Cisco 642-832

642-832 Troubleshooting and Maintaining Cisco IP Switched Networks (TSHOOT)

Practice Test
Version

Cisco 642-832: Practice Exam QUESTION NO: 1 Which two statements about the Cisco Aironet Desktop Utility (ADU) are true? (Select two) A. The Aironet Desktop Utility (ADU) profile manager feature can create and manage only one profile for the wireless client adapter. B. The Aironet Desktop Utility (ADU) can support only one wireless client adapter installed and used at a time. C. The Aironet Desktop Utility (ADU) can be used to establish the association between the client adapter and the access point, manage authentication to the wireless network, and enable encryption. D. The Aironet Desktop Utility (ADU) and the Microsoft Wireless Configuration Manager can be used at the same time to configure the wireless client adapter. Answer: B,C Explanation: You can configure your Cisco Aironet Wireless LAN Client Adapter through the Cisco ADU or a third-party tool, such as the Microsoft Wireless Configuration Manager. Because third-party tools may not provide all the functionality available in ADU, Cisco recommends that you use ADU. The Aironet Desktop Utility (ADU) can support only one wireless client adapter as well as Aironet Desktop Utility establish the association between the client adapter and Access Point, allows to authenticate wireless client, allows to configure encryption by setting static WEP, WPA/WPA2 passphrase.

Section 3: Perform routine IOS device maintenance (0 Questions)

Section 4: Isolate sub-optimal internetwork operation at the correctly defined OSI Model layer (2 Questions)

QUESTION NO: 2 At which layer of the OSI model does the Spanning Tree Protocol (STP) operate at? A. Layer 5

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

2

Cisco 642-832: Practice Exam B. Layer 4 C. Layer 3 D. Layer 2 E. Layer 1 Answer: D Explanation: Spanning-Tree Protocol (STP) is a Layer 2 (L2) protocol designed to run on bridges and switches. The specification for STP is called 802.1d. The main purpose of STP is to ensure that you do not run into a loop situation when you have redundant paths in your network. Loops are deadly to a network.

QUESTION NO: 3 In computer networking a multicast address is an identifier for a group of hosts that have joined a multicast group. Multicast addressing can be used in the Link Layer (OSI Layer 2), such as Ethernet Multicast, as well as at the Internet Layer (OSI Layer 3) as IPv4 or IPv6 Multicast. Which two descriptions are correct regarding multicast addressing? A. The first 23 bits of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. B. The last 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. C. To calculate the Layer 2 multicast address, the host maps the last 23 bits of the IP address into the last 24 bits of the MAC address. The high-order bit is set to 0. D. The first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. Answer: C,D

Explanation: The point of this question is the form of multicast MAC address, and the conversion between the multicast MAC address and IP address. The multicast MAC address is 6 bytes(48 bits), the first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E, the last 3 bytes(24 bits) of the multicast MAC address =0 + 23 bit(the last 23 bit of the IP address). "0x01-00-5E" is a reserved value that indicates a multicast application. So option B and D are correct.

QUESTION NO: 4

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

3

Cisco 642-832: Practice Exam EIGRP is being used as the routing protocol on the company network. While troubleshooting some network connectivity issues, you notice a large number of EIGRP SIA (Stuck in Active) messages. What causes these SIA routes? (Select two) A. The neighboring router stops receiving ACK packets from this router. B. The neighboring router starts receiving route updates from this router. C. The neighboring router is too busy to answer the query (generally caused by high CPU utilization). D. The neighboring router is having memory problems and cannot allocate the memory to process the query or build the reply packet. Answer: C,D Explanation: SIA routes are due to the fact that reply packets are not received. This could be caused by a router which is unable to send reply packets. The router could have reached the limit of its capacity, or it could be malfunctioning. Incorrect Answers: A: Missing replies, not missing ACKs, cause SIA. B: Routes updates do not cause SIA.Notes: If a router does not receive a reply to all outstanding queries within 3 minutes, the route goes to the stuck in active (SIA) state. The router then resets the neighbors that fail to reply by going active on all routes known through that neighbor, and it readvertises all routes to that neighbor.Reference: Enhanced Interior Gateway Routing Protocolhttp://www.cisco.com/warp/public/103/eigrp3.html

QUESTION NO: 5

Part of the routing table of router R1 is displayed below: S 62.99.153.0/24 [1/0] via 209.177.64.130 172.209.12.0/32 is subnetted, 1 subnets D EX 172.209.1 [170/2590720] via 209.179.2.114, 06:47:28, Serial0/0/0.1239 62.113.17.0/24 is variably subnetted, 2 subnets, 2 masks D EX 99.3.215.0/24 [170/27316] via 209.180.96.45, 09:52:10, FastEthernet11/0/0 [170/27316] via 209.180.96.44, 09:52:10, FastEthernet11/0/0 25.248.17.0/24 [90/1512111] via 209.179.66.25, 10:33:13, Serial0/0/0.1400001 [90/1512111] via 209.179.66.41, 10:33:13, Serial0/0/0.1402001 62.113.1.0/24 is variably subnetted, 12 subnets, 2 masks D 62.113.1.227/32 "Pass Any Exam. Any Time." - www.actualtests.com 4

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam [90/2611727] via 209.180.96.45, 10:33:13, FastEthernet1/0/0 [90/2611727] via 209.180.96.44, 10:33:13, FastEthernet1/0/0 S* 0.0.0.0/0 [1/0] via 209.180.96.14 From analyzing the above command output, what is the administrative distance of the external EIGRP routes? A. 24 B. 32 C. 90 D. 170 E. 27316 F. None of the other alternatives apply Answer: D Explanation: By default an external EIGRP route has a value of 170. By examining the exhibit we see that this default value of the external EIGRP routes (see D-EX in exhibit) indeed is set to 170. The first value within the brackets display the AD, so with a value of [170/27316] the AD is 170 and the metric of the route is 27316. Incorrect Answers: A: This is the subnet mask used for some of the routes in the table. B: This is the subnet mask used for some of the routes in the table. C: This is the AD of the internal EIGRP routes, which is the default E: This is the EIGRP metric of the external EIGRP routes.Reference: What Is Administrative Distance?http://www.cisco.com/warp/public/105/admin_distance.html

QUESTION NO: 6

The network is shown below, along with the relevant router configurations:

R1# show run interface Loopback0 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0 ip address 172.29.1.1 255.255.255.0 media-type 10BaseT "Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

5

Cisco 642-832: Practice Exam ! ! router eigrp 999 redistribute connected network 172.29.0.0 auto-summary no eigrp log-neighbor-changes ! ip classless no ip http server R2# show run interface Ethernet0 ip address 172.29.1.2 255.255.255.0 media-type 10BaseT ! interface Ethernet1 ip address 172.19.2.2 255.255.255.0 media-type 10BaseT ! router eigrp 999 network 172.19.0.0 network 172.29.0.0 ! ip classless no ip http server R3# show run interface Ethernet1/0 ip address 172.19.2.3 255.255.255.0 ! router eigrp 999 network 172.19.0.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip http server

With the topology found in the graphic, what will the R1 loopback 0 be in the R3 routing table? A. It will show up in the routing table as D 10.0.0/8. "Pass Any Exam. Any Time." - www.actualtests.com 6

Ac

tua

lTe

sts

.co

m

0.0/8.www.co m . R5-R2-R1 and R5-R3-R1. Answer: B Explanation: Because router R1 is configured with route redistribution. It will not show up in R3 routing table because there is no network command on R1. R5-R2-R1 B. which path or paths would be chosen to route traffic from R5 to network X? A.0. since it was redistributed into EIGRP. Any Time.actualtests. It will show up in the routing table as D EX 10." . C. it will redistribute the connected loopback network into EIGRP. it would be redistributed because it is a connected route./24. R5-R3-R1 and R5-R4-R1. EIGRP summarizes at network boundaries by default so the network will appear as the class A network of 10. C. Study the exhibits carefully. D: Although it was not configured under the EIGRP network command.0/8 in the routing table of the other routers. C: It will be external because of redistribution. Because redistributed routes will show up as external EIGRP routes in the routing table. QUESTION NO: 7 You work as a network technician. If the command "variance 3" was added to the EIGRP configuration of R5. D.0.0. "Pass Any Exam.com 7 Ac tua lTe The EIGRP network is displayed in the following topology diagram: sts . It will show up in the routing table as D 10. choice B is correct. Incorrect Answers: A: The route will be external.0. and it will also be summarized since that is the default behavior of EIGRP.0.Cisco 642-832: Practice Exam B. Although the loopback interface is using a /24 subnet mask.

and R3-R1 = 10 as well with the FD between R5 .com Ac tua lTe sts . 192. and R5-R4-R1. we can load balance on any route that had an FD of 3x the successor.1. 192.co m 8 . None of the other alternatives apply Answer: A "Pass Any Exam. or 3x20. 192.0 is a static route. which is 60 Important Note: If a path does not meet the feasibility condition. Interior Gateway Routing Protocol (IGRP) and EIGRP also support unequal cost path load balancing. This is why chose D is wrong as this path has an Advertised Distance of 25 which is greater than the successors FD. R5 can get to Net X using the path R5-R3 = metric of 10. the path is not used in load balancing. The default is 1. Answer: B Explanation: Every routing protocol supports equal cost path load balancing. C.168. with respect to the metric.0 is a redistributed route into EIGRP. proportionately.168.1. The variable n can take a value between 1 and 128. Reference: http://www. R5-R2-R1.www.1. which statement is true? A.1.0 is a summarized route. E." . Use the variance n command in order to instruct the router to include routes with a metric of less than n times the minimum metric route for that destination. Traffic is also distributed among the links with unequal costs. except theirs used a variance of 2 and this question used a variance of 3. which means equal cost load balancing. In this question the variance 3 command is used . Any Time.0 is equal path load balancing with 172.16. The link below refers to an example that is nearly identical to the example in this question.actualtests.1.shtml QUESTION NO: 8 The following command was issued on Router 2: Given the above output shown above.0. D. In this instance. Therefore.R5-R3-R1.168. 192.168.Cisco 642-832: Practice Exam D. B.com/en/US/tech/tk365/technologies_tech_note09186a008009437d.cisco.R1 being 10 + 10 = 20. In addition.

RouterA received a hello packet with mismatched hello timers. the metric formula reduces to: metric = (1 × bandwidth) + (1 × delay) metric = bandwidth + delay K Values should be same to become the EIGRP neighbors.2.com Ac tua lTe A.load)] + (K3 × delay)] × [K5 ÷ (reliability + K4)] The elements in this equation are as follows: * By default. which two statements are true? Answer: A. and RouterB. B.2. Therefore. by default.actualtests.2. Given the debug output on RouterA. C. D.1. For EIGRP. F. RouterA will not form an adjacency with RouterB. E. The higher the metric associated with a route. K1 = K3 = 1. sts . IP address 10. K2 = K4 = K5 = 0. IP address 10.F Explanation: Metrics are the mathematics used to select a route.1. the Bellman-Ford algorithm uses the following equation and creates the overall 24-bit metric assigned to a route: * metric = [(K1 × bandwidth) + [( K2 × bandwidth) ÷ (256 .co m 9 ." . RouterA received a hello packet with mismatched metric-calculation mechanisms. Any Time. RouterA will form an adjacency with RouterB.1.Cisco 642-832: Practice Exam Explanation: When EIGRP learns the routing information from the different routing protocol it uses D EX symbol to indicate that this routing information has learned from other routing protocol. QUESTION NO: 9 A network administrator is troubleshooting an EIGRP connection between RouterA. QUESTION NO: 10 Study the exhibit below carefully: "Pass Any Exam. the less desirable it is.www. RouterA received a hello packet with mismatched authentication parameters. RouterA received a hello packet with mismatched autonomous system numbers.

" .20. redistributed static routes.0/24 D. 192.1. In a hub and spoke topology.0.E Explanation: The Enhanced Interior Gateway Routing Protocol (EIGRP) Stub Routing feature improves network stability.0/24 C." A router that is configured as a stub will send a special peer information packet to all neighboring routers to report its status as a stub router.2. In a hub and spoke network. 10. When using the EIGRP Stub Routing feature. The router responds to queries for summaries. "Pass Any Exam.0/8 Answer: C. which three route entries will EIGRP advertise to neighboring routers? (Select three) router eigrp 10 network 10.168.co m .actualtests.1. the distribution router will be connected to 100 or more remote routers. connected routes. Only specified routes are propagated from the remote (stub) router. one or more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more distribution routers (the hub). the distribution router need not send anything more than a default route to the remote router. Often. This type of configuration is commonly used in WAN topologies where the distribution router is directly connected to a WAN. 10. The distribution router can be connected to many more remote routers.0/24 E. Any Time. Stub routing is commonly used in a hub and spoke network topology.0.0/24 B.1. reduces resource utilization. and to configure only the remote router as a stub.3. 10. external routes. and internal routes with the message "inaccessible. The remote router is adjacent only to one or more distribution routers.com 10 Ac tua lTe sts .www.0.D.Cisco 642-832: Practice Exam If the configuration shown below is added to Router1. Generally. the remote router must forward all nonlocal traffic to a distribution router.0. The only route for IP traffic to follow into the remote router is through a distribution router. so it becomes unnecessary for the remote router to hold a complete routing table. and simplifies stub router configuration.0 eigrp stub A. you need to configure the distribution and remote routers to use EIGRP.1. 10.

