exhibit is assigned the IP address 10.118.197.55/20. How many more network devices can be added to this same subnetwork?
• 253
• 509
• 1021
• 2045
• 4093

13. Refer to the exhibit. RIP version 2 is configured as the network routing protocol and all of the default parameters remain the same. Which update is sent from R2 to R3 about the 10.16.1.0/24 network connected to R1?
• 10.16.0.0/16
• 10.0.0.0/24
• 10.0.0.0/8
• 10.16.1.0/24

14. What range of networks are summarized by the address and mask, 192.168.32.0/19?
• 192.168.0.0/24 - 192.168.32.0/24
• 192.168.0.0/24 - 192.168.31.0/24
• 192.168.32.0/24 – 192.168.64.0/24
• 192.168.32.0/24 – 192.168.63.0/24

15. Refer to the exhibit. Based on the output of the show ip nat translations command, which kind of address translation is in effect on this router?
• static
• public
• overload
• private

16. How many addresses will be available for dynamic NAT translation when a router is configured with the following commands?
• Router(config)#ip nat pool TAME 209.165.201.23 209.165.201.30 netmask 255.255.255.224
• Router(config)#ip nat inside source list 9 pool TAME
• 7
• 8
• 9
• 10
• 24
• 31

17. Refer to the exhibit. Which two IP addresses could be assigned to the hosts that are shown in the exhibit? (Choose two.)
• 192.168.65.31
• 192.168.65.32
• 192.168.65.35
• 192.168.65.60
• 192.168.65.63
• 192.168.65.64

18. What are the network and broadcast addresses for host 192.168.100.130/27? (Choose two.)
• network 192.168.100.0
• network 192.168.100.128
• network 192.168.100.130
• broadcast 192.168.100.157
• broadcast 192.168.100.159
• broadcast 192.168.100.255

19. Refer to the exhibit. Which two are valid VLSM network addresses for the serial link between Router1 and Router2? (Choose two.)
• 192.168.1.4/30
• 192.168.1.8/30
• 192.168.1.90/30
• 192.168.1.101/30
• 192.168.1.190/30

20. When configuring NAT on a Cisco router, what is the inside local IP address?
• the IP address of an inside host as it appears to the outside network
• the IP address of an outside host as it appears to the inside network
• the IP address of an inside host as it appears to the inside network
• the configured IP address assigned to a host in the outside network

CCNA Discovery 3 Module 9 Exam Answers Version 4.0

1. • 172.16.3.0
2. • There are congestion problems on the network.
3. • The line protocol of the local router is now up.
4. • The IP address of each subinterface must be the default gateway address for each VLAN subnet.
5. • No clock rate has been set on the DCE interface.
6. • The VTP domain names are different.
7. • Check the log to see what software components are producing the excess traffic.
8. • The packet is routed to R1 and then forwarded out Fa0/0 on R1.
9. • VLSM is not supported by RIPv1.
10. • The destination host address in an ACL statement is incorrect.
11. • divide-and-conquer
12. • The command was entered on router R1.
13. • The ACL is applied to the wrong interface, but the right direction.
14. • It will show network 172.16.3.0 learned from RB.
15. • large failure domain • single point of failure.
16. • password mismatch for PPP authentication
17. • The router interface is in the wrong subnet.
18. • The EIGRP process number on R2 is incorrect.
19. • Port 0/4 is configured in access mode.20.
20. • There is an addressing problem on the link between routers R2 and R3.
21. • Workstation 1 is not on the same network that the RTA router LAN interface is on.
22. • It should be performed when all switch Cisco IOS versions are upgraded dan • It should be done when the network is performing at normal activity levels.

CCNA Discovery 3 Module 8 Exam Answers Version 4.0
1. • 60
2.• The new commands are added to the end of the current Managers ACL.
3. • Inbound ACLs deny packets before routing lookups are required.
4. • Port 80 should be specified in the ACL.
5. • informational
6. • 172.16.31.77
• 172.16.31.78
7. • 0.0.15.255
8. • specifying internal hosts for NAT
• identifying traffic for QoS
9. • Create an access list permitting only echo reply and destination unreachable packets from the outside.
10• A router automatically reloads in 30 minutes.
11. • 192.168.20.16 to 192.168.20.31
12. • access-list 137 permit ip 192.0.2.0 0.0.0.255 any
access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www
13. • Standard ACLs are usually placed so that all packets go through the network and are filtered at the destination.
• Standard ACLs filter based on source address only, and must be placed near the destination if other traffic is to flow.
• Extended ACLs filter with many possible factors, and they allow only desired packets to pass through the network if placed near the source.
14. • access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
15. • access-list 56 deny 172.19.123.0 0.0.0.255
access-list 56 permit any
16. • Router(config)# access-list 101 permit tcp any 192.168.10.25 0.0.0.0 eq telnet
Router(config)# access-list 101 deny ip any any
Router(config)# int s0/0
Router(config-if)# ip access-group 101 in
Router(config-if)# int fa0/0
Router(config-if)#ip access-group 101 in
17. • access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80
18. • 0.0.0.31
19. • Use only Secure Shell (SSH) on the vty lines.
20. • A large amount of ICMP traffic is being denied at the interface, which can be an indication of a DoS

