You are on page 1of 225

1.

Which three actions might a Frame Relay switch perform when it detects an
excessive build-up of frames in its queue? (Choose three.)
puts a hold on accepting frames in excess of the CIR
drops frames from the queue that have the DE bit set
reduces the number of frames it sends over the link
re-negotiates flow control with the connected device
sets the FECN bit on all frames it receives on the congested link
sets the BECN bit on all frames it places on the congested link

2. Which best describes the benefit of using Frame Relay as opposed to a leased line or
ISDN service?
Customers can define their virtual circuit needs in far greater combinations, with
increments as small as 64 kbps.
Customers pay for an end-to-end connection that includes the local loop and the
network link.
Customers only pay for the local loop and the bandwidth they purchase from the
network provider.
Connecting new sites requires new lower cost circuit installations when compared to
ISDN dialup costs or adding additional hardware for leased service.

3.

Refer to the exhibit. Router R1 has been configured for Frame Relay connectivity to
routers R2 and R3. What configuration option should be configured on the R2 and R3
serial interfaces in order for all routers to ping each other successfully?
R2(config-if)# frame-relay interface-dlci 201 broadcast
R3(config-if)# frame-relay interface-dlci 301 broadcast
R2(config-if)# frame-relay map ip 10.1.1.1 201 broadcast
R3(config-if)# frame-relay map ip 10.1.1.1 301 broadcast
R2(config-if)# frame-relay map ip 10.1.1.3 201 broadcast
R3(config-if)# frame-relay map ip 10.1.1.2 301 broadcast
R2(config-if)# frame-relay map ip 10.1.1.1 201 broadcast
R2(config-if)# frame-relay map ip 10.1.1.3 201 broadcast
R3(config-if)# frame-relay map ip 10.1.1.1 301 broadcast
R3(config-if)# frame-relay map ip 10.1.1.2 301 broadcast

4. Which two items allow the router to map data link layer addresses to network layer
addresses in a Frame Relay network? (Choose two.)
ARP
RARP
Proxy ARP
Inverse ARP
LMI status messages
ICMP

5.

Refer to the exhibit. Which two outcomes occur from the configuration shown? (Choose
two.)
The broadcasts will be forwarded to 10.1.1.1.
The router will use DLCI 22 to forward data to 10.1.1.1.
DLCI 22 will replace the MAC address in the ARP table for entry 10.1.1.1
Inverse-ARP will now add an entry for 10.1.1.1 into the Frame Relay map table using
DLCI 22.
Frames sent by 10.1.1.1 arriving on interface serial 0/0/0 of RT_1 will have a data link
layer address of 22.

6.

Refer to the exhibit. What can be determined about the Frame Relay switch from the
output shown?
It is currently not transmitting data.
It is in the process of establishing the PVC.
It has put a hold on processing frames in excess of the CIR.
It is experiencing congestion.

7.

Refer to the exhibit. What can be determined from the output?
Serial 0/0/0 has been configured with an DLCI of 201.
Serial 0/0/0 has the feature frame-relay inverse-arp enabled.
Serial 0/0/0 has been configured with an IP address of 172.16.4.3.
Serial 0/0/0 has been configured with the command frame-relay map ip 172.16.4.3
201 broadcast.

8.

Refer to the exhibit. What effect does the point-to-point configuration on subinterface
S0/0.110 have on the operation of the router?
It helps to conserve IP addresses.
It establishes multiple PVC connections to multiple physical interfaces.
It eliminates split horizon issues without increasing the likelihood of routing loops.
It requires the configuration of the encapsulation command on the subinterface.

9.

Refer to the exhibit. Which statement explains why the Frame Relay connection
between R1 and R2 is failing?
Split horizon must be disabled.
The LMI type must be specified.
Logical subinterfaces must be used instead.
The frame-relay map commands are using incorrect DLCIs.

10. What best describes the use of a data-link connection identifier (DLCI)?
local address identifying a destination router across a Frame Relay network
locally significant address used to identify a virtual circuit
logical address identifying the interface between a router and a Frame Relay switch
logical address used to identify the DCE

11.

Refer to the exhibit. Router R1 has been configured for Frame Relay connectivity to
routers R2 and R3. Which set of configuration options for routers R2 and R3 would
provide each router connectivity to R1?
R2(config)# interface serial0/0/1
R2(config-if)# frame-relay map ip 10.1.1.1 102
R3(config)# interface serial0/0/1
R3(config-if)# frame-relay map ip 10.1.2.1 103
R2(config)# interface serial0/0/1
R2(config-if)# frame-relay map ip 10.1.1.1 102
R2(config-if)# frame-relay map ip 10.1.2.3 301
R3(config)# interface serial0/0/1
R3(config-if)# frame-relay map ip 10.1.2.1 103
R3(config-if)# frame-relay map ip 10.1.1.2 201
R2(config)# interface serial0/0/1.201 point-to-point
R2(config-if)# no frame-relay invers-arp
R3(config)# interface serial0/0/1.301 point-to-point
R3(config-if)# no frame-relay invers-arp
R2(config)# interface serial0/0/1.201 point-to-point
R2(config-if)# frame-relay interface-dlci 201
R3(config)# interface serial0/0/1.301 point-to-point
R3(config-if)# frame-relay interface-dlci 301

12.

Refer to the exhibit. Frame Relay connectivity has been configured in the network and
OSPF is used as the routing protocol. Router R1 can successfully ping the router R2
serial interface. When R1 attempts to ping network 192.168.3.0/24 the ping fails.
What additional configuration should be applied on all routers to remedy the problem?
Add the broadcast keyword in the Frame Relay map command on both routers.
Issue the frame-relay interface-dlci command in addition to the frame-relay
map command on both router interfaces.
Remove the frame-relay map command and replace with the frame-relay
interface-dlci command on both router interfaces.
Apply the no frame-relay inverse-arp command on both router interfaces.

13. Which statement about Frame Relay subinterfaces is correct?
Multipoint interfaces will automatically forward routing broadcasts but will consume
more IP addresses than point-to-point subinterfaces will consume.
Point-to-point subinterfaces act like leased lines and eliminate split-horizon routing
issues.
Interfaces with multiple PVCs require a separate subinterface for each PVC.
Multipoint configurations cannot use subinterfaces.

14.

Refer to the exhibit. What can be determined about the configuration of router R1 from
the exhibited output?
LMI updates are not being received properly.
The LMI type for the Serial 0/0/0 interface has been left to its default configuration.
Cisco HDLC is used as a Layer 2 encapsulation protocol on the Serial 0/0/0 interface.
The Serial 0/0/0 interface has been configured as a data communications equipment
device.

15. What is created between two DTEs in a Frame Relay network?
ISDN circuit
limited access circuit
switched parallel circuit
virtual circuit

16. Which Frame Relay topology is a compromise of costs, reliability, and complexity
when the WAN contains one headquarters site, 40 regional sites, and several sites
within each regional site?
star
full mesh
partial mesh
point-to-multipoint
point-to-point

17.

Refer to the exhibit. A ping is sent to address 192.168.50.10 from the Peanut router.
Which DLCI will be used to send the ping?
110
115
220
225

18. What two methods does Frame Relay technology use to process frames that
contain errors? (Choose two.)
Frame Relay services depend on the upper layer protocols to handle error recovery.
It requires the receiving device to request that the sender retransmit erroneous
frames.
FECN, BECN, and DE bits are set in the frames to minimize errors.
The receiving device drops any frames that contain errors without notifying the sender.
The frame relay switch notifies the sender that errors were detected.

19.

Refer to the exhibit. Which two statements are true given the output shown? (Choose
two.)
The IP address of the local Frame Relay interface is 172.16.1.4.
The local DLCI number is 401.
Inverse ARP is being used on this connection.
This interface is in the active state and in the process of negotiating configuration
parameters.
Multicast is not enabled on this connection.

20.

Refer to the exhibit. What can be known about the configuration of router R1 from the
output?
The Frame Relay LMI DLCI has been incorrectly configured as DLCI 1023.
The Frame Relay LMI type has been changed from its default.
The Serial 0/0/0 interface has been configured as a data communications equipment
device.
The command encapsulation frame-relay ietf has been used on the Serial 0/0/0
interface.

21. What consideration must be taken into account if RIP is used on Frame Relay
multiaccess networks?
To forward routing updates, address-to-DLCI mapping must be done via the use of
the frame-relay map command coupled with the broadcast keyword.
Inverse ARP must be enabled to turn routing update broadcasts into unicast traffic that
can be propagated to other Frame Relay nodes.
Because broadcast traffic is not supported, RIPv1 cannot be implemented on Frame
Relay networks.
To forward broadcast routing updates, dynamic mapping must be enabled.

22.

Refer to the exhibit. You are a network administrator who has been tasked with
completing the Frame Relay topology that interconnects two remote sites. Router HQ
belongs to both the 172.16.1.0/24 and 172.16.2.0/24 subnets with IP addresses of
172.16.1.3 and 172.16.2.3 respectively. Traffic between R1 and R2 must travel
through HQ first. How should the serial interface on HQ be configured to complete the
topology?
one multipoint subinterface
two point-to-point subinterfaces
with the physical interface configured with two ip addresses
one IP address on a point-to-point subinterface and one IP address on the physical
interface






1. Which statement is true about the differences between a WAN and a LAN?
WANs generally support higher bandwidth than LANs support.
A WAN link typically traverses shorter geographic distances than a LAN link traverses.
A WAN often relies on the services of carriers, such as telephone or cable companies,
but a LAN does not.
All WAN implementations generally use the same Layer 2 protocol but there are many
accepted LAN Layer 2 protocols in use.

2. A U.S. company requires a WAN connection used only to transfer sales data from
individual stores to the home office. All transfers will occur after business hours. The
required bandwidth for this connection is estimated to be less than 38 kbps. Which
type of connection requires the least investment for this company?
ATM
ISDN
analog dialup
T1 Leased Line

3. What are two advantages of an analog PSTN WAN connection? (Choose two.)
low cost
availability
traffic encryption
available bandwidth
support for voice and video

4. Which WAN technology uses a fixed payload of 48 bytes and is transported across
both switched and permanent virtual circuits?
ATM
ISDN
Frame Relay
metro Ethernet

5. Which three WAN devices can be found in the cloud? (Choose three.)
ATM switches
core routers
CSU/DSU
Ethernet switches
Frame Relay switches
repeaters

6. Which term describes a device that will put data on the local loop?
DLCI
DTE
DCE
BRI
PRI

7. What is an advantage of packet-switched technology over circuit-switched
technology?
Packet-switched networks are less susceptible to jitter than circuit-switched networks
are.
Packet-switched networks can efficiently use multiple routes inside a service provider
network.
Packet-switched networks do not require an expensive permanent connection to each
endpoint.
Packet-switched networks usually experience lower latency than circuit-switched
networks experience.

8. Which statement is true about data connectivity between a customer and a service
provider?
Normally the CSU/DSU is the designated demarcation point for the service provider but
not the customer.
The segment between the demarcation point and the central office is known as the
"last mile."
The local loop is the segment between the CSU/DSU and the serial port on arouter.
Putting data on the local loop is the responsibility of the DTE.

9. A company needs a WAN connection that is capable of transferring voice, video, and
data at a minimum data rate of 155 Mbps. Which WAN connection is the best choice?
X.25
DSL
ATM
ISDN BRI
ISDN PRI

10. Which statement is true of the functionality of the layers in the hierarchical
network model?
The purpose of the access layer is to provide very high bandwidth communications
between network devices.
Most security screening to prevent unauthorized entry to the network happens at the
core layer.
Untrusted external connections are segmented from the rest of the network at all three
levels.
The distribution layer aggregates WAN connections at the edge of the campus.

11. Why is the call setup time of a circuit-switched WAN implementation considered a
drawback?
Routing protocols are incompatible with this function.
It restricts the communication sent to voice traffic only.
A telephone must be used to initially start transferring data.
Data cannot be transferred until a circuit has been established.

12. For digital lines, which device is used to establish the communications link
between the customer equipment and the local loop?
CSU/DSU
Frame Relay switch
ISDN switch
modem
PBX switch

13. Which packet-switched WAN technology offers high-bandwidth connectivity
capable of managing data, voice, and video all on the same infrastructure?
Time Division Multiplexing (TDM)
metro Ethernet
Integrated Services Digital Network (ISDN)
Public Switched Telephone Network (PSTN)

14. Which networking device is typically used to concentrate the dial-in and dial-out
traffic of multiple users to and from a network?
core router
access server
Frame Relay switch
ATM switch

15. Which two devices are commonly used as data communications equipment?
(Choose two.)
modem
router
CSU/DSU
ISDN switch
Ethernet switch

16. Which two features are identified with Frame Relay connections? (Choose two.)
53-byte cells
DLCI
DSLAM
PVC
SPID

17. Which statement about WAN protocols is correct?
ATM differs from other WAN protocols in that it uses variably sized packets.
Most WAN protocols use HDLC or a variant of HDLC as a framing mechanism.
The frame header consists of the frame check sequence and cyclic redundancy check.
ISDN differs from Frame Relay, HDLC, and ATM in that it is packet-switched rather
than circuit-switched technology.

18. Which switching type will allow the communication devices in the provider network
to be shared and only allocated to an individual subscriber during data transfer?
circuit-switched
dedicated switched lines
frame-switched
packet-switched

19. What can cause a reduction in available bandwidth on a cable broadband
connection?
smaller cells
number of subscribers
committed information rate
distance from the central office of the provider

20. What three terms are associated with ISDN PRI? (Choose three.)
cell
DLCI
circuit switching
packet switching
data bearer channels
time-division multiplexing

21. At which two layers of the OSI model does a WAN operate? (Choose two.)
Physical Layer
Data Link Layer
Network Layer
Transport Layer
Presentation Layer
Application Layer

22. What type of connectivity is established when VPNs are used from the remote site
to the private network?
PVCs
DLCIs
tunnels

Refer to the exhibit. Router R1, the DCE device, has just been configured for PPP
encapsulation with authentication. What series of commands will allow another router,
the DTE device, to communicate over its serial 0/0/0 interface to router R1?
Router(config)# hostname R3
R3(config)# username R1 password Cisco
R3(config)# interface Serial 0/0/0
R3(config-if)# encapsulation ppp
R3(config-if)# ip address 172.16.3.3 255.255.255.0
R3(config-if)# ppp authentication chap
Router(config)# hostname R3
R3(config)# username R3 password Cisco
R3(config)# interface Serial 0/0/0
R3(config-if)# encapsulation ppp
R3(config-if)# ip address 172.16.3.3 255.255.255.0
R3(config-if)# ppp authentication chap
Router (config)# username Router password Cisco
Router (config)# interface Serial 0/0/0
Router (config-if)# clockrate 64000
Router (config-if)# encapsulation ppp
Router (config-if)# ip address 172.16.3.1 255.255.255.0
Router config-if)# ppp authentication chap
Router (config)# username R1 password Cisco
Router config)# interface Serial 0/0/0
Router (config-if)# clockrate 64000
Router config-if)# encapsulation ppp
Router (config-if)# ip address 172.16.3.1 255.255.255.0
Router (config-if)# ppp authentication chap

2. Which serial communications DTE/DCE interface standard is used to provide high-
speed connectivity of up to 52 Mbps between LANs and is found on many high-end
Cisco routers?
EIA/TIA 232 (RS-232)
EIA/TIA 422 (RS-422)
EIA/TIA 423 (RS-423)
EIA/TIA-612/613 (HSSI)
ITU V.35

3. Which three statements are true regarding LCP? (Choose three.)
It is responsible for negotiating link establishment.
It negotiates options for Layer 3 protocols running over PPP.
It uses MD5 encryption while negotiating link establishment parameters.
It terminates the link upon user request or the expiration of an inactivity timer.
It can test the link to determine if link quality is sufficient to bring up the link.
It monitors the link for congestion and dynamically adjusts the acceptable window size.

4.

Refer to the exhibit. On the basis of the show interface Serial0/0 output, how many
NCP sessions have been established?
one
two
three
four

5. Which two statements are true about time-division multiplexing (TDM)? (Choose
two.)
TDM relies on Layer 3 protocols to operate.
Multiple channels can transmit over a single link.
Original data streams must be reconstructed at the destination.
TDM methods vary depending on the Layer 2 protocol that is used.
It allows information from multiple channels to be allocated bandwidth on multiple
wires.

6. Which authentication protocol can be spoofed to allow playback attacks?
MD5
CHAP
PAP
NCP

7.

Refer to the exhibit. What can be concluded about the function of the Serial 0/0/0
interface on the router after the commands are entered?
All username and password information that is sent will be encrypted.
All authentication on the serial link will be accomplished using a two-way handshake.
The Predictor algorithm will be used to compress all packets that are sent and received
on the serial link.
The serial link will be closed if the number of received packets at the destination node
falls below 90 percent of the packets that are sent.

8. Which three statements are correct about HDLC encapsulation? (Choose three.)
HDLC does not support CDP.
HDLC and PPP are compatible.
HDLC supports PAP and CHAP authentication.
HDLC implementation in Cisco routers is proprietary.
HDLC is the default serial interface encapsulation on Cisco routers.
HDLC uses frame delimiters to mark the beginnings and ends of frames.

9. What function do Network Control Protocols provide for a PPP connection?
to supply error detection
to establish and terminate data links
to provide authentication capabilities to PPP
to manage network congestion and to allow quality testing of the link
to allow multiple Layer 3 protocols to operate over the same physical link

10. What advantage does PPP have over HDLC for serial communications?
It can communicate more efficiently with other Cisco devices
It is less complex to configure
It has less Layer 2 overhead
It supports authentication

11.

Refer to the exhibit. What statement is true regarding the output shown?
LCP is in the process of negotiating a link.
LCP and NCP are waiting for CHAP authentication to complete.
LCP negotiation has been successful, but NCP negotiation is in progress.
Data is able to flow across this link.

12.

Refer to the exhibit. What statement is true regarding the output shown?
NCP has successfully negotiated.
The PAP passwords did not match, so the routers are trying CHAP authentication.
One router has suggested PAP authentication, and the other has accepted
authentication but suggested CHAP authentication.
One router can only use PAP authentication while the other router can only use CHAP,
so the connection has been rejected.

13. Which three statements correctly describe PPP authentication? (Choose three.)
PAP sends passwords in clear text.
PAP uses a 3-way handshake to establish a link.
PAP provides protection from repeated trial-and-error attacks.
CHAP uses a 2-way handshake to establish a link.
CHAP uses a challenge/response that is based on the MD5 hash algorithm.
CHAP uses repeated challenges for verification.

14.

Refer to the exhibit. While troubleshooting a serial interface, a technician enters the
command show interface serial 0/0/0 . If the interface is in DCE mode, what two
problems are likely to cause the indicated problem? (Choose two.)
The remote CSU or DSU has failed.
The router is not sensing a CD signal.
A timing problem has occurred on the cable.
The line is not physically connected to the CSU/DSU.
The router configuration contains the shutdown interface configuration command.

15. Why are serial connections preferred over parallel connections for long
transmission lengths?
Parallel connections do not support error checking.
Parallel connections are subject to excessive attenuation.
Parallel connections are subject to clock skew and to crosstalk between wires.
Parallel connections transmit over only two wires and therefore transmit data more
slowly.

16.

Refer to the exhibit. Which two statements are true regarding the output shown?
(Choose two.)
The router has agreed on IP parameters.
The router has negotiated LCP successfully.
The router is negotiating IP compression options.
The router is requesting an IP address from its peer.
The router has accepted IP but not the suggested IP options.

17. What does the demarcation point represent in data communication physical
circuits?
DTE/DCE interface on the device connecting to the Internet
location of the firewall or router
physical point at which the public network ends and the private customer network
begins
tag assigned to the physical block where a cross-connect occurs

18.

Refer to the exhibit. Which statement is true about PPP operation?
Layer 2 is down.
LCP, IPCP, and CDPCP negotiations are in progress.
Only the link-establishment phase completed successfully.
Both the link-establishment and network-layer phase completed successfully.

19. Which two options can LCP negotiate? (Choose two.)
link quality
authentication
dynamic flow control
compression and network layer address for IP
connection-oriented or connectionless communication methods

20. Which PPP configuration option can be used to establish load balancing over the
interfaces of a router?
callback
multilink
compression
error detection

21.

Refer to the exhibit. Router R1 is not able to communicate with a neighbor router that
is directly connected to serial 0/0/0. What is the reason for this?
Interface Serial0/0/0 resets very frequently.
PPP LQM has shutdown the serial interface.
The serial interface has no input or output queues available.
The serial interface is not configured for a Layer 2 protocol.
The interface has been administratively shutdown with the shutdown command.
1. Which two statements are true regarding network security? (Choose two.)
Securing a network against internal threats is a lower priority because company
employees represent a low security risk.
Both experienced hackers who are capable of writing their own exploit code and
inexperienced individuals who download exploits from the Internet pose a serious
threat to network security.
Assuming a company locates its web server outside the firewall and has adequate
backups of the web server, no further security measures are needed to protect the
web server because no harm can come from it being hacked.
Established network operating systems like UNIX and network protocols like TCP/IP
can be used with their default settings because they have no inherent security
weaknesses.
Protecting network devices from physical damage caused by water or electricity is a
necessary part of the security policy.

2. Which two statements are true about network attacks? (Choose two.)
Strong network passwords mitigate most DoS attacks.
Worms require human interaction to spread, viruses do not.
Reconnaissance attacks are always electronic in nature, such as ping sweeps or port
scans.
A brute-force attack searches to try every possible password from a combination of
characters.
Devices in the DMZ should not be fully trusted by internal devices, and communication
between the DMZ and internal devices should be authenticated to prevent attacks such
as port redirection.

3. Users are unable to access a company server. The system logs show that the server
is operating slowly because it is receiving a high level of fake requests for service.
Which type of attack is occurring?
reconnaissance
access
DoS
worm
virus
Trojan horse

4.

Refer to the exhibit. What is the purpose of the "ip ospf message-digest-key 1 md5
cisco" statement in the configuration?
to specify a key that is used to authenticate routing updates
to save bandwidth by compressing the traffic
to enable SSH encryption of traffic
to create an IPsec tunnel

5. What are three characteristics of a good security policy? (Choose three.)
It defines acceptable and unacceptable use of network resources.
It communicates consensus and defines roles.
It is developed by end users.
It is developed after all security devices have been fully tested.
It defines how to handle security incidents.
It should be encrypted as it contains backups of all important passwords and keys.

6. Intrusion detection occurs at which stage of the Security Wheel?
securing
monitoring
testing
improvement
reconnaissance

7. Which two objectives must a security policy accomplish? (Choose two.)
provide a checklist for the installation of secure servers
describe how the firewall must be configured
document the resources to be protected
identify the security objectives of the organization
identify the specific tasks involved in hardening a router

8. Which two statements define the security risk when DNS services are enabled on
the network? (Choose two.)
By default, name queries are sent to the broadcast address 255.255.255.255.
DNS name queries require the ip directed-broadcast command to be enabled on the
Ethernet interfaces of all routers.
Using the global configuration command ip name-server on one router enables the
DNS services on all routers in the network.
The basic DNS protocol does not provide authentication or integrity assurance.
The router configuration does not provide an option to set up main and backup DNS
servers.

9.

Refer to the exhibit. Security Device Manager (SDM) has been used to configure a
required level of security on the router. What would be accomplished when the SDM
applies the next step on the security problems that are identified on the router?
SDM will automatically invoke the AutoSecure command.
SDM will generate a report that will outline the proper configuration actions to alleviate
the security issues.
SDM will create a configuration file that can be copy and pasted into the router to
reconfigure the services.
SDM will reconfigure the services that are marked in the exhibit as fix it to apply the
suggested security changes.

10. An IT director has begun a campaign to remind users to avoid opening e-mail
messages from suspicious sources. Which type of attack is the IT director trying to
protect users from?
DoS
DDoS
virus
access
reconnaissance

11. What are two benefits of using Cisco AutoSecure? (Choose two.)
It gives the administrator detailed control over which services are enabled or disabled.
It offers the ability to instantly disable non-essential system processes and services.
It automatically configures the router to work with SDM.
It ensures the greatest compatibility with other devices in your network.
It allows the administrator to configure security policies without having to understand
all of the Cisco IOS software features.

12. Which statement is true about Cisco Security Device Manager (SDM)?
SDM can run only on Cisco 7000 series routers.
SDM can be run from router memory or from a PC.
SDM should be used for complex router configurations.
SDM is supported by every version of the Cisco IOS software.

13. The Cisco IOS image naming convention allows identification of different versions
and capabilities of the IOS. What information can be gained from the filename c2600-
d-mz.121-4? (Choose two.)
The "mz" in the filename represents the special capabilities and features of the IOS.
The file is uncompressed and requires 2.6 MB of RAM to run.
The software is version 12.1, 4th revision.
The file is downloadable and 121.4MB in size.
The IOS is for the Cisco 2600 series hardware platform.

14.

Refer to the exhibit. The network administrator is trying to back up the Cisco IOS
router software and receives the output shown. What are two possible reasons for this
output? (Choose two.)
The Cisco IOS file has an invalid checksum.
The TFTP client on the router is corrupt.
The router cannot connect to the TFTP server.
The TFTP server software has not been started.
There is not enough room on the TFTP server for the software.

15. The password recovery process begins in which operating mode and using what
type of connection? (Choose two.)
ROM monitor
boot ROM
Cisco IOS
direct connection through the console port
network connection through the Ethernet port
network connection through the serial port

16.

Refer to the exhibit. Security Device Manager (SDM) is installed on router R1. What is
the result of opening a web browser on PC1 and entering the
URLhttps://192.168.10.1?
The password is sent in plain text.
A Telnet session is established with R1.
The SDM page of R1 appears with a dialog box that requests a username and
password.
The R1 home page is displayed and allows the user to download Cisco IOS images and
configuration files.

17.

Refer to the exhibit. A network administrator is trying to configure a router to use
SDM, but it is not functioning correctly. What could be the problem?
The privilege level of the user is not configured correctly.
The authentication method is not configured correctly.
The HTTP server is not configured correctly.
The HTTP timeout policy is not configured correctly.

18. Which step is required to recover a lost enable password for a router?
Set the configuration register to bypass the startup configuration.
Copy the running configuration to the startup configuration.
Reload the IOS from a TFTP server from ROMMON.
Reconfigure the router using setup mode.

19. What is the best defense for protecting a network from phishing exploits?
Schedule antivirus scans.
Schedule antispyware scans .
Schedule training for all users.
Schedule operating systems updates.

20. Which two conditions should the network administrator verify before attempting to
upgrade a Cisco IOS image using a TFTP server? (Choose two.)
Verify the name of the TFTP server using the show hosts command.
Verify that the TFTP server is running using the tftpdnld command.
Verify that the checksum for the image is valid using the show version command.
Verify connectivity between the router and TFTP server using the ping command.
Verify that there is enough flash memory for the new Cisco IOS image using theshow
flash command.

21.

Refer to the exhibit. What is accomplished when both commands are configured on the
router?
The commands filter UDP and TCP traffic coming to the router.
The commands disable any TCP or UDP request sent by the routing protocols.
The commands disable the services such as echo, discard, and chargen on the router
to prevent security vulnerabilities.
The commands disable the BOOTP and TFTP server services to prevent security
vulnerabilities.

22. Which two statements regarding preventing network attacks are true? (Choose
two.)
The default security settings for modern server and PC operating systems can be
trusted to have secure default security settings.
Intrusion prevention systems can log suspicious network activity, but there is no way
to counter an attack in progress without user intervention.
Physical security threat mitigation consists of controlling access to device console
ports, labeling critical cable runs, installing UPS systems, and providing climate control.
Phishing attacks are best prevented by firewall devices.
Changing default usernames and passwords and disabling or uninstalling unnecessary
services are aspects of device hardening.

!!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- .%/$$+0 #*+'+12 "! +3 $/+4+12 '%/134/'+(1- 5)/' 6/%' ($
')# 0(1$+27%/'+(1 +3 8(3' 4+9#4: +10(%%#0';
+6 1/' 6((4 -)%)*.*$)
/00#33<4+3' -)%)*.*$)
+6 1/' +13+=# /- 0$ )'* 1+0$2 /$)*+3%#*
/$)*+3%#* -45456 -'0789 :* % (+/;%)* <= %99+*--
>!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- 5)/' +3 ')# 67%6(3# ($ ')# 0(88/1= 8/%9#= ?+') /1
/%%(? 3)(?1 +1 ')# 6/%'+/4 0(1$+27%/'+(1 (7'67' ($ / @+30( ,%(/=,/1=
%(7'#%;
9*3/$*- 1'/#' %99+*--*- #%$ :* )+%$-8%)*9
9*3/$*- 1'/#' %99+*--*- %+* %8801*9 /$)0 )'* +07)*+
9*3/$*- 1'/#' %99+*--*- %+* %--/2$*9 )0 % >?@ (008
9*3/$*- 1'/#' %99+*--*- %+* %8801*9 07) 03 )'* +07)*+

A! B(? 8/1: ,+'3 ($ /1 CDEF /==%#33 /%# 73#= '( +=#1'+$: ')# +1'#%$/0# CG;
A6
&B
C&
D6B
H!