RIP and IGRP routers merely broadcast or multicast updates on configured interfaces.2. QUESTION NO: 11 Refer to the exhibit. Answer: D Explanation: Remember that simple distance vector routers do not establish any relationship with their neighbors. Any Time.www. D. R1 does not show R2 as a neighbor and does not accept routing updates from R2. much the same way that OSPF routers do. EIGRP has been configured on routers R1 and R2.1.com 11 Ac tua lTe sts .actualtests. What could be the cause of the problem? A. EIGRP routers establish adjacencies with neighbor routers by using small hello packets. B. Hellos "Pass Any Exam. EIGRP routers actively establish relationships with their neighbors. In contrast.co m .Cisco 642-832: Practice Exam Any neighbor that receives a packet informing it of the stub status will not query the stub router for any routes." . C. EIGRP cannot form neighbor relationship and exchange routing updates with a secondary address. and a router that has a stub peer will not query that peer. EIGRP cannot exchange routing updates with a neighbor's router interface that is configured with two IP addresses. The no auto-summary command has not been issued under the EIGRP process on both routers. However.1/24. The stub router will depend on the distribution router to send the proper updates to all peers. Interface E0 on router R1 has not been configured with a secondary IP address of 10.

actualtests. Note: In some circumstances. or a router with insufficient memory.Cisco 642-832: Practice Exam are sent by default every five seconds. This is known as a stuck in active (SIA) route.Reference:http://www. show ip eigrp traffic C. replies. only Reply do. show ip eigrp topology "Pass Any Exam. it takes a very long time for a query to be answered.com/warp/public/103/eigrp3.C Explanation: The acknowledgement does not reach the destination or they are too delayed.com Ac tua lTe sts . B." . An EIGRP router assumes that as long as it is receiving hello packets from known neighbors. Incorrect Answers: B: Does not apply to SIA. D: Ack packets don't reply to Queries. Some query or reply packets are lost between the routers. A failure causes traffic on a link between two neighboring routers to flow in only one direction (unidirectional link).cisco. This is the normal operation of EIGRP. What are two possible causes for EIGRP Stuck-InActive routes? (Select two) A. in fact. By forming adjacencies. that the router that issued the query gives up and clears its connection to the router that isn't answering. which IOS command should you use? A. The most basic SIA routes occur when it simply takes too long for a query to reach the other end of the network and for a reply to travel back. C. effectively restarting the neighbor session. Any Time. queries. The neighboring router stops receiving ACK packets from this router. This is normally due to too many routing topology changes.co m 12 .html QUESTION NO: 13 EIGRP uses five generic packet types (hello. Answer: A. The neighboring router starts receiving route updates from this router. debug eigrp packets B. If you wished to view the statistics for these packets. D. updates.www. So long. acknowledgements). EIGRP routers do the following: Dynamically learn of new routes that join their network Identify routers that become either unreachable or inoperable Rediscover routers that had previously been unreachable QUESTION NO: 12 While troubleshooting an EIGRP routing problem you notice that one of the company routers have generated a large number of SIA messages. those neighbors (and their routes) remain viable.

Any Time. What is a likely cause of this problem between neighbors? (Select two) lTe sts Reference :http://www. The hold times do not match.actualtests." .Section 2: Troubleshoot OSPF(9 Questions) C: It is possible for two routers to become EIGRP neighbors even though the hello and hold timers "Pass Any Exam.cisco. D. Incorrect Answers: B: It is possible for two routers to become EIGRP neighbors even though the hello and hold timers do not match.www.co m . Answer: A. The hello times do not match. The AS numbers do not match. C. show ip eigrp neighbors Answer: B Explanation: The show ip eigrp traffic command displays the number of Enhanced IGRP (EIGRP) packets sent and received.com 13 Ac tua While troubleshooting a routing problem on the company EIGRP network you discover that one of the routers is failing to establish adjacencies with its neighbor.Cisco 642-832: Practice Exam D. Example: The following is sample output from the show ip eigrp traffic command: Router# show ip eigrp traffic IP-EIGRP Traffic Statistics for process 77 Hellos sent/received: 218/205 Updates sent/received: 7/23 Queries sent/received: 2/0 Replies sent/received: 0/2 Acks sent/received: 21/14 QUESTION NO: 14 A. The K-values do not match.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter 09186a00800ca5a9.D Explanation: Peer relationships and adjacencies between routers will not be formed between EIGRP routers if the neighbor resides in a different autonomous system or if the metric-calculation mechanism (K values) is misaligned for that link. B.html#wp1018815 .

www. OSPF router 5.0. B. In the following presented network.0. and DR is selected as expected.actualtests. which statement is true? Answer: B QUESTION NO: 17 DR (Designated Router) is for environments where many routers on the same network such as Ethernet. m . Network 6.0/8 was learned from an OSPF neighbor within the area.0.0.0.2 must be an ABR.2 is an ABR." . What is the CK-RTC status? "Pass Any Exam. On the basis of the information presented.com 14 Ac tua lTe Explanation: In this example.0. The various route types used by OSPF are: sts .co A. all routers are reloaded simultaneously.Section 2: Troubleshoot OSPF(9 Questions) QUESTION NO: 15 QUESTION NO: 16 Refer to the exhibit.0. Since this came from a neighbor in a different area.0. The default route is learned from an OSPF neighbor. Any Time. A default route is configured on the local router. D. C. then the neighbor router at 5.Cisco 642-832: Practice Exam do not match. the network 6.0/8 shows that it was leaned via IA. or Inter-area.

None of the other alternatives apply sts . FULL/BDR C.co m 15 . Any Time. 2WAY/BDR B. 2WAY/DROTHER D. 2WAY/DR E.com Ac Explanation: How OSPF Forms Its Neighbors : In this example topology.www. FULL/DR G. FULL/DROTHER F.Cisco 642-832: Practice Exam "Pass Any Exam.actualtests." . all routers are running Open Shortest Path First (OSPF) over the Ethernet network: tua Answer: E lTe A.

2 Pri State Dead Time Address Interface 1 2WAY/DROTHER 00:00:34 170.com/en/US/customer/tech/tk365/technologies_tech_note09186a0080094059. R4 is the DR (due to higher router ID)so it will have FULL adjacency with all routers including R2.1.actualtests.1.2 1 2WAY/DROTHER 00:00:35 192.168.3.4 FastEthernet0/0 Reference: www.3. External routes are imported into a separate link state database. E.168. Synchronization of link state databases is maintained via flooding of LSAs.cisco.1.3.2 FastEthernet0/0 192. This is normal behavior for OSPF.3. In this case. the "show ip ospf neighbor"is performed on R4.170.1.168.1 FastEthernet0/0 192. Each router has an identical link state database.3.3 1 FULL/BDR 00:00:31 192.1.1.168. Router4# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.170.3 Ethernet0 1 FULL/DR 00:00:32 170.4 Ethernet0 1 2WAY/DROTHER 00:00:34 170.168. By default.2 Ethernet0 Notice that R7 establishes full adjacency only with the Designated Router (DR) and the Backup Designated Router (BDR).8 170.168. All other routers have a two-way adjacency established.Cisco 642-832: Practice Exam This is sample output of the show ip ospf neighbor command on R7 and R8: R7# show ip ospf neighbor Neighbor ID 170.3 1 FULL/BDR 00:00:35 192.4 170. C. Any Time.3. then it would show 2way/drother with R2.170.170. If the "show ip ospf neighbor" had been performed on R1.1.1. Which three of the statements below are true regarding the OSPF link state database? (Select three) A.shtml QUESTION NO: 18 While troubleshooting some connectivity issues.170.8 Ethernet0 1 FULL/BDR 00:00:39 170.170.1.168.168.2 FastEthernet0/0 192.3.170.com 16 Ac tua lTe sts .3 FastEthernet0/0 Router1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192." .168.170. B.co m .3 FastEthernet0/0 192.3.www.2 1 FULL/DROTHER 00:00:31 192.168. Information in the link state database is used to build a routing table by calculating a shortestpath tree. link state databases are refreshed every 10 minutes in the absence of topology changes.1.3 170.168. D.1 1 FULL/DROTHER 00:00:31 192.1.4 1 FULL/DR 00:00:35 192. you issue the "show ip ospf database" in order to examine the link state database. "Pass Any Exam.168.1.

None of the other alternatives apply Answer: C Explanation: The information displayed by the show ip protocols command is useful in debugging routing operations. This command will display the areas assigned and other useful information.C. show ip route C. QUESTION NO: 19 Which command should you use to verify what networks are being routed by a given OSPF process? A. Incorrect Answers: B: Only one link state database is maintained.110. and it is used for all OSPF routes. igrp 200 with metric mapped to 2. ensuring that the databases are synchronized.Example:R1# show ip ospfRouting Process "ospf 201" with ID 192." . but not the networks that are being routed. Each router in the OSPF network maintains an identical database. E: The default refresh time is 30 minutes. "Pass Any Exam.D Explanation: The Link state database is a collection of link state advertisement for all routers and networks. includes subnets in redistribution rip with metric mapped to 2 igrp 2 with metric mapped to 100 igrp 32 with metric mapped to 1Number of areas in this router is 3Area 192. Any Time. For OSPF routers. show ip protocol D. this command will display the routed networks. but not the networks being routed. show ip ospf database E.42. LSA flooding occurs whenever there is a change in the OSPF topology.com Ac tua lTe sts .actualtests.110. Incorrect Answers: A: To display general information about Open Shortest Path First (OSPF) routing processes. Information in the Routing Information Sources field of the show ip protocols output can help you identify a router suspected of delivering bad routing information. D: The OSPF database does not display the networks being routed.www.200Supports only single TOS(TOS0) routeIt is an area border and autonomous system boundary routerRedistributing External Routes from. use the show ip ospf command in EXEC mode. OSPF also uses the SPF algorithm to build the database tables.co m 17 .Cisco 642-832: Practice Exam Answer: A.0 Number of interfaces in this area is 1 Area has simple password authentication SPF algorithm executed 6 times B: This will display the active routing table.Reference: Building Scalable Cisco Networks (Cisco Press) page 178. show ip ospf B.42.

Any Time. B: The show running-config command displays the currently used configuration mode.www.0.103.89. show ip ospf border-routers Answer: D Explanation: The show ip ospf border-routers command displays the internal OSPF routing table entries to an area border router (ABR) and autonomous system boundary router (ASBR).96.0.actualtests.51 10 ABR INTRA 0.1.89. full).89.1.0.0.89.53 144.co m . Which IOS privileged mode command would you enter to confirm that your network: A) has a path to its ABR. Which two IOS commands let you view the state of the link? (Select two) "Pass Any Exam. show ip protocols B.3 3 Incorrect Answers: A: The show ip protocols command only displays routing protocol parameters and current timer values.3 3 160.52 160.89.0.0. The SPF No in the output is the internal number of SPF calculation that installs this route.Cisco 642-832: Practice Exam QUESTION NO: 20 You have a multi-area OSPF network and you're concerned because one of the sites is having connectivity problem to resources in a different area.53 10 ABR INTRA 0. Example: Router R# show ip ospf border-routers OSPF Process 109 internal Routing Table Destination Next Hop Cost Type Rte Type Area SPF No 160. The required information will not be displayed.51 20 ASBR INTER 0.144.103. QUESTION NO: 21 An OSPF link can be in multiple states at any given moment (ie.97. C: The show ip ospf neighbor command displays OSPF-neighbor information on a per-interface basis.103.com 18 Ac tua lTe sts .3 3 160. show running-config C. B) has a path to its ASBR. exchange.3 3 160. Exstart.96.144. It does not include ABR.51 160.0.52 144. show ip ospf neighbor D." .0. ASBR or SPF information.89. and C) the SPF calculation is functional? A.53 22 ASBR INTER 0.