CCNA Discovery 3 Module 6 Exam Answers Version 4.0
1. • HQ is a DROTHER.
2. • A DR is not elected.
• OSPF neighbor routers are statically defined.
3. • The default-information originate command is applied on R1.
4. • neighbor adjacencies
5. • R3 to R2 to R1
6. • router ospf 1
network 192.168.10.64 0.0.0.63 area 0
network 192.168.10.192 0.0.0.3 area 0
7. • network 10.8.0.0 0.3.255.255 area 0
8. • The router with the highest OSPF priority setting wins the election for DR.
9. • Router2(config-router)# network 172.16.32.0 0.0.15.255 area 0
10.• All routers in the same area have identical link-state databases when converged.
• Calculating the shortest path for each destination is accomplished with the SPF algorithm.
11. • The DR and BDR do not change until the next election.
12. • Elections are required in broadcast multiaccess networks.
• Elections are sometimes required in NBMA networks.
13. • The timer intervals on the routers do not match.
14. • It is the OSPF cost metric.
15. • provides a stable OSPF router ID on router B
16. • The router views 10.16.1.64/30 and 10.16.1.64/27 as two different networks.
17. • Distance vector protocols take existing routes from their neighbors and add to them. Link-state protocols independently calculate full routes.
18. • 192.168.0.0/24 through 192.168.15.0/24
19. • 224.0.0.5
20. • R2 will be DR and R3 will be BDR.
21. • isolation of network instability
22. • Routers have direct knowledge of all links in the network and how they are connected.
• After the initial LSA flooding, routers generally require less bandwidth to communicate changes in a topology.
23. • Each router has a link-state database containing the same status information.
24.• The OSPF routing configuration on RTRC has a missing or incorrect network statement.

CCNA Discovery 3 Module 5 Exam Answers Version 4.0
1. • They can support multiple routed protocols
• They send partial routing updates in response to topology changes.
• They use hello packets to inform neighboring routers of their status.
2.• A distance vector routing protocol is used.
• Routing updates broadcast every 30 seconds.
• Hop count is the only metric used for route selection.
3. • The route is viable and can be used to forward traffic.
4.• Suboptimal paths will be selected.
• Network convergence may be affected.
5. • 90

6. • RIP is the routing protocol configured.
• The metric for this route is 2.
7.• RTA and RTB will accept updates from each other.
8. • RTP
9. • RTR-2(config)# router eigrp 1
RTR-2(config-router)# network 198.18.76.0
10. • the use of variable length subnet masks
11. • the calculated metric for the destination network
12. • It identifies the directly connected networks that will be included in the RIP routing updates.
13. • by exchanging hello packets with neighboring routers
14. • ip summary-address eigrp 1 192.168.10.64 255.255.255.192
15. • every 30 seconds
16.• RIPv1 is a classful routing protocol.
• RIPv1 does not support VLSM.
17. • EIGRP authentication uses the MD5 algorithm.
• EIGRP authentication uses a pre-shared key.
18. • when a network contains discontiguous network addresses
19. • 15 hops
20. • A feasible successor route can be found in the topology table.
• The topology table shows whether a route is in the passive or active state.
21. • RIPv2 is configured on this router.

CCNA2 – Lab 5.1.2 Powering Up an Integrated Services Router

Objectives

• Set up a new Cisco 1841 Integrated Services Router ( ISR ).
• Connect a computer to the router console interface.
• Configure Hyper Terminal so that the computer can communicate with the router

Background / Preparation

This lab focuses on the initial setup of the Cisco 1841 ISR. If a Cisco 1841 ISR is not available, you can use another router model. The information in this lab applies to other routers. A Cisco ISR combines routing and switching functions, security, voice, and LAN and WAN connectivity into a single device, which makes it appropriate for small-sized to medium-sized businesses and for ISP-managed customers.

Some steps in this lab are normally only performed once during initial setup. These steps are indicated as optional.

The following resources are required :

• Cisco 1841 ISR other comparable router.
• Power Cable
• Windows PC with terminal emulation program
• RJ45-to-DB9 connector console cable.

Step 1 : position router and connect ground wire (Optional)

Note : this Step is optional and is required only if the router is being set up for the first time. Read through it to become familiar with the process.

a. Position the router chassis to allow unrestricted air flow for chassis cooling. Keep at least 1inch ( 2.5 4 c m ) of clear space beside the cooling inlet and exhaust vents. CAUTION: Do not place any items that weigh more than 10 pounds (4.5 kilograms) on top of the chassis, and do not stack routers on top of each other.

b. Connect the chassis to a reliable earth ground using a ring terminal and size 14AWG (2 mm ) wire using these step :

NOTE: Your instructor should inform you where a reliable earth ground is

1. Strip one end of the ground wire to expose approximately 3/4 inch ( 20mm ) of conductor.

2. Crimp the 14AWG (2 mm ) green ground wire to a UL Listed / CS A certified ring terminal using a crimping tool that is recommended by the ring terminal manufacturer. The ring terminal provided on the back panel of the Cisco 1841 ISR router is suitable for a Number 6 grounding screw.