##$% & #'%()*+ , %$-1*+-
"#$#% '( ')# #*)+,+'- B(? 8/1: CDEF ,%(/=0/3' =(8/+13 #*+3' +1 ')+3
'(6(4(2:;
4
D
6
A
&
I!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- 5)+0) '?( /==%#33#3 0(74= ,# /33+21#= '( '%/$$+0
4#/E+12 JK /3 / %#374' ($ ')# 3'/'#8#1' +6 1/' 6((4 ./86/ !LM-M-N-MF
!LM-M-N-!!! 1#'8/39 >II->II->II->HK; O@)((3# '?(-P
D4!4!4!D6E
D,F!F!B!FE
D,F!F!B!FB
D,F!F!B!D4D
D,F!F!B!DD6
F!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- Q 1#'?(%9 '#0)1+0+/1 =#'#%8+1#3 GB@D 04+#1'3 /%#
1(' ?(%9+12 6%(6#%4:- .)# 04+#1'3 /%# %#0#+E+12 CD 0(1$+27%/'+(1
+1$(%8/'+(1 $%(8 / GB@D 3#%E#% 0(1$+27%#= (1 ')# %(7'#% ,7'
0/11(' /00#33 ')# C1'#%1#'- R%(8 ')# (7'67' +1 ')# 2%/6)+0S ?)/' +3 ')#
8(3' 4+9#4: 6%(,4#8;
@'* GHI= -*+;*+ -*+;/#* /- $0) *$%:8*9!
@'* /$-/9* /$)*+3%#* 30+ GIH= /- $0) 9*3/$*9!
@'* GHI= (008 /- $0) :07$9 )0 )'* /$)*+3%#*!
@'* (008 90*- $0) '%;* % 9*3%78) +07)*+ 9*3/$*9 30+ )'* #8/*$)-!
?88 )'* '0-) %99+*--*- '%;* :**$ *J#879*9 3+0. )'* GHI= (008!
L! T(7% (%2/1+U/'+(1 +3 +337#= ')# CDEF 6%#$+* ($ >KK!VKKKKV!AKRVVWHN ,:
:(7% 3#%E+0# 6%(E+=#%- 5+') ')+3 6%#$+*S )(? 8/1: ,+'3 /%# /E/+4/,4# $(%
:(7% (%2/1+U/'+(1 '( 0%#/'# 37,1#'?(%93;
B
DC
B4
D6B
N! Q$'#% /0'+E/'+12 CDEF %(7'+12 (1 / @+30( %(7'#% /1= 6%(2%/88+12 CDEF
/==%#33#3 (1 874'+64# +1'#%$/0#3S ?)/' +3 ')# %#8/+1+12 3'#6 '( /0'+E/'#
"CD12;
K$)*+ )'* /$)*+3%#* (+02+%../$2 .09* 30+ *%#' <=;C /$)*+3%#* %$9 *$%:8* <=$2 L<=!
K$)*+ )'* +6EF %(7'#% %+6 1/8# #0..%$9 %$9 )'*$ 7-* $*)10+M -)%)*.*$)- )0
%#)/;%)* L<=$2 0$ )'* /$)*+3%#*-!
K$)*+ )'* %(7'#% %+6 #0..%$9N %$9 )'*$ %#)/;%)* L<=$2 7-/$2
)'* E#%3+(1 #0..%$9! L<=$2 )'*$ %7)0.%)/#%88O +7$- 0$ %88 <=;C /$)*+3%#*-!
K$)*+ )'* /$)*+3%#* (+02+%../$2 .09* 30+ *%#' <=;C /$)*+3%#* %$9 *$%:8* )'*
.78)/#%-) 2+07( PP46QQFN %$9 )'*$ %#)/;%)* L<=$2 280:%88O 7-/$2 )'* +6EF %(7'#% %+6
1/8##0..%$9!
M!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- CDEF /==%#33 >KKFV!VV!WFH #7+<FH )/3 ,##1 0(1$+27%#=
(1 ')# %(7'#% R/3'X')#%1#'KWK +1'#%$/0#- 5)+0) 3'/'#8#1' /007%/'#4:
=#30%+,#3 ')# XYC<FH +=#1'+$+#% 0(1$+27%/'+(1;
<) 1/88 +%$90.8O 2*$*+%)* % C& :/) /$)*+3%#* <G!
<) 1/88 %--/2$ %$ %99+*-- 3+0. )'* (008 03 <=;C (+/;%)* %99+*--*- )0 )'* /$)*+3%#*!
<) 1/88 %--/2$ 0$8O )'* +*2/-)+O (+*3/J 03 )'* <=;C R80:%8 S$/#%-) %99+*-- )0 )'*
/$)*+3%#*!
@'* #0$3/27+%)/0$ 1/88 9*+/;* )'* /$)*+3%#* (0+)/0$ 03 )'* <=;C %99+*-- 3+0. )'* T?I
%99+*-- 03 )'* /$)*+3%#*!
!K! 5)/' +3 '%7# %#2/%=+12 ')# =+$$#%#10#3 ,#'?##1 ZQ. /1= DQ.;
PAT uses the word overload at the end of the accessU8/-) -)%)*.*$) )0 -'%+* % -/$28*
+*2/-)*+*9 %99+*--!
V)%)/# >?@ %8801- %$ 7$+*2/-)*+*9 %99+*-- )0 .%( )0 .78)/(8* +*2/-)*+*9 %99+*--*-!
GO$%./# >?@ %8801- '0-)- )0 +*#*/;* )'* -%.* 280:%8 %99+*-- *%#' )/.* *J)*+$%8
%##*-- /- +*W7/+*9!
=?@ 7-*- 7$/W7* -07+#* (0+) $7.:*+- )0 9/-)/$27/-' :*)1**$ )+%$-8%)/0$-!
!!!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- .)# R.D 3#%E#% )/3 /1 "R@ !M!N 6%+E/'# /==%#33-
Y3#%3 (1 ')# C1'#%1#' 1##= '( 0(11#0' '( ')# R.D 3#%E#% (1 ')# R/KWK [QZ
($ "!- 5)+0) ')%## 0(1$+27%/'+(13 873' ,# 0(864#'#= (1 "!; O@)((3#
')%##-P
9O$%./# >?@
>?@ 1/)' 0;*+80%9/$2
0(*$ (0+) 64
0(*$ (0+) 6D
0(*$ (0+) 6A
>?@ 1/)' (0+) 30+1%+9/$2
!>!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- \1 ')# ,/3+3 ($ ')# 0(1$+27%/'+(1 3)(?1S )(? 3)(74=
')#6((4 ($ ')# #*047=#= /==%#33#3 ,# /33+21#= '( 9#: )(3'3 (1 ')# 1#'?(%9S
370) /3 %(7'#% +1'#%$/0#3S 6%+1'#%3S /1= 3#%E#%3;
@'* %99+*--*- %+* -)%)/#%88O %--/2$*9 :O )'* $*)10+M %9./$/-)+%)0+!
@'* GHI= -*+;*+ 9O$%./#%88O %--/2$- )'* %99+*--*-!
@'* %99+*--*- .7-) :* 8/-)*9 7$9*+ )'* GHI= (008 03 %99+*--*- :*30+* )'*O %+*
%;%/8%:8* 30+ -)%)/# %--/2$.*$)!
@'* %99+*--*- .7-) :* 8/-)*9 7$9*+ )'* GHI= (008 03 %99+*--*- :*30+* )'*O %+*
%;%/8%:8* 30+ 9O$%./# %--/2$.*$)!
!A!

##$% & #'%()*+ , %$-1*+-
"#$#% '( ')# #*)+,+'- Q '#0)1+0+/1 73#= JG] '( #1'#% ')# ZQ. 0(1$+27%/'+(1
$(% / @+30( %(7'#%- 5)+0) 3'/'#8#1' 0(%%#0'4: =#30%+,#3 ')# %#374' ($ ')#
0(1$+27%/'+(1;
? 7-*+ 0$ )'* /$-/9* -**- 1*: )+%33/# #0./$2 3+0. DF6!DCB!D!A 7-/$2 (0+) B4B4!
@'* %99+*-- D,6!DC!D!D /- )+%$-8%)*9 /$)0 %$ %99+*-- 3+0. )'* (008 :*2/$$/$2 1/)'
DF6!DCB!D!A!
? 7-*+ 0$ )'* 07)-/9* $*)10+M -**- % +*W7*-) %99+*--*9 3+0. DF6!DCB!D!A 7-/$2 (0+) B4!
? 7-*+ 0$ )'* 07)-/9* .7-) %99+*-- )+%33/# )0 (0+) B4B4 )0 +*%#' )'* %99+*-- D,6!DC!D!D!
!H!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- Q00(%=+12 '( ')# (7'67'S )(? 8/1: /==%#33#3 )/E#
,##1 3700#33$744: /33+21#= (% %#1#?#= ,: ')+3 GB@D 3#%E#%;
D
C
,
B
F
!I! 5)/' /%# '?( ,#1#$+'3 ($ ZQ.; O@)((3# '?(-P
<) -%;*- (7:8/# <= %99+*--*-!
<) %99- % 9*2+** 03 (+/;%#O %$9 -*#7+/)O )0 % $*)10+M!
<) /$#+*%-*- +07)/$2 (*+30+.%$#*!
<) .%M*- )+07:8*-'00)/$2 +07)/$2 /--7*- *%-/*+!
<) .%M*- )7$$*8/$2 1/)' <=-*# 8*-- #0.(8/#%)*9!
!F!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- "! +3 6#%$(%8+12 ZQ. $(% ')# !K-!-!-KW>H 1#'?(%9S /1=
"> +3 6#%$(%8+12 ZQ. $(% ')# !M>-!FN-!->W>H 1#'?(%9- 5)/' ?(74= ,# E/4+=
=#3'+1/'+(1 CD /==%#33 $(% B(3'Q '( 67' +1 +'3 CD )#/=#% ?)#1
0(8871+0/'+12 ?+') ')# ?#, 3#%E#%;
D4!D!D!D
D,6!A4!64!6
DF6!DCB!D!6
6EE!6EE!6EE!6EE
!L!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- 5)+0) '?( 3'/'#8#1'3 /,(7' ')# 0(1$+27%/'+(1 /%#
'%7#; O@)((3# '?(-P
@+%33/# 3+0. )'* D4!D!D!4 $*)10+M 1/88 :* )+%$-8%)*9!
@+%33/# 3+0. )'* 64F!DCE!644!4 $*)10+M 1/88 :* )+%$-8%)*9!
=*+./))*9 )+%33/# 2*)- )+%$-8%)*9 )0 % -/$28* /$-/9* 280:%8 <= %99+*--!
? (008 03 /$-/9* 280:%8 <= %99+*--*- 3+0. )'* D4!D!D!4 $*)10+M 1/88 :* 7-*9 30+
)+%$-8%)/0$!
KJ)*+$%8 7-*+- 3+0. )'* 64F!DCE!644!4 $*)10+M #%$ +*%#' (+/;%)* %99+*--*- 0$ )'*
D4!D!D!4 %$9 D4!D!6!4 $*)10+M-!
!N! 5)/' ':6# ($ ZQ. 3)(74= / 1#'?(%9 /=8+1+3'%/'(% 73# '( #137%# ')/' /
?#, 3#%E#% (1 ')# +13+=# 1#'?(%9 +3 /4?/:3 /E/+4/,4# '( ')# (7'3+=#
1#'?(%9;
>?@ 0;*+80%9
-)%)/# >?@
9O$%./# >?@
=?@
!M!

##$% & #'%()*+ ,
"#$#% '( ')# #*)+,+'- 5)+0) /==%#33 (% /==%#33#3 %#6%#3#1' ')# +13+=#
24(,/4 /==%#33;
D4!D!D!6
DF6!DCB!4!D44
64F!DCE!64!6E
%$O %99+*-- /$ )'* D4!D!D!4 $*)10+M
>K! Q '#0)1+0+/1 )/3 ,##1 '(4= ,: / 376#%E+3(% '( /4?/:3 04#/% /1: =:1/8+0
'%/134/'+(13 ,#$(%# /''#86'+12 '( '%(7,4#3)((' / $/+4#= ZQ. 0(11#0'+(1-
5): )/3 ')# 376#%E+3(% +337#= ')#3# +13'%70'+(13;
@'* -7(*+;/-0+ 1%$)- )0 #8*%+ %$O #0$3/9*$)/%8 /$30+.%)/0$ )'%) .%O :* -**$ :O )'*
)*#'$/#/%$!
X*#%7-* *$)+/*- #%$ :* #%#'*9 30+ 80$2 (*+/09- 03 )/.*N )'* -7(*+;/-0+ 1%$)- )0 (+*;*$)
9*#/-/0$- :*/$2 .%9* :%-*9 0$ 089 9%)%!
@'* )+%$-8%)/0$ )%:8* .%O :* 3788 %$9 /- 7$%:8* )0 .%M* $*1 )+%$-8%)/0$- 7$)/8 -(%#* /-
%;%/8%:8*!
I8*%+/$2 )'* )+%$-8%)/0$- #%7-*- )'* -)%+)/$2 #0$3/27+%)/0$ )0 :* +*+*%9 %$9 .%O #0++*#)
)+%$-8%)/0$ (+0:8*.- )'%) '%;* 0##7++*9!
>!! Q 1#'?(%9 /=8+1+3'%/'(% ?/1'3 '( 0(11#0' '?( CDEF +34/1=3- .)# #/3+#3'
?/: +3 ')%(72) / 67,4+0 1#'?(%9 ')/' 73#3 (14: CDEH #^7+68#1'- 5)/'
3+864# 3(47'+(1 3(4E#3 ')# 6%(,4#8;
L*(8%#* )'* 9*;/#*- 0$ )'* (7:8/# $*)10+M 1/)' 9*;/#*- )'%) -7((0+) <=;C!
I0$3/27+* L<=$2 0$ )'* :0+9*+ +07)*+- 03 *%#' <=;C /-8%$9!
I0$3/27+* )'* +07)*+- )0 )%M* %9;%$)%2* 03 97%8U-)%#M )*#'$0802O!
S-* )7$$*8/$2 )0 *$#%(-78%)* )'* <=;C )+%33/# /$ )'* <=;& (+0)0#08!

!! 5)/' 0(8,+1/'+(1 ($ CD /==%#33 /1= ?+4=0/%= 8/39 3)(74= ,# 73#= '(
36#0+$: (14: ')# 4/3' N /==%#33#3 +1 ')# 37,1#' !M>-!FN-A-A>W>N;
DF6!DCB!A!A6 4!4!4!,
DF6!DCB!A!A6 4!4!4!DE
DF6!DCB!A!&4 4!4!4!,
DF6!DCB!A!&4 4!4!4!DE
>! X*0#33+E# ,%(/=0/3'3 /%# 2#1#%/44: / 3:86'(8 ($ / 6%(,4#8 /' ?)+0)
4/:#%;
('O-/#%8
9%)% 8/$M
$*)10+M
)+%$-(0+)

A!
"#$#% '( ')# #*)+,+'- 5)+0) ')%## 6+#0#3 ($ +1$(%8/'+(1 0/1 ,# =#'#%8+1#=
,: /1/4:U+12 ')# (7'67' 3)(?1; O@)((3# ')%##-P
? #%++/*+ 9*)*#) -/2$%8 /- (+*-*$)!
Y**(%8/;*- %+* :*/$2 +*#*/;*9 -7##*--3788O!
G*3%78) *$#%(-78%)/0$ /- 7-*9 0$ )'/- -*+/%8 8/$M!
=%#M*)- (%--/$2 )'/- /$)*+3%#* #%$$0) *J#**9 D YX /$ -/Z*!
@'* +*8/%:/8/)O 03 )'/- 8/$M /- ;*+O 801!
@'* [I= $*20)/%)/0$ ('%-* /- #0.(8*)*!
H! Q 1#'?(%9 /=8+1+3'%/'(% )/3 %#0#+E#= 0(864/+1'3 ')/' 73#%3 (1 / 4(0/4
[QZ 0/1 %#'%+#E# #<8/+4 $%(8 / %#8('# #<8/+4 3#%E#% ,7' /%# 71/,4# '(
(6#1 ?#, 6/2#3 (1 ')# 3/8# 3#%E#%- J#%E+0#3 /' ?)+0) '?( 4/:#%3 ($ ')# \JC
8(=#4 3)(74= ,# +1E#3'+2/'#= =7%+12 ')# '%(7,4#3)(('+12 6%(0#33; O@)((3#
'?(-P
('O-/#%8 8%O*+
9%)% 8/$M 8%O*+
$*)10+M 8%O*+
)+%$-(0+) 8%O*+
%((8/#%)/0$ 8%O*+
I! 5)#1 2/')#%+12 3:86'(83 $(% '%(7,4#3)(('+12 / 1#'?(%9 6%(,4#8S
?)+0) 3'#6 0(74= %#374' +1 2#''+12 /1 #*'#%1/4 /=8+1+3'%/'(% +1E(4E#= +1 ')#
6%(0#33;
$%++01/$2 )'* -#0(*
2%)'*+/$2 -O.()0.- 3+0. -7-(*#) 9*;/#*-
%$%8OZ/$2 *J/-)/$2 -O.()0.-
9*)*+./$/$2 01$*+-'/(
F! X10/6374/'+(1 #%%(%3 $%(8 8+38/'0)#= 5QZ 6%('(0(43 (1 / 3#%+/4 4+19
,#'?##1 '?( %(7'#%3 +1=+0/'# / 6%(,4#8 /' ?)+0) \JC 4/:#%;
('O-/#%8
9%)% 8/$M
$*)10+M
)+%$-(0+)
L!
"#$#% '( ')# #*)+,+'- Y3#%3 /' _%/10) _ /%# %#6(%'+12 '%(7,4# /00#33+12 /
0(%6(%/'# ?#,3+'# %711+12 (1 / 3#%E#% ')/' +3 4(0/'#= /' B`- B` /1=
_%/10) Q 73#%3 0/1 /00#33 ')# ?#,3+'#- "A +3 /,4# '( 6+12 !K-!K-!K-!
3700#33$744: ,7' 1(' !K-!K-!K->- .)# 73#%3 /' _%/10) _ 0/1 /00#33 3#%E#%3 /'
_%/10) Q- 5)+0) '?( 3'/'#8#1'3 /%# '%7# /,(7'')# '%(7,4#3)(('+12
#$$(%'3; O@)((3# '?(-P
@'* 1*: -*+;*+ -'0789 :* )*-)*9 30+ %$ %((8/#%)/0$ 8%O*+ (+0:8*.!
P+%.* L*8%O %) LA %$9 L6 -'0789 :* )*-)*9 )0 $%++01 )'* -#0(* 03 )'* (+0:8*.!
@'* 3%#) )'%) 7-*+- %) X+%$#' ? %+* 10+M/$2 $0+.%88O (+0;*- )'%) )'*+* /- $0 (+0:8*.
%) L6!
?$ ?I[ *$)+O *++0+ #0789 #%7-* )'* 3%/87+* %) [%O*+ & /$ */)'*+ LA 0+ L6!
@'* -7##*--378 (/$2 3+0. LA )0 LD (+0;*- )'%) )'* \?> /- 37$#)/0$/$2 $0+.%88O!
@'*+*30+*N )'* (+0:8*. '%- )0 :* /$ )'* 7((*+ 8%O*+-!
N! 5)+0) '%(7,4#3)(('+12 /66%(/0) +3 3722#3'#= $(% =#/4+12 ?+') /
0(864#* 6%(,4#8 ')/' +3 3736#0'#= ($ ,#+12 0/73#= ,: $/74': 1#'?(%9
0/,4+12;
:0))0. 7(
)0( 901$
9/;/9* %$9 #0$W7*+
./998* 07)
M! Y3#%3 /%# 0(864/+1+12 ($ E#%: 4(12 ?/+' '+8#3 '( /00#33 %#3(7%0#3 (1 ')#
1#'?(%9- .)# 3)(? +1'#%$/0# #0..%$9 +*;*%8- #088/-/0$ #07$)- 3%+ %:0;* )'*
$*)10+M :%-*8/$*! ?) 1'/#' ]V< 8%O*+ -'0789 )'* %9./$/-)+%)0+ :*2/$ )+07:8*-'00)/$2^
%((8/#%)/0$
)+%$-(0+)
$*)10+M
9%)% 8/$M
('O-/#%8
!K!
"#$#% '( ')# #*)+,+'- Y3#%3 (1 ')# C1'#%1/4 [QZ /%# 71/,4# '( 0(11#0' '(
')# ??? 3#%E#%- .)# 1#'?(%9 /=8+1+3'%/'(% 6+123 ')# 3#%E#% /1= E#%+$+#3
')/' ZQ. +3 $710'+(1+12 0(%%#0'4:- 5)+0) \JC 4/:#% 3)(74=
')# /=8+1+3'%/'(% ,#2+1 '( '%(7,4#3)((' 1#*';
('O-/#%8
9%)% 8/$M
$*)10+M
%((8/#%)/0$
!!! 5)+0) '?( 3'/'#8#1'3 /%# '%7# 0(10#%1+12 4(2+0/4 1#'?(%9+12 8(=#43;
O@)((3# '?(-P
@I=5<= -(8/)- )'* 801*-) 8%O*+ 03 )'* ]V< .09*8 /$)0 )10 -*(%+%)* 8%O*+-!
@'* )0( 8%O*+ 03 )'* @I=5<= .09*8 #0.:/$*- )'* 37$#)/0$- 03 )'* )0( )'+** ]V< 8%O*+-!
@+07:8*-'00)/$2 1/)' )'* @I=5<= .09*8 +*W7/+*- 9/33*+*$) )*#'$/W7*- )'%$ 1/)' )'*
]V< .09*8!
@'* $*)10+M %##*-- 8%O*+ /- +*-(0$-/:8* 30+ *J#'%$2/$2 (%#M*)- :*)1**$ 9*;/#*- 0$ %
@I=5<= $*)10+M!
@'* <$)*+$*) 8%O*+ (+0;/9*- #0..7$/#%)/0$ :*)1**$ %((8/#%)/0$-N -7#' %- P@=N H@@=N
%$9 VT@= 0$ -*(%+%)* '0-)-!
@'* @I=5<= $*)10+M %##*-- 8%O*+ #0++*-(0$9- )0 )'* ]V< ('O-/#%8 %$9 9%)% 8/$M 8%O*+-!
!>!
"#$#% '( ')# #*)+,+'- 5)+0) '?( 3'#63 3)(74= ,# '/9#1 =7%+12 ')# 6%(0#33 ($
0%#/'+12 1#'?(%9 =(078#1'/'+(1; O@)((3# '?(-P
L*#0+9 )'* /$30+.%)/0$ %:07) )'* 9*;/#*- 9/-#0;*+*9 /$ )'* I%.(7- $*)10+M 0$8O!
L*#0+9 )'* /$30+.%)/0$ %:07) )'* 9*;/#*- 9/-#0;*+*9 /$ )'* *$)/+* $*)10+MN /$#879/$2
)'* +*.0)* 80#%)/0$-!
@+%$-3*+ %$O /$30+.%)/0$ %:07) )'* 9*;/#*- 3+0. )'* $*)10+M #0$3/27+%)/0$ )%:8* )'%)
#0++*-(0$9- )0 % #0.(0$*$) 03 )'* )0(0802O 9/%2+%.!
@+%$-3*+ 0$8O )'* [%O*+ 6 %$9 [%O*+ A /$30+.%)/0$ %:07) )'* 9*;/#*- 3+0. )'* $*)10+M
#0$3/27+%)/0$ )%:8* )'%) #0++*-(0$9- )0 % #0.(0$*$) 03 )'* )0(0802O 9/%2+%.!
@+%$-3*+ )'* +*#0+9*9 /$30+.%)/0$ %:07) )'* 9*;/#*- 3+0. )'* $*)10+M #0$3/27+%)/0$
)%:8* 2%)'*+*9 97+/$2 (*%M $*)10+M 7)/8/Z%)/0$ )'%) #0++*-(0$9- )0 % #0.(0$*$) 03 )'*
)0(0802O 9/%2+%.!
!A! 5)/' +3 (1# #*/864# ($ / 6):3+0/4 4/:#% 6%(,4#8;
/$#0++*#) *$#%(-78%)/0$
/$#0++*#) V@= #0$3/27+%)/0$
/$#0++*#) ?L= .%((/$2
/$#0++*#) #80#M +%)*
!H! @4+#1'3 /0%(33 ')# 0(86/1: /%# %#6(%'+12 6((% 6#%$(%8/10# /0%(33 /44
0(%6(%/'# /664+0/'+(13 %711+12 +1 ')# =/'/ 0#1'#%- C1'#%1#' /00#33 /1=
/664+0/'+(13 %711+12 /0%(33 ')# 0(%6(%/'# 5QZ /%# 6#%$(%8+12 1(%8/44:-
.)# 1#'?(%9 /=8+1+3'%/'(% (,3#%E#3 / 0(1'+17/4 ,%(/=0/3' ($ %/1=(8
8#/1+124#33 '%/$$+0 Oa/,,#%P (1 ')# /664+0/'+(1 3#%E#% [QZ +1 ')# =/'/
0#1'#% (1 / 6%('(0(4 /1/4:U#%- B(? 3)(74= ')# /=8+1+3'%/'(% 3'/%'
'%(7,4#3)(('+12;
@'* _%::*+ /$ )'* 9%)% #*$)*+ /$9/#%)*- % 80#%8 ('O-/#%8 8%O*+ (+0:8*.! S-* )'* (+0)0#08
%$%8OZ*+ )0 9*)*+./$* )'* -07+#* 03 )'* _%::*+N %$9 )'*$ #'*#M 30+ % +*#*$) ><I 9+/;*+
7(9%)* 0+ :%9 #%:8/$2!
X*#%7-* %88 #8/*$)- %+* *J(*+/*$#/$2 %((8/#%)/0$ (+0:8*.-N )'* %9./$/-)+%)0+ -'0789 7-*
% )0(U901$ %((+0%#' 1/)' )'* %((8/#%)/0$ -*+;*+- /$ )'* 9%)% #*$)*+!
@'* -#0(* 03 )'* (+0:8*. /$9/#%)*- % 8/M*8O +07)/$2 0+ -(%$$/$2U)+** (+0:8*.! X*2/$
:O#'*#M/$2 +07)/$2 )%:8*-N %$9 308801 7( 7-/$2 %((+0(+/%)* V@= 3)(? #0..%$9- )0
3/$9 % 800( /3 +07)/$2 /- 10+M/$2 $0+.%88O!
=088 )'* -)%33 )0 9*)*+./$* /3 %$O +*#*$) #'%$2*- '%;* :**$ .%9*! X%#M 07) %88 )'*
#'%$2*- 0$* :O 0$* 7$)/8 )'* *++0+ #0$9/)/0$ /- 3/J*9!
!I! Q '#0)1+0+/1 )/3 ,##1 /39#= '( 8/9# 3#E#%/4 0)/12#3 '( ')#
0(1$+27%/'+(1 /1= '(6(4(2: ($ / 1#'?(%9 /1= ')#1 =#'#%8+1# ')# (7'0(8#
($ ')# 0)/12#3- 5)/' '((4 0/1 ,# 73#= '( =#'#%8+1# ')# (E#%/44 #$$#0'
0/73#= ,: ')# 0)/12#3;
:%-*8/$/$2 )008
M$018*92* :%-*
(+0)0#08 %$%8OZ*+
#%:8* )*-)*+
!F! Q '#0)1+0+/1 )/3 ,##1 /39#= '( '%(7,4#3)((' /1 #*+3'+12 3?+'0)#=
1#'?(%9 ,7' +3 71/,4# '( 4(0/'# =(078#1'/'+(1 $(% ')# b[QZ
0(1$+27%/'+(1- 5)+0) '%(7,4#3)(('+12 '((4 /44(?3 ')# '#0)1+0+/1 '( 8/6
/1= =+30(E#% b[QZ /1= 6(%' /33+218#1'3;
#%:8* %$%8OZ*+
$*)10+M %$%8OZ*+
(+0)0#08 %$%8OZ*+
M$018*92* :%-*
!L! 5)+0) '?( 6+#0#3 ($ +1$(%8/'+(1 /%# ':6+0/44: $(71= (1 / 4(2+0/4
1#'?(%9 =+/2%/8; O@)((3# '?(-P
#%:8* )O(*-
#0$$*#)0+ )O(*-
/$)*+3%#* /9*$)/3/*+-
G[I< 30+ ;/+)7%8 #/+#7/)-
0(*+%)/$2 -O-)*. ;*+-/0$-
!N! 5)+0) '?( 0(86(1#1'3 3)(74= ,# '/9#1 +1'( 0(13+=#%/'+(1 ?)#1
#3'/,4+3)+12 / 1#'?(%9 ,/3#4+1#; O@)((3# '?(-P
/$30+.%)/0$ %:07) )'* $*)10+M 9*-/2$
<= %99+*--/$2 %880#%)/0$ 0$ )'* $*)10+M
+*W7/+*.*$)- %:07) )'* -*+;/#* (+0;/9*+ -*)7(
+*W7/+*.*$)- 30+ %##*-- #0$)+08 8/-)- )0 +*278%)* )+%33/#
*J(*#)*9 (*+30+.%$#* 7$9*+ $0+.%8 0(*+%)/$2 #0$9/)/0$-
!M! 5)+0) ')%## /66%(/0)#3 3)(74= ,# 73#= ?)#1 /''#86'+12 '( 2/')#%
=/'/ $%(8 73#%3 $(% '%(7,4#3)(('+12; O@)((3# ')%##-P
G*)*+./$* 3%78)!
R*) )0 M$01 )'* 7-*+ )0 :7/89 )+7-)!
]:)%/$ /$30+.%)/0$ :O %-M/$2 -/.(8* (*+)/$*$) W7*-)/0$-!
<.(+*-- )'* 7-*+ 1/)' 7-* 03 )*#'$/#%8 8%$27%2* %$9 -M/88-!
G*)*+./$* /3 )'* (+0:8*. /- +*8%)*9 )0 )/.* 0+ % -(*#/3/# *;*$)!
G*)*+./$* /3 )'* 7-*+ #%$ +*U#+*%)* )'* (+0:8*. 0+ *;*$)- 8*%9/$2 )0 )'* (+0:8*.!
>K! C1$(%8/'+(1 /,(7' ?)+0) \JC 4/:#%3 ($ 0(11#0'#= @+30( =#E+0#3 0/1 ,#
E#%+$+#= ?+') ')# 3)(? 0=6 1#+2),(%3 0(88/1=;
?88 8%O*+-
[%O*+ DN [%O*+ 6N %$9 [%O*+ A
[%O*+ DN [%O*+ 6N [%O*+ AN %$9 [%O*+ &
[%O*+ C %$9 [%O*+ ,

!! .)# $(44(?+12 0(88/1=3 ?#%# #1'#%#= (1 / %(7'#%V
L07)*+`#0$3/2ab /00#33<4+3' > =#1: !L>-!F-I->H
L07)*+`#0$3/2ab /00#33<4+3' > 6#%8+' /1:
@'* ?I[ /- #0++*#)8O %((8/*9 )0 %$ /$)*+3%#*! \'%) #%$ :* #0$#879*9 %:07) )'/- -*) 03
#0..%$9-^
@'* 1/89#%+9 .%-M 4!4!4!4 /- %--7.*9!
@'* %##*-- 8/-) -)%)*.*$)- %+* ./-#0$3/27+*9!
?88 $09*- 0$ )'* D,6!DC!4!4 $*)10+M 1/88 :* 9*$/*9 %##*-- )0 0)'*+ $*)10+M-!
>0 )+%33/# 1/88 :* %8801*9 )0 %##*-- %$O $09*- 0+ -*+;/#*- 0$ )'* D,6!DC!4!4 $*)10+M!