Which command would display OSPF parameters such as filters. We need retrieve OSPF link state information. D: The show ip ospf interface command is used to display OSPF-related interface information for a particular interface. show ip ospf interface Answer: C. and the maximum paths. and number of areas configured on a router? A. show ip protocols C. None of the other alternatives apply Answer: A Explanation: The "show ip protocol" command displays values about routing timers and network information associated with the entire router . This includes. However. show ip ospf neighbor D. This includes the link state of the specified interface. Note: exstart state: After two OSPF neighboring routers establish bi-directional communication and complete DR/BDR election (on multi-access networks). show ip ospf E.co m 19 . show ip protocol B. Incorrect Answers: A: The show ip ospf command is used to display general information about OSPF routing processes.B: The command "show ip protocols" displays the parameters and current state of the active routing protocol process. show ip route C.actualtests. the routers transition to the exstart state. show ip interface F.com Ac tua QUESTION NO: 22 lTe sts . the AS number associated with the routing process." . it does not include any link state information. C: The output of the show ip ospf neighbor command is used To display OSPF-neighbor information on a per-interface basis. It does not show any link state information.www. default metric. show ip ospf interface D. number of areas configured on the router. It includes link state information.Cisco 642-832: Practice Exam A.D Explanation: The link state exstart is an OSPF link state (see note below). "Pass Any Exam. maximum paths. show ip ospf B. Any Time. the metric.

actualtests. show ipv4 ospf G. use the show ipv6 ospf command in user EXEC or privileged EXEC mode. show ip RIP B.www. Example: The following is sample output from the show ipv6 ospf command: Router# show ipv6 ospf Routing Process "ospfv3 1" with ID 10. What command did Tess use to produce this output? . None of the other alternatives apply tua lTe sts You work as a network technician.10. Hold time between two SPFs 10 secs "Pass Any Exam. and since OSPFv3 is used exclusively for IPv6 networks we know that the correct answer must be "show ipv6 ospf. You trainee shows you the IOS command output displayed in the exhibit. show ip ospf interface E. show ip ospf D.Cisco 642-832: Practice Exam QUESTION NO: 23 Exhibit: Answer: B Explanation: In this case we can see that OSPFv3 is being used. show ipv6 ospf interface F. show ipv6 ospf C." To display general information about Open Shortest Path First (OSPF) routing processes. Any Time.com 20 Ac A.10.1 SPF schedule delay 5 secs." .co m .

The output includes a list of the networks routing for individual ospf processes.Cisco 642-832: Practice Exam Minimum LSA interval 5 secs.html#wp2139460 m . flushed after 0 Outgoing update filter list for all interfaces is not set "Pass Any Exam. None of the other alternatives apply tua lTe Which IOS command would you use to find out which networks are routed by a particular OSPF process? sts . hold down 0. Any Time. SPI 1000 SPF algorithm executed 2 times Number of LSA 5.com/en/US/docs/ios/12_3t/ipv6/ipv6_15g.www. show ip route C. show ip protocols D. show ospf B.com 21 Ac A.co Reference: http://www.actualtests. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. It displays the parameters and current state of the active routing protocol process. Checksum Sum 0x000000 Number of areas in this router is 1." . 1 normal 0 stub 0 nssa Area BACKBONE(0) Number of interfaces in this area is 1 MD5 Authentication. show ip ospf database E. Checksum Sum 0x02A005 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 QUESTION NO: 24 Answer: C Explanation: The show ip protocols command display current routing protocols.cisco. Sample output: Rt Router # show ip protocols Routing Protocol is "ospf 200" Sending updates every 0 seconds Invalid after 0 seconds.

10.1 neighbor is down.1. Any Time.actualtests. The following information is available from this router: . The 172. This route is not a BGP learned route.www. The network command is wrong.1.1 remote-as 65002 no auto-summary Routing table information: show ip route | include 10 O 10.6. Ethernet0/0 Why is this prefix not in the local BGP table of the R1? A. However.16.Cisco 642-832: Practice Exam Incoming update filter list for all interfaces is not set Redistributing: ospf 200 Routing for Networks: 172.1.10.10. None of the other alternatives apply "Pass Any Exam. the output does not include the networks routing for individual ospf processes.1. B.16.co m 22 . The prefix 10." . 2d00h.0 neighbor 172.0/24 prefix was not injected into the local BGP table on a Company router named R1.0/24 is not a 'connected' route.0.com Ac tua lTe sts A problem was reported that the 10.10. D: The show ip ospf database command displays the contents of the topological database maintained by the router.Section 3: Troubleshoot eBGP(21 Questions) QUESTION NO: 25 R1 Configuration: router bgp 65001 network 10.10. The command also shows the router ID and the OSPF process ID.5/32 Routing Information Sources: Gateway Distance Last Update Distance: (default is 110) Incorrect Answers: A: The show ospf command displays summary information regarding the global OSPF configuration.0. C. D. E.0/24 [110/11] via 192.168.31. B: The show ip route command displays the IP routing table.10.

In this case.www. The network statement follows this syntax: Router(config-router)# network network-number [ mask network-mask ] In BGP. However. when configuring BGP. Incorrect Answers: A: The show ip bgp command displays routes in the BGP routing table. show ip bgp peers D. show ip bgp paths C." . the route will not get injected into the BGP routing table. show ip bgp protocols Answer: D Explanation: The show ip bgp summary command displays the status of all BGP connections. such as RIP.255.0" under the BGP routing process. B: The show ip bgp paths command is used to display all the BGP paths in the database. The mask keyword can be used with the network command to specify individual subnets. These networks must also exist in the routing table of the local router or they will not be sent out in updates. the correct syntax should be "network 10.Cisco 642-832: Practice Exam Answer: D Explanation: The network command is used with IGPs. the network command does not affect what interfaces BGP runs on. even if it is learned via an IGP. such as RIP.Reference:http://www. Neighbors with corresponding AS values will be listed. Routes learned by the BGP process are propagated by default but are often filtered by a routing policy. show ip bgp B. This is a major difference between BGP and IGPs.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1 "Pass Any Exam.co m . static routes. it does not list the neighbors. or routes learned by way of a dynamic routing protocol.255.com 23 Ac tua Which IOS command would you enter if you wanted to view a list of IBGP and EBGP neighbor relationships that are configured? lTe sts . C: There is no such command. Any Time. to determine the interfaces on which to send and receive updates. not the neighbors. the network command tells the BGP process what locally learned networks to advertise. show ip bgp summary E.10.cisco.actualtests. configuring just a network statement will not establish a BGP neighbor relationship. both interior and external. Without the correct subnet mask specified. In this example. the route is known via OSPF. Therefore. The networks can be connected routes. The command also indicates which directly connected networks to advertise. However.10.0 mask 255. QUESTION NO: 26 A.

At the start event.In the Connect state.) Explanation: Show ip bgp summary command displays the summary of all BGP connections. * Connect . While active.3. If the TCP connection fails.www. The router is trying to create a BGP peering session with the 10.Reference:http://www.3. the timer is reset. If the TCP connection is successful.1 neighbor. Any Time. Then it starts listening for a TCP notice that BGP can transition back to Idle from any other state in case of errors. and the router tries to connect again.Cisco 642-832: Practice Exam _r/1rprt1/1rbgp.2. initiated by the system or the administrator.htm QUESTION NO: 27 Which two of the following descriptions are correct according to the displayed output of the command show ip bgp summary? (Choose two.1.2. B.cisco. BGP is waiting for a start event.D lTe A. the state transitions to OpenSent.3.actualtests. BGP is still listening for a connection "Pass Any Exam. but the router received no BGP routing updates from the 10.1. If the connect retry timer expires.3 neighbor. D.In the Active state.2 neighbor. C. BGP restarts the connect timer and returns to the Connect state.3 neighbor is created. The BGP session to the 10. the state returns to Idle.co m 24 . BGP is trying to acquire a peer by initiating a TCP connection. If the connect retry timer expires. the state remains in the Connect state. BGP initializes its resources and resets a connect retry timer. * Active . It is normally initiated by an administrator or a network event. and a TCP connection is initiated. The BGP session to the 10. sts . the state transitions to the Active state." . it transitions to OpenSent. BGP is waiting for the TCP connection to be completed.Idle is the first state of a BGP connection.1 neighbor is established. If it is successful.htm E: There is no such command. The six states of the BGP FSM are described as follows: * Idle .com Ac tua Answer: A.1. In case of any other event.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1 _r/1rprt1/1rbgp. The router is attempting to establish a BGP peering session with the 10.3.1.

When a TCP disconnect is detected. If a keepalive message is received. For any other errors. assuming that the negotiated hold time is not zero. The open message is checked for correctness. BGP is waiting for an open message from its peer.Cisco 642-832: Practice Exam that may be initiated from another peer. QUESTION NO: 28 The "show ip bgp" command was issued on a Router as shown below: Based on the Router2 output. a neighbor state that is switching between "Connect" and "Active" is an indication that something is wrong and that there are problems with the TCP connection.While in OpenConfirm state. or the incapability of a neighbor to reach the IP address of its peer. In the case of any TCP disconnect or in response to any stop event. such as an incompatible version number or an unacceptable AS. the hold timer is restarted at the receipt of an update or keepalive message. the state returns to Idle. initiated by the system or the administrator. BGP does this by comparing its AS number to the AS number of its peer. * Established . BGP recognizes whether the peer belongs to the same AS or to a different AS. such as a stop event initiated by the system or the operator. At this stage.Established is the final state in the neighbor negotiation.actualtests. The state may go back to Idle in case of other events. the state goes to the Established state. the state falls back to Active. BGP starts exchanging update packets with its peers. BGP starts sending keepalive messages and resets the keepalive timer. If there are no errors. it restarts the hold time. the hold time is negotiated and the smaller value is taken. At the OpenSent state. If it is non-zero. If the system receives an update or keepalive message.In the OpenSent state. Then it returns to the Idle state. the system sends an error notification message and goes back to idle. the state falls back to Idle. In case of errors. It could be because of many TCP retransmissions. A same AS is an IBGP peer and a different AS is an EBGP peer. * OpenSent . BGP sends a notification message with the corresponding error code.com 25 Ac tua lTe sts . and the neighbor negotiation is complete. The system sends periodic keepalive messages at the rate set by the keepalive timer.www. If a notification message is received. such as an expiration of the hold timer. the system sends a notification message with an FSM error code and returns to the Idle state. Any Time. * OpenConfirm . In general. which statement is true? "Pass Any Exam. the hold timer and the keepalive timer are not restarted. In response to any other event. If the negotiated hold time is zero (0).co m . BGP is waiting for a keepalive or notification message." .

0.200.214.10. i .0 prefix is via 10. 128.200. Answer: A "Pass Any Exam.actualtests.200.5 C.200.208.internal Origin codes: i .10.11. QUESTION NO: 29 While verifying BGP operation on the Company router.2 0 400 0 200 1 * 143. > best.0 203. The best path to reach the 192. * valid.com 26 Ac tua lTe sts .63. you issue the "show ip bgp" command as shown below: routerR>show ip bgp BGP table version is 1046033.168. which path will the network 143. 203.www.0.co m . None of the other alternatives apply.5 0 100 0 200 1 * 143.213. d damped.5 D.12 due to the fact that the weight is higher (101) than the path via the alternative next hop.12. e EGP.214. 192.168.208. All of the above will be used in a round robin fashion.0.0 143. 128.0 prefer to take to exit the AS? A.11.0 is via next hop 10. the best path to 192.13.200.250.12 EBGP neighbors.2 B.16.Cisco 642-832: Practice Exam A.12.11. E.16.41 0 100 0 500 1 From the information above.0 192.200.63.168.200. BGP will automatically load balance between the two.63.11. Answer: D Explanation: The best path to any given destination is noted by the ">" in the IP BGP table.200.16.0 128. h history. The 192.5 0 300 0 300 1 * 143. local router ID is 198.11 and 10.100 Status codes: s suppressed.200.13.12.41 E. Within a router.200.200. The best path to reach the 192.200.168.32. In this case.0.168." .63. Weight is a Cisco proprietary method for path determination and the weight value is used above all other values.16.0. ? -incomplete Network Next Hop Metric LocPrf Weight Path * > 143.0 and 192.16.200.16. B. D.0 prefix is via 10.200.11 and 10.250. The best path to reach the 192.162.11.0 prefixes were learned via EBGP from the 10.11.0 prefix is via both 10. the path with the highest weight will be preferred.168.IGP. Any Time. C.