3. Attach the ring terminal to the chassis as shown in the figure below. Use a Number 2 Phillips screw driver and the screw that is supplied with the ring terminal and tighten the screw

4. Connect the other end of the ground wire to a suitable earth ground that the instructor indicates.

Step 2 : Install the Compact Flash memory card ( Optional)

NOTE: This step is optional and is required only if the router is being set up for the first time. To avoid wear on the memory card and ejector mechanism, do not actually perform this step. Read through it to become familiar with the process.

a. Attach a grounding strap to your wrist to avoid electro shock damage to the card. Seat the external Compact Flash memory card properly into the slot. This step depends on the type of router. Not all routers have flash cards.

b. If the router has a Compact Flash memory card, check that the ejector mechanism is fully seated. Theejector button is next to the Compact Flash memory card.

c. Connect the power cable to the ISR and to the power outlet.

Step 4: Power up the ISR

a. Move the power switch on the back of the ISR to the ON position. During this step, the LEDs on the chassis turn on and off, not necessarily at the same time. The LED activity depends on what is installed in the ISR .

b. Observe the startup messages as they appear in the terminal emulation program window. While these messages are appearing, do not press any keys on the keyboard. Pressing a key interrupts the router start up process. Some examples of start up messages displayed are the amount of main memory installed and the image type of the Cisco IOS software that the computer is using. Can you find these example start up messages in the following figure?

Step 5 : Reflection

a. Is there anything about this procedure that is risky?

b. Why do the router cover, all modules, and cover plates need to be installed?

c. How many routers can you safely stack on top of each other ?

1) 0

2) 1

3) 2

4) 3

CCNA Discovery 3 Module 3 Exam Answers Version 4.0
1.


Refer to the exhibit. What two statements can be concluded from the information that is shown in the exhibit? (Choose two.)
• All ports that are listed in the exhibit are access ports.
• ARP requests from Host1 will be forwarded to Host2.
• Attaching Host1 to port 3 will automatically allow communication between both hosts.
• The default gateway for each host must be changed to 192.168.3.250/28 to allow communication between both hosts.
• A router connected to the switch is needed to forward traffic between the hosts.
Jawaban
• The default gateway for each host must be changed to 192.168.3.250/28 to allow communication between both hosts.

2.

A router is configured to connect to a trunked uplink as shown in the exhibit. A packet is received on the FastEthernet 0/1 physical interface from VLAN 10. The packet destination address is 192.168.1.120. What will the router do with this packet?
• The router will forward the packet out interface FastEthernet 0/1.1 tagged for VLAN 10.
• The router will forward the packet out interface FastEthernet 0/1.2 tagged for VLAN 60.
• The router will forward the packet out interface FastEthernet 0/1.3 tagged for VLAN 60.
• The router will forward the packet out interface FastEthernet 0/1.3 tagged for VLAN 120.
• The router will not process the packet since the source and destination are on the same subnet.
• The router will drop the packet since no network that includes the source address is attached to the router.
Jawaban
• The router will forward the packet out interface FastEthernet 0/1.3 tagged for VLAN 120.


3. The information contained in a BPDU is used for which two purposes? (Choose two.)
• to prevent loops by sharing bridging tables between connected switches
• to set the duplex mode of a redundant link
• to determine the shortest path to the root bridge
• to determine which ports will forward frames as part of the spanning tree
• to activate looped paths throughout the network

4. A router has two serial interfaces and two Fast Ethernet interfaces. This router must be connected to a WAN link and to a switch that supports four VLANs. How can this be accomplished in the most efficient and cost-effective manner to support inter-VLAN routing between the four VLANs?
• Connect a smaller router to the serial interface to handle the inter-VLAN traffic.
• Add two additional Fast Ethernet interfaces to the router to allow one VLAN per interface.
• Connect a trunked uplink from the switch to one Fast Ethernet interface on the router and create logical subinterfaces for each VLAN.
• Use serial-to-Fast Ethernet transceivers to connect two of the VLANs to the serial ports on the router. Support the other two VLANs directly to the available FastEthernet ports.

5. When are MAC addresses removed from the CAM table?
• at regular 30 second intervals
• when a broadcast packet is received
• when the IP Address of a host is changed
• after they have been idle for a certain period of time

6.

Refer to the exhibit. Switch1 is not participating in the VTP management process with the other switches. Which two are possible reasons for this? (Choose two.)
• Switch2 is in transparent mode.
• Switch1 is in client mode.
• Switch1 is using VTP version 1 and Switch2 is using VTP version 2.
• Switch2 is in server mode.
• Switch1 is in a different management domain.
• Switch1 has no VLANs.

7. Which three must be used when a router interface is configured for VLAN trunking? (Choose three.)
• one subinterface per VLAN
• one physical interface for each subinterface
• one IP network or subnetwork for each subinterface
• one trunked link per VLAN
• a management domain for each subinterface
• a compatible trunking protocol encapsulation for each subinterface

8.

Refer to the exhibit. The switches are connected with trunks within the same VTP management domain. Each switch is labeled with its VTP mode. A new VLAN is added to Switch3. This VLAN does not show up on the other switches. What is the reason for this?
• VLANs cannot be created on transparent mode switches.
• Server mode switches neither listen to nor forward VTP messages from transparent mode switches.
• VLANs created on transparent mode switches are not included in VTP advertisements.
• There are no ports assigned to the new VLAN on the other switches.
• Transparent mode switches do not forward VTP advertisements.