>! C1'#%$/0# 3KWKWK /4%#/=: )/3 /1 CD Q@[ /664+#= +1,(71=- 5)/' )/66#13
?)#1 ')# 1#'?(%9 /=8+1+3'%/'(% /''#86'3 '( /664: / 3#0(1= +1,(71= CD
Q@[;
@'* -*#0$9 ?I[ /- %((8/*9 )0 )'* /$)*+3%#*N +*(8%#/$2 )'* 3/+-)!
X0)' ?I[- %+* %((8/*9 )0 )'* /$)*+3%#*!
@'* $*)10+M %9./$/-)+%)0+ +*#*/;*- %$ *++0+!
]$8O )'* 3/+-) ?I[ +*.%/$- %((8/*9 )0 )'* /$)*+3%#*!
A! 5)+0) '?( 3'/'#8#1'3 /%# 0(%%#0' /,(7' #*'#1=#= Q@[3; O@)((3# '?(P
KJ)*$9*9 ?I[- 7-* % $7.:*+ +%$2* 3+0. DUFF!
KJ)*$9*9 ?I[- *$9 1/)' %$ /.(8/#/) (*+./) -)%)*.*$)!
KJ)*$9*9 ?I[- *;%87%)* )'* -07+#* %$9 9*-)/$%)/0$ %99+*--*-!
=0+) $7.:*+- #%$ :* 7-*9 )0 %99 2+*%)*+ 9*3/$/)/0$ )0 %$ ?I[!
T78)/(8* ?I[- #%$ :* (8%#*9 0$ )'* -%.* /$)*+3%#* %- 80$2 %- )'*O %+* /$ )'* -%.*
9/+*#)/0$!
H! 5)+0) ,#1#$+' =(#3 /1 #*'#1=#= Q@[ ($$#% (E#% / 3'/1=/%= Q@[;
KJ)*$9*9 ?I[- #%$ :* $%.*9N :7) -)%$9%+9 ?I[- #%$$0)!
S$8/M* -)%$9%+9 ?I[-N *J)*$9*9 ?I[V #%$ :* %((8/*9 /$ )'* /$:07$9 0+ 07):07$9
9/+*#)/0$!
X%-*9 0$ (%O80%9 #0$)*$)N %$ *J)*$9*9 ?I[ #%$ 3/8)*+ (%#M*)-N -7#' %- /$30+.%)/0$ /$
%$ *U.%/8 0+ /$-)%$) .*--%2*!
<$ %99/)/0$ )0 )'* -07+#* %99+*--N %$ *J)*$9*9 ?I[ #%$ %8-0 3/8)*+
0$ 9*-)/$%)/0$ %99+*--N9*-)/$%)/0$ (0+)N %$9 -07+#* (0+)!
I!

II>? KJ(80+%)/0$ & ?##*--/$2 )'* \?> I'%()*+ E *J%.
"#$#% '( ')# #*)+,+'- B(? ?+44 "(7'#%! '%#/' '%/$$+0 8/'0)+12 ')# '+8#<
%/12#%#^7+%#8#1' ($ XbX"T\.BX"GQT;
@I= )+%33/# *$)*+/$2 3%454 3+0. D,6!DC!D!6E&56& 9*-)/$*9 )0 )'* D4!D!D!456& $*)10+M /-
(*+./))*9!
@I= )+%33/# *$)*+/$2 3%454 3+0. D4!D!D!6E&56& 9*-)/$*9 )0 )'* D,6!DC!D!456& $*)10+M /-
(*+./))*9!
@*8$*) )+%33/# *$)*+/$2 3%454 3+0. D,6!DC!D!6E&56& 9*-)/$*9 )0 )'* D4!D!D!456& $*)10+M
/- (*+./))*9!
@*8$*) )+%33/# *$)*+/$2 3%454 3+0. D4!D!D!6E&56& 9*-)/$*9 )0 )'* D,6!DC!D!456& $*)10+M
/- (*+./))*9!
F! 5)+0) ')%## 3'/'#8#1'3 =#30%+,# Q@[ 6%(0#33+12 ($ 6/09#'3; O@)((3#
')%##-P
?$ /.(8/#/) =#1: /1: +*_*#)- %$O (%#M*) )'%) 90*- $0) .%)#' %$O ?I[ -)%)*.*$)!
? (%#M*) #%$ */)'*+ :* +*_*#)*9 0+ 30+1%+9*9 %- 9/+*#)*9 :O )'* -)%)*.*$) )'%) /-
.%)#'*9!
? (%#M*) )'%) '%- :**$ 9*$/*9 :O 0$* -)%)*.*$) #%$ :* (*+./))*9 :O % -7:-*W7*$)
-)%)*.*$)!
? (%#M*) )'%) 90*- $0) .%)#' )'* #0$9/)/0$- 03 %$O ?I[ -)%)*.*$)- 1/88 :* 30+1%+9*9
:O9*3%78)!
K%#' -)%)*.*$) /- #'*#M*9 0$8O 7$)/8 % .%)#' /- 9*)*#)*9 0+ 7$)/8 )'* *$9 03 )'* ?I[
-)%)*.*$) 8/-)!
K%#' (%#M*) /- #0.(%+*9 )0 )'* #0$9/)/0$- 03 *;*+O -)%)*.*$) /$ )'* ?I[ :*30+*
%30+1%+9/$2 9*#/-/0$ /- .%9*!
L!

##$% & #'%()*+ E *J%. %$-1*+-
"#$#% '( ')# #*)+,+'- .)# /=8+1+3'%/'(% ?+3)#3 '( ,4(09 ?#, '%/$$+0 $%(8
!M>-!FN-!-IK $%(8 %#/0)+12 ')# =#$/74' 6(%' ($ ')# ?#, 3#%E+0# (1
!M>-!FN-A-AK- .( =( ')+3S ')# /00#33 0(1'%(4 4+3' 1/8# +3 /664+#= +1,(71= (1
')# %(7'#% "! [QZ +1'#%$/0#- Q$'#% '#3'+12 ')# 4+3'S ')# /=8+1+3'%/'(% )/3
1('#= ')/' ')# ?#, '%/$$+0 %#8/+13 3700#33$74- 5): +3 ?#, '%/$$+0 %#/0)+12
')# =#3'+1/'+(1;
\*: )+%33/# 90*- $0) 7-* (0+) B4 :O 9*3%78)!
@'* %##*-- 8/-) /- %((8/*9 /$ )'* 1+0$2 9/+*#)/0$!
@'* %##*-- 8/-) $**9- )0 :* (8%#*9 #80-*+ )0 )'* 9*-)/$%)/0$N 0$ LA!
@'* +%$2* 03 -07+#* %99+*--*- -(*#/3/*9 /$ 8/$* D4 90*- $0) /$#879* '0-) DF6!DCB!D!E4!
N! 5)+0) $#/'7%# ?+44 %#^7+%# ')# 73# ($ / 1/8#= Q@[ %/')#% ')/1 /
178,#%#= Q@[;
)'* %:/8/)O )0 3/8)*+ )+%33/# :%-*9 0$ % -(*#/3/# (+0)0#08
)'* %:/8/)O )0 3/8)*+ )+%33/# :%-*9 0$ %$ *$)/+* (+0)0#08 -7/)* %$9 9*-)/$%)/0$
)'* %:/8/)O )0 -(*#/3O -07+#* %$9 9*-)/$%)/0$ %99+*--*- )0 7-* 1'*$ /9*$)/3O/$2 )+%33/#
)'* %:/8/)O )0 *9/) )'* ?I[ %$9 %99 %99/)/0$%8 -)%)*.*$)- /$ )'* ./998* 03 )'*
8/-) 1/)'07) +*.0;/$2 %$9 +*U#+*%)/$2 )'* 8/-)
M! 5)+0) '?( 3'/'#8#1'3 /%# '%7# %#2/%=+12 ')# 3+21+$+0/10# ($ ')# /00#33
0(1'%(4 4+3' ?+4=0/%= 8/39 K-K-K-L; O@)((3# '?(-P
@'* 3/+-) 6F :/)- 03 % 2/;*$ <= %99+*-- 1/88 :* /2$0+*9!
@'* 8%-) A :/)- 03 % 2/;*$ <= %99+*-- 1/88 :* /2$0+*9!
@'* 3/+-) A6 :/)- 03 % 2/;*$ <= %99+*-- 1/88 :* #'*#M*9!
@'* 3/+-) 6F :/)- 03 % 2/;*$ <= %99+*-- 1/88 :* #'*#M*9!
@'* 8%-) A :/)- 03 % 2/;*$ <= %99+*-- 1/88 :* #'*#M*9!
!K! 5)#%# 3)(74= / 3'/1=/%= /00#33 0(1'%(4 4+3' ,# 64/0#=;
#80-* )0 )'* -07+#*
#80-* )0 )'* 9*-)/$%)/0$
0$ %$ K)'*+$*) (0+)
0$ % -*+/%8 (0+)
!!! B(? =( @+30( 3'/1=/%= Q@[3 $+4'#% '%/$$+0;
:O 9*-)/$%)/0$ SG= (0+)
:O (+0)0#08 )O(*
:O -07+#* <= %99+*--
:O -07+#* SG= (0+)
:O 9*-)/$%)/0$ <= %99+*--
!>! 5)+0) '?( 3'/'#8#1'3 /%# '%7# %#2/%=+12 1/8#= Q@[3; O@)((3# '?(-P
]$8O $%.*9 ?I[- %8801 #0..*$)-!
>%.*- #%$ :* 7-*9 )0 '*8( /9*$)/3O )'* 37$#)/0$ 03 )'* ?I[!
>%.*9 ?I[- 033*+ .0+* -(*#/3/# 3/8)*+/$2 0()/0$- )'%$ $7.:*+*9 ?I[-!
I*+)%/$ #0.(8*J ?I[-N -7#' %- +*38*J/;* ?I[-N .7-) :* 9*3/$*9 1/)' $%.*9 ?I[-!
T0+* )'%$ 0$* $%.*9 <= ?I[ #%$ :* #0$3/27+*9 /$ *%#' 9/+*#)/0$ 0$ % +07)*+ /$)*+3%#*!
!A!

"#$#% '( ')# #*)+,+'- 5)/' ?+44 ,# ')# #$$#0' ($ ')# 0(1$+27%/'+(1 ')/' +3
3)(?1;
S-*+- %))*.()/$2 )0 %##*-- '0-)- /$ )'* DF6!DCB!A4!456& $*)10+M 1/88 :* +*W7/+*9 )0
)*8$*) )0 LA!
H0-)- #0$$*#)/$2 )0 +*-07+#*- /$ )'* DFD!CB!A4!456& $*)10+M '%;* %$ /98* )/.*07) 03
DE ./$7)*-!
?$O0$* %))*.()/$2 )0 )*8$*) /$)0 LA 1/88 '%;* %$ %:-087)* )/.* 8/./) 03 3/;* ./$7)*-!
@*8$*) %##*-- )0 LA 1/88 0$8O :* (*+./))*9 0$ V*+/%8 4545D!
!H!

"#$#% '( ')# #*)+,+'- Q1 /=8+1+3'%/'(% )/3 0(1$+27%#= '?( /00#33 4+3'3 (1
"!-.)# 4+3' +1,(71= (1 ')# 3#%+/4 +1'#%$/0# +3 1/8#= J#%+/4 /1= ')#
4+3' +1,(71= (1 ')# [QZ +1'#%$/0# +3 1/8#= [QZ- 5)/' /$$#0' ?+44 ,#
6%(=70#= ,: ')# /00#33 0(1'%(4 4+3'3;
=ID 1/88 :* %:8* )0 )*8$*) )0 =IA!
LA 1/88 $0) :* %:8* )0 #0..7$/#%)* 1/)' =ID %$9 =IA!
=IA #%$$0) )*8$*) )0 LA %$9 #%$$0) #0..7$/#%)* 1/)' =ID!
=ID 1/88 $0) :* %:8* )0 )*8$*) )0 LA %$9 =IA 1/88 $0) :* %:8* )0 #0..7$/#%)* 1/)' =ID!
!I! 5)+0) '?( 3'/'#8#1'3 /%# '%7# %#2/%=+12 ')# $(44(?+12 #*'#1=#= Q@[;
O@)((3# '?(-P
/00#33<4+3' !K! =#1: '06 !L>-!F-A-K K-K-K->II /1: #^ >K
/00#33<4+3' !K! =#1: '06 !L>-!F-A-K K-K-K->II /1: #^ >!
/00#33<4+3' !K! 6#%8+' +6 /1: /1:
P@= )+%33/# 0+/2/$%)/$2 3+0. $*)10+M D,6!DC!A!456& /- 9*$/*9!
?88 )+%33/# /- /.(8/#/)8O 9*$/*9!
P@= )+%33/# 9*-)/$*9 30+ )'* D,6!DC!A!456& $*)10+M /- 9*$/*9!
@*8$*) )+%33/# 0+/2/$%)/$2 0$ $*)10+M D,6!DC!A!456& /- 9*$/*9!
\*: )+%33/# 0+/2/$%)/$2 3+0. D,6!DC!A!4 /- (*+./))*9!
!F! 5)+0) 3'/'#8#1' /,(7' 3'/1=/%= Q@[3 +3 '%7#;
V)%$9%+9 ?I[V .7-) :* $7.:*+*9 %$9 #%$$0) :* $%.*9!
@'*O -'0789 :* (8%#*9 %- #80-* )0 )'* 9*-)/$%)/0$ %- (0--/:8*!
@'*O #%$ 3/8)*+ :%-*9 0$ -07+#* %$9 9*-)/$%)/0$ %99+*-- %- 1*88 %- 0$ -07+#*
%$99*-)/$%)/0$ (0+)!
\'*$ %((8/*9 )0 %$ 07):07$9 /$)*+3%#*N /$#0./$2 (%#M*)- %+* (+0#*--*9 :*30+* )'*O
%+* +07)*9 )0 )'* 07):07$9 /$)*+3%#*!
!L!

##$% & #'%()*+ E *J%. %$-1*+-
"#$#% '( ')# #*)+,+'- 5)+0) 3'/'#8#1' +3 '%7# /,(7' Q@[ !!K +$ Q@[ !!K +3
/664+#= +1 ')# +1,(71= =+%#0'+(1 (1 JKWKWK ($ "!;
<) 1/88 9*$O @I= )+%33/# )0 )'* <$)*+$*) /3 )'* )+%33/# /- -07+#*9 3+0. )'* D,6!66!D4!456&
$*)10+M!
<) 1/88 $0) %8801 @I= )+%33/# #0./$2 3+0. )'* <$)*+$*) )0 *$)*+ )'* $*)10+M
D,6!66!D4!456&!
<) 1/88 %8801 %$O @I= )+%33/# 3+0. )'* <$)*+$*) )0 *$)*+ )'* $*)10+M D,6!66!D4!456&!
<) 1/88 (*+./) %$O @I= )+%33/# )'%) 0+/2/$%)*9 3+0. $*)10+M D,6!66!D4!456& )0 +*)7+$
/$:07$9 0$ )'* V45454 /$)*+3%#*!
!N! 5)+0) ')%## 6/%/8#'#%3 0/1 Q@[3 73# '( $+4'#% '%/$$+0; O@)((3# ')%##-P
(%#M*) -/Z*
(+0)0#08 -7/)*
-07+#* %99+*--
9*-)/$%)/0$ %99+*--
-07+#* +07)*+ /$)*+3%#*
9*-)/$%)/0$ +07)*+ /$)*+3%#*
!M!

##$% & #'%()*+ E
"#$#% '( ')# #*)+,+'- B(? =(#3 ')+3 /00#33 4+3' 6%(0#33 / 6/09#' ?+') ')#
3(7%0# /==%#33 !K-!-!-! /1= / =#3'+1/'+(1 ($ !M>-!FN-!K-!A;
<) /- %8801*9 :*#%7-* 03 )'* /.(8/#/) 9*$O %$O!
<) /- 9+0((*9 :*#%7-* /) 90*- $0) .%)#' %$O 03 )'* /)*.- /$ )'* ?I[!
<) /- %8801*9 :*#%7-* 8/$* D4 03 )'* ?I[ %8801- (%#M*)- )0 DF6!DCB!4!45DC!
<) /- %8801*9 :*#%7-* 8/$* 64 03 )'* ?I[ %8801- (%#M*)- )0 )'* '0-) DF6!DCB!D4!DA!
>K! _: =#$/74'S )(? +3 CD '%/$$+0 $+4'#%#= +1 / @+30( %(7'#%;
:80#M*9 /$ %$9 07) 03 %88 /$)*+3%#*-
:80#M*9 0$ %88 /$:07$9 /$)*+3%#*-N :7) (*+./))*9 0$ %88 07):07$9 /$)*+3%#*-
(*+./))*9 /$ %$9 07) 03 %88 /$)*+3%#*-
:80#M*9 0$ %88 07):07$9 /$)*+3%#*-N :7) (*+./))*9 0$ %88 /$:07$9 /$)*+3%#*-
>!!

##$% & #'%()*+ E %$-1*+-
"#$#% '( ')# #*)+,+'- 5)#1 0%#/'+12 /1 #*'#1=#= Q@[ '( =#1: '%/$$+0 $%(8
')# !M>-!FN-AK-K 1#'?(%9 =#3'+1#= $(% ')# 5#, 3#%E#% >KM-!FI->K!-AKS
?)#%# +3 ')# ,#3' 4(0/'+(1 $(% /664:+12 ')# Q@[;
<V= P%454 07):07$9
L6 V4545D /$:07$9
LA P%454 /$:07$9
LA V4545D 07):07$9
>>!

"#$#% '( ')# #*)+,+'- Q@[ !>K +3 0(1$+27%#= +1,(71= (1 ')# 3#%+/4KWKWK
+1'#%$/0# (1 %(7'#% "!S ,7' ')# )(3'3 (1 1#'?(%9 !L>-!!-!K-KW>H /%# /,4# '(
'#41#' '( 1#'?(%9 !K-!K-K-KW!F- \1 ')# ,/3+3 ($ ')# 6%(E+=#= 0(1$+27%/'+(1S
?)/' 3)(74= ,# =(1# '( %#8#=: ')# 6%(,4#8;
?((8O )'* ?I[ 07):07$9 0$ )'* -*+/%845454 /$)*+3%#* 0$ +07)*+ LD!
?((8O )'* ?I[ 07):07$9 0$ )'* P%-)K)'*+$*)454 /$)*+3%#* 0$ +07)*+ LD!
<$#879* )'* #3'/,4+3)#= M*O10+9 %) )'* *$9 03 )'* 3/+-) 8/$* /$ )'* ?I[!
<$#879* % -)%)*.*$) /$ )'* ?I[ )0 9*$O )'* SG= )+%33/# )'%) 0+/2/$%)*- 3+0.
D,6!DD!D4!456& $*)10+M!
>A! Q 1#'?(%9 /=8+1+3'%/'(% 1##=3 '( /44(? '%/$$+0 ')%(72) ')# $+%#?/44
%(7'#% $(% 3#33+(13 ')/' (%+2+1/'# $%(8 ?+')+1 ')# 0(86/1: 1#'?(%9S ,7'
')# /=8+1+3'%/'(% 873' ,4(09 '%/$$+0 $(% 3#33+(13 ')/' (%+2+1/'# (7'3+=# ')#
1#'?(%9 ($ ')# 0(86/1:- 5)/' ':6# ($ Q@[ +3 8(3' /66%(6%+/'#;
9O$%./#
(0+)U:%-*9
+*38*J/;*
)/.*U:%-*9
>H! ? )*#'$/#/%$ /- #+*%)/$2 %$ ?I[ %$9 $**9- % 1%O )0 /$9/#%)* 0$8O )'* -7:$*)
D,6!DC!DC!456D! \'/#' #0.:/$%)/0$ 03 $*)10+M %99+*-- %$9 1/89#%+9 .%-M 1/88
%##0.(8/-' )'* 9*-/+*9 )%-M^
D,6!DC!4!4 4!4!6EE!6EE
D6,!DC!DC!4 4!4!4!6EE
D,6!DC!DC!4 4!4!,!6EE
D,6!DC!DC!4 4!4!DE!6EE
D,6!DC!DC!4 4!4!6EE!6EE
>I! 5)+0) ')%## +'#83 873' ,# 0(1$+27%#= ,#$(%# / =:1/8+0 Q@[ 0/1
,#0(8# /0'+E# (1 / %(7'#%; O@)((3# ')%##-P
*J)*$9*9 ?I[
+*38*J/;* ?I[
#0$-08* 8022/$2
%7)'*$)/#%)/0$
@*8$*) #0$$*#)/;/)O
7-*+ %##07$) 1/)' % (+/;/8*2* 8*;*8 03 DE

1. Which two protocols can be used to encapsulate traffic that is traversing a VPN
tunnel? (Choose two.)
ATM
CHAP
IPsec
IPX
MPLS
PPTP

2. What are the three main functions of a secure VPN? (Choose three.)
accounting
authentication
authorization
data availability
data confidentiality
data integrity

3. Data confidentiality through a VPN can be enhanced through the use of which three
encryption protocols? (Choose three.)
AES
DES
AH
hash
MPLS
RSA

4. While monitoring traffic on a cable network, a technician notes that data is being
transmitted at 38 MHz. Which statement describes the situation observed by the
technician?
Data is being transmitted from the subscriber to the headend.
Data is flowing downstream.
Cable television transmissions are interfering with voice and data transmissions.
The system is experiencing congestion in the lower frequency ranges.

5. Which two statements are valid solutions for a cable ISP to reduce congestion for
users? (Choose two.)
use higher RF frequencies
allocate an additional channel
subdivide the network to reduce users on each segment
reduce the length of the local loop to 5.5 kilometers or less
use filters and splitters at the customer site to separate voice from data traffic

6. Data confidentiality through a VPN is achieved through which two methods? (Choose
two.)
digital certificates
encryption
encapsulation
hashing
passwords

7. What two protocols provide data authentication and integrity for IPsec? (Choose
two.)
AH
L2TP
ESP
GRE
PPTP

8. Which two methods could an administrator use to authenticate users on a remote
access VPN? (Choose two.)
digital certificates
ESP
hashing algorithms
smart cards
WPA

9. Which is an example of symmetric-key encryption?
Diffie-Hellman
digital certificate
pre-shared key
RSA signature

10.

Refer to the exhibit. A teleworker is connected over the Internet to the HQ Office.
What type of secure connection can be established between the teleworker and the HQ
Office?
a GRE tunnel
a site-to-site VPN
a remote-access VPN
the user must be at the office location to establish a secure connection

11. After conducting research to learn about common remote connection options for
teleworkers, a network administrator has decided to implement remote access over
broadband to establish VPN connections over the public Internet. What is the result of
this solution?
A reliable connection is established at greater speeds than what is offered from dialup
over POTS. Security is increased, but username and password information are sent in
plain text.
The connection has increased security and reliable connectivity. Users need a remote
VPN router or VPN client software.
Security and reliability are increased at a substantial loss in throughput, which is
considered acceptable when supporting a single user environment.
Reliability and security are increased without the need for additional equipment, when
compared to dialup connections using POTS.

12. Which two statements about DSL are true? (Choose two.)
users are on a shared medium
uses RF signal transmission
local loop can be up to 3.5 miles (5.5km)
physical and data link layers are defined by DOCSIS
user connections are aggregated at a DSLAM located at the CO

13. A company is using WiMAX to provide access for teleworkers. What home
equipment must the company provide at the teleworkers site?
a WiMAX tower
a one-way multicast satellite
a WiMAX receiver
an access point connected to the company WLAN

14. A technician has been asked to configure a broadband connection for a teleworker.
The technician has been instructed that all uploads and downloads for the connection
must use existing phone lines. Which broadband technology should be used?
cable
DSL
ISDN
POTS

15. Which two Layer 1 requirements are outlined in the Data-over-Cable Service
Interface Specification (DOCSIS)? (Choose two.)
channel widths
access method
maximum data rate
modulation techniques
compression techniques

16.

Refer to the exhibit. All users have a legitimate purpose and the necessary permissions
to access the Corporate network. Based on the topology shown, which locations are
able to establish VPN connectivity with the Corporate network?
Locations C, D, and E can support VPN connectivity. Locations A and B require an
additional PIX Firewall appliance installed on the edge of the network.
Locations C and E can support VPN connectivity. Locations A, B, and D require an
additional PIX Firewall appliance installed on the edge of the network.
Locations A, B, D, and E can support VPN connectivity. Location C requires an
additional router on the edge of the network.
All locations can support VPN connectivity.

17. Which two features can be associated with the Worldwide Interoperability for
Microwave Access (WiMAX) telecommunication technology? (Choose two.)
supports municipal wireless networks utilizing mesh technologies
covers areas as large as 7,500 square kilometers
supports point-to-point links, but not full mobile cellular-type access
connects directly to the Internet through high-bandwidth connections
operates at lower speeds than Wi-Fi, but supports many more users

18.

Refer to the exhibit. A VPN tunnel has been established between the HQ Office and the
Branch Office over the public Internet. Which three mechanisms are required by the
devices on each end of the VPN tunnel to protect the data from being intercepted and
modified? (Choose three.)
The devices must use a dedicated Layer 2 connection.
The devices must have the VPN client software installed.
The two parties must inspect the traffic against the same ACLs.
The two parties must establish a secret key used by encryption and hash algorithms.
The two parties must agree on the encryption algorithm to be used over the VPN
tunnel.
The devices must be authenticated before the communication path is considered
secure.

19. Which statement describes cable?
Delivering services over a cable network requires downstream frequencies in the 50 to
860 MHz range, and upstream frequencies in the 5 to 42 MHz range.
The cable subscriber must purchase a cable modem termination system (CMTS)
Each cable subscriber has dedicated upstream and downstream bandwidth.
Cable subscribers may expect up to 27 Mbps of bandwidth on the upload path.
1. Refer to the exhibit. The exhibit shows simplified protocol data units from different
OSI model layers. Which three statements are true about the PDUs and the
encapsulation process? (Choose three.)
PDU #1 is a frame.
PDU #2 is an application layer PDU
PDU #3 is a segment.
PDU #4 is a transport layer PDU.
The order in which these PDUs are created during the encapsulation process is
3, 4, 1, 2.
The order in which these PDUs are created during the encapsulation process is 2, 1,
4, 3.
2. Which three application layer protocols use TCP? (Choose three.)
SMTP
FTP
SNMP
HTTP
TFTP
DHCP
3. Which two application layer protocols use the UDP protocol? (Choose two.)
Telnet
SNMP
SMTP
SQL
TFTP
4. What are two functions that occur at the Internet layer of the TCP/IP model? (Choose
two.)
establishment of logical connections between source and destination hosts
end-to-end flow control
determination of best paths through the network
definition of the procedures used to interface with the network hardware
packet switching
Layer 5 and Layer 6 OSI model functions
5. Refer to the exhibit. All ports on switch A are in the sales VLAN and all ports on switch
B are in the accounting VLAN. How many broadcast domains and how many
collision domainsexist in the exhibited network? (Choose two.)

3 collision domains
3 broadcast domains
5 broadcast domains
9 collision domains
10 collision domains
13 collision domains
6. A high-end Catalyst switch that supports both ISL and 802.1Q is to be connected by
a link that will carry all VLAN traffic to a Catalyst 2960 LAN switch. What two commands
are required to configure an interface on the high-end Catalyst switch to carry traffic from
all VLANs to the Catalyst 2960 switch? (Choose two.)
Switch(config-if)# vlan all
Switch(config-if)# switchport access vlan 30
Switch(config-if)# switchport access vlan all
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport trunk encapsulation isl
7. Refer to the exhibit. Based on the exhibited configuration and output, what would be
the result of this command:
Sw1# telnet 192.168.1.10


All packets will be dropped.
The Telnet session will succeed.
An error message that says Session terminated will appear.
An error message that says Password required, but none set will appear.
8. Refer to the partial device configuration that is exhibited. For which network
topology is the configuration appropriate?
RtrA(config)# interface fastethernet 0/0
RtrA(config-if)# no shutdown
RtrA(config-if)# interface fastethernet 0/0.18
RtrA(config-subif)# encapsulation dot1q 18
RtrA(config-subif)# ip address 10.1.18.1 255.255.255.0
RtrA(config-subif)# interface fastethernet 0/0.44
RtrA(config-subif)# encapsulation dot1q 44
RtrA(config-subif)# ip address 10.1.44.1 255.255.255.0
RtrA(config-subif)# interface fastethernet 0/0.22
RtrA(config-subif)# encapsulation dot1q 22
RtrA(config-subif)# ip address 10.1.22.1 255.255.255.0







9. Refer to the exhibit and the following error message from the SwA switch.
00:22:43: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non
trunk FastEthernet0/1 VLAN1.
00:22:43: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking FastEthernet0/1 on
VLAN0001. Inconsistent port type.
Considering that the link between the two switches is good and the correct type, what
could cause this error message?