Neighbor 10.0.0.0. as noted by the">" which refers to the best path for this destination. Network Next Hop Metric LocPrf Weight Path * > 128.) A.0.5 has an incorrect password set.2 0 400 0 200 1 The preferred exit path of the AS is therefore 128. E.5 has a BGP password set but RTR does not.F "Pass Any Exam.1 has an incorrect password set.214. Any Time.com 27 Ac tua lTe sts . A path with a higher local preference is more preferred. RTR has a BGP password set but neighbor 10. Neighbor 10.co m .actualtests." .0.1 has a BGP password set but RTR does not.213.63. Answer: A. QUESTION NO: 30 Refer to the exhibit. B. F.63.0. Router RTR is attempting to establish BGP neighbor relationships with routers RT1 and RT3. D.0 128. In this scenario the following entry has the highest local preference value of 400.0.www.5 does not. which two statements are true? (Choose two.0.0.0. RTR has a BGP password set but neighbor 10. RTR has a BGP password set but neighbor 10.0.214. RTR has a BGP password set but neighbor 10.Cisco 642-832: Practice Exam Explanation: Local preference (LocPref) is a well-known discretionary attribute that provides an indication to routers in the AS about which path is preferred to exit the AS.1 does not.2.0.0. On the basis of the information that is presented in the exhibit. C.

that step is enabling password authentication on a peer-by-peer basis using the neighbor ip-address password password command. where the other neighbor is configured for authentication while the other is not. Change both the inbound and outbound policy related to this route. D. The administrator determines that an access list is the cause of the problem. This is expedient and very useful in a lab situation. On an Internet backbone router. Routers RTA and RTB are running BGP but the session is active. changes made to an existing configuration may not appear immediately. it may be more appropriate to use this command with a specific IP address." . Clear the BGP session. Therefore. The administrator changes the access list to allow this route. but caution should be exercised when issuing this command on a production router.0 QUESTION NO: 32 Refer to the exhibit.0/24 that should be propagated to all of the devices." Only one configuration step is required to use BGP password authentication.Cisco 642-832: Practice Exam Explanation: The above log message means that there is an invalid MD5 password on one neighbor. all BGP routes are lost while the neighbor relationships are reset.actualtests. neighbor {ip-address | peer-group} password [0-7] password-string QUESTION NO: 31 A company has a BGP network and a BGP route of 196. Use the service-policy command to adjust the QOS policy to allow the route to propagate. the error message would indicated "Bad MD5 digest" not "No MD5 digest. use the clear ip bgp * command : Router# clear ip bgp * The asterisk (*) is a wildcard that matches all table entries. as shown in the following: Router# clear ip bgp 192. Answer: A Explanation: When configuring BGP. In order to force BGP to clear its table and reset BGP sessions. Use the release BGP routing command.com Ac tua lTe sts . The route is not now in any of the routing tables.co m 28 . but the route still does not appear in any of the routing tables.www.168.27.125. C. What should be done to propagate this route? A. What command needs to be added to establish the BGP session? "Pass Any Exam. B. If both sides were configured and there was a password mismatch. Any Time.0.

as described in this module. BGP allows the path that packets take to be manipulated by the AS.10. When BGP is running between routers in the same AS.www.255.10. ip route 10.10.10. QUESTION NO: 33 Refer to the exhibit.Cisco 642-832: Practice Exam Answer: A Explanation: When BGP is running between routers in different autonomous systems.actualtests.10.56.255 s0/1 B. network 10. no synchronization D.255.255.com Ac tua lTe A.10.1 255." . It is important to understand how BGP works to avoid creating problems for your AS as a result of running BGP.10.1 next-hop-self sts . A static route can be used to form an adjacency between EBGP neighbors. Which one of these statements is true? "Pass Any Exam. neighbor 10. it is called External BGP (EBGP).0 via BGP.176. Router RT3 discovers network 202.255.0 C.255 s0/0 ip route 10.10. it is called Internal BGP (IBGP). Any Time.co m 29 .1 255.

176.1. sts .) "Pass Any Exam.co m 30 . RT3 is directly connected to RT1 using subnet 192.1.0/24 with a metric of 782. RT1 advertised network 202. On the basis of the information in the exhibit. which two statements are true? (Choose two.1.1. E.168. F.Cisco 642-832: Practice Exam Answer: C Explanation: QUESTION NO: 34 Refer to the exhibit. B.176.168." .50. RT3 has an IGP metric of 1782 to reach 202.0. Any Time.0/24. D. RT3 has a BGP metric of 782 to reach 192. C.1. RT3 has an IGP metric of 782 to reach 192.56.168.www.50.176.0/24 with a metric of 1000. RT1 advertised network 202.actualtests.com Ac tua lTe A.

The serial 0/0/1 interface on the ISP router has been configured with the set metric 75 command.F Explanation: The "show ip route bgp" command will display any BGP-learned routes that make it into the IP routing table.com Ac A. This output was seen on ISP because the local router ID is 192. When traffic is sent from the ISP to autonomous system 64512.Cisco 642-832: Practice Exam Answer: D.co m 31 . E." . tua lTe sts . the traffic will be forwarded to SanJose2 because of the higher MED value of SanJose2. B.www. the command "show ip bgp" is required to display the contents of the actual BGP routing table. Any Time.2 (the other side of the serial 0/0/1 interface). The output was generated by entering the show ip bgp command on the SanJose1 router. as this is the metric to the peer with IP address 192.1. Since we know that this output must have been seen by ISP. The serial 0/0/1 interface on the ISP router has been configured with the set metric 50 command. The output was generated by entering the show ip bgp command on the ISP router. we know the serial 0/0/1 interface has been configured with a metric of 75. When traffic is sent from the ISP to autonomous system 64512. "Pass Any Exam.168.actualtests. the traffic will be forwarded to SanJose1 because of the lower MED value of SanJose1. F.1 (ISP).100.168. C. D.

EBGP multihop is not configured on routers R1 and R3. This prevents BGP from validating iBGP routes in IGP.www. http://www. Synchronization in autonomous system 100 is turned is on. Since this AS does not appear to be a transit AS. the routers must learn of the same route via an IGP. BGP waits until IGP propagates the route within the AS and then advertises it to external peers.co m 32 . B. C. Routers R1 and R3 do not receive the same routes via an IGP. BGP should not advertise a route before all routers in your AS learn about the route via IGP." . Reference: BGP Case Studies.C Explanation: If your AS passes traffic from another AS to a third AS. All routers are configured for BGP. Issue the no synchronization command under router bgp in order to disable synchronization.Cisco 642-832: Practice Exam QUESTION NO: 35 Refer to the exhibit. A BGP router with synchronization enabled does not install iBGP learned routes into its routing table if it is not able to validate those routes in its IGP.actualtests. The BGP routers in autonomous system 100 are not logically fully-meshed. In this scenario.cisco. or synchronization should be turned off. EBGP routes received on router R2 show up in the BGP table on routers R1 and R3 but not in their IP routing tables. E. D. Synchronization in autonomous system 100 is turned is off. What would cause this? Answer: B.com Ac tua lTe sts A. the best solution would be to disable synchronization.shtml#synch QUESTION NO: 36 The network consists of two separate autonomous systems as shown below: "Pass Any Exam.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb. . Any Time.

neighbor 165.2 remote-as 64000 C.50.50.com Ac tua Explanation: B: RouterR2(config-router)# neighbor 165.1 route-reflector-client D.12.D QUESTION NO: 37 The network consists of a series of routers that are all configured for IBGP.actualtests. Incorrect Answers: A: We must specify router R1 as neighbor. Answer: D "Pass Any Exam.1).12.12.2 route-reflector-client Configures the router R2 as a BGP route reflector and configures the specified neighbor R1 (165. neighbor 165.50.50. Assuming that Router R3 isn't running BGP. Furthermore.12.1 remote-as 65100 B.12.www.12." . C. we should use the local AS (64000).2 remote-as 64000 We configure router R1 (165.co m 33 . The IBGP routers do not need to be directly connected. D: RouterR2(config-router)# neighbor 165. Any Time. C: We must specify router R1 as route reflector client. D. The IBGP routers must be directly connected.50. The IBGP routers must always be fully meshed. neighbor 165.50.2) as a neighbor in AS 64000.1).12.50. lTe sts . which two of the commands below would you enter on R2 to satisfy your goals? (Select two) A. None of the other alternatives apply are true. not R2 itself (165. Which one of the following IBGP characteristics is true? A.2) as its client. not the remote AS 65100. The IBGP routers can be in a different AS.50.50. E.12. not R2 itself (165.2 route reflector-client Answer: B.Cisco 642-832: Practice Exam You need to configure Router R2 as a BGP route reflector and Router R1 as the client.50.12. B. neighbor 165.12.

network 10. Any Time.255.0.1 remote-as 65002 sts .10. as long as it is reachable via the IGP that is being used. which of the following BGP statements would inject the 10.252 ! router bgp 65001 neighbor 192. network 10.10." .0 mask 255.10. the remote IBGP router could be many hops away.255. To specify the route as classless.0 ! int serial 0 ip address 172.255. The remote IBGP peers need only be reachable via a TCP connection.255.255.255.0.1 255.1. For example.0 mask 255. if the network is also running an interior routing protocol such as EIGRP or OSPF.255.255. Incorrect Answers: A: Using route reflectors or confederations a full mesh topology is not necessary. network 10. "Pass Any Exam. C: The IBGP routers do not have to be directly connected.0.1.0 Answer: B Explanation: The /16 mask is equal to 255.10. not IBGP.0.10.0 B.10.1 mask 255. Peers that are in different autonomous systems are using EBGP.0.0. so answer choice B matches the address and the mask.255 D.0. network 10.10.0 C.www.10.255.168.255.0.0 E.com Ac tua lTe interface ethernet 0 ip address 10.0.16. B: The IBGP routers must be placed in the same AS.Cisco 642-832: Practice Exam Explanation: The IBGP routers do not have to be directly connected.0/16 prefix into the BGP routing table? A. the mask keyword should be included or the network will be summarized at the network boundary. network 10.co m A BGP router is configured as shown below: 34 . QUESTION NO: 38 Based on the above configuration.actualtests.1 255.0.0.0 mask 255.

aggregate-address 192.12.1.168.Cisco 642-832: Practice Exam QUESTION NO: 39 Router R-1 is configured for BGP routing as shown below: router bgp 65300 network 27.252.0 E." .0 mask 0.com 35 Ac tua The BGP routing table consists of the following network routes: lTe sts Explanation: Both the local and remote router is configured with the same autonomous system number so they are peer routers running IBGP.0 D.www. network 192.0 255.12.12.3. network 192.12.co m .0/22 while also allowing for the advertisement of the more specific prefixes? A.255 C.1? A.255.12.0 255. A peer router running EBGP C.12.255.168.0 summary-only F.0.252.12.1. aggregate-address 192.168. aggregate-address 192.0. what kind of router is the router with IP address 192. network 192.252.255.23.1 remote-as 65300 From the perspective of router R-1. .255.0 as-set "Pass Any Exam.0 neighbor 192. A peer group member running EBGP Answer: A QUESTION NO: 40 What is the correct command to summarize these prefixes into a single summary prefix of 192.252.168. A peer router running IBGP B. Any Time. A community member running IBGP D.168.0 255.168.0.23.0 mask 255. A peer group member running IBGP E.168.0 B.actualtests.

0 D. as well as a missing subnet mask. Which of the following commands would you use if you wanted to advertise the subnet 154. as specified in choice E.1. Router (config-router)#network 164. use the "summary-only" keyword. Router (config-router)#network 154.255. Any Time.Cisco 642-832: Practice Exam Answer: D Explanation: To summarize BGP prefixes into one aggregated route.co m 36 .2. this will advertise the aggregate route. Router (config-router)#network-advertise 154. along with the individual specific routing entries. QUESTION NO: 42 You are the administrator of a company with BGP connections to multiple ISP's. QUESTION NO: 41 Router R1 needs to be configured to advertise a specific network.255. Enable route reflector "Pass Any Exam.www.0 to the EBGP neighbors on your subnet? A.1. The classful subnet mask of 154. None of the other alternatives apply Answer: D Explanation: The network command is used to specify the networks to be advertised by the Border Gateway Protocol (BGP) and multiprotocol BGP routing processes.1. then an exact match must exist in the routing table.0 B.1.actualtests.1. B: This is using the incorrect IP address. How could you configure BGP to make it favor one particular ISP for outbound traffic? A. If the mask keyword is configured.0 .2. Syntax: network network-number [ mask network-mask ] [ route-map map-name ] Mask and route-map are optional. Configure weight B.2.com Ac tua lTe sts . To advertise only the aggregated route. C: The network-advertise is an invalid command.2.0 255. use the "aggregate-address" command.255.a Class B network.2." .0 mask 255.0. When used alone.0 is 255.0 E.1.255.0 C. Incorrect Answers: A: If we do not specify the subnet mask then additional networks are allowed to be advertised. Router (config-router)#network 154.255.2.