9. Which two criteria are used by STP to select a root bridge? (Choose two.)
• memory size
• bridge priority
• switching speed
• number of ports
• base MAC address
• switch location

10. Which three steps should be taken before moving a Catalyst switch to a new VTP management domain? (Choose three.)
• Reboot the switch.
• Reset the VTP counters to allow the switch to synchronize with the other switches in the domain.
• Download the VTP database from the VTP server in the new domain.
• Configure the VTP server in the domain to recognize the BID of the new switch.
• Select the correct VTP mode and version.
• Configure the switch with the name of the new management domain.

11. Which two items will prevent broadcasts from being sent throughout the network? (Choose two.)
• bridges
• routers
• switches
• VLANs
• hubs

12. Which two characteristics describe a port in the STP blocking state? (Choose two.)
• provides port security
• displays a steady green light
• learns MAC addresses as BPDUs are processed
• discards data frames received from the attached segment
• receives BPDUs and directs them to the system module

13. What is the first step in the process of convergence in a spanning tree topology?
• election of the root bridge
• determination of the designated port for each segment
• blocking of the non-designated ports
• selection of the designated trunk port
• activation of the root port for each segment

14. In which STP state does a switch port transmit user data and learn MAC addresses?
• blocking
• learning
• disabling
• listening
• forwarding

15. What is the purpose of VTP?
• maintaining consistency in VLAN configuration across the network
• routing frames from one VLAN to another
• routing the frames along the best path between switches
• tagging user data frames with VLAN membership information
• distributing BPDUs to maintain loop-free switched paths

16. Which statement best describes adaptive cut-through switching?
• The switch initially forwards all traffic using cut-through switching and then changes to store-and-forward switching if errors exceed a threshold value.
• The switch initially forwards all traffic using cut-through switching and then changes to fast-forward switching if errors exceed a threshold value.
• The switch initially forwards all traffic using cut-through switching and then temporarily disables the port if errors exceed a threshold value.
• The switch initially forwards all traffic using store-and-forward switching and then changes to cut-through switching if errors exceed a threshold value.

17. Using STP, how long does it take for a switch port to go from the blocking state to the forwarding state?
• 2 seconds
• 15 seconds
• 20 seconds
• 50 seconds

18.

Refer to the exhibit. The switches are interconnected by trunked links and are configured for VTP as shown. A new VLAN is added to Switch1. Which three actions will occur? (Choose three.)
• Switch1 will not add the VLAN to its database and will pass the update to Switch 2.
• Switch2 will add the VLAN to its database and pass the update to Switch3.
• Switch3 will pass the VTP update to Switch4.
• Switch3 will add the VLAN to its database.
• Switch4 will add the VLAN to its database.
• Switch4 will not receive the update.

19 Which Catalyst feature causes a switch port to enter the spanning-tree forwarding state immediately?
• backbonefast
• uplinkfast
• portfast
• rapid spanning tree

20.

Refer to the exhibit. Which set of commands would be used on the router to provide communication between the two hosts connected to the switch?
• Router(config)# interface vlan 2
Router(config-if)# ip address 192.168.2.1 255.255.255.0
Router(config-if)# no shutdown
Router(config)# interface vlan 3
Router(config-if)# ip address 192.168.3.1 255.255.255.0
Router(config-if)# no shutdown
• Router(config)# interface fastethernet 0/0
Router(config-if)# no shutdown
Router(config-if)# interface fastethernet 0/0.2
Router(config-subif)# encapsulation dot1q 2
Router(config-subif)# ip address 192.168.2.1 255.255.255.0
Router(config-if)# interface fastethernet 0/0.3
Router(config-subif)# encapsulation dot1q 3
Router(config-subif)# ip address 192.168.3.1 255.255.255.0
• Router(config)# interface vlan 2
Router(config-if)# switchport mode trunk dot1q
Router(config)# interface vlan 3
Router(config-if)# switchport mode trunk dot1q
• Router(config)# interface fastethernet 0/0
Router(config-if)# mode trunk dot1q 2 3
Router(config-if)# ip address 192.168.2.1 255.255.255.0

CCNA Discovery 3 Module 2 Exam Answers Version 4.0

1. What type of connection point is a point of presence (POP)?
• between a client and a host
• between two local networks
• between a computer and a switch
• between an ISP and an Enterprise network
Jawaban

2. A network administrator needs to configure Telnet access to a router. Which group of commandsenable Telnet access to the router?
• Router(config)# enable password class
Router(config)# line con 0
Router(config-line)# login
Router(config-line)# password cisco
• Router(config)# ip host 192.168.1.1 NewYork
Router(config)# enable password cisco
• Router(config)# line aux 0
Router(config-line)# login
Router(config-line)# password cisco
• Router(config)# enable password class
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password cisco
Jawaban
• Router(config)# enable password class
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password cisco


3. Which two types of information should be included in a business continuity plan? (Choose two.)
• maintenance time periods
• intrusion monitoring records
• offsite data storage procedures
• alternate IT processing locations*
• problem resolution escalation steps
Jawaban
• alternate IT processing locations*
• problem resolution escalation steps

4. Which two router parameters can be set from interface configuration mode? (Choose two.)
• IP address
• Telnet password
• hostname
• console password
• subnet mask
• enable secret password
Jawaban
• IP address
• subnet mask

5. Which two devices protect a corporate network against malicious attacks at the enterprise edge ?(Choose two.)
• demarc
• IP security (IPSec)
• Data Service Unit (DSU)
• intrusion prevention system (IPS)
• intrusion detection system (IDS)

6. Which three steps must be performed to remove all VLAN information from a switch but retain therest of the configuration? (Choose three.)
• Remove all VLAN associations from the interfaces.
• Remove the 802.1q encapsulation from the interfac
• Issue the command copy start run.
• Issue the command delete flash:vlan.dat.
• Issue the command erase start.
• Reload the switch.