The Spanning Tree Protocol has been disabled on one switch.
The Spanning Tree Protocol has been disabled on both switches.
The IEEE 802.1Q trunking port has a speed mismatch on one of the switches.
The SwA port is configured as a trunk port and the SwB port is configured as an
access port.
The SwA port has IEEE 802.1Q trunking enabled and the SwB port has ISL trunking
enabled.
10. A network administrator is configuring a switch when an error message appears.
The configuration commands and error message appear as follows:
Switch(config)# interface fastethernet 0/1
Switch(config-if)# switchport mode trunk
Command rejected: An interface whose trunk encapsulation is Auto can not be
configured to trunk mode.
What is the problem?
The switch port is configured as an access mode port.
The switch port does not support trunking on this port.
The encapsulation type must be changed to a compatible protocol before the
port can be placed in trunk mode.
The no switchport trunk encapsulation auto command needs to be applied to the
switch port before trunking can be enabled.
11. Of the protocols that are listed, which one needs to be functioning on a link in order
for VTP to operate?
802.1Q
CDP
RIP
RSTP
12. Refer to the exhibit. RT_1 is configured correctly with IP addresses and passwords
but none of the computers can ping or telnet to RT_1. Which series of commands would
correct the problem?


RT_1(config)# interface fa0/1
RT_1(config-if)# no shutdown
SW_1(config)# interface fa0/24
SW_1(config-if)# switchport mode client
RT_1(config)# interface fa0/1
RT_1(config-if)# encapsulation trunk dot1q 24
SW_1(config)# interface fa0/24
SW_1(config-if)# switchport mode trunk
SW_1(config)# interface fa0/24
SW_1(config-if)# switchport access vlan 1
13. Refer to the exhibit. Which commands are needed to complete the switch
configuration so that SSH can be used to telnet from host A to SW_1? (Choose two.)


SW_1(config)# username david password class
SW_1(config)# line vty 0 15
SW_1(config-line)# login
SW_1(config-line)# password cisco
SW_1(config)# line vty 0 15
SW_1(config-line)# login local
SW_1(config-line)# transport input ssh
SW_1(config)# login ssh
SW_1(config)# password class
SW_1(config)# login key rsa
SW_1(config)# password cisco
SW_1(config)# password encrypted cisco
14. What three factors contribute to congestion on an Ethernet LAN? (Choose three.)
improper placement of enterprise level servers
addition of hosts to a physical segment
replacement of hubs with workgroup switches
increasing use of bandwidth intensive network applications
creation of new collision domains without first adding network hosts
migration to full-duplex Ethernet within the LAN
15. Refer to the exhibit. What protocol should be configured on SW-A Port 0/1 if it is to
send traffic from multiple VLANs to switch SW-B?



Spanning Tree
RIP v2
IEEE 802.1Q
ARP
Rapid Spanning Tree
16. Which three STP states were replaced with the RSTP discarding state? (Choose
three.)
listening
learning
blocking
disabled
forwarding
17. Refer to the exhibit. What is the role of the SW3 switch?


designated switch
edge switch
root bridge
enabled bridge
local bridge
18. Refer to the exhibit. A switch can be configured for three different forwarding modes
based on how much of a frame is received before the forwarding process begins. Each
of the numbered arrows in the accompanying graphic signifies the point in a frame where
a particular forwarding mode will begin. Which group of labels reflects the sequence
offorwarding modes signified by the numbered arrows?


1) fast forward
2) fragment free
3) store-and-forward
1) store-and-forward
2) fragment free
3) fast forward
1) fragment free
2) fast forward
3) store-and-forward
1) fast forward
2) store-and-forward
3) fragment free
19. What eliminates switching loops?
hold-down timers
poison reverse
spanning tree protocol
time to live
VTP
20.
21. Refer to the exhibit. Using the most efficient IP addressing scheme and VLSM, which
address can be configured on one of the serial interfaces?


192.168.16.63/27
192.168.16.158/27
192.168.16.192/27
192.168.16.113/30
192.168.16.145/30
192.168.16.193/30
22. Consider this router output:
Router# confug
Translating confugdomain server (255.255.255.255)
Translating confugdomain server (255.255.255.255)
(255.255.255.255)% Unknown command or computer name, or unable to find
computer address
What command could help with this situation?
ip dhcp server
no ip domain-lookup
no logging synchronous
no show ip nat translations
23. Refer to the exhibit. With VLSM, which bit mask should be used to most efficiently
provide for the number of host addresses that are required on router B?


/26
/27
/28
/29
/30
24. What are the three ranges of IP addresses that are reserved for internal private use?
(Choose three.)
10.0.0.0/8
64.100.0.0/14
127.16.0.0/12
172.16.0.0/12
192.31.7.0/24
192.168.0.0/16
25. Refer to the exhibit. The network administrator is unable to access the TFTP server
attached to the Memphis router. What are two causes of this problem? (Choose two.)


The default gateway configured on the network administrators workstation is not a
valid host address.
The default gateway configured on the TFTP server in incorrect.
The IP address of the TFTP server is a subnetwork address.
The IP address of the S0/0/0 interface of the Heliopolis router is a broadcast
address.
The IP addresses for the Memphis S0/0/1 interface and the Heliopolis S0/0/0
interface are not in the same subnet.
26. The ISP of the XYZ Company is moving to IPv6 but XYZ wants to continue to use
only IPv4 for another year. Which IPv4-to-IPv6 transition method would allow the
company to continue using only IPv4 addresses?
dual stack
6to4 tunnel
manual tunneling
NAT-PT
27. Given the IP address and subnet mask of 172.16.134.56 255.255.255.224, on which
subnetwork does this address reside?
172.16.0.0
172.16.134.0
172.16.134.32
172.16.134.48
172.16.134.47
172.16.134.63
28. What is associated with link-state routing protocols?
low processor overhead
poison reverse
routing loops
split horizon
shortest-path first calculations
29. Refer to the exhibit. Which sequence of commands should be used to configure
router A for OSPF?


router ospf 1
network 192.168.10.0
router ospf 1
network 192.168.10.64 0.0.0.63 area 0
network 192.168.10.192 0.0.0.3 area 0
router ospf 1
network 192.168.10.64 255.255.255.192
network 192.168.10.192 255.255.255.252
router ospf 1
network 192.168.10.0 area 0
30. What is one reason to use the ip ospf priority command when the OSPF routing
protocol is in use?
to activate the OSPF neighboring process
to influence the DR/BDR election process
to provide a backdoor for connectivity during the convergence process
to streamline and speed up the convergence process
31. The output of the show ip interface brief command indicates that Serial0 is up but
the line protocol is down. What are two possible causes for the line protocol being in the
down state? (Choose two.)
The clock rate is not set on the DTE.
An incorrect default gateway is set on the router.
A network is missing from the routing protocol configuration.
The encapsulation on the Serial0 interface is incorrect.
Keepalives are not being sent by the remote device.
32. Which router command will verify that the router has a path to a destination network?
Router# show ip interfaces brief
Router# show ip route
Router# show cdp neighbors
Router# show running-config
Router# show protocols
33. Refer to the exhibit. When troubleshooting a network, it is important to interpret the
output of various router commands. On the basis of the exhibit, which three statements
are true? (Choose three.)


The missing information for Blank 1 is the command show ip route.
The missing information for Blank 1 is the command debug ip route.
The missing information for Blank 2 is the number 100.
The missing information for Blank 2 is the number 120.
The missing information for Blank 3 is the letter R.
The missing information for Blank 3 is the letter C.
34. Refer to the exhibit. From the command prompt on the host, the command telnet
192.168.1.10 is typed. The response that is given is this:
Trying 192.168.1.10.Open
Password required, but none set
What is the most likely problem?


The router has been configured as a firewall.
The Telnet server process must be activated on the router.
The switch has not been configured to pass Telnet traffic.
The enable secret command has not been entered on RtrA.
The password command has not been entered in line configuration mode on
RtrA.
The password and login commands need to be configured on the console port of
RtrA.
35. Refer to the exhibit. If router B is to be configured for EIGRP AS 100, which
configuration must be entered?


B(config-router)# network 192.168.10.4 0.0.0.3
B(config-router)# network 192.168.10.8 0.0.0.3
B(config-router)# network 192.168.10.4 0.0.0.3
B(config-router)# network 192.168.10.8 0.0.0.3
B(config-router)#network 192.168.10.128 0.0.0.63
B(config-router)# network 192.168.10.4 0.0.0.3 area 0
B(config-router)# network 192.168.10.8 0.0.0.3 area 0
B(config-router)#network 192.168.10.128 0.0.0.63 area 0
B(config-router)# network 192.168.10.4 0.0.0.3 as 100
B(config-router)# network 192.168.10.8 0.0.0.3 as 100
B(config-router)#network 192.168.10.128 0.0.0.63 as 100
B(config-router)# network 192.168.10.4 0.0.0.3
B(config-router)# network 192.168.10.8 0.0.0.3
B(config-router)# network 192.168.10.64 0.0.0.63
B(config-router)# network 192.168.10.128 0.0.0.63
B(config-router)# network 192.168.10.192 0.0.0.63
B(config-router)# network 192.168.10.4 0.0.0.3 as 100
B(config-router)# network 192.168.10.8 0.0.0.3 as 100
B(config-router)# network 192.168.10.64 0.0.0.63 as 100
B(config-router)# network 192.168.10.128 0.0.0.63 as 100
B(config-router)# network 192.168.10.192 0.0.0.63 as 100
B(config-router)# network 192.168.10.4 0.0.0.3 area 100
B(config-router)# network 192.168.10.8 0.0.0.3 area 100
B(config-router)# network 192.168.10.64 0.0.0.63 area 100
B(config-router)# network 192.168.10.128 0.0.0.63 area 100
B(config-router)# network 192.168.10.192 0.0.0.63 area 100
36. After several configuration changes are made to a router, the copy running-
configuration startup-configuration command is issued. Where will the changes be
stored?
flash
ROM
NVRAM
RAM
the configuration register
a TFTP server
37. Refer to the exhibit. Two routers have been configured to use EIGRP. Packets are
not being forwarded between the two routers. What could be the problem?


EIGRP does not support VLSM.
The routers were not configured to monitor neighbor adjacency changes.
The default bandwidth was used on the routers.
An incorrect IP address was configured on a router interface.
38. What are two features of a link-state routing protocol? (Choose two.)
Routers send periodic updates only to neighboring routers.
Routers send triggered updates in response to a change.
Routers create a topology of the network by using information from other
routers.
The database information for each router is obtained from the same source.
Paths are chosen based on the lowest number of hops to the designated router.
39. Refer to the exhibit. Routers A and B have EIGRP configured and automatic
summarization has been disabled on both routers. Which router command is used to
summarize the attached routes, and to which interface is this command applied?
(Choose two.)


ip summary-address eigrp 1 192.168.10.64 255.255.255.192
ip area-range eigrp 1 192.168.10.80 255.255.255.224
summary-address 192.168.10.80 0.0.0.31
ip summary-address eigrp 1 192.168.10.64 0.0.0.63
serial interface on router A
serial interface on router B
40. A router has learned about network 192.168.168.0 through static and dynamic
routing processes. Which route will appear in the routing table for this network if the
router has learned multiple routes?
D 192.168.168.0/24 [90/2195456] via 192.168.200.1, 00:00:09, FastEthernet0/0
O 192.168.168.0/24 [110/1012] via 192.168.200.1, 00:00:22, FastEthernet0/0
R 192.168.168.0/24 [120/1] via 192.168.200.1, 00:00:17, FastEthernet0/0
S 192.168.168.0/24 [1/0] via 192.168.200.1
41. Which sequence of commands is used to configure a loopback address on a
router?
Router1(config)# interface loopback 1
Router1(config-if)# ip address 192.168.1.1
Router1(config)# interface serial 0/0
Router1(config-if)# loopback 1
Router1(config-if)# ip address 192.168.1.1
Router1(config)# interface serial 0/0
Router1(config-if)# loopback 1
Router1(config-if)# ip address 192.168.1.1 255.255.255.0
Router1(config)# interface loopback 1
Router1(config-if)# ip address 192.168.1.1 255.255.255.255
42.
43. Which encryption standard would most likely be used in an 802.11 standards-
based wireless network environment?
ACDP, which has more bits that are used for encryption than CDP has
WPA2, which can use the more advanced AES for encryption
VTP, which is compatible with all 802.11-type wireless networks
RSA, which has a different algorithm than any of the older standards
802.1X EAP, which is the most powerful type of encryption used for both wired and
wireless networks
44.
45.


46. Which two commands can be used to verify the content and placement of access
control lists? (Choose two.)
show ip route
show processes
show running-config
show cdp neighbor
show access-lists
47. Which two keywords can be used in an access control list to replace a wildcard
mask or address and wildcard mask pair? (Choose two.)
most
host
all
any
some
gt
48. Refer to the exhibit. NAT with overload is configured on router R1 and uses the
NAT pool of addresses 209.165.201.9 through 209.165.201.10. What type of route
would the ISP need in order for communication to occur between hosts in Company
ABC and the Internet?


Because the ISP has knowledge of the directly connected 200.0.0.1 network, no route
is needed.
A static route from the ISP is needed that uses the network number 172.16.0.0 and the
mask 255.255.0.0.
A default route from the ISP is needed that uses either the exit interface of S0/0/0 or
the 200.0.0.1 IP address.
A default route from the ISP is needed that uses either the exit interface of S0/0/1 or
the 200.0.0.2 IP address.
A static route from the ISP is needed that uses the network number
209.165.201.8and the mask 255.255.255.252.
49. What is the effect of the access control list wildcard mask 0.0.0.15? (Choose two.)
The first 28 bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be ignored.
The first 32 bits of a supplied IP address will be matched.
The first 28 bits of a supplied IP address will be matched.
The last five bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be matched.
50. Which three values or sets of values are included when creating an extended
access control list statement? (Choose three.)
access list number between 1 and 99
access list number between 100 and 199
default gateway address and wildcard mask
destination address and wildcard mask
source address and wildcard mask
source subnet mask and wildcard mask
destination subnet mask and wildcard mask
51. Refer to the exhibit. Which statement describes the status of the PPP connection?


Only the link-establishment phase completed successfully.
Only the network-layer phase completed successfully.
Neither the link-establishment phase nor the network-layer phase completed
successfully.
Both the link-establishment and network-layer phase completed successfully.
52. Which three statements are true regarding the Frame Relay LMI? (Choose three.)
The LMI provides a virtual circuit (VC) status mechanism.
The LMI type must always be manually configured.
The available LMI types are CHAP and PAP.
The LMI types supported by Cisco routers are CISCO and IETF.
The LMI type configured on the router must match the one used on the Frame
Relay switch.
The LMI uses reserved DLCIs to exchange messages between the DTE and DCE.
53. A network administrator is evaluating authentication protocols for a PPP link.
Which three factors might lead to the selection of CHAP over PAP as the
authentication protocol? (Choose three.)
establishes identities with a two-way handshake
uses a three-way authentication periodically during the session to reconfirm
identities
control by the remote host of the frequency and timing of login events
transmits login information in encrypted format
uses an unpredictable variable challenge value to prevent playback attacks
makes authorized network administrator intervention a requirement to establish each
session
54. Which three statements are true about PPP? (Choose three.)
PPP can use synchronous and asynchronous circuits.
PPP can only be used between two Cisco devices.
PPP carries packets from several network layer protocols in LCPs.
PPP uses LCPs to establish, configure, and test the data link connection.
PPP uses LCPs to agree on format options such as authentication,
compression, and error detection.

1. What are three examples of TCP/IP application layer protocols? (Choose three.)
a terminal emulation protocol that supports remote console connections with
various network devices
a protocol created by IBM that makes it easier for mainframes to connect to remote
offices
a protocol responsible for transporting electronic mail on TCP/IP networks and
the Internet
a protocol that controls the rate at which data is sent to another computer
a protocol that exchanges network management information between a network
device and a management console
a protocol that conducts a test of the path through which a packet travels from source
to destination
2. Refer to the exhibit. The exhibit shows simplified protocol data units from different
OSI model layers. Which three statements are true about the PDUs and the
encapsulation process? (Choose three.)
PDU #1 is a frame.
PDU #2 is an application layer PDU
PDU #3 is a segment.
PDU #4 is a transport layer PDU.
The order in which these PDUs are created during the encapsulation process is
3, 4, 1, 2.
The order in which these PDUs are created during the encapsulation process is 2, 1,
4, 3.
3. What are two characteristics of TCP? (Choose two.)
data transport reliability
best path determination
establishing, maintaining, and terminating virtual circuits
encapsulation of packets in a data frame with source and destination MAC
addresses
best-effort datagram delivery
4. Refer to the exhibit. What type of Layer 2 encapsulation will be used for connection
D on the basis of this configuration on a newly installed router:
L)+?`#0$3/2ab +1'#%$/0# 3#%+/4KWKWK
L)+?`#0$3/2U/3ab +6 /==%#33 !>N-!KL-K-> >II->II->II->I>
L)+?`#0$3/2U/3ab 1( 3)7'=(?1

Ethernet
Frame Relay
HDLC
PPP
5. Which three factors contribute to congestion on an Ethernet LAN? (Choose three.)
improper placement of enterprise level servers
addition of hosts to a physical segment
replacement of hubs with workgroup switches
increasing use of bandwidth intensive network applications
creation of new collision domains without first adding network hosts
migration to full-duplex Ethernet within the LAN
6. A Catalyst switch must be in which VTP mode in order to delete or add VLANs to a
management domain?
client
server
domain
transparent
designated
7. What creates a loop-free path through a switch network?
hold-down timers
poison reverse
Spanning Tree Protocol
Time to Live
Split Horizon Protocol
Routing Information Protocol
8. Refer to the exhibit. All ports on switch fl-1 are in the Production VLAN and all ports
on switch fl-2 are in the Development VLAN. How many broadcast domains and how
many collision domains are in the network? (Choose two.)

one broadcast domain
three broadcast domains
three collision domains
five broadcast domains
nine collision domains
ten collision domains
9. Refer to the exhibit. VLAN10 and VLAN20 have been created on SW_1 and SW_2
and switch ports have been assigned to the appropriate VLAN. Workstations in VLAN
10 can ping workstations in VLAN 10 that connect to either switch, but workstations in
VLAN 20 cannot ping workstations in VLAN 20 on the opposite switch. Based on the
output, what is most likely the problem?

FA 0/1 on SW_1 needs to be assigned to VLAN 20.
FA 0/1 on SW_2 needs to be assigned to VLAN 20.
VTP is not working properly between SW_1 and SW_2.
Interfaces FA0/1 on SW_1 and SW_2 need to be configured as trunk ports.
Interfaces FA0/3 on both switches need to be configured as access ports.
10. Refer to the exhibit. What can be concluded from the output that is shown?

The management VLAN is VLAN 99.
The only VLAN that can be applied to switch ports is VLAN 99.
The only VLANs that can be applied to switch ports are VLANs 1 and 99.
The switch will only be able to forward frames for hosts on the 10.99.0.0 network.
11. Refer to the exhibit and the following error message from the SwA switch.
44Q66Q&AQ cV=?>@LKKU,ULKIdeDfe>]>e@LS>YQ L*#*/;*9 B46!Df X=GS 0$ $0$
)+7$M P%-)K)'*+$*)45D d[?>D!
44Q66Q&AQ cV=?>@LKKU,UX[]IYe=]L@e@g=KQ X80#M/$2 P%-)K)'*+$*)45D 0$
d[?>444D! <$#0$-/-)*$) (0+) )O(*!
I0$-/9*+/$2 )'%) )'* 8/$M :*)1**$ )'* )10 -1/)#'*- /- 2009 %$9 )'* #0++*#) )O(*N 1'%)
#0789 #%7-* )'/- *++0+ .*--%2*^

The Spanning Tree Protocol has been disabled on one switch.
The Spanning Tree Protocol has been disabled on both switches.
The IEEE 802.1Q trunking port has a speed mismatch on one of the switches.
The SwA port is configured as a trunk port and the SwB port is configured as an
access port.
The SwA port has IEEE 802.1Q trunking enabled and the SwB port has ISL trunking
enabled.
12. Refer to the exhibit. Based on the exhibited configuration and output, why is VLAN
99 missing?

because there is a cabling problem on VLAN 99
because VLAN 99 is not a valid management VLAN
because VLAN 1 is up and there can only be one management VLAN on the switch
because VLAN 99 needs to be entered as a VLAN under an interface before it can
become an active interface
because the VLAN 99 has not been manually entered into the VLAN database
with the vlan 99 command
13. Refer to the exhibit. Which command needs to be used on router interface Fa 0/1
to complete the VLAN configuration?

RT_1(config)# trunk encapsulation dot1q
RT_1(config-subif)# encapsulation dot1q 10
RT_1(config-subif)# encapsulation negotiate
RT_1(config-subif)# encapsulation 802.1q
RT_1(config)# vlan encapsulation dot1q
14. Refer to the exhibit. Computer A is configured with an IP address of 192.168.20.5
and cannot ping RT_1. What is most likely the problem?

SW_1 FastEthernet interface 0/24 is not a trunk port.
The RT_1 FastEthernet 0/1.10 is not configured for VLANs.
The FastEthernet port 0/1 on SW_1 is configured for VLAN 20.
The management VLAN does not have an IP address assigned to the same VLAN.
The IP address of computer A is incorrect.
15. Refer to the exhibit. Which three hosts will receive ARP requests from host A,
assuming that port Fa0/4 on both switches is configured to carry traffic for multiple
VLANs? (Choose three.)

host B
host C
host D
host E
host F
host G
16. Refer to the exhibit. Two VLANs have been configured on the switch and hosts
have been assigned. Hosts in the Sales VLAN can ping all hosts in their own VLAN,
but cannot ping the hosts in the HR VLAN. What are two explanations for this
problem? (Choose two.)

All hosts are in one collision domain.
All hosts are in one broadcast domain.
A router is required for communication between VLANs.
The hosts are in separate broadcast domains.
The management VLAN has not been assigned an IP address.
17. Which industry-wide specification was developed to decrease the time that is
needed to move to the forwarding state by switch ports that are operating in a
redundantly switched topology?
VLSM
PVST
802.1Q
RSTP
VTP
18. Refer to the exhibit. Which switch will be elected the root bridge and which switch
will place a port in blocking mode? (Choose two.)

SW1 will become the root bridge.
SW2 will become the root bridge.
SW2 will get a port blocked.
SW4 will get a port blocked.
SW3 will become the root bridge.
SW4 will become the root bridge.
19. What is the purpose of the Spanning Tree Protocol (STP)?
prevents Layer 2 loops
prevents routing loops on a router
creates smaller collision domains
creates smaller broadcast domains
allows Cisco devices to exchange routing table updates
20. Which statement is true regarding states of the IEEE 802.1D Spanning Tree
Protocol?
Ports are manually configured to be in the forwarding state.
Ports listen and learn before going into the forwarding state.
Ports must be blocked before they can be placed in the disabled state.
It takes 15 seconds for a port to go from blocking to forwarding.
21. Four bits have been borrowed to create subnets. Which three addresses are
subnet addresses? (Choose three.)
192.168.14.8
192.168.14.16
192.168.14.24
192.168.14.32
192.168.14.148
192.168.14.208
22. Refer to the exhibit. What type of header is shown?

IPv4
IPv6
TCP
UDP
23.
24. Assuming a subnet mask of 255.255.224.0, which three addresses would be
valid hostaddresses? (Choose three.)
10.78.103.0
10.67.32.0
10.78.160.0
10.78.48.0
172.55.96.0
172.211.100.0
25. What type of IP address is 172.16.134.48/27?
a useable host address
a broadcast address
a network address
a multicast address
a public address
26. Which address is a valid IPv6 global unicast address?
FE90::1::FFFF
FD80::1::1234
FE80::1:4545:6578:ABC1
FEA0::100::7788:998F
FC90::::5678:4251:FFFF
27. A network administrator needs to configure three local networks. The networks
have these requirements:
>*)10+M D E44 '0-)-
>*)10+M 6 D44 '0-)-
>*)10+M A D444 '0-)-
\'/#' )'+** -7:$*) .%-M- 1/88 :* $**9*9 )0 3783/88 )'*-* +*W7/+*.*$)-^ `I'00-* )'+**!a

255.255.0.0
255.255.255.0
255.255.254.0
255.255.252.0
255.255.248.0
255.255.255.128
255.255.255.192
28.
29. A router needs to be configured to route within OSPF area 0. Which two
commands are required to accomplish this? (Choose two.)
RouterA(config)# router ospf 0
RouterA(config)# router ospf 1
RouterA(config-router)# network 192.168.2.0 0.0.0.255 0
RouterA(config-router)# network 192.168.2.0 0.0.0.255 area 0
RouterA(config-router)# network 192.168.2.0 255.255.255.0 0
30. Refer to the exhibit. Two switches have been connected with ports that are
configured as trunks. After the connection was made, SW2 displayed the status
message as shown in the exhibit. What will solve this problem?

SW1(config)# interface fastethernet 0/1
V\D`#0$3/2U/3ab =764#* $744

SW1(config)# interface fastethernet 0/1
V\D`#0$3/2U/3ab $744<=764#*

SW2(config)# interface fastethernet 0/1
J5>O0(1$+2<+$Pc =764#* $744

SW2(config)# interface fastethernet 0/1
V\6`#0$3/2U/3ab $744<=764#*
31. A router with two LAN interfaces, two WAN interfaces, and one configured
loopback interface is operating with OSPF as its routing protocol. What does the router
OSPF process use to assign the router ID?
the IP address of the interface that is configured with priority 0
the OSPF area ID that is configured on the interface with the highest IP address
the loopback interface IP address
the highest IP address on the LAN interfaces
the highest IP address that is configured on the WAN interfaces
32. What table does the EIGRP DUAL algorithm use to calculate the best route to
each destination router?
routing table
topology table
DUAL table
CAM table
ARP table
33. What two measures are used to prevent routing loops in networks that use
distance vector routing protocols? (Choose two.)
link-state advertisements (LSA)
Spanning Tree Protocol
shortest path first tree
split horizon
hold-down timers
34. Refer to the exhibit. When the show ip ospf neighbor command is given from the
R1# prompt, no output is shown. However, when the show ip interface
brief command is given, all interfaces are showing up and up. What is the most likely
problem?

R2 has not brought the S0/0/1 interface up yet.
R1 or R2 does not have a loopback interface that is configured yet.
The ISP has not configured a static route for the ABC Company yet.
R1 or R2 does not have a network statement for the 172.16.100.0 network.
R1 has not sent a default route down to R2 by using the default-information
originatecommand.
35. Refer to the exhibit. The XYZ Company hosts web pages for small companies.
Based on the exhibited information, what would be an appropriate route for the ISP to
configure for the XYZ network?

ISP# ip route 0.0.0.0 0.0.0.0 s0/0/1
ISP# ip route 0.0.0.0 0.0.0.0 s/0/0/0
ISP# ip route 192.135.250.0 255.255.255.0 s0/0/1
ISP# ip route 192.135.250.0 255.255.255.0 s0/0/0
ISP# ip route 192.135.250.0 255.255.255.240 s0/0/1
ISP# ip route 192.135.250.0 255.255.255.248 s0/0/1
36. Refer to the exhibit. A network administrator has configured routers RTA and RTB,
but cannot ping from serial interface to serial interface. Which layer of the OSI model is
the most likely cause of the problem?

application
transport
network
data link
physical
37. What best describes the operation of distance vector routing protocols?
They use hop count as their only metric.
They only send out updates when a new network is added.
They send their routing tables to directly connected neighbors.
They flood the entire network with routing updates.
38. Refer to the exhibit. Which sequence of commands will configure router A for
OSPF?

router ospf 0
$*)10+M DF6!DCB!D4!4
$*)10+M DF6!DCB!D4!DF6

router ospf 0
$*)10+M DF6!DCB!D4!4

router ospf 1
$*)10+M DF6!DCB!D4!C& 4!4!4!CA %+*% 4
1#'?(%9 !M>-!FN-!K-!M> K-K-K-A /%#/ K

router ospf 1
$*)10+M DF6!DCB!D4!C& 6EE!6EE!6EE!DF6
$*)10+M DF6!DCB!D4!DF6 6EE!6EE!6EE!6E6

router ospf 1
$*)10+M DF6!DCB!D4!4 %+*% 4
39. Refer to the exhibit. Router B should not send routing updates to router A. Which
command can be used on router B to prevent RIP from sending these updates?

passive-interface fastethernet 0/0
passive-interface serial 0/0/0
access-class 12 out
access-class 12 in
40. A router has learned about network 192.168.168.0 through static and dynamic
routing processes. Which route will appear in the routing table for this network if the
router has learned multiple routes?
D 192.168.168.0/24 [90/2195456] via 192.168.200.1, 00:00:09, FastEthernet0/0
O 192.168.168.0/24 [110/1012] via 192.168.200.1, 00:00:22, FastEthernet0/0
R 192.168.168.0/24 [120/1] via 192.168.200.1, 00:00:17, FastEthernet0/0
S 192.168.168.0/24 [1/0] via 192.168.200.1
41. Refer to the exhibit. An administrator who is connected to the console of the
Peanut router is able to ping the Serial0 and Ethernet0 ports of the Popcorn router but
unable to ping its Ethernet1 interface. What are two possible causes for this problem?
(Choose two.)