This can considerably reduce the number of IBGP sessions. This saves on the number of BGP TCP sessions that must be maintained. Peer groups E. Enable the Longer Autonomous System path option. D: This choice describes ASD path pre-pending. "Pass Any Exam. E. Weight is a Cisco BGP parameter that is local to the router.co m . the AS is broken up into smaller. What can the administrator configure to reduce the number of BGP neighbor relationships within the AS? lTe QUESTION NO: 43 sts . The full mesh topology that is currently in place is inefficiently using up bandwidth from all of the BGP traffic. By itself a distribute list cannot make routes from one ISP be preferred to routers from another ISP. If they are not. With confederations. not outgoing. When terminating multiple ISP connections into the same router. and then the route reflectors connect with each other.Cisco 642-832: Practice Exam C.actualtests.com 37 Ac tua An ISP is running a large IBPG network with 25 routers. internal BGP routers peer only with the route reflector.www. There are two ways to overcome the scalability issues of a full IBGP mesh: route reflectors and confederations. which would be used to influence the path that incoming traffic takes. A. weight can be used to affect which path is chosen for outbound traffic. All of the above. Create a distribute list D. With route reflectors. Incorrect Answers: B: A route reflector cannot be used to influence outbound traffic. then all of the IBGP routers will not have the updated information from the external BGP routers. and also reduces the BGP routing traffic. Any Time. all IBGP peers must be configured to be fully meshed. C: Distribute lists restrict the routing information that the router learns or advertises. Aggregate addresses Answer: A Explanation: In general. more manageable sub autonomous systems. the route with the highest weight will be preferred. Answer: A Explanation: If the router learns about more than one route to the same destination. A route reflector modifies the BGP split horizon rule by allowing the router configured as the route reflector to propagate routes learned by IBGP to other IBGP peers. Route redistribution D. Another solution to the scalability problem of IBGP is the use of confederations. Route maps C. Route reflectors B." .

cisco. The network was defined by a static route. D.com : 38 . .0. A network in the BGP table with a next hop address of 0. The network was learned via IBGP. C.shtml#tw o lTe sts A.actualtests.0. Answer: A.0.cisco.0 mean in the show ip bgp command output? QUESTION NO: 45 Refer to the exhibit diagram and configuration.E Q. the show ip route command on RTA reveals the RTB individual networks as well as its summary route.0.co m Explanation: From BGP FAQ on www. The network was learned via EBGP.Cisco 642-832: Practice Exam QUESTION NO: 44 What are the two reasons for the appearance of 0.0 as the next hop for a network when using the "show ip bgp" command? (Choose two) A. What does a next hop of 0.0 means that the network is locally originated via redistribution of Interior Gateway Protocol (IGP) into BGP. or via a network or aggregate command in the BGP configuration." . RTB is summarizing its networks from AS 64100 with the aggregate-address command.www. Any Time.com/en/US/tech/tk365/technologies_q_and_a_item09186a00800949e8.0. E.com Ac tua Reference: http://www. B. The network was originated via a network or aggregate command. However. Which option would ensure that only the summary route would appear in the routing table of RTA? "Pass Any Exam. The network was originated via redistribution of an interior gateway protocol into BGP.0.

Any Time.0 255. D.10.252.actualtests.com Ac tua The purpose of aggregate-address <network> <netmask> summary-only command is to suppress the advertisement of more specific routes. Delete the four network statements and leave only the aggregate-address statement in the BGP configuration. the IBGP peers in autonomous system 65200 have not converged. In addition.168.255.co A.Cisco 642-832: Practice Exam QUESTION NO: 46 Refer to the exhibit." .www.24.2(179) to 10.10. sts Answer: D . lTe Explanation: The aggregate-address <address> <netmask> command advertises the summary address as well as theadvertisement of the more specific routes.3(11002) On the basis of the information that is provided.0 pointing to the null0 interface. BGP has been configured on the routers in the network. m 39 .23.23. C. what is the cause of the problem? "Pass Any Exam.729: %TCP-6-BADAUTH No MD5 digest from 10. this console message was generated on router R2: *Mar 1 03:09:07. Create a route map permitting only the summary address. However. B. Add a static route with a prefix of 192. Add the keyword summary-only to the aggregate-address command.

sts . m 40 .actualtests. All the routes were redistributed into BGP from an IGP. C. BGP authentication can be used on iBGP peers when the connection is configured between the loopback interfaces. BGP authentication can be used on eBGP peers only.com Ac tua lTe Explanation: The above log message is relating the invalid MD5 password on neighbor. Both peers need to use the same password for MD5 authentication.) A.Cisco 642-832: Practice Exam Answer: D QUESTION NO: 47 Refer to the exhibit. All the routes were originated by BGP with the network command." . OSPF must be configured with the same MD5 authentication. B.www. Which two statements are correct? (Choose two. C. D. "Pass Any Exam. All six routes will be installed in the routing table. Any Time. The password that is used for BGP authentication on both BGP peers in autonomous system 65200 must be the same. B.co A.

" .) . No default metric configured for EIGRP sts During a redistribution of routes from OSPF into EIGRP. Section 4: Troubleshoot routing redistribution solution (5 Questions) QUESTION NO: 48 Answer: A. you should provide the metric. E.actualtests. Any Time. Missing ip classless command C. Answer: A.com Ac tua lTe A.D Explanation: Possible reasons for OSPF routes not showing up include the use of distribute lists to control routing and no metric is configured either with the redistribute command or with default-metric.D Explanation: Because the AS paths shown all end with a ? we know that all of the routes had beed redistributed into BGP. The four best paths. as noted with the > sign. Here are the default seed metrics for various protocols: RIP : Infinity EIGRP : Infinity OSPF : 20 IS-IS: 0 QUESTION NO: 49 "Pass Any Exam. CEF not enabled D. Incorrect distribute lists have been configured B. Remember while redistributing into RIP or EIGRP. the administrator notices that none of the OSPF routes are showing up in EIGRP. will all be inserted into the routing table. What are two possible causes? (Choose two.Cisco 642-832: Practice Exam D.www. Two routes will be installed in the routing table. Four routes will be installed in the routing table.co m 41 .

Route maps operate similar to access lists. C. Answer: C Explanation: The route-map command is used to configure policy routing. from there conditions can be configured for the route map. D. Route maps are different from numbered access lists because they can be modified without changing the entire list.com 42 Ac A.www. If a "Pass Any Exam. B. by examining one line at a time and when a match is found. of the route map. On router R4 all RIP routes are redistributed into the OSPF domain. or ID." . There will be no EIGRP external routes in the routing table of R1. Based on the configuration on router R2. A second redistribution is configured on router R2 using a route map. action is taken. All routes originating from RIP and OSPF routing domains. Only routes originating in the OSPF routing domain. Any Time. Syntax: RouterA(Config)#route-map map-tag [permit | deny ] <Sequence Number> RouterA(Config-map-router)# The map-tag is the name. which EIGRP external routes will be present in the routing table of R1? Select the best response. This map-tag can be set to something easily recognizable name.actualtests. None of the other alternatives apply.Cisco 642-832: Practice Exam Refer to the exhibit and the partial configuration on router R2. The route-map command changes the mode on the router to the route-map configuration mode. which is often a complicated task. E. tua lTe sts . The routes originating from the RIP routing domain. A route map is defined using the syntax shown in the figure.co m . Each route map statement is given a number.

and so on. Network B B.actualtests. Given the partial configuration of router R2.0 and 200.Cisco 642-832: Practice Exam sequence number is not specified. In this exhibit an access-list is created to deny from 100. which network will be present in the routing table of R4? A. the first route map condition will automatically be numbered as ten (10)." . Network A and Network B C. While redistributing OSPF routes into EIGRP the RED rout-map is used.com Ac tua lTe sts . Any Time.co m 43 . neither Network A nor Network B "Pass Any Exam.0.10. The second condition will automatically be numbered as 20.www. The optional sequence number can be used to indicate the position that a new route map is to have in the list of route maps already configured with the same name.10. QUESTION NO: 50 Refer to the exhibit. The routing protocols EIGRP and OSPF have been configured as indicated in the exhibit. Network A D. and it denies advertising the RIP domain network into EIGRP.0 (RIP Domain) and that is called by route-map ABC.10.

D. Apply an inbound ACL to the R2 serial interface. This command is available for all IP routing protocols and can be applied to either inbound or outbound routing updates.0. Set the OSPF default metric to 20. F. Configure distribute-lists on R3 and R4. QUESTION NO: 51 Refer to the network shown below: Answer: C Explanation: Use the distribute-list command to pick and choose which routing updates a router will send or receive. B. However. the syntax for configuring a route filter is as follows: Router(config-router)# distribute-list access-list-number in [ interface-name ] When applied to outbound updates.20.21. the Network A network will not be seen on router R4 (The bottom router which is improperly labeled Network B) because EIGRP 50 was not redistributed into EIGRP 100.20.0/16 and 10.Cisco 642-832: Practice Exam Answer: A Explanation: In this exhibit the OSPF domain is redistributed into the EIGRP 100 domain so Network B will present into Router R4. C. None of the other alternatives apply tua lTe R1 and R2 belong to the RIP routing domain that includes the networks 10. E.21.0. Change the RIP administrative distance on R3 to 110. When applied to inbound updates.0/16 and 10. A network administrator has discovered that R2 is receiving OSPF routes for the networks 10.www.0. the distribute-list creates a route filter.actualtests.0. Change the OSPF administrative distance on R3 to 110.0/16 and a routing loop has occurred. the syntax can be more complicated as shown in the following: "Pass Any Exam.com 44 Ac A. By referencing an access list. This is a set of rules that precisely controls what routes a router will send or receive in a routing update.co m . Any Time. R3 and R4 are performing two-way route redistribution between OSPF and RIP.0/16." . Which action will correct this problem? sts .

0. B. R2 is configured with a twoway redistribution between RIP and OSPF domains. What could the problem be? A. All routers can ping each other.actualtests. QUESTION NO: 52 RIP and OSPF are configured on the routers as shown in the exhibit. D. The metric for the OSPF routes that are redistributed into RIP is too low." .com 45 Ac tua lTe sts .0. the keyword subnets is not required to redistribute protocols into OSPF.www.Cisco 642-832: Practice Exam Router(config-router)# distribute-list access-list-number out [ interface-name | routing-process | as-number ] The routing-process and as-number options are invoked when exchanging routes between different routing protocols. Therefore. Example: Router A(config)# router ospf 109 Router A(config-router)# redistribute rip subnets Router "Pass Any Exam. Answer: B Explanation: The subnets keyword tells OSPF to redistribute all subnet routes. OSPF and RIP use the same major network 172. so there is no need to define the metric using the default-metric command during the redistribution. only networks that are not subnetted are redistributed by OSPF.16. a fact that prevents OSPF routes from being advertised into RIP. Any Time. Without the subnets keyword. but R1 cannot see any of the OSPF routes in its routing table. The process of redistribution of RIP into OSPF does not require any metric conversion. none of the routes learned from OSPF will be advertised into RIP.co m . Because OSPF has a longer mask for the same major network than RIP and because RIP version 1 is being used. C.

the main purpose of the IP helper feature is not to prevent the router from forwarding IP broadcasts. None of the other alternatives apply Answer: A Explanation: The ip helper-address command is used to have the Cisco IOS software forward User Datagram Protocol (UDP) broadcasts. QUESTION NO: 54 When you execute the "ip helper-address" command on a router. C: IP helper does not use IPX. However.0.0.0. B.0 0.com Ac tua lTe sts . IP Helper is used to prevent the router form forwarding IP broadcasts. even though a DHCP server is more advanced.www. E.actualtests.0.255 area 0 Router A(config-router)# network 130. which three UDP ports get enabled automatically by default? (Select three) A.10. including BOOTP.Cisco 642-832: Practice Exam A(config-router)# network 130.62. IP Helper is used to allow IPX clients to communicate with IP-based servers. IP Helper is used to direct BOOTP clients to a BOOTP server. C. Incorrect Answers: B: Combined with the ip forward-protocol global configuration command. Any Time. The helper address should specify the address of the DHCP server. 53 (DNS) "Pass Any Exam. the ip helper-address command allows you to control which broadcast packets and which protocols are forwarded.co m 46 . IP Helper is used to accommodate compatibility routers using different IP routing protocols.255 area 0 Section 5: Troubleshoot a DHCP client and server solution (13 Questions) QUESTION NO: 53 What is the purpose of configuring router R1 with the "IP Helper address" command? A. DHCP protocol information is carried inside of BOOTP packets. D.0 0. Note: A DHCP server can be considered to be a BOOTP server.10. configure a helper address on the router interface closest to the client.63. To enable BOOTP broadcast forwarding for a set of clients. D: This is false." . received on an interface.

com Ac tua lTe Refer to the exhibit.B. 69 (TFTP) C.cisco." .actualtests. the ip helper-address interface command is used. Which set of DHCPD debug messages is in the correct sequence? sts QUESTION NO: 55 . 49 (TACACS) Answer: A. Router RTA has been configured as a DHCP server.co m 47 . By default. time service (port 37) Trivial File Transfer Protocol (TFTP) (port 69) Terminal Access Control Access Control System (TACACS) service (port 49) NetBIOS name server (port 137) NetBIOS datagram server (port 138) Boot Protocol (DHCP/BootP) client and server datagrams (ports 67 and 68) IEN-116 name service (port 42) Reference: Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks http://www. The two debug commands will generate output on RTA when Host A requests an IP address. 515 (LPR) D. Any Time. 161 (SNMP) E.www. The IP helper-address can be configured to forward any UDP broadcast based on UDP port number.Cisco 642-832: Practice Exam B.E Explanation: To forward the BootP/DHCP request from the client to the DHCP server.html "Pass Any Exam. the IP helper-address will forward the following UDP broadcasts: DNS (port 53).com/warp/public/473/100.