7. What is the demarcation?
• physical point where the ISP responsibilty ends and the customer responsibilty begins
• physical location where all server farm connections meet before being distributed into the Core
• point of entry for outside attacks and is often vulnerable
• point of entry for all Access Layer connections from the Distribution Layer devices

8. Which device is responsible for moving packets between multiple network segments?
• router
• switch
• CSU/DSU
• IDS device

10. What information can an administrator learn using the show version command?
• Cisco IOS filename
• configured routing protocol
• status of each interface
• IP addresses of all interfaces

11. Which two situations require a network administrator to use out-of-band management to change arouter configuration? (Choose two.)
• Network links to the router are down.
• No Telnet password has been configured on the router.
• The administrator can only connect to the router using SSH.
• The network interfaces of the router are not configured with IP addresses.
• Company security policy requires that only HTTPS be used to connect to routers.

12. It is crucial that network administrators be able to examine and configure network devices fromtheir homes. Which two approaches allow this connectivity without increasing vulnerability to externalattacks? (Choose two.)
• Configure a special link at the POP to allow external entry from the home computer.
• Set up VPN access between the home computer and the network.
• Install a cable modem in the home to link to the network.
• Configure ACLs on the edge routers that allow only authorized users to access management portson network devices.
• Configure a server in the DMZ with a special username and password to allow external access.

13. A network administrator must define specific business processes to implement if a catastrophicdisaster prevents a company from performing daily business routines. Which portion of the networkdocumentation is the administrator defining?
• business security plan
• business continuity plan
• network solvency plan
• service level agreement
• network maintenance plan

14. A DoS attack crippled the daily operations of a large company for 8 hours. Which two optionscould be implemented by the network administrator to possibly prevent such an attack in the future?(Choose two.)
• install security devices with IDS and IPS at the enterprise edge
• reset all user passwords every 30 days
• filter packets based on IP address, traffic pattern, and protocol
• deny external workers VPN access to internal resources
• ensure critical devices are physically secure and placed behind the demarc

15. A network manager wants to have processes in place to ensure that network upgrades do not affectbusiness operations. What will the network manager create for this purpose?
• business security plan
• business continuity plan
• service level agreement
• network maintenance plan

16. An investment company has multiple servers that hold mission critical datThey are worried that ifsomething happens to these servers, they will lose this valuable information. Which type of plan isneeded for this company to help minimize loss in the event of a server crash?
• business security
• business continuity
• network maintenance
• service level agreement

17. When searching for information about authentication methods and usernames of companypersonnel, where can a network administrator look?
• Business Continuity Plan
• Business Security Plan
• Network Maintenance Plan
• Service Level Agreement

18. Refer to the exhibit. Which statement is true about port Fa5/1?
• When a violation is detected, the port will log the information to a syslog server.
• When a violation is detected, the port will go into err-disable mod
• There have been 11 security violations since the last reloa
• The port is currently in the shutdown state.

CCNA Discovery 3 Module 1 Exam Answers Version 4.0

1. What can be found at the enterprise edge?
• Internet, VPN, and WAN modules
• Internet, PSTN, and WAN services
• server farms and network management
• campus infrastructure, including access layer devices
Jawaban
• Internet, VPN, and WAN modules

2. In which functional area of the Cisco Enterprise Architecture should IDS and IPS be located to detect
• and prevent services from accessing hosts?
• Enterprise Campus
• Edge Distribution
• Enterprise Edge
• Service Provider Edge
Jawaban
• Enterprise Edge


3. A business consultant must use Internet websites to research a report on the e-business strategies of several firms and then electronically deliver the report to a group of clients in cities throughout the world. Which two teleworker tools can the consultant use to accomplish this project? (Choose two.)
• VoIP
• VPN
• HTTP
• Telnet
• email
Jawaban
• HTTP
• email

4. Which two measures help ensure that a hardware problem does not cause an outage in an enterprise LAN that supports mission critical services? (Choose two.)
• providing failover capability
• installing redundant power supplies
• purchasing more bandwidth from the ISP
• implementing broadcast containment with VLANs
• installing routers that can handle a greater amount of throughput
Jawaban
• providing failover capability
• installing redundant power supplies

5. Which task would typically only require services located at the access layer of the hierarchical design model?
• connecting to the corporate web server to update sales figures
• using a VPN from home to send data to the main office servers
• printing a meeting agenda on a local departmental network printer
• placing a VoIP call to a business associate in another country
• responding to an e-mail from a co-worker in another department
Jawaban
• printing a meeting agenda on a local departmental network printer

6. How does a VPN work to support remote user productivity?
• It uses SSL to encrypt remote user logins to the corporate intranet.
• It uses secure Telnet for remote user connections to internal network devices.
• It creates a virtual circuit that allows real-time communications between any two Internet endpoints.
• It uses encapsulation to create a secure tunnel for transmission of data across non-secure networks.
Jawaban
• It uses encapsulation to create a secure tunnel for transmission of data across non-secure networks.