The serial interface of the Popcorn router is shutdown.
The Ethernet1 interface of the Popcorn router is shutdown.
The Popcorn router did not include network 192.168.12.0 in its routing
configuration.
The Popcorn router is not forwarding RIP updates.
The clock rate is missing from the configuration of one of the routers.
42. When is a WLAN a better solution than a LAN?
when security is an issue
when user mobility is needed
when more than one laptop is used in a cubicle
when electrical interference from surrounding machinery is an issue
43. Which wireless standard works only in the 2.4 GHz range and provides speeds up
to 54 Mb/s?
802.11a
802.11b
802.11g
802.11i
802.11n
44. Refer to the exhibit. An initial configuration is being performed on a new router.
The network administrator encounters the error message that is shown in the exhibit.
What is the problem?

The enable secret command has not been issued yet.
The enable password command has not been issued yet.
The password command has not been set for the console port.
The service password-encryption command has not been issued yet.
45.
46. Which statement describes the process that occurs in Network Address
Translation (NAT) overloading?
Multiple private IP addresses are mapped to one public IP address.
The number of usable addresses that is assigned to a company is divided into smaller
manageable groups.
A pool of IP addresses are mapped to one or more MAC addresses.
The router acts as a DHCP server and assigns multiple public IP addresses for each
private IP address configured.
47. Which two pieces of information are required when creating a standard access
control list? (Choose two.)
destination address and wildcard mask
source address and wildcard mask
subnet mask and wildcard mask
access list number between 100 and 199
access list number between 1 and 99
48. Which two keywords can be used in an access control list to replace a wildcard
mask or address and wildcard mask pair? (Choose two.)
most
host
all
any
some
gt
49. What guideline is generally followed about the placement of extended access
control lists?
They should be placed as close as possible to the source of the traffic to be
denied.
They should be placed as close as possible to the destination of the traffic to be
denied.
They should be placed on the fastest interface available.
They should be placed on the destination WAN link.
50. Refer to the exhibit. A named access list called chemistry_block has been written
to prevent users on the Chemistry Network and public Internet from access to the
Records Server. All other users within the school should have access to this server.
The list contains the following statements:
=#1: !L>-!F-!K>-K K-K-K->II !L>-!F-!KH->I> K-K-K-K
6#%8+' !L>-!F-K-K K-K->II->II !L>-!F-!KH->I> K-K-K-K
\'/#' #0..%$9 -*W7*$#* 1/88 (8%#* )'/- 8/-) )0 .**) )'*-* +*W7/+*.*$)-^

Hera(config)# interface fa0/0
H*+%`#0$3/2U/3ab +6 /00#33<2%(76 0)#8+3'%:d,4(09 +1

Hera(config)# interface s0/0/0
H*+%`#0$3/2U/3ab +6 /00#33<2%(76 0)#8+3'%:d,4(09 (7'

Apollo(config)# interface s0/0/0
?(0880`#0$3/2U/3ab +6 /00#33<2%(76 0)#8+3'%:d,4(09 (7'

Apollo(config)# interface s0/0/1
?(0880`#0$3/2U/3ab +6 /00#33<2%(76 0)#8+3'%:d,4(09 +1

Athena(config)# interface s0/0/1
?)'*$%`#0$3/2U/3ab +6 /00#33<2%(76 0)#8+3'%:d,4(09 +1

Athena(config)# interface fa0/0
Q')#1/O0(1$+2<+$Pc +6 /00#33<2%(76 0)#8+3'%:d,4(09 (7'
51.
52. Refer to the exhibit. R3 has the following configuration:
LAb 3)(? %711+12<0(1$+2
!"#$ "&'(&' '$)' "#*''$+
/$)*+3%#* -*+/%84
:%$91/9)' D6B
/( %99+*-- DF6!DCB!DD!6 6EE!6EE!6EE!4
*$#%(-78%)/0$ 3+%.*U+*8%O
3+%.*U+*8%O .%( /( DF6!DCB!DD!6 A4 :+0%9#%-)
?3)*+ )'* #0..%$9 LAb =#,72 $%/8#<%#4/: 6/09#' /- *J*#7)*9N % (/$2 /- /--7*9
3+0. LA )0 LD :7) /- 7$-7##*--378! X%-*9 0$ )'* 07)(7) 03 )'* 9*:72 #0..%$9 -'01$
/$ )'* 2+%('/# %$9 )'* +07)*+ #0$3/27+%)/0$N 1'%) /- )'* (+0:8*.^

No clock rate has been configured on interface s0.
There is an incorrect DLCI number in the map statement.
An incorrect IP address exists in the map statement.
The encapsulation frame-relay command is missing the broadcast keyword.
53. What are three Frame Relay congestion management mechanisms? (Choose
three.)
BECN
DLCI
DE
FECN
LMI
Inverse ARP
54. Which network device is commonly used to allow multiple VPN connections into a
corporate network?
ACL
IDS
firewall
concentrator
55. What is the default Layer 2 encapsulation protocol for a synchronous serial
interface on a Cisco router?
PPP
HDLC
Frame Relay
CHAP
IEEE 802.1Q

1

Refer to the exhibit. Branch A has a non-Cisco router that is using IETF
encapsulation and Branch B has a Cisco router. After the commands that
are shown are entered, R1 and R2 fail to establish the PVC. The R2 LMI is
Cisco, and the R1 LMI is ANSI. The LMI is successfully established at both
locations. Why is the PVC failing?
The PVC to R1 must be point-to-point.
LMI types must match on each end of a PVC.
The frame relay PVCs cannot be established between Cisco and non-Cisco
routers.
The IETF parameter is missing from the frame-relay map ip 10.10.10.1 201
command.

2
Refer to the exhibit. Communication between two peers has failed. Based
on the output that is shown, what is the most likely cause?
interface reset
unplugged cable
improper LMI type
PPP negotiation failure
3
A technician is talking to a colleague at a rival company and comparing
DSL transfer rates between the two companies. Both companies are in the
same city, use the same service provider, and have the same rate/service
plan. What is the explanation for why company 1 reports higher download
speeds than company 2 reports?
Company 1 only uses microfilters at branch locations.
Company 1 has a lower volume of POTS traffic than company 2 has.
Company 2 is located farther from the service provider than company 1 is.
Company 2 shares the connection to the DSLAM with more clients than
company 1 shares with.
4

Refer to the exhibit. A network administrator is creating a prototype to
verify the new WAN design. However, the communication between the two
routers cannot be established. Based on the output of the commands,
what can be done to solve the problem?
Replace the serial cable .
Replace the WIC on RA.
Configure RA with a clock rate command.
Issue a no shutdown interface command on RB.
5

Refer to the exhibit. Router RT is not receiving routing updates from
router RTA. What is causing the problem?
The ip rip authentication key-chain command specifies exam rather than test.
The name of the keystring is not the name of the neighboring router.
The key chains are given the same name on both routers.
The passive-interface command was issued for RTA.
6
What are two main components of data confidentiality? (Choose two.)
checksum
digital certificates
encapsulation
encryption
hashing
7
Which network component has the primary function of detecting and
logging attacks made against the network?
Cisco Security Agent
antivirus software scanner
intrusion detection system
intrusion prevention system
8

Refer to the exhibit. A network technician has been called in to resolve a
problem with this network segment. The symptoms include a loss of
connectivity throughout the network segment, high link utilization, and
syslog messages that indicate constant MAC address relearning. What is
the likely cause of these symptoms?
cable fault
faulty NIC card
IP addressing error
spanning tree problem
NAT configuration error
9
Which variable is permitted or denied by a standard access control list?
protocol type
source IP address
source MAC address
destination IP address
destination MAC address
10

Refer to the exhibit. To reach R2, and for configuring Frame Relay on the
point-to-point interfaces shown in the graphic, which DLCI should be used
in the frame-relay interface-dlci command that is issued on R1?
100
101
200
201
11
A system administrator must provide Internet connectivity for ten hosts in
a small remote office. The ISP has assigned two public IP addresses to
this remote office. How can the system administrator configure the router
to provide Internet access to all ten users at the same time?
Configure DHCP and static NAT.
Configure dynamic NAT for ten users.
Configure static NAT for all ten users.
Configure dynamic NAT with overload.
12

Refer to the exhibit. Which two actions are described by the output of the
debug ip nat command? (Choose two.)
A packet from 192.168.1.2 has been translated using NAT overload.
The * indicates that the NAT translation was unsuccessful and the packet was
dropped.
A packet from 192.31.7.2 has been translated by NAT and forwarded to a
destination address of 198.133.219.2.
A packet from 192.31.7.2 has been sent to 198.133.219.2, which was then
translated to the destination 192.168.1.2
A packet from 192.168.1.2 has been translated by NAT to a source address of
198.133.219.2 and forwarded to the destination 192.31.7.2.
13

Refer to the exhibit. A technician issues the show interface s0/0/0
command on R1 while troubleshooting a network problem. What two
conclusions can be determined by from the output shown? (Choose two.)
The bandwidth has been set to the value of a T1 line.
This interface should be configured for PPP encapsulation.
There is no failure indicated in an OSI Layer 1 or Layer 2.
The physical connection between the two routers has failed.
The IP address of S0/0/0 is invalid, given the subnet mask being used.
14
Which Layer 2 access method separates traffic into time slots and is
specified by DOCSIS for use with cable high speed Internet service?
TDMA
FDMA
CDMA
S-CDMA
15

Refer to the exhibit. Which data transmission technology is being
represented?
TDM
PPP
HDLC
SLIP
16
Which statement is true about PAP in the authentication of a PPP
session?
PAP uses a two-way handshake.
The password is unique and random.
PAP conducts periodic password challenges.
PAP uses MD5 hashing to keep the password secure.
17
What is a common use of a TFTP server?
to allow access to restricted system resources
to detect attacks against a network and send logs to a management console
to provide active defense mechanisms that prevent attacks against the network
to perform IOS image and configuration uploads and downloads over the
network
18

Refer to the exhibit. The link between the CTRL and BR_1 routers is
configured as shown in the exhibit. Why are the routers unable to
establish a PPP session?
The clock rate must be 56000.
The usernames are misconfigured.
The IP addresses are on different subnets.
The clock rate is configured on the wrong end of the link.
The CHAP passwords must be different on the two routers.
Interface serial 0/0/0 on CTRL must connect to interface serial 0/0/1 on BR_1.
19
What is the result when the command security passwords min-length 8 is
entered into a router?
All new passwords are required to be a minimum of 8 characters in length.
All current passwords are now required to be a minimum of 8 characters in
length.
Enable passwords must be at least 8 characters but line passwords are
unaffected.
Nothing will happen until the command service password-encryption is entered.
Then all future passwords must have a minimum of 8 characters.
20
After troubleshooting a LAN, a network technician has determined that
network performance has been severely impacted by the attenuation of
the bit stream. Which physical layer condition led the technician to this
conclusion?
There is an excessive amount of EMI on the physical media.
The amplitude of the physical layer data has been significantly reduced.
There is an open conductor between the endpoints on the physical media.
The maximum allowed clock rate on the physical media has been exceeded.
21
A company is looking for a WAN solution to connect its headquarters site
to four remote sites. What are two advantages that dedicated leased lines
provide compared to a shared Frame Relay solution? (Choose two.)
reduced jitter
reduced costs
reduced latency
the ability to burst above guaranteed bandwidth
the ability to borrow unused bandwidth from the leased lines of other customers
22
Which two statements are true about creating and applying access lists?
(Choose two.)
One access list per port, per protocol, per direction is permitted.
Access list entries should filter in the order from general to specific.
Statements are processed sequentially from top to bottom until a match is
found.
The term inbound refers to traffic entering the network from the router
interface where the ACL is applied.
Standard ACLs should be applied closest to the source while extended ACLs
should be applied closest to the destination.
23
A network technician wants to implement SSH as the means by which a
router may be managed remotely. What are two procedures that the
technician should use to successfully complete this task? (Choose two.)
Configure the login banner.
Configure authentication.
Define the asymmetrical keys.
Configure the console password.
Enter the service password-encryption command.
24
Which two protocols in combination should be used to establish a link
with secure authentication between a Cisco and a non-Cisco router?
(Choose two.)
HDLC
PPP
SLIP
PAP
CHAP
25
What will be the result of adding the command ip dhcp excluded-address
192.168.24.1 192.168.24.5 to the configuration of a local router that has
been configured as a DHCP server?
Traffic that is destined for 192.168.24.1 and 192.168.24.5 will be dropped by
the router.
Traffic will not be routed from clients with addresses between 192.168.24.1 and
192.168.24.5.
The DHCP server will not issue the addresses ranging from 192.168.24.1 to
192.168.24.5.
The router will ignore all traffic that comes from the DHCP servers with
addresses 192.168.24.1 and 192.168.24.5.
26
Refer to the exhibit. The network administrator creates a standard access
control list to prohibit traffic from the 192.168.1.0/24 network from
reaching the Internet. The access list must still permit the 192.168.1.0/24
network access to the 192.168.2.0 network. On which router interface and
in which direction should the access control list be applied?
interface Fa0/0, inbound
interface Fa0/0, outbound
interface S0/0/0, inbound
interface S0/0/0, outbound
27

Refer to the exhibit. Which statement is true about the Frame Relay
connection?
The Frame Relay connection is in the process of negotiation.
A congestion control mechanism is enabled on the Frame Relay connection.
The ACTIVE status of the Frame Relay connection indicates that the network
is experiencing congestion.
Only control FECN and BECN bits are sent over the Frame Relay connection.
No data traffic traverses the link.
28

Refer to the exhibit. Results of the show vlan and show vtp status
commands for switches S1 and S2 are displayed in the exhibit. VLAN 11
was created on S1. Why is VLAN 11 missing from S2?
There is a Layer 2 loop.
The VTP domain names do not match.
Only one switch can be in server mode.
S2 has a higher spanning-tree priority for VLAN 11 than S1 does.
29
An administrator attempts to telnet into a remote device and receives the
error Password required but none set. How can the administrator
resolve this issue?
Set the enable secret command on the remote router.
Set the login command on the vty lines on the remote router.
Set the password command on the vty lines on the remote router.
Enable the service password-encryption command on the remote router.
30

Refer to the exhibit. All devices are configured as shown in the exhibit.
PC1 is unable to ping the default gateway. What is the cause of the
problem?
The default gateway is in the wrong subnet.
STP has blocked the port that PC1 is connected to.
Port Fa0/2 on S2 is assigned to the wrong VLAN.
S2 has the wrong IP address assigned to the VLAN30 interface.
31
Which additional functionality is available on an interface when the
encapsulation is changed from HDLC to PPP?
flow control
error control
authentication
synchronous communication
32

Refer to the exhibit. A technician is teaching a trainee to interpret the
results of various Frame Relay troubleshooting commands. What
conclusion can be drawn from the output that is shown?
Neighboring routers should use DLCI 177 to reach the Branch router.
DLCI 177 will be used to identify all broadcasts that are sent out the Branch
router.
The Branch router has the address 192.168.3.1 configured for the S0/0/0
interface.
To reach 192.168.3.1, the Branch router will use the virtual circuit that is
identified by DLCI 177.
33

Refer to the exhibit. The corporate network that is shown has been
assigned network 172.16.128.0/19 for use at branch office LANs. If VLSM
is used, what mask should be used for addressing hosts at Branch4 with
minimal waste from unused addresses?
/19
/20
/21
/22
/23
/24
34
A network administrator uses the 3DES algorithm to encrypt traffic that
crosses a VPN. Which VPN characteristic is being configured?
authentication
authorization
data integrity
data confidentiality
35
Which statement is true about wildcard masks?
A wildcard mask must be created by inverting the subnet mask.
A wildcard mask performs the same function as a subnet mask.
A wildcard mask of 0.0.0.0 means the address should match exactly.
A wildcard mask uses a 1 to identify IP address bits that must be checked.
36

Refer to the exhibit. What statement is true about the core router devices?
They use multiport internetworking devices to switch traffic such as Frame
Relay, ATM, or X.25 over the WAN.
They provide internetworking and WAN access interface ports that are used to
connect to the service provider network.
They provide termination for the digital signal and ensure connection integrity
through error correction and line monitoring.
They support multiple telecommunications interfaces of the highest speed and
are able to forward IP packets at full speed on all of those interfaces.
37
When NAT is in use, what is used to determine the addresses that can be
translated on a Cisco router?
access control list
routing protocol
inbound interface
ARP cache
38
A network administrator is instructing a technician on best practices for
applying ACLs. Which suggestion should the administrator provide?
Named ACLs are less efficient than numbered ACLs.
Standard ACLs should be applied closest to the core layer.
ACLs applied to outbound interfaces are the most efficient.
Extended ACLs should be applied closest to the source that is specified by the
ACL.
39
Which IP address and wildcard mask combination can be used in an ACL
statement to match the 172.16.0.0/30 network?
172.16.0.0 0.0.0.1
172.16.0.0 0.0.0.3
172.16.0.0 0.0.0.7
172.16.0.0 255.255.255.252
40
When configuring a Frame Relay connection, what is the purpose of
Inverse ARP?
to assign a DLCI to a remote peer
to disable peer requests from determining local Layer 3 addresses
to negotiate LMI encapsulations between local and remote Frame Relay peers
to create a mapping of DLCI to Layer 3 addresses that belong to remote peers
41
Which security solution has the responsibility of monitoring suspicious
processes that are running on a host and that might indicate infection of
Trojan horse applications?
antivirus application
operating system patches
intrusion prevention system
Cisco Adaptive Security Appliance
42
What is the function of an intrusion detection system on a network?
to restrict access to only authorized users
to detect attacks against a network and send logs to a management console
to prevents attack against the network and provide active defense mechanisms
to detect and prevent most viruses and many Trojan horse applications from
spreading in the network
43
Which statement about a VPN is true?
VPN link establishment and maintenance is provided by LCP.
DLCI addresses are used to identify each end of the VPN tunnel.
VPNs use virtual Layer 3 connections that are routed through the Internet.
Only IP packets can be encapsulated by a VPN for tunneling through the
Internet.
44
An administrator learns of an e-mail that has been received by a number
of users in the company. This e-mail appears to come from the office of
the administrator. The e-mail asks the users to confirm their account and
password information. Which type of security threat does this e-mail
represent?
cracking
phishing
phreaking
spamming
45

Refer to the exhibit. An ACL called Managers already exists on this router.
What happens if the network administrator issues the commands as
shown in the exhibit?
The commands are added to the end of the existing ACL.
The existing Managers ACL will be overwritten by the new ACL.
The router will output an error message and no changes will be made.
A duplicate Managers ACL will be created that will contain only the new
commands.
46
Which encapsulation protocol when deployed on a Cisco router over a
serial interface is only compatible with another Cisco router?
PPP
SLIP
HDLC
Frame Relay
47
What name is given to the location where a customer network interfaces
with a network that is owned by another organization?
CPE
DCE
local loop
demarcation point
48

Refer to the exhibit. Which option displays the correct ACL that would
need to be applied inbound on the S0/0/0 interface on R2 in order to
permit any type of network traffic and block all FTP traffic coming from
hosts on the 172.16.10.0/24 network going to the Internet?

49

Refer to the exhibit. A network administrator is trying to backup the IOS
software on R1 to the TFTP server. He receives the error message that is
shown in the exhibit, and cannot ping the TFTP server from R1. What is an
action that can help to isolate this problem?
Use correct source file name in the command.
Verify that the TFTP server software is running.
Make sure that there is enough room on the TFTP server for the backup.
Check that R1 has a route to the network where the TFTP server resides.
50
A network administrator has changed the VLAN configurations on his
network switches over the past weekend. How can the administrator
determine if the additions and changes improved performance and
availability on the company intranet?
Conduct a performance test and compare with the baseline that was
established previously.
Interview departmental secretaries and determine if they think load time for web
pages has improved.
Determine performance on the intranet by monitoring load times of company
web pages from remote sites.
Compare the hit counts on the company web server for the current week to the
values that were recorded in previous weeks.
51
Which characteristic of VPN technology prevents the contents of data
communications from being read by unauthorized parties?
QoS
latency
reliability
confidentiality
52
Which configuration on the vty lines provides the best security measure
for network administrators to remotely access the core routers at
headquarters?






Which two statements are true about creating and applying access lists? (Choose two.)

There is an implicit deny at the end of all access lists.

One access list per port, per protocol, per direction is permitted.


Access list entries should filter in the order from general to specific.

The term "inbound" refers to traffic that enters the network from the router interface where the ACL
is applied.

Standard ACLs should be applied closest to the source while extended ACLs should be applied
closest to the destination.
8 Refer to the exhibit. Based on the output as shown, which two statements correctly define how the
router will treat Telnet traffic that comes into interface FastEthernet 0/1? (Choose two).

Telnet to 172.16.10.0/24 is denied.

Telnet to 172.16.20.0/24 is denied.

Telnet to 172.16.0.0/24 is permitted.

Telnet to 172.16.10.0/24 is permitted.

Telnet to 172.16.20.0/24 is permitted.

11 Refer to the exhibit. A technician issues the show interface s0/0/0 command on R1 while
troubleshooting a network problem. What two conclusions can be determined by from the output
shown? (Choose two.)

The bandwidth has been set to the value of a T1 line.

This interface should be configured for PPP encapsulation.

There is no failure indicated in an OSI Layer 1 or Layer 2.

The physical connection between the two routers has failed.

The IP address of S0/0/0 is invalid, given the subnet mask being used.
14 A company is looking for a WAN solution to connect its headquarters site to four remote sites. What
are two advantages that dedicated leased lines provide compared to a shared Frame Relay solution?
(Choose two.)

reduced jitter

reduced costs

reduced latency

the ability to burst above guaranteed bandwidth

the ability to borrow unused bandwidth from the leased lines of other customers
50 Which three physical network problems should be checked when a bottom-up troubleshooting
approach has been chosen to troubleshoot network performance? (Choose three.)

cable connectivity

high collision counts

STP failures and loops

address mapping errors

high CPU utilization rates

excess packets that are filtered by the firewall

Question 1:
A network administrator determines that falsified routing information is
propagating through the network. What action can be used to address this
threat?
Update the IOS images.
Change console passwords.
Employ end-user authentication.
Configure routing protocol authentication.
Question 2:

Refer to the exhibit. A host connected to Fa0/0 is unable to acquire an IP
address from this DHCP server. The output of the debug ip dhcp
server command shows "DHCPD: there is no address pool for 192.168.1.1".
What is the problem?
The 192.168.1.1 address has not been excluded from the DHCP pool.
The pool of addresses for the 192Network pool is incorrect.
The default router for the 192Network pool is incorrect.
The 192.168.1.1 address is already configured on Fa0/0.

Question 3:
Which statement is true about wildcard masks?
Inverting the subnet mask will always create the wildcard mask.
The wildcard mask performs the same function as a subnet mask.
A network or subnet bit is identified by a "1" in the wildcard mask.
IP address bits that must be checked are identified by a "0" in the wildcard
mask.

Question 4:

Refer to the exhibit. Router RT is not receiving routing updates from router RTA.
What is causing the problem?
The ip rip authentication key-chain command specifies exam rather than test.
The name of the keystring is not the name of the neighboring router.
The key chains are given the same name on both routers.
The passive-interface command was issued for RTA.
Question 5:
What are two major characteristics of a worm? (Choose two.)
exploits known vulnerabilities
attaches itself to another program
executed by a predefined time or event
masquerades as an accepted program
copies itself to the host and selects new targets
Question 6:
Which two protocols in combination should be used to establish a link with
secure authentication between a Cisco and a non-Cisco router? (Choose two.)
HDLC
PPP
SLIP
PAP
CHAP
Question 7:
At what physical location does the responsibilty for a WAN connection change
from the user to the service provider?
demilitarized zone (DMZ)
demarcation point
local loop
cloud
Question 8:
A light manufacturing company wishes to replace its DSL service with a non-
line-of-sight broadband wireless solution that offers comparable speeds. Which
solution should the customer choose?
Wi-Fi
satellite
WiMAX
Metro Ethernet
Question 9:

Refer to the exhibit. The corporate network that is shown has been assigned
network 172.16.128.0/19 for use at branch office LANs. If VLSM is used, what
mask should be used for addressing hosts at Branch4 with minimal waste from
unused addresses?
/19
/20
/21
/22
/23
/24
Question 10:

Refer to the exhibit. From the output of the show
interfaces and ping commands, at which layer of the OSI model is a fault
indicated?
application
transport
network
data link
physical
Question 11:
When NAT is in use, what is used to determine the addresses that can be
translated on a Cisco router?
access control list
routing protocol
inbound interface
ARP cache
Question 12:

Refer to the exhibit. Which VLAN will carry untagged traffic on FastEthernet
0/1?
VLAN 1
VLAN 2
VLAN 11
VLAN 12
VLAN 30
VLAN 999
Question 13:
An issue of response time has recently arisen on an application server. The
new release of a software package has also been installed on the server. The
configuration of the network has changed recently. To identify the problem,
individuals from both teams responsible for the recent changes begin to
investigate the source of the problem. Which statement applies to this situation?
Scheduling will be easy if the network and software teams work independently.
It will be difficult to isolate the problem if two teams are implementing changes
independently.
Results from changes will be easier to reconcile and document if each team
works in isolation.
Only results from the software package should be tested as the network is
designed to accommodate the proposed software platform.
Question 14:
While configuring a router using RIPng and dual-stack technology with IPv4 and
IPv6, the administrator receives an error message when inputting IPv4 routes.
What could cause the error message?
IPv4 is not compatible with RIPng
RIPng is incompatible with dual-stack technology.
The router interfaces have been configured with incorrect addresses.
When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses
are shut down in favor of the newer technology.
Question 15:

Refer to the exhibit. RIPv2 has been configured on all routers in the network.
Routers R1 and R3 have not received any RIP routing updates. What will fix the
issue?
Enable RIP authentication on R2.
Issue the ip directed-broadcast command on R2.
Change the subnet masks to 10.11.12.0/8 and 172.16.40.0/16 on R2.
Enable CDP on R2 so that the other routers will receive routing updates.
Question 16:
What is the result when the command permit tcp 10.25.132.0 0.0.0.255 any eq
smtpis added to a named access control list and applied on the inbound
interface of a router?
TCP traffic with a destination to the 10.25.132.0/24 is permitted.
Only Telnet traffic is permitted to the 10.24.132.0/24 network
Traffic from 10.25.132.0/24 is permitted to anywhere on using any port.
Traffic using port 25 from the 10.25.132.0/24 is permitted to all destinations.
Question 17:

Refer to the exhibit. Which statement correctly describes how Router1
processes an FTP request packet that enters interface S0/0/0, and is destined
for an FTP server at IP address 172.16.1.5?
The router matches the incoming packet to the statement that is created
by access-list 201 permit ip any any command and allows the packet into the
router.
The router reaches the end of ACL 101 without matching a condition and drops
the packet because there is no statement that was created by access-list 101
permit ip any any command.
The router matches the incoming packet to the statement that was created by
theaccess-list 101 permit ip any 172.16.1.0 0.0.0.255 command, ignores the
remaining statements in ACL 101, and allows the packet into the router.
The router matches the incoming packet to the statement that was created by
theaccess-list 201 deny icmp 172.16.1.0 0.0.0.255 any command, continues
comparing the packet to the remaining statements in ACL 201 to ensure that no
subsequent statements allow FTP, and then the router drops the packet.
Question 18:

Refer to the exhibit. A network administrator is considering updating the IOS on
Router1. What version of IOS is currently installed on Router1?
1
12.4
15
1841
Question 19:

Refer to the exhibit. A network administrator is attempting to configure a Frame
Relay network. The administrator enters the commands as shown in the exhibit
on R2, but the Frame Relay PVCs are inactive. What is the problem?
The incorrect DLCI numbers are being configured on R2.
The S0/0/0 interface on R2 needs to be point-to-point.
The frame-relay map commands are missing the cisco keyword at the end.
A single router interface cannot connect to more than one Frame Relay peer at
a time.
Question 20:

Refer to the exhibit. Which data transmission technology is being represented?
TDM
PPP
HDLC
SLIP
Question 21:

Refer to the exhibit. Which configuration command would result in the output in
the exhibit?
ip nat inside source static 10.1.200.254 172.16.76.3
ip nat inside source static 10.1.200.254 192.168.0.10
ip nat inside source static 172.16.76.3 10.1.200.254
ip nat inside source static 172.16.76.3 192.168.0.10
ip nat inside source static 192.168.0.10 172.16.76.3
ip nat inside source static 192.168.0.10 10.1.200.254
Question 22:

Refer to the exhibit. A technician is teaching a trainee to interpret the results of
various Frame Relay troubleshooting commands. What conclusion can be
drawn from the output that is shown?
Neighboring routers should use DLCI 177 to reach the Branch router.
DLCI 177 will be used to identify all broadcasts that are sent out the Branch
router.
The Branch router has the address 192.168.3.1 configured for the S0/0/0
interface.
To reach 192.168.3.1, the Branch router will use the virtual circuit that is
identified by DLCI 177.
Question 23:
At what point in the PPP connection process does the authentication phase
occur?
after NCP establishes Layer 3 parameters
before LCP begins the link establishment process
after the initial Configure-Request message from the link initiator
after the link initiator receives a Configure-Ack message from the responder
Question 24:

Refer to the exhibit. Communication between two peers has failed. Based on
the output that is shown, what is the most likely cause?
interface reset
unplugged cable
improper LMI type
PPP negotiation failure
Question 25:

Refer to the exhibit. A Cisco router, R1, and a non-Cisco router, R2, were able
to communicate successfully using Frame Relay before they were removed
from production. An administrator decided to reuse R1 and R2 for another
purpose by implementing a direct connection between the two routers, but the
Frame Relay configurations were saved. When Frame Relay encapsulation is
removed from both routers the connection fails. What will correct the problem?
Configure both routers to use PPP encapsulation.
Clear the frame maps on both routers and reboot.
Set up a routing protocol to communicate between the two routers.
Configure both routers to use HDLC encapsulation and remove the bandwidth
statements.
Question 26:
Where will a router operating system image be copied after the copy flash:
tftpcommand is issued?
flash
DRAM
NVRAM
remote server
Question 27:
Which data link layer encapsulation protocol is used by default for serial
connections between two Cisco routers?
ATM
Frame Relay
HDLC
PPP
SDLC
Question 28:

Refer to the exhibit. An ACL called Managers already exists on this router. What
happens if the network administrator issues the commands as shown in the
exhibit?
The commands are added to the end of the existing ACL.
The existing Managers ACL will be overwritten by the new ACL.
The router will output an error message and no changes will be made.
A duplicate Managers ACL will be created that will contain only the new
commands.
Question 29:
Which statement about a VPN is true?
VPN link establishment and maintenance is provided by LCP.
DLCI addresses are used to identify each end of the VPN tunnel.
VPNs use virtual Layer 3 connections that are routed through the Internet.
Only IP packets can be encapsulated by a VPN for tunneling through the
Internet.
Question 30:
Which type of device is located at the central office of a carrier and combines
individual DSL connections from multiple users into one high-capacity link to the
Internet?
splitter
DSLAM
microfilter
transceiver
layer 3 switch
Question 31:
Which three guidelines would help contribute to creating a strong password
policy? (Choose three.)
Once a good password is created, do not change it.
Deliberately misspell words when creating passwords.
Create passwords that are at least 8 characters in length.
Use combinations of upper case, lower case, and special characters.
Write passwords in locations that can be easily retrieved to avoid being locked
out.
Use long words found in the dictionary to make passwords that are easy to
remember.
Question 32:
What are the symptoms when the s0/0/0 interface on a router is attached to an
operational CSU/DSU that is generating a clock signal, but the far end router on
the point-to-point link has not been activated?
show controllers indicates cable type DCE V.35. show interfaces
s0/0/0 indicates serial down, line protocol down.
show controllers indicates cable type DCE V.35. show interfaces
s0/0/0 indicates serial up, line protocol down.
show controllers indicates cable type DTE V.35. show interfaces
s0/0/0 indicates serial up, line protocol down.
show controllers indicates cable type DTE V.35. show interfaces
s0/0/0 indicates serial down, line protocol down.
Question 33:
Which Frame Relay flow control mechanism is used to signal routers that they
should reduce the flow rate of frames?
DE
BE
CIR
FECN
CBIR
Question 34:
When implementing a dynamic ACL, why is it necessary to include an extended
ACL as part of the configuration process?
to disable the router vty lines
to reduce the dynamic ACL filtering load
to override any previous ACL that might be applied to the router
to provide a controlled situation of allowing traffic through a router
Question 35:

Refer to the exhibit. The link between the CTRL and BR_1 routers is configured
as shown in the exhibit. Why are the routers unable to establish a PPP
session?
The clock rate must be 56000.
The usernames are misconfigured.
The IP addresses are on different subnets.
The clock rate is configured on the wrong end of the link.
The CHAP passwords must be different on the two routers.
Interface serial 0/0/0 on CTRL must connect to interface serial 0/0/1 on BR_1.
Question 36:
What is tunneling?
using digital certificates to ensure that data endpoints are authentic
creating a hash to ensure the integrity of data as it traverses a network
using alternate paths to avoid access control lists and bypass security
measures
encapsulating an entire packet within another packet for transmission over a
network
Question 37:

Refer to the exhibit. Headquarters is connected through the Internet to branch
office A and branch office B. Which WAN technology would be best suited to
provide secure connectivity between headquarters and both branch offices?
ATM
VPN
ISDN
Frame Relay
broadband DSL
Question 38:

Refer to the exhibit. A packet is being sent from Host A to Host B through the
VPN tunnel between R1 and R3. When the packet first arrives at R3, what are
the source and destination IP addresses of the packet?
Source 192.168.1.2 - Destination 192.168.4.2
Source 192.168.3.1 - Destination 192.168.3.2
Source 192.168.2.1 - Destination 192.168.3.2
Source 192.168.3.1 - Destination 192.168.4.2
Question 39:

Refer to the exhibit. Company ABC expanded its business and recently opened
a new branch office in another country. IPv6 addresses have been used for the
company network. The data servers Server1 and Server2 run applications
which require end-to-end functionality, with unmodified packets that are
forwarded from the source to the destination. The edge routers R1 and R2
support dual stack configuration. What solution should be deployed at the edge
of the company network in order to successfully interconnect both offices?
a new WAN service supporting only IPv6
NAT overload to map inside IPv6 addresses to outside IPv4 address
a manually configured IPv6 tunnel between the edge routers R1 and R2
static NAT to map inside IPv6 addresses of the servers to an outside IPv4
address and dynamic NAT for the rest of the inside IPv6 addresses
Question 40:
What function does NCP perform in the establishment of a PPP session?
It opens the connections and negotiates configuration options.
It completes the specific configuration of the network layer protocol that is being
used.
It tests the link to determine whether the link quality is sufficient to bring up
network layer protocols.
It provides automatic configuration of the interfaces at each end including
detecting common configuration errors.
Question 41

Refer to the exhibit. Results of the show vlan and show vtp status commands
for switches S1 and S2 are displayed in the exhibit. VLAN 11 was created on
S1. Why is VLAN 11 missing from S2?
There is a Layer 2 loop.
The VTP domain names do not match.
Only one switch can be in server mode.
S2 has a higher spanning-tree priority for VLAN 11 than S1 does.
Question 42:
A network administrator has changed the VLAN configurations on his network
switches over the past weekend. How can the administrator determine if the
additions and changes improved performance and availability on the company
intranet?
Conduct a performance test and compare with the baseline that was
established previously.
Interview departmental secretaries and determine if they think load time for web
pages has improved.
Determine performance on the intranet by monitoring load times of company
web pages from remote sites.
Compare the hit counts on the company web server for the current week to the
values that were recorded in previous weeks.
Question 43:
Technicians from Company A and Company B are comparing DSL transfer
rates at their respective companies. Both companies are in the same city, use
the same service provider, and have the same rate/service plan. Company A,
however, reports higher download speeds than Company B. Which option best
explains the reason for Company A having the higher download speeds?
Company A only uses microfilters on branch locations.
Company B has a higher volume of POTS voice traffic than does Company A.
Company B shares the connection to the DSLAM with a larger number of clients
than Company A shares.
The length of the local loop between Company A and the CO is shorter than the
length of the local loop between Company B and CO.
Question 44:

Refer to the exhibit. A network administrator has issued the commands that are
shown on Router1 and Router2. A later review of the routing tables reveals that
neither router is learning the LAN network of the neighbor router. What is most
likely the problem with the RIPng configuration?
The serial interfaces are in different subnets.
The RIPng process is not enabled on interfaces.
The RIPng network command is not configured.
The RIPng processes do not match between Router1 and Router2.
Question 45:
A network administrator is instructing a technician on best practices for applying
ACLs. Which two suggestions should the administrator provide? (Choose two.)
Named ACLs are less efficient than numbered ACLs.
Standard ACLs should be applied inside the core layer.
Place standard ACLs as close to the destination as possible.
ACLs applied to outbound interfaces require fewer router resources.
Extended ACLs should be applied closest to the source that is specified by the
ACL.
Question 46:
Which two statements are true about creating and applying access lists?
(Choose two.)
One access list per port, per protocol, per direction is permitted.
Access list entries should filter in the order from general to specific.
Statements are processed sequentially from top to bottom until a match is
found.
The term "inbound" refers to traffic entering the network from the router
interface where the ACL is applied.
Standard ACLs should be applied closest to the source while extended ACLs
should be applied closest to the destination.
Question 47:

Refer to the exhibit. Computers on the internal network need access to all
servers in the external network. The only traffic that is permitted from the
external network must be responses to requests that are initiated on the internal
network. Which security measure would satisfy this requirement?
a numbered extended ACL
a named standard ACL
a reflexive ACL
a dynamic ACL
Question 48:

Refer to the exhibit. What is placed in the address field in the header of a frame
that will travel from the San Jose router to the DC router?
DLCI 103
DLCI 301
172.16.1.18
172.16.1.19
Question 49:
An administrator is unable to receive e-mail. While troubleshooting the problem,
the administrator is able to ping the local mail server IP address successfully
from a remote network and can successfully resolve the mail server name to an
IP address via the use of the nslookup command. At what OSI layer is the
problem most likely to be found?
physical layer
data link layer
network layer
application layer
Question 50:
Which security solution has the responsibility of monitoring suspicious
processes that are running on a host and that might indicate infection of Trojan
horse applications?
antivirus application
operating system patches
intrusion prevention system
Cisco Adaptive Security Appliance





What are two main components of data confidentiality? (Choose two.)
checksum
digital certificates
encapsulation
encryption
hashing
2. Which network component has the primary function of detecting and
logging attacks made against the network?
Cisco Security Agent
antivirus software scanner
intrusion detection system
intrusion prevention system

3.Refer to the exhibit. A network administrator has issued the commands
that are shown on Router1 and Router2. A later review of the routing
tables reveals that neither router is learning the LAN network of the
neighbor router. What is most likely the problem with the RIPng
configuration?
The serial interfaces are in different subnets.
The RIPng process is not enabled on interfaces.
The RIPng network command is not configured.
The RIPng processes do not match between Router1 and Router2
4. Which three guidelines would help contribute to creating a strong
password policy? (Choose three.)
Once a good password is created, do not change it.
Deliberately misspell words when creating passwords.
Create passwords that are at least 8 characters in length.
Use combinations of upper case, lower case, and special characters.
Write passwords in locations that can be easily retrieved to avoid being locked
out.
Use long words found in the dictionary to make passwords that are easy to
remember

5.Refer to the exhibit. Headquarters is connected through the Internet to
branch office A and branch office B. Which WAN technology would be
best suited to provide secure connectivity between headquarters and both
branch offices?
ATM
VPN
ISDN
Frame Relay
broadband DSL
6. Which combination of authentication and Layer 2 protocol should be
used to establish a link between a Cisco and a non-Cisco router without
sending authentication information in plain text?
CHAP and HDLC
CHAP and PPP
PAP and HDLC
PAP and PPP
7. A technician is talking to a colleague at a rival company and comparing
DSL transfer rates between the two companies. Both companies are in the
same city, use the same service provider, and have the same rate/service
plan. What is the explanation for why company 1 reports higher download
speeds than company 2 reports?
Company 2 downloads larger files than company 1 downloads.
Company 2 must share the connection to the DSLAM with more clients than
company 1 shares.
Company 1 is closer to the service provider than is company 2.
Company 1 has a lower volume of POTS traffic than company 2 has.
8. An administrator is configuring a dual stack router with IPv6 and IPv4
using RIPng. The administrator receives an error message when trying to
enter the IPv4 routes into RIPng. What is the cause of the problem?
When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses
are over-written in favor of the newer technology.
Incorrect IPv4 addresses are entered on the router interfaces.
RIPng is incompatible with dual-stack technology.
IPv4 is incompatible with RIPng.
9. What component of VPN technology combines message text with a key
to make the message unreadable by unauthorized receivers?
message hash
user password
RSA signature
encryption algorithm
10. Which variable is permitted or denied by a standard access control
list?
protocol type
source IP address
source MAC address
destination IP address
destination MAC address
11. What name is given to the location where a customer network
interfaces with a network that is owned by another organization?
CPE
DCE
local loop
demarcation point
12. What will be the result of adding the command ip dhcp excluded-
address 10.10.4.1 10.10.4.5 to the configuration of a local router that has
been configured as a DHCP server?
Traffic that is destined for 10.10.4.1 and 10.10.4.5 will be dropped by the router.
Traffic will not be routed from clients with addresses between 10.10.4.1 and
10.10.4.5.
The DHCP server will not issue the addresses ranging from 10.10.4.1 to
10.10.4.5.
The router will ignore all traffic that comes from the DHCP servers with
addresses 10.10.4.1 and 10.10.4.5
13. What functionality do access control lists provide when implementing
dynamic NAT on a Cisco router?
which addresses are allowed to be accessed from the inside network
which addresses are allowed out of the router
which addresses are assigned to a NAT pool
which addresses are to be translated
14. Which statement about a VPN is true?
VPN link establishment and maintenance is provided by LCP.
DLCI addresses are used to identify each end of the VPN tunnel.
VPNs use virtual Layer 3 connections that are routed through the Internet.
Only IP packets can be encapsulated by a VPN for tunneling through the
Internet
15. An administrator is unable to receive e-mail. While troubleshooting the
problem, the administrator is able to ping the local mail server IP address
successfully from a remote network and can also successfully ping using
the mail server name. At which layer of the OSI model is the problem most
likely to be found?
physical layer
network layer
data link layer
application layer
16. Which data link layer encapsulation protocol is used by default for
serial connections between two Cisco routers?
ATM
Frame Relay
HDLC
PPP
SDLC
17. A network administrator has changed the VLAN configurations on his
network switches over the past weekend. How can the administrator
determine if the additions and changes improved performance and
availability on the company intranet?
Conduct a performance test and compare with the baseline that was
established previously.
Interview departmental secretaries and determine if they think load time for web
pages has improved.
Determine performance on the intranet by monitoring load times of company
web pages from remote sites.
Compare the hit counts on the company web server for the current week to the
values that were recorded in previous weeks.
18. Which statement accurately describes a role that is played in
establishing a WAN connection?
ISDN and ATM are circuit-switched technologies that are used to establish on
demand a path through the service provider network.
Data link layer protocols like PPP and HDLC define how data is encapsulated
for transmission across a WAN link.
A packet-switching network establishes a dedicated circuit between nodes for
the duration of the communication session.
Frame Relay switches are normally considered to be customer premises
equipment (CPE) and are maintained by local administrators.
19. What is an accurate description of CHAP when used with PPP on a
serial connection between two routers?
A username and password are sent to the peer router, which replies with an
accept or reject message.
A username and password are sent to the peer router. If these match the
configuration in the peer, the peer in turn provides a username and password to
the initiating router.
A challenge message is sent to the peer router, which responds with its
username and a calculated value based on a shared secret. This value is then
compared by the challenger to its own calculations.
An encrypted password is sent to the peer router, which decrypts it and
compares it to a shared secret. If the decrypted passwords match, the peer
sends the encrypted password back to the initiating router.
20. Which technology is used to dynamically map next hop, network layer
addresses to virtual circuits in a Frame Relay network?
Inverse ARP
LMI
DLCI
21. A DHCP server is configured with a block of excluded addresses. What
two devices would be assigned static addresses from the excluded
address range? (Choose two.)
a protocol analyzer
DNS server for the network
network printer that is used by many different users
a laptop that will get a different address each time it boots up
22. Compared with IDS systems, what can IPS systems do to provide
further protection of computer systems?
detect potential attacks
stop the detected attack from executing
update OS patches for computer systems
scan computer systems for viruses and spyware
23. A company has its headquarters office in Dallas and five branch
offices located in New York, Chicago, Los Angeles, Seattle, and Atlanta.
WAN links are used for communications among offices in six sites. In
planning the WAN links, the network designer is given two requirements:
(1) minimize cost and (2) provide a certain level of WAN link reliability with
redundant links. Which topology should the network designer
recommend?
star
full mesh
hierarchical
partial mesh
24. An administrator issues the command show interfaces s0/1/0 on a
router that is configured for Frame Relay. Which console output may
indicate an LMI mismatch?
Serial0/1/0 is administratively down
Serial0/1/0 is up, line protocol is up
Serial0/1/0 is up, line protocol is down
Serial0/1/0 is down, line protocol is down
25. Which IP address and wildcard mask combination can be used in an
ACL statement to match the 172.16.0.0/30 network?
172.16.0.0 0.0.0.1
172.16.0.0 0.0.0.3
172.16.0.0 0.0.0.7
172.16.0.0 255.255.255.252
26. A company is looking for a WAN solution to connect its headquarters
site to four remote sites. What are two advantages that dedicated leased
lines provide compared to a shared Frame Relay solution? (Choose two.)
reduced jitter
reduced costs
reduced latency
the ability to burst above guaranteed bandwidth
the ability to borrow unused bandwidth from the leased lines of other customers
27. What function does LCP perform in the establishment of a PPP
session?
LCP brings the network layer protocols up and down.
It carries packets from several network layer protocols.
It encapsulates and negotiates options for IP and IPX.
It negotiates and sets up control options on the WAN data link.
28. An employee of XYZ corporation will begin working from home. The
employee has a choice of DSL or cable technology for WAN connectivity.
Which connectivity characteristic is accurately described?
Cable transfer rates are dependent on the length of the local loop.
DSL provides a high-speed connection over existing copper phone wires.
DSL download speeds are affected by high usage in the area.
DSL service shares the same frequency range as voice calls.
Cable connectivity usually requires new fiber installed for the local loop.
29. Which option represents a best practice for applying ACLs?
Named ACLs are less efficient than numbered ACLs.
Standard ACLs should be applied inside the core layer.
ACLs applied to outbound interfaces use fewer router resources.
Extended ACLs should be applied closest to the source that is specified by the
ACL.
30. While troubleshooting a problem with an e-mail server, an
administrator observes that the switch port used by the server shows up,
line protocol up. The administrator cannot ping the server. At which layer
of the OSI model is the problem most likely to be found?
application layer
network layer
data link layer
physical layer
31. Which two configurations must be completed before an RSA key can
be generated on a router? (Choose two.)
a hostname
a domain name
the SSH version
the SSH timeouts
local authentication on the VTY lines
32. What type of ACL can be used to force a user to authenticate to the
router before accessing a network?
standard
dynamic
reflexive
time-based
33. What is the result when the command security passwords min-length
8 is entered into a router?
All new passwords are required to be a minimum of 8 characters in length.
All current passwords are now required to be a minimum of 8 characters in
length.
Enable passwords must be at least 8 characters but line passwords are
unaffected.
Nothing will happen until the command service password-encryption is entered.
Then all future passwords must have a minimum of 8 characters.
34. Because of a remote-procedure call failure, a user is unable to access
an NFS server. At what layer of the TCP/IP model does this problem
occur?
network layer
data link layer
physical layer
application layer
35. What is the result when the command permit tcp 10.25.132.0 0.0.0.255
any eq smtp is added to a named access control list and applied on the
inbound interface of a router?
TCP traffic with a destination to the 10.25.132.0/24 is permitted.
Only Telnet traffic is permitted to the 10.24.132.0/24 network
Ttraffic from 10.25.132.0/24 is permitted to anywhere on using any port.
Traffic using port 25 from the 10.25.132.0/24 is permitted to all destinations.


36.Refer to the exhibit. R1 is performing NAT overload for the 10.1.1.0/24
inside network. Host A has sent a packet to the web server. What is the
destination IP address of the return packet from the web server?
10.1.1.2:1234
172.30.20.1:1234
172.30.20.1:3333
192.168.1.2:80

37.Refer to the exhibit. Communication between two peers has failed.
Based on the output that is shown, what is the most likely cause?
interface reset
unplugged cable
improper LMI type
PPP negotiation failure

38.Refer to the exhibit. Partial results of the show access-lists and show
ip interface FastEthernet 0/1 commands for router Router1 are shown.
There are no other ACLs in effect. Host A is unable to telnet to host B.
Which action will correct the problem but still restrict other traffic between
the two networks?
Apply the ACL in the inbound direction.
Apply the ACL on the FastEthernet 0/0 interface.
Reverse the order of the TCP protocol statements in the ACL.
Modify the second entry in the list to permit tcp host 172.16.10.10 any eq telnet
.

39.Refer to the exhibit. The link between the CTRL and BR_1 routers is
configured as shown in the exhibit. Why are the routers unable to
establish a PPP session?
The clock rate must be 56000.
The usernames are misconfigured.
The IP addresses are on different subnets.
The clock rate is configured on the wrong end of the link.
The CHAP passwords must be different on the two routers.
Interface serial 0/0/0 on CTRL must connect to interface serial 0/0/1 on BR_1.

40.Refer to the exhibit. A network administrator is trying to backup the
IOS software on R1 to the TFTP server. He receives the error message that
is shown in the exhibit, and cannot ping the TFTP server from R1. What is
an action that can help to isolate this problem?
Use correct source file name in the command.
Verify that the TFTP server software is running.
Make sure that there is enough room on the TFTP server for the backup.
Check that R1 has a route to the network where the TFTP server resides.

41.Refer to the exhibit. RIPv2 has been configured on all routers in the
network. Routers R1 and R3 have not received any RIP routing updates.
What will fix the issue?
Enable RIP authentication on R2.
Issue the ip directed-broadcast command on R2.
Change the subnet masks to 10.11.12.0/8 and 172.16.40.0/16 on R2.
Enable CDP on R2 so that the other routers will receive routing updates.

42.Refer to the exhibit. What is placed in the address field in the header of
a frame that will travel from the Orlando router to the DC router?
DLCI 123
DLCI 321
10.10.10.25
10.10.10.26
MAC address of the DC router

43.Refer to the exhibit. What is the meaning of the term dynamic in the
output of the command?
The bandwidth capability of the interface increases and decreases
automatically based on BECNs.
The Serial0/0/1 interface acquired 172.16.3.1 from a DHCP server.
The mapping between DLCI 100 and 172.16.3.1 was learned through Inverse
ARP.
DLCI 100 will automatically adapt to changes in the Frame Relay cloud.

44.Refer to the exhibit. A network administrator is trying to connect R1
remotely to make configuration changes. Based on the exhibited
command output, what will be the result when attempting to connect to
R1?
failure to connect due to Telnet not being enabled
failure to connect due to incomplete configuration for Telnet
a successful connection and ability to make configuration changes
a successful connection but inability to make configuration changes because of
the absence of an enable secret password


45.Refer to the exhibit. The corporate network that is shown has been
assigned network 172.16.128.0/19 for use at branch office LANs. If VLSM
is used, what mask should be used for addressing hosts at Branch4 with
minimal waste from unused addresses?
/19
/20
/21
/22
/23
/24


46.Refer to the exhibit. Every time the administrator reboots this router,
the boot process ends in setup mode. What is a possible problem?
There is insufficient RAM for the IOS to load on this router.
A password recovery process should be done on this router.
The bootstrap version and the version of the IOS are different.
The IOS image is damaged and must be reloaded using tftpdnld.
The configuration register is set to ignore the startup configuration


47.Refer to the exhibit. Users who are connected to R1 report that they are
unable to establish connectivity to the users who are connected to router
R2. A network administrator tests the link with the debug ppp
authentication command. Based on the output shown, which statement
correctly defines the problem on the link?
R1 uses PAP as a method of authentication, and R2 uses CHAP.
R1 uses CHAP as a method of authentication, and R2 uses PAP.
R1 uses an incorrect user name or password for CHAP authentication.
R2 uses an incorrect user name or password for PAP authentication.


48.Refer to the exhibit. The network administrator creates a standard
access control list to prohibit traffic from the 192.168.1.0/24 network from
reaching the Internet. The access list must still permit the 192.168.1.0/24
network access to the 192.168.2.0 network. On which router interface and
in which direction should the access control list be applied?
interface Fa0/0, inbound
interface Fa0/0, outbound
interface S0/0/0, inbound
interface S0/0/0, outbound
49. Refer to the exhibit. A host connected to Fa0/0 is unable to acquire an
IP address from the DHCP server. The output of the debug ip dhcp server
command shows DHCPD: there is no address pool for 192.168.3.17.
What is the problem?
The address 192.168.3.17 address is already in use by Fa0/0.
The pool of addresses for the 192Network pool is configured incorrectly.
The ip helper-address command should be used on the Fa0/0 interface.
The 192.168.3.17 address has not been excluded from the 192Network pool.


50. Refer to the exhibit. Which VLAN will carry untagged traffic on
FastEthernet 0/1?
VLAN 1
VLAN 2
VLAN 11
VLAN 12
VLAN 30
VLAN 999









1.Refer to the exhibit. Communication between two peers has failed.
Based on the output that is shown, what is the most likely cause?
interface reset
unplugged cable
improper LMI type
PPP negotiation failure


2. Refer to the exhibit. A network administrator is tasked with completing
the Frame Relay topology that interconnects two remote sites. How
should the point-to-point subinterfaces be configured on HQ to complete
the topology?
frame-relay interface-dlci 103 on Serial 0/0/0.1
frame-relay interface-dlci 203 on Serial 0/0/0.2
frame-relay interface-dlci 301 on Serial 0/0/0.1
frame-relay interface-dlci 302 on Serial 0/0/0.2
frame-relay map ip 192.168.1.1 103 broadcast on Serial 0/0/0.1
frame-relay map ip 192.168.2.2 203 broadcast on Serial 0/0/0.2
frame-relay map ip 192.168.1.1 301 broadcast on Serial 0/0/0.1
frame-relay map ip 192.168.2.2 302 broadcast on Serial 0/0/0.2
3. Which data link layer encapsulation protocol is used by default for
serial connections between two Cisco routers?
ATM
Frame Relay
HDLC
PPP
SDLC


4. Refer to the exhibit. Company ABC expanded its business and recently
opened a new branch office in another country. IPv6 addresses have been
used for the company network. The data servers Server1 and Server2 run
applications which require end-to-end functionality, with unmodified
packets that are forwarded from the source to the destination. The edge
routers R1 and R2 support dual stack configuration. What solution should
be deployed at the edge of the company network in order to successfully
interconnect both offices?
a new WAN service supporting only IPv6
NAT overload to map inside IPv6 addresses to outside IPv4 address
a manually configured IPv6 tunnel between the edge routers R1 and R2
static NAT to map inside IPv6 addresses of the servers to an outside IPv4
ddress and dynamic NAT for the rest of the inside IPv6 addresses

5. Which variable is permitted or denied by a standard access control list?
protocol type
source IP address
source MAC address
destination IP address
destination MAC address


6. Refer to the exhibit. The link between the CTRL and BR_1 routers is
configured as shown in the exhibit. Why are the routers unable to
establish a PPP session?
The clock rate must be 56000.
The usernames are misconfigured.
The IP addresses are on different subnets.
The clock rate is configured on the wrong end of the link.
The CHAP passwords must be different on the two routers.
Interface serial 0/0/0 on CTRL must connect to interface serial 0/0/1 on BR_1.

7. Which three statements accurately describe a security policy? (Choose
three.)
It creates a basis for legal action if necessary.
It defines a process for managing security violations.
It defines acceptable and unacceptable use of network resources.
The remote access policy is a component of the security policy that governs
acceptable use of e-mail systems.
It is kept private from users to prevent the possibility of circumventing security
measures.
It provides step-by-step procedures to harden routers and other network
devices.

8. A network administrator has changed the VLAN configurations on his
network switches over the past weekend. How can the administrator
determine if the additions and changes improved performance and
availability on the company intranet?
Conduct a performance test and compare with the baseline that was
established previously.
Interview departmental secretaries and determine if they think load time for web
pages has improved.
Determine performance on the intranet by monitoring load times of company
web pages from remote sites.
Compare the hit counts on the company web server for the current week to the
values that were recorded in previous weeks.


9.Refer to the exhibit. Headquarters is connected through the Internet to
branch office A and branch office B. Which WAN technology would be
best suited to provide secure connectivity between headquarters and both
branch offices?
ATM
VPN
ISDN
Frame Relay
broadband DSL

10. Which statement about a VPN is true?
VPN link establishment and maintenance is provided by LCP.
DLCI addresses are used to identify each end of the VPN tunnel.
VPNs use virtual Layer 3 connections that are routed through the Internet.
Only IP packets can be encapsulated by a VPN for tunneling through the
Internet.

11. A company is deciding which WAN connection type it should
implement between its main office and branch offices. The company
wants to use a cost-effective service that provides virtual circuits between
each office. The company also wants to be able to transmit variable-length
packets on these circuits. Which solution best meets these requirements?
ATM
HDLC
ISDN
Frame Relay

12. A technician is talking to a colleague at a rival company and
comparing DSL transfer rates between the two companies. Both
companies are in the same city, use the same service provider, and have
the same rate/service plan. What is the explanation for why company 1
reports higher download speeds than company 2 reports?
Company 1 only uses microfilters at branch locations.
Company 1 has a lower volume of POTS traffic than company 2 has.
Company 2 is located farther from the service provider than company 1 is.
Company 2 shares the connection to the DSLAM with more clients than
company 1 shares with.



13. Refer to the exhibit. What is placed in the address field in the header of
a frame that will travel from the DC router to the Orlando router?
DLCI 123
DLCI 321
10.10.10.25
10.10.10.26
MAC address of the Orlando router



14. Refer to the exhibit. This router is being configured to use SDM, but
the SDM interface of the router cannot be accessed. What is the cause of
the problem?
The VTY lines are not configured correctly.
The HTTP timeout policy is not configured correctly.
The authentication method is not configured correctly.
The username and password are not configured correctly.

15. Which two devices can be used by teleworkers who need to connect to
the company network across the PSTN for a few hours a day? (Choose
two.)
router
CSU/DSU
DSL modem
cable modem
access server
dialup modem

16. An administrator is configuring a dual stack router with IPv6 and IPv4
using RIPng. The administrator receives an error message when trying to
enter the IPv4 routes into RIPng. What is the cause of the problem?
When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses
are over-written in favor of the newer technology.
Incorrect IPv4 addresses are entered on the router interfaces.
RIPng is incompatible with dual-stack technology.
IPv4 is incompatible with RIPng.