Cisco 642-832: Practice Exam A.3 to client 0b07. DHCPD:DHCPREQUEST received from client 0b07. DHCPD:Sending DHCPACK to client 0b07.com 48 Ac tua Answer: C lTe sts .a029 (10.1134.1134.1134. DHCPD:unicasting BOOTREPLY for client 0b07.0. "Pass Any Exam.1.0.0.1134.co m ." . DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPACK to client E.a029.a029.0.a029 to relay 10.1.0.actualtests. DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPACK to client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPREQUEST received from client Explanation: The following example shows a combination of DHCP server events and decoded receptions and transmissions: Router# debug ip dhcp server events Router# debug ip dhcp server packets DHCPD:DHCPDISCOVER received from client 0b07.www.1. DHCPD:checking for expired leases. Note that for this question.a029 through relay 10.1.1134.1134. DHCPD:unicasting BOOTREPLY for client 0b07.a029 to relay 10.a029 (10. DHCPD: DHCPDISCOVER received from client DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPOFFER to client DHCPD: Sending DHCPACK to client C. the correct order of events are highlighted above.253. DHCPD: Sending DHCPACK to client DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPREQUEST received from client F. DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPACK to client D.3).1.0.3).253.253. Any Time. DHCPD:assigned IP address 10. DHCPD:Sending DHCPOFFER to client 0b07. DHCPD: Sending DHCPOFFER to client DHCPD: DHCPDISCOVER received from client DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPACK to client B.1.1134.

cisco. Answer: F Explanation: Configuring the Address Lease Time: By default. which statement about DHCP is true? A. F. Any Time. which is the amount of time that the address is valid.Cisco 642-832: Practice Exam Reference: http://www. Router RTA has been configured as a DHCP server for router RTC. Router RTC must be configured with the ip address dhcp global configuration command." . E. On the basis of the information that is provided. each IP address assigned by a DHCP server comes with a one-day lease. The lease 2 0 0 DHCP configuration command would change the default DHCP lease time to 48 hours on router RTA. The ip helper-address 192.html#wp1020307 QUESTION NO: 56 Refer to the exhibit.co m .www.com/en/US/docs/ios/debug/command/reference/db_h1.168. C.2 DHCP command. To change the lease value for an IP address. B.2 interface configuration command must be issued for the Fa0/1 interface on router RTA. use the following command in DHCP pool configuration mode: "Pass Any Exam.1. Router RTA must be configured with the default-router 192.actualtests.3. The ip address dhcp interface configuration command must be issued for the Fa0/1 interface of router RTA.com 49 Ac tua lTe sts . The VLAN1-POOL argument must be issued for the Fa0/1 interface on router RTA. D.168.

ht m#22915 QUESTION NO: 57 Refer to the exhibit. B. The DHCP clients of router R2 will receive the same option information that the clients of R1 receive. For the import all command to work on router R2.com 50 Ac tua lTe sts . C. Any Time.co m .Cisco 642-832: Practice Exam Reference: http://www. As configured. "Pass Any Exam. Which statement is true about the information that is given? A.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/easyip2." . D. its Fa0/1 interface must be configured as a DHCP client. router R2 will retrieve domain name and other option information from R1.www.cisco. Router R2 will distribute incorrect default router option information to DHCP clients because it is importing this information from R1.actualtests.

1 10.5 ! ip dhcp pool central ! Specifies network number and mask for DHCP clients network 10. See below for a diagram of the network topology.2 !Specifies the NETBIOS WINS server netbios-name-server 10.0.0 duplex auto speed auto Remote Router ! "Pass Any Exam.2 ! interface FastEthernet0/0 ip address 10.255.0. In response to a DHCP request from a local client behind CPE equipment.0.0.0." .Cisco 642-832: Practice Exam Answer: C Explanation: DHCP Server Options Import and Autoconfiguration Example: The following example shows a remote and central server configured to support DHCP options import and autoconfiguration. the remote server can request or "import" these option parameters from the centralized server.0.com 51 Ac tua lTe sts .0. Central Router !do not assign this range to DHCP clients ip dhcp-excluded address 10.0.co m .www. Any Time.255.0.255.0.actualtests. The central server is configured to automatically update DHCP options.255.0 255. such as DNS and WINs addresses.0.1 255.0.0 ! Specifes the domain name for the client domain-name central ! Specifies DNS server that will respond to DHCP clients when they need to correlate host ! name to ip address dns-server 10. within the DHCP pools.

0.0.1.1. an error is produced.10/24. Which configuration would correct this situation? sts . Any Time. whenever the copy running-config tftp command is issued with default options on switch ASw1.24 ASw1(config-if-range)# ip forward-protocol udp 69 B. A network administrator consoles into the ASw1 switch and attempts to save the switch configuration to the TFTP server that is located at IP address 10.cisco.co m . Reference: http://www. and R 2 is acting as the remote router.Cisco 642-832: Practice Exam ip dhcp pool client ! Imports DHCP options parameters into DHCP server database import all network 20. However.0 255. RTA(config)# interface fastethernet0/1 RTA(config-if)# ip forward-protocol udp 69 C. Router R 1 is acting as the central router. RTA(config)# interface fastethernet0/0 RTA(config-if)# ip helper-address 10. ASw1(config)# interface range fastethernet 0/1 .255.html#wp1009276 QUESTION NO: 58 A.actualtests.2. As shown in the example. RTA(config)# interface fastethernet0/1 RTA(config-if)# ip helper-address 10.com 52 Ac tua lTe Refer to the exhibit.www.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0 9186a00800ca75c.2." .10 "Pass Any Exam.0 ! interface FastEthernet0/0 ip address dhcp duplex auto speed auto In our example.255. interface Fa0/1 needs to have the "ip address dhcp" command applied.10 D.2. making it a DHCP client.1.

administrators use the ip helper-address command to relay broadcast requests for these key User Datagram Protocol (UDP) services.com Ac tua QUESTION NO: 59 lTe sts . Such remote clients broadcast to locate these servers. In a complex hierarchical network. a router can be configured to accept a broadcast request for a UDP service and then forward it as a unicast to a specific IP address By default. the ip helper-address command will forward these 8 UDP ports: Reference: http://www. Running services such as DHCP or DNS on several computers creates overhead and administrative problems. RTA(config)# interface fastethernet0/0 RTA(config-if)# ip forward-protocol udp 69 F.www. do not forward client broadcasts beyond their subnet." . By using the ip helper-address command.Cisco 642-832: Practice Exam E. Any Time. ASw1# copy tftp running-config Answer: C Explanation: DHCP is not the only critical service that uses broadcasts. Some clients might need to broadcast to locate a TACACS security server.com/articles/article. clients might not reside on the same subnet as key servers. When possible. by default.ciscopress. the administrator must provide DHCP and DNS servers on all subnets or use the Cisco IOS software helper address feature. For this reason.asp?p=330807&seqNum=9 Refer to the exhibit. Based upon the information in the exhibit. Some clients are unable to make a connection without services such as DHCP. so the first option is not very appealing. but routers. which statement is true? "Pass Any Exam. Cisco routers and other devices might use broadcasts to locate TFTP servers.co m 53 .actualtests.

the R1 fa0/0 interface must be configured with the ip helperaddresses command.1 as unicast messages.168. If multiple helper-addresses are configured. Which two statements are true? (Choose two) "Pass Any Exam.100. D. C.actualtests. To complete this configuration. Answer: D Explanation: A DHCP relay agent is any host that forwards DHCP packets between clients and servers.168. Refer to the exhibit. R1 will forward all DHCP requests to both 192.co m 54 .200. E. the R2 fa0/0 interface must be configured with the ip helperaddresses command. Any Time.1 and 192.100. Relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface.www.1. The agents forward requests and replies between clients and servers when they are not on the same physical subnet. To complete this configuration. R1 will forward DHCP requests to 192. The Cisco IOS DHCP relay agent is enabled on an interface only when the ip helper-address is configured. If there is no response.168.1. B.Cisco 642-832: Practice Exam A.168. DHCP requests from the host will be rebroadcasted to R2. if no response got from the first helper address then sends the request to second one. it tries to get response from first.200." .com Ac tua QUESTION NO: 60 lTe sts . R1 will then forward the requests to 192.

Cisco 642-832: Practice Exam

Answer: A,E

Explanation: While routers accept and generate broadcasts, they do not forward them. This can be quite a problem when a broadcast needs to get to a device such as a DHCP or TFTP server that's on one side of a router with other subnets on the other side.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

A. DHCPDISCOVER packets will reach the DHCP server. B. The router will not forward DHCPDISCOVER packets because it has not been configured to do so. C. This configuration is applied to interface Fa0/1. D. DHCPDISCOVER packets will not reach the DHCP server because DHCPDISCOVER packets are broadcasts. E. DHCPDISCOVER packets will not reach the DHCP server because ports 67 and 68 have not been explicitly allowed by the ip forward-protocol command. F. This configuration is applied to interface Fa0/0.

lTe

sts

.co

m

55

Cisco 642-832: Practice Exam

This command does forward eight common UDP service broadcasts by default. TIME, port 37 TACACS, port 49 DNS, port 53 BOOTP/DHCP Server, port 67 BOOTP/DHCP Client, port 68 TFTP, port 69 NetBIOS name service, port 137 NetBIOS datagram service, port 138 That's going to cover most scenarios where the ip helper-address command will be useful, but what about those situations where the broadcast you need forwarded is not on this list? You can use the ip forward-protocol command to add any UDP port number to the list. In this particular case, ports 67 and 68 were not included, so the BOOTP packets will not be sent to the DHCP server.

QUESTION NO: 61 On router R1, which three of the following protocols will be forwarded to a host specified by the "ip helper-address" interface configuration command if the configuration has not been modified by the "ip forward-protocol udp" global configuration command? (Choose three)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

R1(config)#int e0 R1(config-if)#ip helper-address ? A.B.C.D IP destination address R1(config-if)#ip helper-address 10.1.1.1

lTe

If this PC attempts to locate a DNS server with a broadcast, the broadcast will be stopped by the router and will never get to the DNS server. By configuring the ip helper-address command on the router, UDP broadcasts such as this will be translated into a unicast by the router, making the communication possible. The command should be configured on the interface that will be receiving the broadcasts.

sts

.co

m

56

Cisco 642-832: Practice Exam A. BOOTP B. TFTP C. ARP D. DNS E. proxy-ARP F. FTP G. CDP Answer: A,B,D Explanation: To forward the BootP/DHCP request from the client to the DHCP server, the ip helper-address interface command is used. The IP helper-address can be configured to forward any UDP broadcast based on UDP port number. By default, the IP helper-address will forward the following UDP broadcasts: DNS (port 53), time service (port 37) Trivial File Transfer Protocol (TFTP) (port 69) Terminal Access Control Access Control System (TACACS) service (port 49) NetBIOS name server (port 137) NetBIOS datagram server (port 138) Boot Protocol (DHCP/BootP) client and server datagrams (ports 67 and 68) IEN-116 name service (port 42) Reference: Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks http://www.cisco.com/warp/public/473/100.html

Refer to the exhibit. Which statement is true about the configuration?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

QUESTION NO: 62

sts

.co

m

57

Cisco 642-832: Practice Exam

Explanation: When configuring the Router as a DHCP server you should follow these steps: Define the pool using ip dhcp pool <poolname> Define the network to assign to client to the pool using : network network/mask Define the lease time using lease days Define the DNS server to resolve name/ip using: dns-server <ip address> Define the Default Gateway to assign to the client: degault-router <router ip add> In exhibit there is no dns-server in pool 1 and pool 2. If a dns server is not defined in the pool, it takes from the previous pool, same thing will happen here, pool 1 and pool 2 use the 10.10.20.50 as the DNS server from the pool 0.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Answer: C

tua

A. Hosts belonging to DHCP pool 1 and pool 2 will retain their IP settings for 30 hours before they must renew. B. Hosts will receive IP settings from pool 1 until the addresses run out, and then hosts will receive the settings from pool 2. C. Hosts in the 10.10.20.0/24 subnet will use 10.10.20.50 as its DNS server. D. DHCP pool 0 needs to have the ip dhcp excluded-address command to exclude the default router and DNS servers.

lTe

sts

.co

m

58

Cisco 642-832: Practice Exam QUESTION NO: 63 Refer to the exhibit. The DHCP configuration that is shown is configured on a Cisco router. Which statement is true?