7. A remote user needs to access a networking device on the internal network of the company. The transactions between the remote user and the device must be secure. Which protocol enables this to happen securely?
• HTTP
• SSH
• Telnet
• FTP
Jawaban
• SSH

8. What does VoIP provide to telecommuters?
• high-quality, live-video presentations
• real-time voice communications over the Internet
• ability to share desktop applications simultaneously
• secure, encrypted data transmissions through the Internet

9. Which functional component of the Cisco Enterprise Architecture is responsible for hosting internal servers?
• enterprise campus
• enterprise edge
• service provider edge
• building distribution

10. What is the purpose of the Cisco Enterprise Architecture?
• remove the three-layer hierarchical model and use a flat network approach
• divide the network into functional components while still maintaining the concept of Core, Distribution, and Access Layers
• provide services and functionality to the core layer by grouping various components into a single
• component located in the access layer
• reduce overall network traffic by grouping server farms, the management server, corporate intranet, and e-commerce routers in the same layer

11. Which two solutions would an enterprise IT department use to facilitate secure intranet access for remote workers? (Choose two.)
• VPN
• NAT
• user authentication
• client firewall software
• packet sniffing

12. Which statement describes the difference between an enterprise WAN and an enterprise extranet?
• An enterprise WAN is designed to interconnect local LANs, while an enterprise extranet is designed to interconnect remote branch offices.
• An enterprise WAN is designed to interconnect branch offices, while an enterprise extranet is designed to give access to external business partners.
• An enterprise WAN is designed to provide remote access for its teleworkers, while an enterprise extranet is designed to provide Internet connectivity for the enterprise.
• An enterprise WAN is designed to provide Internet connectivity for the enterprise, while an enterprise extranet is designed to provide remote access to the enterprise network for teleworkers.

13. Why would a network administrator want to limit the size of failure domains when designing a network?
• reduces the effect of Ethernet collisions
• reduces the impact of a key device or service failure
• reduces the impact of Internet congestion on critical traffic
• reduces the impact of blocking broadcast packets at the edge of the local network

14. What is the main purpose of the Access Layer in a hierarchically designed network?
• performs routing and packet manipulation
• supplies redundancy and failover protection
• provides a high-speed, low-latency backbone
• serves as a network connection point for end-user devices

15. Which three functions are performed at the Distribution Layer of the hierarchical network model? (Choose three.)
• forwards traffic that is destined for other networks
• isolates network problems to prevent them from affecting the Core Layer
• allows end users to access the local network
• provides a connection point for separate local networks
• transports large amounts of data between different geographic sites
• forwards traffic to other hosts on the same logical network

16. What is a benefit of having an extranet?
• It provides web-like access to company information for employees only.
• It limits access to corporate information to secure VPN or remote access connections only.
• It allows customers and partners to access company information by connecting to a public web server.
• It allows suppliers and contractors to access confidential internal information using controlled external connections.

17. What are two important characteristics or functions of devices at the Enterprise Edge? (Choose two.)
• providing Internet, telephone, and WAN services to the enterprise network
• providing a connection point for end-user devices to the enterprise network
• providing high-speed backbone connectivity with redundant connections
• providing intrusion detection and intrusion prevention to protect the network against malicious activity
• providing packet inspection to determine if incoming packets should be allowed on the enterprise network

18. Why is TCP the preferred Layer 4 protocol for transmitting data files?
• TCP is more reliable than UDP because it requires lost packets to be retransmitted.
• TCP requires less processing by the source and destination hosts than UDP.
• UDP introduces delays that degrade the quality of the data applications.
• TCP ensures fast delivery because it does not require sequencing or acknowlegements.

19. The ABC Corporation implements the network for its new headquarters using the Cisco Enterprise Architecture. The network administrator wants to filter the traffic from and to the outside world. Where should the administrator deploy a firewall device?
• server farm
• enterprise edge
• enterprise campus
• service provider edge

20. Which two statements are reasons why UDP is used for voice and video traffic instead of TCP?(Choose two.)
• TCP requires all data packets to be delivered for the data to be usable.
• The acknowledgment process of TCP introduces delays that break the streams of data.
• UDP does not have mechanisms for retransmitting lost packets.
• UDP tolerates delays and compensates for them.
• TCP is a connectionless protocol that provides end-to-end reliability.
• UDP is a connection-oriented protocol that provides end-to-end reliability.

CCNA Discovery 2 Module 8 Exam Answers Version 4.0

1. • accounting
2. • date and time of message
• ID of sending device
• message ID
3. • It uses a 128-bit pre-shared hexadecimal key to prevent unauthorized wireless access.
4. • packet filtering
5. • authentication
6. • reviewing backup logs
• performing trial backups
7. • poll
8. • SNMP
• Telnet
• TFTP
9. • The hacker obtained the MAC address of a permitted host, and cloned it on his wireless laptop NIC.
10. • Provide users with only the access to resources required to do their jobs.
• Allow users to decide how much permission they need to accomplish their job tasks.
11. • IPSEC
• SSL
• HTTPS
12. • encryption
13. • network management database
14. • Tape is not a cost-effective means of backing up data.
• Tape drives require regular cleaning to maintain reliability.
15. • DMZ
16. • ports
• protocols
17. • when the management interface of a device is not reachable across the network
18. • IPSEC
19. • full
20. • authentication