17. What is the function of an intrusion detection system on a network?
to restrict access to only authorized users
to detect attacks against a network and send logs to a management console
to prevents attack against the network and provide active defense mechanisms
to detect and prevent most viruses and many Trojan horse applications from
spreading in the network



18. Refer to the exhibit. All devices are configured as shown in the exhibit.
PC1 is unable to ping the default gateway. What is the cause of the
problem?
The default gateway is in the wrong subnet.
STP has blocked the port that PC1 is connected to.
Port Fa0/2 on S2 is assigned to the wrong VLAN.
S2 has the wrong IP address assigned to the VLAN30 interface.

19. When Frame Relay encapsulation is used, what feature provides flow
control and exchanges information about the status of virtual circuits?
LCP
LMI
DLCI
Inverse ARP

20. A system administrator must provide Internet connectivity for ten
hosts in a small remote office. The ISP has assigned two public IP
addresses to this remote office. How can the system administrator
configure the router to provide Internet access to all ten users at the same
time?
Configure DHCP and static NAT.
Configure dynamic NAT for ten users.
Configure static NAT for all ten users.
Configure dynamic NAT with overload.

21. A company is looking for a WAN solution to connect its headquarters
site to four remote sites. What are two advantages that dedicated leased
lines provide compared to a shared Frame Relay solution? (Choose two.)
reduced jitter
reduced costs
reduced latency
the ability to burst above guaranteed bandwidth
the ability to borrow unused bandwidth from the leased lines of other customers

22. What will be the result of adding the command ip dhcp excluded-
address 192.168.24.1 192.168.24.5 to the configuration of a local router
that has been configured as a DHCP server?
Traffic that is destined for 192.168.24.1 and 192.168.24.5 will be dropped by
the router.
Traffic will not be routed from clients with addresses between 192.168.24.1 and
192.168.24.5.
The DHCP server will not issue the addresses ranging from 192.168.24.1 to
192.168.24.5.
The router will ignore all traffic that comes from the DHCP servers with
addresses 192.168.24.1 and 192.168.24.5.



23. Refer to the exhibit. A host connected to Fa0/0 is unable to acquire an
IP address from the DHCP server. The output of the debug ip dhcp server
command shows DHCPD: there is no address pool for 192.168.3.17.
What is the problem?
The address 192.168.3.17 address is already in use by Fa0/0.
The pool of addresses for the 192Network pool is configured incorrectly.
The ip helper-address command should be used on the Fa0/0 interface.
The 192.168.3.17 address has not been excluded from the 192Network pool.



24. Refer to the exhibit. From the output of the show interfaces and ping
commands, at which layer of the OSI model is a fault indicated?
application
transport
network
data link
physical

25. What three questions can be answered using data gathered from a
baseline on a new network? (Choose three.)
Are areas of the network experiencing high error rates?
Will the disaster recovery procedures work correctly?
What parts of the network have the highest volume?
Does the organization require more network technicians?
How does the network perform during peak periods?
Are there any devices working at top capacity?
What networks are the most susceptible to security attacks?

26. Which type of ACL will permit traffic inbound into a private network
only if an outbound session has already been established between the
source and destination?
extended
reflexive
standard
time-based



27. Refer to the exhibit. R1 is performing NAT overload for the 10.1.1.0/24
inside network. Host A has sent a packet to Web Server. What is the
destination IP address of the return packet from Web Server when
received at R1?
10.1.1.2:80
10.1.1.2:1234
172.30.20.1:1234
172.30.20.1:3333

28. An administrator issues the command show interfaces s0/1/0 on a
router that is configured for Frame Relay. Which console output may
indicate an LMI mismatch?
Serial0/1/0 is administratively down
Serial0/1/0 is up, line protocol is up
Serial0/1/0 is up, line protocol is down
Serial0/1/0 is down, line protocol is down

29. A recently patched application server is experiencing response time
problems. The network on which the application server is located has
been experiencing occasional outages that the network team believes
may be related to recent routing changes. Network and application teams
have been notified to work on their respective issues. Which statement
applies to this situation?
Only results from the software package should be tested as the network is
designed to accommodate the proposed software platform.
Scheduling will be easy if the network and software teams work independently.
It will be difficult to isolate the problem if two teams are implementing changes
independently.
Results from changes will be easier to reconcile and document if each team
works in isolation.



30.Refer to the exhibit. Branch A has a non-Cisco router that is using IETF
encapsulation and Branch B has a Cisco router. After the commands that
are shown are entered, R1 and R2 fail to establish the PVC. The R2 LMI is
Cisco, and the R1 LMI is ANSI. The LMI is successfully established at both
locations. Why is the PVC failing?
The PVC to R1 must be point-to-point.
LMI types must match on each end of a PVC.
The frame relay PVCs cannot be established between Cisco and non-Cisco
routers.
The IETF parameter is missing from the frame-relay map ip 10.10.10.1 201
command



31. Refer to the exhibit. Which VLAN will carry untagged traffic on
FastEthernet 0/1?
VLAN 1
VLAN 2
VLAN 11
VLAN 12
VLAN 30
VLAN 999

32. What is an accurate description of CHAP when used with PPP on a
serial connection between two routers?
A username and password are sent to the peer router, which replies with an
accept or reject message.
A username and password are sent to the peer router. If these match the
configuration in the peer, the peer in turn provides a username and password to
the initiating router.
A challenge message is sent to the peer router, which responds with its
username and a calculated value based on a shared secret. This value is then
compared by the challenger to its own calculations.
An encrypted password is sent to the peer router, which decrypts it and
compares it to a shared secret. If the decrypted passwords match, the peer
sends the encrypted password back to the initiating router.

33. Where does a service provider assume responsibility from a customer
for a WAN connection?
local loop
DTE cable on router
demarcation point
demilitarized zone



34. Refer to the exhibit. An ACL called Managers already exists on this
router. What happens if the network administrator issues the commands
as shown in the exhibit?
The commands are added to the end of the existing ACL.
The existing Managers ACL will be overwritten by the new ACL.
The router will output an error message and no changes will be made.
A duplicate Managers ACL will be created that will contain only the new
commands.

35. Which statement is true about PAP in the authentication of a PPP
session?
PAP uses a two-way handshake.
The password is unique and random.
PAP conducts periodic password challenges.
PAP uses MD5 hashing to keep the password secure.

36. Which combination of Layer 2 protocol and authentication should be
used to establish a link without sending authentication information in
plain text between a Cisco and a non-Cisco router?
PPP with PAP
PPP with CHAP
HDLC with PAP
HDLC with CHAP

37. Which option correctly defines the capacity through the local loop
guaranteed to a customer by the service provider?
BE
DE
CIR
CBIR

38. Which wireless solution can provide mobile users with non line-of-
sight broadband Internet access at speeds comparable to DSL or cable?
Wi-Fi
WiMAX
satellite
Metro Ethernet



39. Refer to the exhibit. EIGRP has been configured as a routing protocol
on the network. Users on the 192.168.1.0/24 network should have full
access to the web server that is connected to 192.168.3.0/24 but should
not be allowed to telnet to router R3. Verifying the configuration, the
network administrator realizes that users on network 192.168.1.0/24 can
successfully telnet to the router. What should be done to remedy the
problem?
The ACL 101 statements 10 and 20 should be reversed.
The ACL 101 should be applied on R3 VTY lines 0 4 in the inbound direction.
The ACL 101 should be applied on R3 VTY lines 0 4 in the outbound direction.
The ACL 101 should be applied on R3 Serial0/0/1 interface in the outbound
direction.
The ACL 101 statement 10 should be changed to: permit ip 192.168.1.0
0.0.0.255 any

40. What does an access control list determine when used with NAT on a
Cisco router?
addresses that are to be translated
addresses that are assigned to a NAT pool
addresses that are allowed out of the router
addresses that are accessible from the inside network

41. Which IP address and wildcard mask combination can be used in an
ACL statement to match the 172.16.0.0/30 network?
172.16.0.0 0.0.0.1
172.16.0.0 0.0.0.3
172.16.0.0 0.0.0.7
172.16.0.0 255.255.255.252

42. Which security solution has the responsibility of monitoring
suspicious processes that are running on a host and that might indicate
infection of Trojan horse applications?
antivirus application
operating system patches
intrusion prevention system
Cisco Adaptive Security Appliance



43. Refer to the exhibit. A network administrator is trying to connect R1
remotely to make configuration changes. Based on the exhibited
command output, what will be the result when attempting to connect to
R1?
failure to connect due to Telnet not being enabled
failure to connect due to incomplete configuration for Telnet
a successful connection and ability to make configuration changes
a successful connection but inability to make configuration changes because of
the absence of an enable secret password



44. Refer to the exhibit. Results of the show vlan and show vtp status
commands for switches S1 and S2 are displayed in the exhibit. VLAN 11
was created on S1. Why is VLAN 11 missing from S2?
There is a Layer 2 loop.
The VTP domain names do not match.
Only one switch can be in server mode.
S2 has a higher spanning-tree priority for VLAN 11 than S1 does.

45. A technician has been asked to run the Cisco SDM one-step lockdown
on a customer router. What will be the result of this process?
Traffic is only accepted from and forwarded to SDM-trusted Cisco routers.
Security testing is performed and the results are saved as a text file stored in
NVRAM.
All traffic that enters the router is quarantined and checked for viruses before
being forwarded.
The router is tested for any potential security problems and all recommended
security-related configuration changes will be automatically applied.



46. Refer to the exhibit. Which data transmission technology is being
represented?
TDM
PPP
HDLC
SLIP

47. A network administrator is instructing a technician on best practices
for applying ACLs. Which two suggestions should the administrator
provide? (Choose two.)
Named ACLs are less efficient than numbered ACLs.
Standard ACLs should be applied inside the core layer.
Place standard ACLs as close to the destination as possible.
ACLs applied to outbound interfaces require fewer router resources.
Extended ACLs should be applied closest to the source that is specified by the
ACL.



48.Refer to the exhibit. Which configuration command would result in the
output in the exhibit?
ip nat inside source static 10.1.200.254 172.16.76.3
ip nat inside source static 10.1.200.254 192.168.0.10
ip nat inside source static 172.16.76.3 10.1.200.254
ip nat inside source static 172.16.76.3 192.168.0.10
ip nat inside source static 192.168.0.10 172.16.76.3
ip nat inside source static 192.168.0.10 10.1.200.254

49. What are three important reasons to establish a network baseline?
(Choose three.)
to determine the time it takes for the network to self recover from a failure
to determine which areas in the network are underutilized or overutilized
to determine the performance of the network during the normal hours of
operation
to determine what thresholds should be set for the devices that need to be
monitored
to determine the areas in the network which should not be included in the
monitoring process
to determine the number of users whose access to network resources should
be restricted

50. Which two statements are true about creating and applying access
lists? (Choose two.)
There is an implicit deny at the end of all access lists.
One access list per port, per protocol, per direction is permitted.
Access list entries should filter in the order from general to specific.
The term inbound refers to traffic that enters the network from the router
interface where the ACL is applied.
Standard ACLs should be applied closest to the source while extended ACLs
should be applied closest to the destination.


51. While troubleshooting a problem with an e-mail server, an
administrator observes that the switch port used by the server shows up,
line protocol up. The administrator cannot ping the server. At which layer
of the OSI model is the problem most likely to be found?
application layer
network layer
data link layer
physical layer



52. Refer to the exhibit. Router RT is not receiving routing updates from
router RTA. What is causing the problem?
The ip rip authentication key-chain command specifies exam rather than test.
The name of the keystring is not the name of the neighboring router.
The key chains are given the same name on both routers.
The passive-interface command was issued for RTA.

Which functions are provided by LCP and NCP as part of the PPP layered
architecture?
LCP sets up the PPP connection and its parameters. NCP terminates the PPP
connection.
LCP sets up the PPP connection and its parameters. NCP handles higher layer
protocol configurations.
LCP includes the link-establishment phase. NCP includes link-maintenance and
link-termination phases.
LCP negotiates options for multiple network layer protocols. NCP agrees
automatically on encapsulation formats.


2.Refer to the exhibit. EIGRP has been configured on routers R1 and R2.
Connectivity across the Frame Relay switch between routers R1 and R2 is
successfully verified using the ping command. However, no EIGRP routes
are appearing in the routing table. What could be a cause for this failure?
The Frame Relay switch has failed.
The frame-relay map statement is incorrect.
The S0/0/0 interface of router R1 is administratively down.
The S0/0/0 interface of router R2 has an incorrect IP address.


3.Refer to the exhibit. Results of the show vlan and show vtp status
commands for switches S1 and S2 are displayed in the exhibit. VLAN 11
was created on S1. Why is VLAN 11 missing from S2?
There is a Layer 2 loop.
The VTP domain names do not match.
Only one switch can be in server mode.
S2 has a higher spanning-tree priority for VLAN 11 than S1 does.



4.Refer to the exhibit. A network administrator is considering updating the
IOS on Router1. What version of IOS is currently installed on Router1?
1
12.4
15
1841


5.Refer to the exhibit. What is placed in the address field in the header of a
frame that will travel from the San Jose router to the DC router?
DLCI 103
DLCI 301
172.16.1.18
172.16.1.19


6. A company is looking for a WAN solution to connect its headquarters
site to four remote sites. What are two advantages that dedicated leased
lines provide compared to a shared Frame Relay solution? (Choose two.)
reduced jitter
reduced costs
reduced latency
the ability to burst above guaranteed bandwidth
the ability to borrow unused bandwidth from the leased lines of other customers



7.Refer to the exhibit. Partial results of the show access-lists and show ip
interface FastEthernet 0/1 commands for router Router1 are shown. There
are no other ACLs in effect. Host A is unable to telnet to host B. Which
action will correct the problem but still restrict other traffic between the
two networks?
Apply the ACL in the inbound direction.
Apply the ACL on the FastEthernet 0/0 interface.
Reverse the order of the TCP protocol statements in the ACL.
Modify the second entry in the list to permit tcp host 172.16.10.10 any eq
telnet .

8. Which combination of authentication and Layer 2 protocol should be
used to establish a link between a Cisco and a non-Cisco router without
sending authentication information in plain text?
CHAP and HDLC
CHAP and PPP
PAP and HDLC
PAP and PPP


9. Which statement is true about wildcard masks?
A wildcard mask must be created by inverting the subnet mask.
A wildcard mask performs the same function as a subnet mask.
A wildcard mask of 0.0.0.0 means the address should match exactly.
A wildcard mask uses a 1 to identify IP address bits that must be checked.


10.Refer to the exhibit. ACL 120 is configured to allow traffic coming from
192.168.10.0/24 network to go to any destination limited to ports 80 and
443. ACL 130 should allow only requested HTTP traffic to flow back into
the network. What additional configuration is needed in order for the
access lists to fulfill the requirements?

(1)



11.Refer to the exhibit. Communication between two peers has failed.
Based on the output that is shown, what is the most likely cause?
interface reset
unplugged cable
improper LMI type
PPP negotiation failure


12.Refer to the exhibit. Which statement about the configuration is true?
10.10.10.1 is most likely assigned to the local LAN interface.
10.10.10.1 through 10.10.10.255 is available to be assigned to users.
All DHCP clients looking for an IP address will use 10.10.10.1 and 10.10.10.2.
All DHCP clients in the 10.10.10.0/24 network will use 10.10.10.2 as the default
gateway.

13. Which statement is true about an interface that is configured with the
IPv6 address command?
IPv6 traffic-forwarding is enabled on the interface.
A link-local IPv6 address is automatically configured on the interface.
A global unicast IPv6 address is dynamically configured the interface.
Any IPv4 addresses that are assigned to the interface are replaced with an IPv6
address.



14.Refer to the exhibit. Which data transmission technology is being
represented?
TDM
PPP
HDLC
SLIP


15. Which statement is true about PAP in the authentication of a PPP
session?
PAP uses a two-way handshake.
The password is unique and random.
PAP conducts periodic password challenges.
PAP uses MD5 hashing to keep the password secure.

16. What can a network administrator do to recover from a lost router
password?
use the copy tftp: flash: command
boot the router to bootROM mode and enter the b command to load the IOS
manually
telnet from another router and issue the show running-config command to
view the password
boot the router to ROM monitor mode and configure the router to ignore the
startup configuration when it initializes


17. A system administrator must provide Internet connectivity for ten
hosts in a small remote office. The ISP has assigned two public IP
addresses to this remote office. How can the system administrator
configure the router to provide Internet access to all ten users at the same
time?
Configure static NAT.
Configure dynamic NAT.
Configure static NAT with overload.
Configure dynamic NAT with overload.


18. Which statement is true about the PPP authentication phase?
CHAP uses a 2-way handshake to exchange the credentials.
PAP can perform continuous authentication after a link is established.
CHAP sends an encrypted username and password during the authentication
process.
The authentication phase takes place before the NCP configuration phase
begins.



19.Refer to the exhibit. A network administrator is configuring Frame
Relay on router HQ. It is desired that each Frame Relay PVC between the
routers be in a separate subnet. Which two commands on HQ will
accomplish this task for the connection to R1? (Choose two.)
HQ(config)# interface S0/0/0
HQ(config)# interface S0/0/0.1 multipoint
HQ(config)# interface S0/0/0.1 point-to-point
HQ(config-subif)# frame-relay interface dlci 103
HQ(config-subif)# frame-relay interface dlci 301
HQ(config-if)# frame-relay map ip 172.16.1.1 255.255.255.0 301 broadcast


20. Which wildcard mask would specify all IP addresses from 192.168.8.0
through 192.168.15.255?
0.0.0.7
0.0.7.255
0.0.8.255
0.0.15.255
0.0.255.255


21.Refer to the exhibit. WestSW is supposed to send VLAN information to
EastSW, but that did not occur. What will force WestSW to send a VLAN
update to EastSW?
Change EastSW to be a VTP server.
Reload both WestSW and EastSW at the same time.
Erase the VLAN database on EastSW and reload the switch.
Reset the configuration revision number on EastSW to zero.
Reload EastSW.


22. Which additional functionality is available on an interface when the
encapsulation is changed from HDLC to PPP?
flow control
error control
authentication
synchronous communication


23. Which three guidelines would help contribute to creating a strong
password policy? (Choose three.)
Once a good password is created, do not change it.
Deliberately misspell words when creating passwords.
Create passwords that are at least 8 characters in length.
Use combinations of upper case, lower case, and special characters.
Write passwords in locations that can be easily retrieved to avoid being locked
out.
Use long words found in the dictionary to make passwords that are easy to
remember.


24. Which three physical network problems should be checked when a
bottom-up troubleshooting approach has been chosen to troubleshoot
network performance? (Choose three.)
cable connectivity
high collision counts
STP failures and loops
address mapping errors
high CPU utilization rates
excess packets that are filtered by the firewall


25. A network administrator has changed the VLAN configurations on his
network switches over the past weekend. How can the administrator
determine if the additions and changes improved performance and
availability on the company intranet?
Conduct a performance test and compare with the baseline that was
established previously.
Interview departmental secretaries and determine if they think load time for web
pages has improved.
Determine performance on the intranet by monitoring load times of company
web pages from remote sites.
Compare the hit counts on the company web server for the current week to the
values that were recorded in previous weeks.



26.Refer to the exhibit. Users who are connected to R1 report that they are
unable to establish connectivity to the users who are connected to router
R2. A network administrator tests the link with the debug ppp
authentication command. Based on the output shown, which statement
correctly defines the problem on the link?
R1 uses PAP as a method of authentication, and R2 uses CHAP.
R1 uses CHAP as a method of authentication, and R2 uses PAP.
R1 uses an incorrect user name or password for CHAP authentication.
R2 uses an incorrect user name or password for PAP authentication.



27.Refer to the exhibit. All devices are configured as shown in the exhibit.
PC1 is unable to ping the default gateway. What is the cause of the
problem?
The default gateway is in the wrong subnet.
STP has blocked the port that PC1 is connected to.
Port Fa0/2 on S2 is assigned to the wrong VLAN.
S2 has the wrong IP address assigned to the VLAN30 interface.


28. What is the result when the command permit tcp 192.168.4.0 0.0.3.255
any eq telnet is entered in an access control list and applied on the
inbound interface of a router?
All traffic that originates from 192.168.4.0/24 is permitted.
All TCP traffic is permitted, and all other traffic is denied.
All Telnet traffic from the 192.168.0.0/16 network is permitted.
All traffic from the 192.168.4.0/22 network is permitted on TCP port 23.


29.Refer to the exhibit. Router RT is not receiving routing updates from
router RTA. What is causing the problem?
The ip rip authentication key-chain command specifies exam rather than test.
The name of the keystring is not the name of the neighboring router.
The key chains are given the same name on both routers.
The passive-interface command was issued for RTA.

30. An administrator is configuring a dual stack router with IPv6 and IPv4
using RIPng. The administrator receives an error message when trying to
enter the IPv4 routes into RIPng. What is the cause of the problem?
When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses
are over-written in favor of the newer technology.
Incorrect IPv4 addresses are entered on the router interfaces.
RIPng is incompatible with dual-stack technology.
IPv4 is incompatible with RIPng.

31. Which encapsulation protocol when deployed on a Cisco router over a
serial interface is only compatible with another Cisco router?
PPP
SLIP
HDLC
Frame Relay


32.Refer to the exhibit. The corporate network that is shown has been
assigned network 172.16.128.0/19 for use at branch office LANs. If VLSM
is used, what mask should be used for addressing hosts at Branch4 with
minimal waste from unused addresses?
/19
/20
/21
/22
/23
/24

33. A technician has been asked to run Cisco SDM one-step lockdown on
the router of a customer. What will be the result of this process?
Traffic is only forwarded from SDM-trusted Cisco routers.
Security testing is performed and the results are saved as a text file stored in
NVRAM.
The router is tested for potential security problems and any necessary changes
are made.
All traffic entering the router is quarantined and checked for viruses before
being forwarded.

34. What translation method will allow a server to always keep the same
public address?
static NAT
dynamic NAT
static NAT with overload
dynamic NAT with overload


35. A network administrator is tasked with maintaining two remote
locations in the same city. Both locations use the same service provider
and have the same service plan for DSL service. When comparing
download rates, it is noticed that the location on the East side of town has
a faster download rate than the location on the West side of town. How
can this be explained?
The West side has a high volume of POTS traffic.
The West side of town is downloading larger packets.
The service provider is closer to the location on the East side.
More clients share a connection to the DSLAM on the West side.

36. A light manufacturing company wishes to replace its DSL service with
a non-line-of-sight broadband wireless solution that offers comparable
speeds. Which solution should the customer choose?
Wi-Fi
satellite
WiMAX
Metro Ethernet


37.Refer to the exhibit. Company ABC expanded its business and recently
opened a new branch office in another country. IPv6 addresses have been
used for the company network. The data servers Server1 and Server2 run
applications which require end-to-end functionality, with unmodified
packets that are forwarded from the source to the destination. The edge
routers R1 and R2 support dual stack configuration. What solution should
be deployed at the edge of the company network in order to successfully
interconnect both offices?
a new WAN service supporting only IPv6
NAT overload to map inside IPv6 addresses to outside IPv4 address
a manually configured IPv6 tunnel between the edge routers R1 and R2
static NAT to map inside IPv6 addresses of the servers to an outside IPv4
address and dynamic NAT for the rest of the inside IPv6 addresses


38.Refer to the exhibit. Which statement correctly describes how Router1
processes an FTP request packet that enters interface S0/0/0, and is
destined for an FTP server at IP address 172.16.1.5?
The router matches the incoming packet to the statement that is created
by access-list 201 permit ip any any command and allows the packet into the
router.
The router reaches the end of ACL 101 without matching a condition and drops
the packet because there is no statement that was created by access-list 101
permit ip any any command.
The router matches the incoming packet to the statement that was created by
the access-list 101 permit ip any 172.16.1.0 0.0.0.255 command, ignores the
remaining statements in ACL 101, and allows the packet into the router.
The router matches the incoming packet to the statement that was created by
the access-list 201 deny icmp 172.16.1.0 0.0.0.255 any command, continues
comparing the packet to the remaining statements in ACL 201 to ensure that no
subsequent statements allow FTP, and then the router drops the packet.


39. Which characteristic of VPN technology prevents the contents of data
communications from being read by unauthorized parties?
QoS
latency
reliability
confidentiality


40. Which technology is used to dynamically map next hop, network layer
addresses to virtual circuits in a Frame Relay network?
Inverse ARP
LMI
DLCI
FECN


41.Refer to the exhibit. A technician is teaching a trainee to interpret the
results of various Frame Relay troubleshooting commands. What
conclusion can be drawn from the output that is shown?
Neighboring routers should use DLCI 177 to reach the Branch router.
DLCI 177 will be used to identify all broadcasts that are sent out the Branch
router.
The Branch router has the address 192.168.3.1 configured for the S0/0/0
interface.
To reach 192.168.3.1, the Branch router will use the virtual circuit that is
identified by DLCI 177.


42. Where does a service provider assume responsibility from a customer
for a WAN connection?
local loop
DTE cable on router
demarcation point
demilitarized zone


43. A company has its headquarters office in Dallas and five branch
offices located in New York, Chicago, Los Angeles, Seattle, and Atlanta.
WAN links are used for communications among offices in six sites. In
planning the WAN links, the network designer is given two requirements:
(1) minimize cost and (2) provide a certain level of WAN link reliability with
redundant links. Which topology should the network designer
recommend?
star
full mesh
hierarchical
partial mesh



44.Refer to the exhibit. A system administrator must provide connectivity
to a foreign network for ten hosts in a small remote office. The commands
that are listed in the exhibit were entered into the router that connects the
foreign network. The users in the remote office report occasional failure to
connect to resources in the foreign network. What is the likely problem?
The source addresses are not correctly designated.
The translated address pool is not correctly sized.
The access-list command is referencing the wrong addresses.
The wrong interface is designated as the source for translations.

45. An issue of response time has recently arisen on an application
server. The new release of a software package has also been installed on
the server. The configuration of the network has changed recently. To
identify the problem, individuals from both teams responsible for the
recent changes begin to investigate the source of the problem. Which
statement applies to this situation?
Scheduling will be easy if the network and software teams work independently.
It will be difficult to isolate the problem if two teams are implementing changes
independently.
Results from changes will be easier to reconcile and document if each team
works in isolation.
Only results from the software package should be tested as the network is
designed to accommodate the proposed software platform.


46. Which method is most effective in protecting the routing information
that is propagated between routers on the network?
Disable IP source routing.
Configure passive interfaces.
Configure routing protocol authentication.
Secure administrative lines with Secure Shell.



47.Refer to the exhibit. What happens if the network administrator issues
the commands shown when an ACL called Managers already exists on the
router?
The commands overwrite the existing Managers ACL.
The commands are added at the end of the existing Managers ACL.
The network administrator receives an error stating that the ACL already exists.
The commands will create a duplicate Managers ACL containing only the new
commands being entered.


48. Which statement accurately describes a role that is played in
establishing a WAN connection?
ISDN and ATM are circuit-switched technologies that are used to establish on
demand a path through the service provider network.
Data link layer protocols like PPP and HDLC define how data is encapsulated
for transmission across a WAN link.
A packet-switching network establishes a dedicated circuit between nodes for
the duration of the communication session.
Frame Relay switches are normally considered to be customer premises
equipment (CPE) and are maintained by local administrators.


49. What are two main components of data confidentiality? (Choose two.)
checksum
digital certificates
encapsulation
encryption
hashing


50. When NAT is in use, what is used to determine the addresses that can
be translated on a Cisco router?
access control list
routing protocol
inbound interface
ARP cache


51.Refer to the exhibit. Branch A has a non-Cisco router that is using IETF
encapsulation and Branch B has a Cisco router. After the commands that
are shown are entered, R1 and R2 fail to establish the PVC. The R2 LMI is
Cisco, and the R1 LMI is ANSI. The LMI is successfully established at both
locations. Why is the PVC failing?
The PVC to R1 must be point-to-point.
LMI types must match on each end of a PVC.
The frame relay PVCs cannot be established between Cisco and non-Cisco
routers.
The IETF parameter is missing from the frame-relay map ip 10.10.10.1 201
command.


52.Refer to the exhibit. RIPv2 has been configured on all routers in the
network. Routers R1 and R3 have not received any RIP routing updates.
What will fix the issue?
Enable RIP authentication on R2.
Issue the ip directed-broadcast command on R2.
Change the subnet masks to 10.11.12.0/8 and 172.16.40.0/16 on R2.
Enable CDP on R2 so that the other routers will receive routing updates.

53. A network administrator can ping the Perth router, but gets a
Password Required but None Set message when trying to connect
remotely via Telnet. Which command sequence must be applied to the
Perth router to allow remote access?
Router(config)# line console 0 Router(config-line)# login Router(config-
line)# password cisco
Router(config)# line vty 0 4 Router(config-line)# login Router(config-
line)# password cisco
Router(config)# line virtual terminal Router(config-line)# enable
login Router(config-line)# password cisco
Router(config)# line vty 0 4 Router(config-line)# enable secret Router(config-
line)# password cisco
Router(config)# enable secret cisco Router(config)# enable cisco

54. A router does not load its configuration after a power failure. After
running the show startup-configuration command, the administrator finds
that the original configuration is intact. What is the cause of this
problem?
The configuration register is set for 0!2100.
The configuration register is set for 0!2101.
The configuration register is set for 0!2102.
The configuration register is set for 0!2142. Boot system commands are not
configured.
Flash memory is empty causing the router to bypass the configuration in
NVRAM










1. Refer to the exhibit. A network administrator needs to add IP phones to
the network. To which devices should the IP phones connect?
AS1 and AS2
DS1 and DS2
DS1, DS2, and CS1
AS1, AS2, DS1, and DS2
2. Which CLI mode allows users to access all device commands, such as
those used for configuration, management, and troubleshooting?
user EXEC mode
privileged EXEC mode
global configuration mode
interface configuration mode

3. Refer to the exhibit. Which Spanning Tree Protocol version is in effect?
Per VLAN Spanning Tree (PVST)
Per VLAN Spanning Tree + (PVST+)
Common Spanning Tree (CST)
Rapid Spanning Tree Protocol (RSTP)
Multiple Spanning Tree Protocol (MSTP)


4. Refer to the exhibit. A network administrator has segmented the
network into two VLANs and configured Router1 for inter-VLAN routing. A
test of the network, however, shows that hosts on each VLAN can only
access local resources and not resources on the other VLAN. What is the
most likely cause of this problem?
Switch port Fa0/1 is not trunking.
Router interface Fa0/0 is possibly down.
No routing protocol is configured on Router1.
One of the router subinterfaces is possibly down.