Answer: D

Explanation: There are two pools with different networks. Pool 1 has 172.16.1.0/24 and pool 2 has 172.16.2.0/24. Suppose that the router has fa0/0 interface with IP address 172.16.1.1 and fa0/1 with IP address 172.16.2.1. When a client sends the DHCP request on fa0/0 the router will assign the IP address from pool 1 and when a client sends the DHCP request on fa0/1 Router will assign IP address from pool 2 because the pool selection is based on the network address of the associated interface IP address.

QUESTION NO: 64 Refer to the exhibit. A network administrator has configured DHCP services on the router as shown. DHCP clients connected to the FastEthernet0/0 interface are working properly. DHCP clients connected to the FastEthernet0/1 interface are not receiving addresses. Which two statements contain recommendations that will solve the problem? (Choose two.) "Pass Any Exam. Any Time." - www.actualtests.com 59

Ac

tua

A. The router will distribute IP addresses from pool 1 until its addresses are exhausted. Then the router will begin distributing addresses from pool 2. B. The configuration is invalid because the DHCP options are global configuration commands. C. The configuration is incomplete until the DHCP pools are bound to the appropriate interface or interfaces. D. The router will choose which pool to use based upon the interface the DHCP request was received on.

lTe

sts

.co

m

Cisco 642-832: Practice Exam

A. The network shown in the output under the ip dhcp pool Central command should be changed to network 10.10.0.0 with a mask of 255.255.255.0. B. A second DHCP pool for network 10.10.0.0/24 should be configured. C. An ip dhcp excluded-address global configuration command for network 10.10.0.0/24 should be issued. D. The ip helper-address 10.0.0.1 command should be issued so that the address can be added to the FastEthernet0/0 configuration. E. The ip helper-address 10.0.0.1 command should be issued so that the address can be added to the FastEthernet0/1 configuration. Answer: B,C Explanation: In the exhibit, the DHCP pool has been configured for the 10.0.0.0 255.255.255.0 network so clients connected to fa0/0 are receiving an IP address but clients connected to fa0/1 are not receiving an IP address because the DHCP pool for 10.10.0.0/24 network has not been configured. So to assign an IP address to clients connected to fa0/1 interface you should configure the DHCP pool for 10.10.0.0/24 network.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

60

www. B.0.0.10.0. The first DHCP client to connect to the FastEthernet 0/1 interface will receive the IP address 10.co m .0 255. C.1.0.2. Answer: A.0.10.0 network so clients connected to fa0/0 are receiving an IP address but clients connected to fa0/1 are not receiving IP address because the DHCP pool for the 10.0/24 network has not been configured.com 61 Ac tua lTe sts .0.E Explanation: In the exhibit.actualtests.1 D. The first DHCP client to connect to the FastEthernet 0/0 interface will receive the IP address 10. Any Time.6.0. E.0. So to assign IP addresses to clients connected to fa0/1 interface you should configure "Pass Any Exam. Which two statements are true about the partial configuration that is shown? (Choose two. The first DHCP client to connect to the FastEthernet 0/0 interface will receive the IP address 10.255. the DHCP pool has been configured for the 10.255.0.0.) A." . Hosts connected to the FastEthernet0/1 interface will not receive DHCP replies from the router.Cisco 642-832: Practice Exam QUESTION NO: 65 Refer to the exhibit. DHCP requests received on the FastEthernet 0/1 interface will be forwarded to 10.

1.B Explanation: "Pass Any Exam. Hosts using the default gateway address of 192.2 will have their traffic sent to Catalyst_A." . The command standby 1 preempt was added to Catalyst_A.1. Answer: A.Cisco 642-832: Practice Exam the DHCP pool for 10.168.1.0/24 network. Any Time.168.actualtests.0. D.co m . Section 6: Troubleshoot NAT (0 Questions) Section 7: Troubleshoot first hop redundancy protocols (18 Questions) QUESTION NO: 66 Refer to the exhibit.11 even after Catalyst_A becomes available again.1 will have their traffic sent to 192.www.com 62 Ac tua lTe sts . B. Hosts using the default gateway address of 192.) A.10. Which two statements are true about the output from the show standby vlan 50 command? (Choose two. Catalyst_A is load sharing traffic in VLAN 50.168. C.

" . Coup -When a standby router assumes the function of the active router. tua lTe sts Resign -A router that is the active router sends this message when it is about to shut down or when a router that has a higher priority sends a hello message. the standby router with the highest priority becomes the active router. To configure a router as the active router. At any time. QUESTION NO: 67 "Pass Any Exam.forwarding functions between routers is completely transparent to all hosts on the network. HSRP-configured routers exchange three types of multicast messages: Hello -The hello message conveys to other HSRP routers the router's HSRP priority and state information. that router cannot become the active router. The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group.co m . it sends a coup message. Any Time.www. The configurations of both routers include this command so that each router can be the standby router for the other router. an HSRP router sends hello messages every three seconds. If you do not use the standby preempt command in the configuration for a router. that router will be the default active router. The 1 indicates that this command applies to Hot Standby group 1.actualtests. By default.com 63 Ac Speaking and listening -The router is sending and receiving hello messages. you assign it a priority that is higher than the priority of all the other HSRP-configured routers. The transition of packet. The default priority is 100. Active -The router is performing packet-transfer functions. When the active router fails to send a hello message within a configurable period of time. Listening -The router is receiving hello messages. HSRP-configured routers are in one of the following states: . Standby -The router is prepared to assume packet-transfer functions if the active router fails. so if you configure just one router to have a higher priority. HSRP works by the exchange of multicast messages that advertise priority among HSRPconfigured routers.Cisco 642-832: Practice Exam HSRP uses a priority scheme to determine which HSRP-configured router is to be the default active router.

the virtual router address.11.112 is using default HSRP priority.www. The priority of the router with IP address 172.11.) Answer: B. C.16.111 has preempt configured.com 64 Ac tua lTe sts A.11. each router has a common gateway IP address.actualtests. which three statements about HSRP are true? (Choose three. you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address. knowing that a router always keeps that address active. without delay.112 is preferred over the router with IP address 172. This address is used for all routing protocol and management traffic initiated by or destined to the router.D.16. .11. The IP address 172.112 has nonpreempt configured.16.Cisco 642-832: Practice Exam Refer to the exhibit.E Explanation: Each router in an HSRP group has its own unique IP address assigned to an interface. This is usually done if there are "Pass Any Exam.11. D. Clients can point to that virtual router address as their default gateway.115 is the virtual HSRP IP address. This address is also referred to as the HSRP address or the standby address .16. Use the following interface configuration command to allow preemption: Switch(config-if)# standby group preempt [delay seconds] By default.16. F. E. B.111. In addition. The router with IP address 172. You can configure a router to preempt or immediately take over the active role if its priority is the highest at any time. The router with IP address 172." .16.co m . Based upon the debug output that is shown. The router with IP address 172. Keep in mind that the actual interface address and the virtual (standby) address must be configured to be in the same IP subnet.16. Any Time. The final active router is the router with IP address 172.11. that is kept alive by HSRP.111. the router can preempt another immediately.11. You can assign the HSRP address with the following interface command: Switch(config-if)# standby group ip ip-address [secondary] When HSRP is used on an interface that has secondary IP addresses. You can use the delay keyword to force it to wait for seconds before becoming active.

www.112 will be the active router because its HSRP priority is preferred over router 172.11.111 router.11.111 is the virtual HSRP router IP address.16.16. Router 172. QUESTION NO: 68 What can be determined about the HSRP relationship from the displayed debug output? Answer: F Explanation: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router.16. The preempt feature is not enabled on the 172.11.11.co m . QUESTION NO: 69 Examine the router output above. The nonpreempt feature is enabled on the 172.16. The IP address 172. The IP address 172.16.112.Cisco 642-832: Practice Exam routing protocols that need time to converge. Which two items are correct? (Choose two. lTe sts . C.11. If you do not use the standby preempt command in the configuration for a router. F. Router 172. E.16.11.com 65 Ac tua A. that router cannot become the active router. Any Time. B.112 router.actualtests. D.16.11.16.11.111 will be the active router because its HSRP priority is preferred over router 172.112 is the virtual HSRP router IP address." .111. The 1 indicates that this command applies to Hot Standby group 1.) "Pass Any Exam.

we know that when any router comes back up. m 66 . the current priority shows it to be 95. E. it will become the active router as long as it has a higher priority value.Cisco 642-832: Practice Exam Answer: C.) "Pass Any Exam. The local IP address of Router A is 10. When Ethernet 0/3 of RouterA comes back up. it would then be 105 + 15 (special override as seen in the command) = 120.www.20. Any Time. If fast0/2 were to come up as well.com Ac Explanation: Since preemption has been configured. B.1. Which two problems are the most likely cause of the exhibited output? (Choose two." . D.1.html tua lTe sts .com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_12c_ea1/confi guration/guide/swhsrp.D QUESTION NO: 70 Refer to the exhibit.6. C. In this example.actualtests. Router A will assume the active state if its priority is the highest. it would now be 95 + 10 (which is the default value) so the total value would then become 105. the standby router will take over.0.co A.0. If Ethernet 0/2 goes down. the priority will become 105. If the interface were to come up.cisco. The local IP address of Router A is 10. Reference: http://www.

com Ac tua Explanation: Each router in an HSRP group has its own unique IP address assigned to an interface. Based upon the debug output that is shown. QUESTION NO: 71 Refer to the exhibit. knowing that a router always keeps that address active." . Keep in mind that the actual interface address and the virtual (standby) address must be configured to be in the same IP subnet. In addition.www. This address is also referred to as the HSRP address or the standby address . transport layer issues D.) "Pass Any Exam.actualtests. This address is used for all routing protocol and management traffic initiated by or destined to the router. the virtual router address that is kept alive by HSRP. spanning tree issues C. Any Time. HSRP misconfiguration 67 .Cisco 642-832: Practice Exam Answer: D. VRRP misconfiguration B. you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address.E When HSRP is used on an interface that has secondary IP addresses. You can assign the HSRP address with the following interface command: Switch(config-if)# standby group ip ip-address [secondary] lTe sts . physical layer issues E. which three statements about HSRP are true? (Choose three. Clients can point to that virtual router address as their default gateway.co m A. each router has a common gateway IP address.

The router with IP address 172.115 is the virtual HSRP IP address. Keep in mind that the actual interface address and the virtual (standby) address must be configured to be in the same IP subnet.16. This is usually done if there are routing protocols that need time to converge. Use the following interface configuration command to allow preemption: Switch(config-if)# standby group preempt [delay seconds] By default.actualtests. In addition. Any Time.11.11.D.111 has preempt configured. The IP address 172. "Pass Any Exam.11. This address is also referred to as the HSRP address or the standby address . knowing that a router always keeps that address active.www.16. Clients can point to that virtual router address as their default gateway. The router with IP address 172. B. D.111.16. F. each router has a common gateway IP address. the virtual router address.16. the router can preempt another immediately.16.112 has nonpreempt configured. without delay.112 is using default HSRP priority.111.E Switch(config-if)# standby group ip ip-address [secondary] When HSRP is used on an interface that has secondary IP addresses. You can use the delay keyword to force it to wait for seconds before becoming active. E. You can configure a router to preempt or immediately take over the active role if its priority is the highest at any time. that is kept alive by HSRP.co A. you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address. This address is used for all routing protocol and management traffic initiated by or destined to the router. The final active router is the router with IP address 172. The router with IP address 172.com Ac Explanation: Each router in an HSRP group has its own unique IP address assigned to an interface.16. m 68 . You can assign the HSRP address with the following interface command: tua lTe sts . C.11.Cisco 642-832: Practice Exam Answer: B.11.112 is preferred over the router with IP address 172.11.16." . The priority of the router with IP address 172.11.

com 69 Ac tua lTe sts A. it will become the active router as long as it has a higher priority value. Any Time.1.html HSRP election is based on a priority value (0 to 255) that is configured on each router in the group. D. By default. The local IP address of Router A is 10.Cisco 642-832: Practice Exam QUESTION NO: 72 Examine the router output above. E. The router with the highest priority value (255 is highest) becomes the active router for the group. Reference: http://www.cisco.www. C. B. If all router priorities are equal or set to the default value.1_12c_ea1/confi guration/guide/swhsrp. we know that when any router comes back up.1. the standby router will take over." .co m . . If the interface were to come up. use the following interface configuration command: Switch(config-if)# standby group priority priority When HSRP is configured on an interface. the router progresses through a series of states before "Pass Any Exam. If Ethernet 0/2 goes down. the current priority shows it to be 95.D Explanation: Since preemption has been configured.actualtests. it would then be 105 + 15 (special override as seen in the command) = 120.6. it would now be 95 + 10 (which is the default value) so the total value would then become 105. The local IP address of Router A is 10. the router with the highest IP address on the HSRP interface becomes the active router. Which two items are correct? (Choose two. To set the priority. In this example.) Answer: C.0. If fast0/2 were to come up as well.20. Router A will assume the active state if its priority is the highest. When Ethernet 0/3 of RouterA comes back up.0.com/en/US/docs/switches/lan/catalyst3550/software/release/12. the priority is 100. the priority will become 105.