CCNA Discovery 2 Module 7 Exam Answers Version 4.0
1. • The OSI network layer is comparable to the Internet layer of the TCP/IP model.
• The TCP/IP model is based on four layers and the OSI model is based on seven layers.
2.• availability
• scalability
3. • It utilizes TCP port 110.
• SMTP is used to send the e-mail message to the mail servers.
4. • Host2 sends a SYN-ACK message to Host1.
5. • Redundant hardware provides enhanced reliability.
• Fault tolerance is a measure of reliability.
• The longer the MTBF, the greater the reliability.
6. • The protocol interpreter is responsible for the data transfer function.
• In passive data connections, the FTP client initiates the transfer of data.
7. • It enables the synchronization of port numbers between source and destination hosts.
8. • It supports authentication.
• It encrypts packets with SSL.
• It requires additional server processing time.
9. • reverse lookup
10. • dynamic
11. • The command ping fileserv will use IP address 172.16.5.10.
12. • mapping name-to-IP addresses for internal hosts
• forwarding name resolution requests to a caching-only server
13. • low overhead
• no flow control
• no error-recovery function
14. • FTP
• HTTP
• SMTP
15. • HTTP – 80
• SMTP – 25
16. • source IP address and port with a destination IP address and port
17. • SMTP
18. • Source – 192.168.1.17:80 ; Destination – 192.168.2.39:1045
19. • caching-only
20. • The server will determine the appropriate service from the destination port field.
21. • IP address
• MAC address

CCNA Discovery 2 Module 6 Exam Answers Version 4.0

1. • show ip protocols
2. • 16
3. • when the company uses two or more ISPs
4. • a RIP router
5. • Interior routing protocols are used to route on the Internet. Exterior routing protocols are used inside organizations.
6. • subnet mask
7. • EIGRP
8. • routerA(config-router)# network 192.168.3.0
9. • Immediately
10. • All routers at an ISP must be assigned the same AS number.
11. • to identify which networks on the router will send and receive RIP updates
12. • router# show ip networks
13. • It allows a router to share information about known networks with other routers.
14. • border gateway router
15. • show ip rip database
16. • destination IP address
17. • a global business with connections to multiple local ISPs
• a medium-sized nationwide business with Internet connectivity through different ISPs
18. • show ip rip database
19. • Routers will not allow packets to be forwarded until the network has converged.
20. • They require manual reconfiguration to accommodate network changes.
• They are identified in the routing table with the prefix S
21. • Link-state routers only know about directly connected routers. Distance vector routers know about every router in the network.
• Link-state routing protocols update when a change is made. A network using distance vector routing protocols only updates at a specific interval.
22. • BGP
23. • Ping
• Traceroute
• show ip route
24. • autonomous system

CCNA Discovery 2 Module 5 Exam Answers Version 4.0

1. vIn what two ways does SDM differ from the IOS CLI? (Choose two.)
• SDM is used for in-band management only. The IOS CLI can be used for in-band and out-of-band management.
• SDM is accessed through a Telnet application. The IOS CLI is accessed through a web browser.
• SDM is available for all router platforms. The IOS CLI is available for a limited number of Cisco devices.
• SDM utilizes GUI buttons and text boxes. The IOS CLI requires the use of text-based commands.
• SDM is used for advanced configuration tasks. The IOS CLI is preferred for initial basic device configuration.

2. Which mode will a configured router display at login?
• global configuration mode
• setup mode
• ROM monitor mode
• user EXEC mode

3.

Refer to the exhibit. Which password or passwords will be encrypted as a result of the configuration that is shown?
• virtual terminal only
• enable mode only
• console and virtual terminal only
• enable mode and virtual terminal
• only the service password
• all configured passwords

4.

Refer to the exhibit. Which three sets of commands are required to enable administrators to connect to the Switch1 console over Telnet for configuration and management? (Choose three.)
• Switch1(config)# interface fa0/1
Switch1(config-if)# ip address 192.168.2.64 255.255.255.192
• Switch1(config)# interface fa0/1
Switch1(config-if)# ip address 192.168.2.66 255.255.255.192
• Switch1(config)# interface vlan 1
Switch1(config-if)# ip address 192.168.2.126 255.255.255.192
Switch1(config-if)# no shutdown
• Switch1(config)# line vty 0 4
Switch1(config-line)# enable password cisco
Switch1(config-line)# login
• Switch1(config)# line vty 0 15
Switch1(config-line)# password cisco
Switch1(config-line)# login
• Switch1(config)# ip default-gateway 192.168.2.65

5. How does the SYST LED on the catalyst 2960 switch indicate a POST failure?
• blinks rapidly amber
• blinks rapidly green
• steady amber
• steady green

6. Refer to the exhibit. A company always uses the last valid IP address in a subnetwork as the IP address of the router LAN interface. A network administrator is using a laptop to configure switch X with a default gateway. Assuming that the switch IP address is 192.168.5.147/24, what command will the administrator use to assign a default gateway to the switch?
• X(config)# ip default-gateway 192.168.5.254
• X(config)# ip gateway 192.168.5.1
• X(config)# ip route 0.0.0.0 0.0.0.0 192.168.5.1
• X(config)# ip default-route 192.168.5.1
• X(config)# ip route 192.168.5.254 255.255.255.0 fastethernet 0/0