5. Refer to the exhibit. Hosts A and B, connected to hub HB1, attempt to
transmit a frame at the same time but a collision occurs. Which hosts will
receive the collision jamming signal?
only hosts A and B
only hosts A, B, and C
only hosts A, B, C, and D
only hosts A, B, C, and E


6. Refer to the exhibit. Which three options correctly identify information
that could be associated with this output?(Choose three.)
Interface FastEthernet3/0/0 is subinterfaced.
A non-proprietary trunking protocol is in use.
The configuration is appropriate for a router-on-a-stick network design.
A shutdown command has been applied to interface FastEthernet3/0/0.
Interface FastEthernet3/0/0.3 is mapped to the default management VLAN.
An IP address should be applied to FastEthernet3/0/0 for correct data routing.
7. Which method establishes an administrative connection for configuring
the Linksys WRT300N wireless access point?
Associate with the access point and then open a HyperTerminal session with
the access point.
Physically connect to the access point and then reboot the computer to launch
the configuration software.
From a computer in the same IP subnet as the access point, enter the
default IP address of the access point in a web browser.
Modify the TCP/IP properties of the computer connected to the access point so
that it exists on the same network, and then reboot your computer to establish a
connection.
8. Which parameter is used to uniquely identify one wireless network from
another?
SSID
OFDM
WEP
DSSS
9. Which value determines if a switch becomes the central point of
reference in the spanning tree topology?
lowest bridge ID
highest revision number
lowest numeric IP address
highest numeric MAC address
10. An administrator is troubleshooting a PC on the network which is
suffering from slow and intermittent connectivity. The PC has a ping
success rate to the default gateway of less than half the ping attempts.
Other PCs on the switch can consistently ping the default gateway. The
switch port is configured for auto duplex and the PC is configured for full
duplex. What will commonly cause this problem?
The PC is set to full duplex. The switch port fails to autonegotiate the
duplex setting and defaults to half duplex, which causes a duplex
mismatch.
The switch traffic is exceeding available frame buffers. The result is that frames
are being dropped.
The PC and the default gateway have different bandwidth Ethernet ports.
The default gateway is not on the same switch that the PC is.


11. Refer to the exhibit. After entering the commands in the exhibit, the
administrator receives a password required, but none set message
when attempting to connect to S1. What is the problem?
The enable secret password was not set.
S1 does not have login configured on the vty lines.
S1 does not have a password configured for the vty lines.
The crypto key is not properly configured to generate passwords.
The VLAN1 interface has not be enabled with the no shutdown command.

12. What VLANs are allowed across a trunk when the range of allowed
VLANs is set to the default value?
only the management VLAN
all VLANs except the extended range VLANs
all VLANs except 1 and 1002-1005
all VLANs


13. Refer to the exhibit. VTP pruning is enabled in the VTP domain that is
shown. How will switch ST-1 handle Layer 2 broadcast traffic originating
from host A on switch ST-C?
It will be dropped.
It will be forwarded out port Fa0/5 only.
It will be forwarded out ports Fa0/5 and Fa0/10.
It will be forwarded out ports Fa0/5, Fa0/10, and Fa0/15.
14. What is the purpose of the Spanning Tree algorithm?
It propagates VLAN configurations to other switches.
It restricts broadcast packets to a single VLAN.
It segments a network into multiple broadcast domains.
It prevents loops in a switched network with redundant paths.
15. In which mode is a VTP switch operating if it does not allow for the
creation of local VLANs but it does accept VLAN updates from other
switches in the same domain?
client
root
server
transparent
16. Which three statements are correct concerning the default
configuration of a new switch? (Choose three.)
It is configured in VTP server mode.
STP is automatically enabled.
The first VTY line is automatically configured to allow remote connections.
VLAN1 is configured with a management IP address.
All switch ports are assigned to VLAN1.
The enable password is configured as cisco.


17. Refer to the exhibit. A new host needs to be connected to VLAN 1.
Which IP address should be assigned to this new host?
192.168.1.11 /28
192.168.1.22 /28
192.168.1.33 /28
192.168.1.44 /28
192.168.1.55 /28


18. Refer to the exhibit. An administrator documented the output of a CAM
table from an Ethernet switch as shown. What action will the switch take
when it receives the frame shown at the bottom of the exhibit?
discard the frame
forward the frame out port 2
forward the frame out port 3
forward the frame out all ports
forward the frame out all ports except port 3
add station 00-00-3D-1F-11-05 to port 2 in the forwarding table
19. When port security is used on a switch, which violation mode will
cause an SNMP trap to be sent and traffic to be dropped when the number
of secure MAC addresses for a port is reached?
sticky
protect
restrict
shutdown


20. Refer to the exhibit. What is the maximum number of VLANs that can
be deleted from the Switch as it is configured?
zero
four
five
eight
nine
21. Which configuration changes will increment the configuration revision
number on the VTP server?
configuring trunk links on the VTP server
configuring or changing the VTP password
configuring or changing the VTP domain name
configuring or changing the VTP version number
configuring or deleting a VLAN or creating a VLAN name
22. Using the command copy tftp:backup.cfg startup-config, an
administrator downloaded a saved configuration from a TFTP server to a
switch. Why does the administrator not detect any changes in the switch
configuration after the download completes?
The command should have been copy startup-config tftp:backup.cfg.
A backup configuration from a TFTP server cannot be copied directly into the
startup-config.
The command copy running-config startup-config should be used to save
the changes on the switch.
Downloading to the startup-config requires the switch to be reloaded in
order for the configuration to take effect.


23. Refer to the exhibit. Each switch is configured to participate in STP for
VLANs 1, 10, 20, and 30. Which switch will become the root for VLAN 20?
A
B
C
D
24. Why is MAC address filtering considered a poor choice in securing a
WLAN?
Available bandwidth is reduced
MAC addresses are easily spoofed.
APs are more susceptible to DoS attacks.
The payload encryption is easily broken.


25. Refer to the exhibit. If switch SW1 is configured with the four VLANs
as shown in the exhibit, how many physical interfaces are needed on
router R1 to configure inter-VLAN routing using subinterfaces?
zero
one
two
four


26. Refer to the exhibit. What can be determined from the configuration of
this wireless device?
This configuration is commonly found in an ad hoc network.
All wireless devices that are connected to this access point must have the
SSID of Academy.
Any wireless clients that are attached to this access point would have the same
IP address and SSID.
Any wireless clients that are attached to this access point must be connected
using the 802.11n WAN protocol.
27. Which type of traffic can still be received on a switch interface that is
in STP blocking mode?
BPDU frames
multicast frames
broadcast frames
Layer 3 packets
28. What is the purpose of configuring a switch port as a trunk port?
to control the broadcast domain size
to eliminate the collisions that result from multiple VLANs
to transmit data from multiple VLANs through a single port
to increase the bandwidth between the switch and its upstream device


29. Refer to the exhibit. Which statement is true about the status of
interface Fa0/1?
The interface is not configured to transmit data.
The interface is configured to transmit data at 10 Mb/s speed.
The interface is configured to transmit data in half-duplex mode.
The interface is configured to use HDLC encapsulation to transmit data.


30. Refer to the exhibit. Switch SWB is not responding to VTP updates
from switch SWA. What is a possible cause of the problem?
The VTP revision numbers are different.
The number of existing VLANs is different.
There is a password set on one of the switches.
The enable passwords are not set on the switches.
31. Which wireless topology supports roaming from one access point to
another?
ESS
BSS
IBSS
ad hoc


32. Refer to the exhibit. What is the effect of setting the security mode to
WEP on the Linksys integrated router?
WEP identifies the wireless LAN.
WEP allows the access point to inform clients of its presence.
WEP translates IP addresses into easy-to-remember domain names.
WEP encrypts data between the wireless client and the access point.
WEP translates an internal address or group of addresses into an outside,
public address.


33. Refer to the exhibit. Which two switch interfaces would be RSTP edge
ports? (Choose two.)
switch S1, Fa0/1
switch S3, Fa0/5
switch S4, Fa0/1
switch S2, Fa0/3
switch S4, Fa0/2
switch S3, Fa0/2
34. A network technician is attempting to configure 802.1q trunking on
switch ports Fa0/5 through Fa0/10. Which set of commands will
accomplish this task?
Correct answer is image two.






35. Refer to the exhibit. Switch SWA is not processing VTP advertisments
from switch SWB. What can done to correct the error?
Change the hostname of SWC to SWA.
Change the hostname of switch SWA to SWC.
Change the domain name on switch SWA to cisco.
Change the enable password on both switches to Cisco.
36. A network administrator is planning the upgrade of an enterprise LAN
to feature Layer 3 support for the application of data security policies,
aggregated links, and redundant devices and links. Which switches in the
hierarchical three-layer design model support these network
requirements?
core switches
access switches
backbone switches
distribution switches
37. The global configuration command ip default-gateway 172.16.100.1 is
applied to a switch. What is the effect of this command?
The switch will have a management interface with the address 172.16.100.1.
The switch can be remotely managed from a host on another network.
The switch can communicate with other hosts on the 172.16.100.0 network.
The switch is limited to sending and receiving frames to and from the gateway
172.16.100.1.
38. Which type of VLAN would accommodate untagged traffic on a 802.1q
trunk port?
data VLAN
native VLAN
untagged VLAN
management VLAN
39. Company policy requires disabling the command history buffer on
network devices. An administrator enters terminal no history sizeat the
command prompt on a Cisco Catalyst switch and receives no error
messages back, but the command history buffer is still available. What is
the problem?
The command contained a syntax error.
The Cisco IOS version does not support disabling the command history buffer.
The command history can only be disabled on a router, not a switch.
The size parameter reset the default buffer size but did not disable access
to the buffer.


40. Refer to the exhibit. What does LEARNING mean as it relates to the
Spanning Tree Protocol?
The switch is sending and receiving data frames.
The switch is not receiving BPDUs, but is sending and receiving data.
The switch is participating in the election process by forwarding the BPDUs it
receives.
The switch is receiving BPDUs and populating the MAC address table, but
not sending data.


41. Refer to the exhibit. All trunk links are operational and all VLANs are
allowed on all trunk links. An ARP request is sent by computer 5. Which
device or devices will receive this message?
only computer 4
computer 3 and RTR-A
computer 4 and RTR-A
computer 1, computer 2, computer 4, and RTR-A
computer 1, computer 2, computer 3, computer 4, and RTR-A
all of the computers and the router


42. Refer to the exhibit. Router R1 is connected to a switch through a
trunk. What two ways are indicative of how the router handles incoming
VLAN traffic? (Choose two.)
Data from VLAN 20 is not being routed.
Incoming traffic with VLAN ID 1 is processed by interface Fa0/0.
Incoming traffic that has a VLAN ID of 10 is processed by subinterface
Fa0/0.1.
VLAN traffic is processed on the subinterfaces even if Fa0/0 line protocol goes
down.
The router uses a unique MAC address on VLAN 10 and 20 by adding the
802.1Q VLAN ID to the hardware address.
Traffic inbound on this router is processed by different subinterfaces
depending on the VLAN from which the traffic originated.


43. Refer to the exhibit. Users complain that they do not have connectivity
to the web server that is connected to SW1. What should be done to
remedy the problem?
Allow all VLANs on the trunk link.
Configure VLAN 100 as the native VLAN for SW1.
Configure the trunk port in trunk mode on SW1.
Attach the web server to a router and configure inter-VLAN routing.


44. Refer to the exhibit. VLAN 20 was recently added on the network.
Users on VLAN 20 on SW1 start complaining that they do not have
connectivity to the users on the same VLAN on switch SW2. What should
be done to remedy the problem?
Configure the trunk port in a desirable mode on SW2.
Include VLAN 20 in the list of allowed VLANs on the trunk link on SW2.
Configure VLAN 1 to be the native VLAN for both networks on SW1 and SW2.
Remove VLAN 20 from the allowed VLANs on the trunk link on SW2, an action
that will enable all VLANs on the trunk link.
45. Which statement correctly describes an IBSS?
Wireless stations communicate with a single access point.
Wireless stations communicate directly with each other, without an
access point.
Wireless stations communicate with multiple access points, each with the same
SSID.
Wireless stations communicate with multiple access points, each with a different
SSID.
46. Which two operations can be performed from the boot loader
command line of a Cisco Catalyst switch? (Choose two.)
change hostname
view active VLANs
reinstall IOS image
format flash file system
show MAC address table


47. Refer to the exhibit. Router RA receives a packet with a source
address of 192.168.1.65 and a destination address of 192.168.1.161. What
will the router do with this packet?
The router will drop the packet.
The router will forward the packet out interface FastEthernet 0/1.1.
The router will forward the packet out interface FastEthernet 0/1.2.
The router will forward the packet out interface FastEthernet 0/1.3.
The router will forward the packet out interface FastEthernet 0/1.2 and interface
FastEthernet 0/1.3.


48. Refer to the exhibit. A network administrator enters the displayed
commands to configure VLAN 30. What is the result of running these
commands?
VLAN 30 will be added to S1, S2, and S3, but not to S4.
VLAN 30 will be pruned from the VLAN database of S3.
VLAN 30 will be added to the VLAN database of S3 but will not be
propagated to S4, S2 or S1.
VLAN 30 will not be added to the VLAN database of S3 and an error message
will be displayed.


49. Refer to the exhibit. A network administrator issues the show
interfaces fastEthernet 0/8 switchport command to check the status of the
port. What can be concluded from the output?
Port Fa0/8 is configured as a trunk with 802.1q encapsulation.
Port Fa0/8 is configured as a trunk in VLAN 1.
Port Fa0/8 is configured in access mode and associated with VLAN 1.
Port Fa0/8 is configured as a trunk and VLAN 1 is a native VLAN for the trunk.
50. What information in an Ethernet frame is used by a Layer 2 switch to
build its address table?
source IP address
source MAC address
destination IP address
destination MAC address
-


51. Refer to the exhibit. What would happen if the network administrator
moved the network cable of Host A from interface Fa0/1 to Fa0/3 on switch
SW1?
Host A remains a member of VLAN 10, because the router is routing traffic
between VLANs.
Host A is no longer a member of VLAN 10, because port Fa0/3 has been
manually assigned to VLAN 30.
Host A remains a member of VLAN 10, because the switch provides dynamic
VLAN assignment for the port.
Host A maintains connectivity to all members of VLAN 10, because it is
connected to the same physical network.
Host A is no longer a member of VLAN 10, but because port Fa0/3 was unused,
it is now a member of VLAN 1.


52. Refer to the exhibit. R1 is configured for traditional inter-VLAN routing.
R1 can ping computer 3 but cannot ping computer 1. What is a possible
cause for this failure?
S1 port Fa0/11 is in the wrong VLAN.
R1 does not have an active routing protocol.
The IP address of computer 1 is in the wrong logical network.
Router interface Fa0/0 has the wrong trunk encapsulation type configured.


53. Refer to the exhibit. What will allow a host on VLAN 40 on switch X to
communicate with a host in VLAN 40 on switch Y?
QoS
routing
trunking
VPN
54. Why is it important that the network administrator consider the
spanning-tree network diameter when choosing the root bridge?
The network diameter limitation is 9.
BPDUs may be discarded because of expiring timers.
The cabling distance between the switches is 100 meters.
The network diameter must be set to the number of meters of the cable
between the root bridge and its farthest connected switch.
55. In which mode is a VTP switch operating if it has been configured to
only forward VTP advertisements?
client
root
server
transparent
56. Which method establishes an administrative connection for
configuring the Linksys WRT300N wireless access point?
Associate with the access point and then open a HyperTerminal session with
the access point.
Physically connect to the access point and then reboot the computer to launch
the configuration software.
From a computer in the same IP subnet as the access point, enter the
default IP address of the access point in a web browser.
Modify the TCP/IP properties of the computer connected to the access point so
that it exists on the same network, and then reboot your computer to establish a
connection


57. Refer to the exhibit. Hosts PC_A and PC_B send traffic
simultaneously, and the frames from the transmitting stations collide.
What is the last device to receive the collision?
hub HB1
switch SW1
router R1
switch SW2
router R2
switch SW4


58. Refer to the exhibit. The hosts connected to switch SW1 are not able
to communicate with the hosts in the same VLANs connected to switch
SW2. What should be done to fix the problem?
Configure VLANs with different VLAN IDs on switch SW2.
Reconfigure the trunk port on switch SW2 with static trunk configuration.
Introduce a Layer 3 device or a switch with Layer 3 capability in the topology.
Apply IP addresses that are in the same subnet to the interfaces used to
connect SW1 and SW2
59. Which value determines if a switch becomes the central point of
reference in the spanning tree topology?
lowest bridge ID
highest revision number
lowest numeric IP address
highest numeric MAC address


60. Refer to the exhibit. The Layer 2 switching design that is shown has
been implemented in a campus environment that is using Spanning Tree
Protocol. All inter-switch links that are shown are trunks. Whenever an
inter-switch link fails, the network takes nearly a minute to completely
converge. How can the convergence time be reduced?
Increase the capacity of the distribution and core trunk links to 10 Gb/s.
Add a trunk link that directly connects D1 and D2.
Use Layer 3 switching on the core switch.
Implement Rapid Spanning Tree Protocol
61. A network administrator is asked to connect four switches that are
each configured with eight VLANs. Routers that have two FastEthernet
ports each that support trunking are available. What is the minimum
number of routers needed to interconnect traffic from all of the VLANs if
trunking is allowed?
1
2
4
8
16


62. Refer to the exhibit. A network administrator needs to add IP phones
to the network. To which devices should the IP phones connect?
AS1 and AS2
DS1 and DS2
DS1, DS2, and CS1
AS1, AS2, DS1, and DS2


63. Refer to the exhibit. What happens when a frame from a source MAC
address different from 00a8.d2e4.ba27 reaches switch port 0/5?
The frame is dropped.
The port is shut down.
An error message is displayed.
FastEthernet port 0/5 will show an err-disabled message


64. Refer to the exhibit. What does the term DYNAMIC indicate in the
output that is shown?
This entry can only be removed from the MAC address table by a network
administrator.
When forwarding a frame to the device with address 0060.5c5b.cd23, the
switch does not have to perform a lookup to determine the final destination port.
Only the device with MAC address 0060.5c5b.cd23 will be allowed to connect
to port Fa0/18.
The switch learned this MAC address from the source address in a frame
received on Fa0/18
65. What is the purpose of the switch command switchport access vlan
99?
to enable port security
to make the port operational
to assign the port to a particular VLAN
to designate the VLAN that does not get tagged
to assign the port to the native VLAN (VLAN 99)


66. Refer to the exhibit. Router RA receives a packet with a source
address of 192.168.1.65 and a destination address of 192.168.1.161. What
will the router do with this packet?
The router will drop the packet.
The router will forward the packet out interface FastEthernet 0/1.1.
The router will forward the packet out interface FastEthernet 0/1.2.
The router will forward the packet out interface FastEthernet 0/1.3.
The router will forward the packet out interface FastEthernet 0/1.2 and interface
FastEthernet 0/1.3


67. Refer to the exhibit. A new host needs to be connected to VLAN 3.
Which IP address should be assigned to this new host?
192.168.1.22 /28
192.168.1.31 /28
192.168.1.32 /28
192.168.1.52 /28
192.168.1.63 /28
68. What is the purpose of the Spanning Tree algorithm?
It propagates VLAN configurations to other switches.
It restricts broadcast packets to a single VLAN.
It segments a network into multiple broadcast domains.
It prevents loops in a switched network with redundant paths
69. What are two requirements for configuring inter-VLAN routing using
the router-on-a-stick model? (Choose two.)
Each subinterface should be configured with its own IP address, subnet
mask, and unique VLAN assignment.
The physical interface of the router must be connected to a trunk link on
the adjacent switch.
The number of physical interfaces on the router should match the number of
VLANs.
Different static VLANs should be assigned to different interfaces of the router.
The router should be configured as the VTP server.


70. Refer to the exhibit. A network administrator has segmented the
network into two VLANs. The connected hosts can only access resources
in their own VLAN. What is the most scalable and cost effective solution
to allow inter-VLAN communication in this network?
Replace S1 with a router that has one FastEthernet interface for each PC.
Add a second switch and divide the PCs so that each VLAN is connected to its
own switch.
Configure a router with two subinterfaces on one of its FastEthernet ports
and connect it to S1 using a trunk link.
Connect a router to a port on S1 and assign the IP address of VLAN1 to the
connecting router interface.


71. Refer to the exhibit. Users A and B are reporting intermittent
connectivity problems. Pre-installation surveys showed strong signal
strength from the AP locations to the client locations. Outside electrical
interference has been eliminated. What will fix the problem?
Relocate the APs closer to each other.
Increase the distance between the clients.
Change the channel on AP-B to 6 or 11.
Place AP-A and AP-B on the same wireless channel
72. How does a switch that is configured for 802.1Q trunking handle
untagged frames that are received on a trunk port?
The frames are dropped.
The frames are assigned to the native VLAN.
The frames are assigned to the default VLAN.
The frames are assigned to the management VLAN.
73. While configuring a new switch, a network administrator configures
the switch as an HTTP server. What benefits does this configuration
provide?
This allows the switch to host web pages for the network.
This allows remote VPN connections to the switch over the Internet.
This is required if a web server or web farm is attached to the switch.
This allows web-based configuration tools to be used with the switch.
74. A wireless LAN access point will convert traffic between which two
frame encapsulation types?
802.1 and 802.11
802.3 and 802.11
802.3 and 802.16
802.5 and 802.16


75. Refer to the exhibit. A new switch, SW3, has been added to the
network. The network administrator determines that VLAN information is
not propagating to SW3. Which command will remedy the problem?
SW1(config)# vtp version 1
SW2(config)# vtp mode client
SW3(config)# vtp domain Cisco1
SW3(config)# vtp mode transparent


76. Refer to the exhibit. The network consists of four hubs and a switch.
The hosts connected to each hub are assigned addresses in the
respective VLAN as shown. PC1 on VLAN 1 becomes infected with a virus
and initiates a continuous IP broadcast. Which hubs will receive the
broadcasts?
Hub A
Hubs A and B
Hubs A and C
Hubs A, B, C, and D
77. Using the command copy tftp:backup.cfg startup-config, an
administrator downloaded a saved configuration from a TFTP server to a
switch. Why does the administrator not detect any changes in the switch
configuration after the download completes?
The command should have been copy startup-config tftp:backup.cfg.
A backup configuration from a TFTP server cannot be copied directly into the
startup-config.
The command copy running-config startup-config should be used to save
the changes on the switch.
Downloading to the startup-config requires the switch to be reloaded in
order for the configuration to take effect.


78. Refer to the exhibit. Each switch is configured to participate in STP for
VLANs 1, 10, 20, and 30. Which switch will become the root for VLAN 20?
A
B
C
D
79. What is the benefit of the auto-MDIX feature on a Cisco Catalyst
switch?
dynamically assigns a new management VLAN ID
autonegotiates IP address information for initial management connections
allows the use of straight-through patch cables regardless of connected
device types
places a port immediately in the forwarding state to reduce the time for the
spanning tree to reconverge


80. Refer to the exhibit. Which two settings show the default value of VTP
configuration on a Cisco 2960 switch? (Choose two.)
revision number
existing VLANs
operating mode
domain name
pruning mode
81. Why is it advisable that a network administrator use SSH instead of
Telnet when managing switches?
SSH uses TCP whereas Telnet does not.
SSH encrypts only the username and password when logging in.
SSH encrypts all remote management communications whereas Telnet
does not.
SSH sends a clear text message steam which reduces the bandwidth use for
management.
82. What information in an Ethernet frame is used by a Layer 2 switch to
build its address table?
source IP address
source MAC address
destination IP address
destination MAC address
83. What are two characteristics of normal range VLANs? (Choose two.)
not learned by VTP
stored in vlan.dat file
designed for service providers
can contain ports used as trunks
identified by a VLAN ID between 1 and 1005


84. Refer to the exhibit. Switch SWB is not responding to VTP updates
from switch SWA. What is a possible cause of the problem?
The VTP revision numbers are different.
The number of existing VLANs is different.
There is a password set on one of the switches.
The enable passwords are not set on the switches
85. What benefit does 802.1x provide to a wireless network?
increased wireless range
faster wireless throughput
centralized user authentication
quality of service to differentiate high priority traffic
86. What type of message do wireless clients transmit when they are
searching for a specific wireless network?
probe
beacon
associate
authenticate
87. A network administrator enters the enable command at the Switch>
prompt of a new switch. What mode will the switch enter?
setup mode
configuration mode
privileged EXEC mode
user EXEC mode
ROMMON mode
interface mode


88. Refer to the exhibit. The network administrator needs to remove the
east-hosts VLAN and use the switch port from that VLAN in one of the
existing VLANs. Which two sets of commands should be used when
completely removing VLAN 2 from S1-Central while leaving the switch and
all its interfaces operational? (Choose two.)
S1-Central# reload
S1-Central# erase flash:
S1-Central# delete flash:vlan.dat
S1-Central# configure terminal
S1-Central(config)# no vlan 2
S1-Central# configure terminal
S1-Central(config)# interface fastethernet 0/1
S1-Central(config-if)# switchport access vlan 3
89. Which feature is uniquely found in an access layer switch within a
hierarchical network model?
link aggregation
Power over Ethernet
access control lists
Layer 3 routing capabilities
90. Why is priority configured in 4096 increments when using PVST+?
Use of the extended bridge ID leaves only four bits for the bridge priority.
It is only a recommended value and could be any number between 1 and
65535.
PVST+ requires the use of values that can be divided equally into 32768 and
not leave a remainder.
The MAC address uses eight bytes of the bridge ID leaving only two bytes for
the bridge priority value.


91. Refer to the exhibit. A network administrator is configuring RT1 for
inter-VLAN routing. The switch is configured correctly and is functional.
Host1, Host2, and Host3 cannot communicate with each other. Based on
the router configuration, what is causing the problem?
Interface Fa0/0 is missing IP address configuration information.
IP addresses on the subinterfaces are incorrectly matched to the VLANs.
Each subinterface of Fa0/0 needs separate no shutdown commands.
Routers do not support 802.1Q encapsulation on subinterfaces
92. What happens when the crypto key zeroize rsa command is entered on
a switch configured with thetransport input ssh command on the vty
lines?
A new RSA key pair is created.
The switch defaults to allowing Telnet connections only.
The switch is no longer able to make SSH connections as an SSH client.
The switch allows remote connections only after a new RSA key pair is
generated
93. What three tasks should be performed before moving a Catalyst
switch to another VTP management domain? (Choose three.)
Select the correct VTP mode and version.
Configure the switch with the name of the new management domain.
Download the VTP database from the VTP server in the new domain.
Configure the VTP server in the new domain to recognize the BID of the switch.
Reset the VTP counters to allow the switch to synchronize with the other
switches in the new domain.
Verify that the switch has a lower configuration revision number than the
other switches in the new domain.
94. An administrator is troubleshooting a PC on the network which is
suffering from slow and intermittent connectivity. The PC has a ping
success rate to the default gateway of less than half the ping attempts.
Other PCs on the switch can consistently ping the default gateway. The
switch port is configured for auto duplex and the PC is configured for full
duplex. What will commonly cause this problem?
The PC is set to full duplex. The switch port fails to autonegotiate the
duplex setting and defaults to half duplex, which causes a duplex
mismatch.
The switch traffic is exceeding available frame buffers. The result is that frames
are being dropped.
The PC and the default gateway have different bandwidth Ethernet ports.
The default gateway is not on the same switch that the PC is.


95. Refer to the exhibit. What does LEARNING mean as it relates to the
Spanning Tree Protocol?
The switch is sending and receiving data frames.
The switch is not receiving BPDUs, but is sending and receiving data.
The switch is participating in the election process by forwarding the BPDUs it
receives.
The switch is receiving BPDUs and populating the MAC address table, but
not sending data.
96. What does TKIP have in common with AES?
Both encrypt Layer 2 payloads.
Both authenticate using a shared key.
They both use sequence numbers to ensure that all packets arrive.
They both use data from the MAC header to verify the integrity of the data.
97. What operational change will occur if an 802.11b client associates with
an access point that is currently supporting clients utilizing 802.11g?
The 802.11g clients will disassociate from the AP.
The 802.11g clients will operate at reduced speeds.
The 802.11b client will never gain access to the channel.
The 802.11b client will not be able to establish an IP session with any of the
other 802.11g clients.
98. Which configuration changes will increment the configuration revision
number on the VTP server?
configuring trunk links on the VTP server
configuring or changing the VTP password
configuring or changing the VTP domain name
configuring or changing the VTP version number
configuring or deleting a VLAN or creating a VLAN name


99. Refer to the exhibit. A network administrator has segmented the
network into two VLANs and configured R1 and S1 as displayed. However,
PC1 is unable to access PC2. What is the likely problem?
No routing protocol is configured on R1.
The Fa0/1 port of S1 is not a trunk port.
The default gateway address is not set on S1.
Only one physical link between S1 and R1 is configured for inter-VLAN routing.
100. A network administrator issued the erase nvram: command on a
switch. What will be the outcome of the command?
It will clear the contents of the MAC table.
It will clear the contents of the VLAN database.
It will clear the contents of the startup configuration file.
It will clear the contents of the running configuration file.