7. A technician has made changes to the configuration of a router. What command will allow the technician to view the current configuration before he saves the changes?
• router# show running-config
• router# show startup-config
• router# show flash
• router# show version

8. Passwords can be used to restrict access to all or parts of the Cisco IOS. Select the modes and interfaces that can be protected with passwords. (Choose three.)
• VTY interface
• console interface
• Ethernet interface
• secret EXEC mode
• privileged EXEC mode
• router configuration mode

9. To save time, IOS commands may be partially entered and then completed by typing which key or key combination?
• Tab
• Ctrl-P
• Ctrl-N
• Up Arrow
• Right Arrow
• Down Arrow

10. What is the correct command sequence to configure a router host name to 'LAB_A'?
• Router> enable
Router# configure terminal
Router(config)# hostname LAB_A
• Router> enable
Router# hostname LAB_A
• Router> enable
Router# configure router
Router(config)# hostname LAB_A
• Router> enable
Router(config)# host name LAB_A

11.


Refer to the exhibit. From the router console, an administrator is unable to ping a Catalyst switch that is located in another building. What can the administrator do from her location to check the IP configuration of the attached switch?
• Open an SDM session with the switch from her desktop.
• Telnet to the switch from the router console.
• Use the show cdp neighbors detail command from the router console.
• The administrator must go to the switch location and make a console connection to check these settings.

12. Which two options must be selected in SDM Express to enable a router serial interface to obtain an IP address automatically? (Choose two.)
• Easy IP (IP negotiated)
• IP unnumbered
• No IP address
• HDLC encapsulation
• Frame Relay encapsulation
• PPP encapsulation

13. What three settings can be made in the SDM Express basic configuration screen? (Choose three.)
• host name
• DHCP options
• domain name
• interface IP addresses
• enable secret password
• DNS server IP addresses

14. Which tasks can be accomplished by using the command history feature? (Choose two.)
• View a list of commands entered in a previous session.
• Recall up to 15 command lines by default.
• Set the command history buffer size.
• Recall previously entered commands.
• Save command lines in a log file for future reference.

15. What option within Cisco SDM Express must be configured to allow hosts that receive IP address settings from the router to resolve names on the network or Internet?
• host name
• domain name
• DHCP address pool
• DNS server IP address

16. Which three encapsulation types can be set on a serial interface by an administrator who is using SDM Express? (Choose three.)
• ATM
• CHAP
• Frame Relay
• HDLC
• PAP
• PPP

17. Which command will display routing table information about all known networks and subnetworks?
• Router# show ip interfaces
• Router# show ip connections
• Router# show ip route
• Router# show ip networks

18. A network administrator needs to configure a router. Which of the following connection methods requires network functionality to be accessible?
• console
• AUX
• Telnet
• modem

19. Which three pieces of information about a neighbor device can be obtained by the show cdp neighbors command? (Choose three.)
• platform
• routing protocol
• connected interface of neighbor device
• device ID
• IP addresses of all interfaces
• enable mode password

20.

Which function is a unique responsibility of the DCE devices shown in the exhibit?
• transmission of data
• reception of data
• clocking for the synchronous link
• noise cancellation in transmitted data

21. Which of the following are functions of NVRAM? (Choose two.)
• stores the routing table
• retains contents when power is removed
• stores the startup configuration file
• contains the running configuration file
• stores the ARP table

22.
Refer to the exhibit. Which series of commands will enable users who are attached to Router1 to access the remote server?
• Router1(config)# interface S0/0/0
Router1(config-if)# ip address 64.100.0.129 255.255.255.252
Router1(config-if)# clock rate 64000
Router1(config-if)# no shutdown
• Router1(config)# interface S0/0/0
Router1(config-if)# ip address 64.100.0.125 255.255.255.252
Router1(config-if)# no shutdown
• Router1(config)# interface S0/0/0
Router1(config-if)# ip address 64.100.0.125 255.255.255.252
Router1(config-if)# clock rate 64000
Router1(config-if)# no shutdown
• Router1(config)# interface S0/0/0
Router1(config-if)# ip address 64.100.0.129 255.255.255.252
Router1(config-if)# no shutdown

23. A network technician is attempting to add an older workstation to a Cisco switched LAN. The technician has manually configured the workstation to full-duplex mode in order to enhance the network performance of the workstation. However, when the device is attached to the network, performance degrades and excess collision are detected. What is the cause of this problem?
• The host is configured in a different subnet from the subnet of the switch.
• There is a duplex mismatch between the workstation and switch port.
• The switch port is running at a different speed from the speed of the workstation NIC.
• The host has been configured with a default gateway that is different from that of the switch.

24. Which of the following statements are true regarding the user EXEC mode? (Choose two.)
• All router commands are available.
• Global configuration mode can be accessed by entering the enable command.
• A password can be entered to allow access to other modes.
• Interfaces and routing protocols can be configured.
• Only some aspects of the router configuration can be viewed.

25. Which command turns on a router interface?
• Router(config-if)# enable
• Router(config-if)# no down
• Router(config-if)# s0 active
• Router(config-if)# interface up
• Router(config-if)# no shutdown