16. Active.16.16. The HSRP state sequence is Disabled.11.11. Standby. B. The preempt feature is not enabled on the 172. that router cannot become the active router. The IP address 172. Router 172. The nonpreempt feature is enabled on the 172. Router 172.16.112 router. QUESTION NO: 73 What can be determined about the HSRP relationship from the displayed debug output? Answer: F Explanation: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. F. The IP address 172.16.111. Listen.111 will be the active router because its HSRP priority is preferred over router 172. The 1 indicates that this command applies to Hot Standby group 1.16. Init.111 is the virtual HSRP router IP address. E.16.112 is the virtual HSRP router IP address. and.11. C.11.16.com Ac A. D. "Pass Any Exam. tua lTe sts ." . Any Time. This forces a router to listen for others in a group and see where it fits into the pecking order.www.11.Cisco 642-832: Practice Exam becoming active. Speak. finally.actualtests.co m 70 .11.11.112 will be the active router because its HSRP priority is preferred over router 172. The configurations of both routers include this command so that each router can be the standby router for the other router. If you do not use the standby preempt command in the configuration for a router.112.11.111 router.

pdf QUESTION NO: 75 Network topology exhibit: "Pass Any Exam.) A. In order to maximize the relevance of the results. Delay reduction C. Cisco Systems engaged ZD Tag to observe and confirm the results of a series of tests demonstrating the high availability features of Cisco Catalyst Layer 2/Layer 3 switches. Any Time.D Explanation: Because the importance of high availability networks is increasingly being recognized.C. Jitter management Answer: A.com/warp/public/779/largeent/learn/technologies/campuslan.com Ac tua lTe sts . including UplinkFast and PortFast Cisco Hot Standby Router Protocol (HSRP) and HSRP Track Cisco IOS per-destination load balancing over equal cost OSPF paths Cisco IOS fast convergence for OSPF Reference: http://www. wiring center.Cisco 642-832: Practice Exam QUESTION NO: 74 Which three of the following network features are methods used to achieve high availability? (Select all that apply. Hot Standby Routing Protocol (HSRP) D. Spanning Tree Protocol (STP) B.www. This switched internetwork consisted of wiring closet.cisco. California ). Quality of Service (QoS) F. The testing demonstrated the following high availability and resilience features of Catalyst switches: per-VLAN Spanning Tree (PVST) using Cisco's InterSwitch Link (ISL) and 802. and backbone switches and conformed to Cisco's modular three-tier (Access/Distribution/Core) design philosophy.1Q VLAN Trunking Cisco Spanning Tree Enhancements. many organizations are beginning to make reliability/availability features a key selection criteria for network infrastructure products.actualtests. the demonstration was based on a model of a "real world" campus (in one of Cisco's Enterprise Solution Center labs in San Jose .co m 71 ." . With this in mind. Dynamic routing protocols E.

R2 will be the standby router because it has the higher IP address.Cisco 642-832: Practice Exam R1 configuration exhibit: R2 configuration exhibit: You work as a network technician. D. Please study the exhibit carefully. R1 will be the active router because it booted first. E.actualtests. Since the "standby 62 preempt" command was not configured. R2 will be the active router because it booted last. "Pass Any Exam. In this scenario the following are true: * Host A can ping the headquarter office * HSRP is configured on R1 * First R1 and then R2 are configured and reloaded Based on this information." .com 72 Ac tua lTe sts . R1 will be the standby router because it has the lower IP address.www. R2 will be the active router because it has the higher priority that is configured. B. Answer: C Explanation: Even though router R2 has a higher priority. Any Time. it will not become the active router because the HSRP preemption was not configured. R1 will be the active router because it has the lower priority that is configured. what can be said of this network? A. F. C.co m .

110. QUESTION NO: 76 Exhibit: Answer: E Explanation: In the output shown. R3 is the active router because the standby timer has been incorrectly configured. R3 is the active router because it is the only HSRP-enabled router on that segment F. Any Time. C. D. Based on the R3 "debug standby" output in the exhibit.Cisco 642-832: Practice Exam the first HSRP router to boot up will become the active router and remain the active router even when another device with a higher priority is added.10. it can be seen that the standby router is unknown.actualtests. and the active timer is expired meaning that this router was unable to locate any other HSRP enabled routers on the LAN. None of the other alternatives apply tua lTe You are troubleshooting a redundancy issue with the network. Which statement is true? "Pass Any Exam. which HSRP statement is true? sts . R3 is the active router because it has a lower priority on that VLAN. with no standby router." .com Ac A.10.1. It then became the active router. QUESTION NO: 77 Refer to the exhibit. R3 is the active router and is advertising the virtual IP address 10.co m 73 . Host A has sent an ARP message to the default gateway IP address 10. E.www.10. B.111 on VLAN 11. R3 is the active router because it has a lower IP address then the tying priority router on that VLAN.

Any Time. When router DSW1 sends the ARP message to 10. F. Router DSW2 is the Active Virtual Gateway (AVG) router because it has highest IP address even having equal priority.10. According to exhibit. Which MAC address it returns depends on which load-balancing algorithm it is configured to use. The AVG answers all ARP requests for the virtual router address.com Ac tua lTe Answer: B sts A. DSw2 will not reply. or the highest IP address in the group. The trick behind this load balancing lies in the GLBP group. the virtual MAC address supported by one of the routers in the group is returned. DSw1 will reply with the MAC address of the next AVF. if there is no highest priority. In any event. DSw1 will reply with the IP address of the next AVF. . QUESTION NO: 78 Exhibit: "Pass Any Exam.actualtests.1 Router DSW 2 will reply to DSW 1 as a Active Virtual Router. D.www.10. DSw1 will not reply. but the terminology is different and the behavior is much more dynamic and robust." . One router is elected the active virtual gateway (AVG). B. C. E. Because of the invalid timers that are configured. Some of the concepts are the same as with HSRP/VRRP. DSw2 will reply with the IP address of the next AVF. This router has the highest priority value. Because of the invalid timers that are configured. DSw2 will reply with the MAC address of the next AVF.co m 74 .Cisco 642-832: Practice Exam Explanation: The Gateway Load Balancing Protocol (GLBP) is a Cisco-proprietary protocol designed to overcome the limitations of existing redundant router protocols.

2. Based on the "debug standby" output in the exhibit.255. which HSRP statement is true? .255.1. R5 is the active router because the standby timer has been incorrectly configured.1 255.255. tua lTe A.255. the neighbor discovery timer has expired and the standby router is unknown.0 standby 35 ip 20.6.111 on VLAN 11. E. R5 is the active router because it is the only HRSP-enabled router on that segment." .21 "Pass Any Exam. D.1. C.Cisco 642-832: Practice Exam Answer: A QUESTION NO: 79 Routers R1 and R2 are configured for HSRP as shown below: Router R1: interface ethernet 0 ip address 20.2 255.10. R5 is the active router because it has a lower IP address than the tying priority router on that VLAN. R5 is the active router and is advertising the virtual IP address 10.actualtests. R5 is the active router because it has a lower priority on that VLAN. None of the other alternatives apply sts .com 75 Ac Explanation: Answer A is correct because there is no response from the HSRP neighbor. As we can see from the exhibit. B.10. F.www.1.21 standby 35 priority 100 interface ethernet 1 ip address 20.co m You have configured HSRP on router R5 as shown.2.6.6.6.0 standby 34 ip 20. Any Time.

1.co m 76 .255. and active. Note: Hot Standby Routing Protocol (HSRP) is a Cisco proprietary protocol used for allowing redundant connections. This could be caused by missing HSRP hello messages. listen. Incorrect Answers: B: Spanning tree loops does not affect this problem.com Ac tua lTe sts .1 255.2.1." .0 standby 35 ip 20. no spanning tree loops C.6.6. standby. It can keep core connectivity if the primary routing process fails. in the example here the default values were indeed used. failure to set the command standby 35 preempt Answer: A Explanation: R2 is not able to from the standby state to reach the active state.6. There are several possible causes for HSRP packets to get lost between the peers.) "Pass Any Exam.www.6. The most common problems are Physical Layer Problems or excessive network traffic caused by Spanning-Tree Issues. While debugging router R2 you notice very frequent HSRP group state transitions.actualtests.2. Which three statements accurately describe this GLBP topology? (Choose three. speak. C: Not a likely cause.21 standby 34 priority 100 You have configured the routers R1 & R2 with HSRP. What is the most likely cause of this? A.1. use of non-default HSRP timers D. learn.255. QUESTION NO: 80 Refer to the exhibit.Cisco 642-832: Practice Exam Router R2: interface ethernet 0 ip address 20.0 standby 34 ip 20. HSRP defines six states in which an HSRP router may run: initial.255. Any Time.255. Besides.21 interface ethernet 1 ip address 20. physical layer issues B.2 255.

Any Time. R2 is the Standby VFfor the VMAC 0008. R2 would act as a VRF and would already be forwarding and routing packets. As the role of the Active VG and load balancing.actualtests. sts .com 77 Ac tua lTe A. E. C. Any additional routers would be in a listen state. As the role of the Active VG.B. R1 responds to ARP requests with different virtual MAC addresses. there would be two backup AVGs. In this scenario. there is 1 AVG and 1 standby VG. F. Router A alternately responds to ARP requests with different virtual MAC addresses.www. Router B will transition from blocking state to forwarding state when it becomes the AVG. In this case R1 is the AVG and R2 is the standby. the primary responsibility is to answer ARP requests to the virtual IP address. If Router A becomes unavailable. B." . As an AVF router R2 is already forwarding/routing packets QUESTION NO: 81 Network topology exhibit: "Pass Any Exam. If another router were added to this GLBP group.b400.Cisco 642-832: Practice Exam Answer: A. Router B is in GLBP listen state.E Explanation: With GLBP the following is true: With GLB. D.co m .0101 and would become the Active VF if R1 were down. Router B will forward packets sent to the virtual MAC address of Router A. Router A is responsible for answering ARP requests sent to the virtual IP address.

Therefore the concept cam about for using multiple virtual router groups. The other routers in the group are redundant until the active router fails. and this is how the load is balanced between the routers. The hosts will learn the proper default gateway IP address from Router R1. but not identical. workstation traffic is divided across all possible gateways. One member is elected to be the active router to forward packets sent to the virtual IP address for the group.which is wasteful. GLBP is similar in that it provides load balancing over multiple routers (gateways) .infocellar. which are configured for the same set of routers. these standby routers pass no traffic in normal operation . the hosts must be configured for different default gateways. and all routers in the virtual router group participate in forwarding packets Reference: http://www.com Ac tua lTe sts . you can lket them use ARP's to find their own.Cisco 642-832: Practice Exam In this network segment. Both HSRP and VRRP protocols allow multiple routers to participate in a virtual router group configured with a virtual IP address. Each host is configured with the same virtual IP address.com/networks/Routers/HSRP-GLBP-VRRP. The default gateway address of each host should be set to the virtual IP address. D. The hosts will have different default gateway IP addresses and different MAC addresses for each rtouter.co m 78 .htm "Pass Any Exam. Multiple gateways in a "GLBP redundancy group" respond to client Address Resolution Protocol (ARP) requests in a shared and ordered fashion. B.but it can do this using only ONE virtual IP address!!! Underneath that one virtual IP address is multiple virtual MAC addresses. function for the user as the HSRP and VRRP. C. each with their own unique virtual MAC addresses. Any Time. which results in an extra administrative burden of going around and configuring every host and creating 2 or more groups of hosts that each use a different default gateway. But to share the load. As such. None of the other alternatives apply. E.actualtests. The default gateway address of each host should be set to the real IP address of the router.www. Instead of the hassle of configuring all the hosts with a static Default Gateway. With standard HSRP and VRRP. What can be said about this? A. the two routers on the network are configured for GLBP (Gateway Load Balancing Protocol)." . Answer: B Explanation: GLBP performs a similar.

So. tua Switch(config-if)# standby group track type mod/num [decrementvalue] lTe Explanation: HSRP has a mechanism for detecting link failures and swaying the election. m 79 . the standby device will take over as active. Assume that Switch_A is active for the standby group and the standby device has only the default HSRP configuration. it would not take over as active router. If Switch_A had the highest priority number. when fa1/1 on Switch_A goes down. sts .com Ac By default. When a specific interface is tracked. What conclusion is valid? Answer: D Section 8: Troubleshoot IPv6 routing (3 Questions) QUESTION NO: 83 Refer to the output. Any Time. B. What IOS command produces this output? "Pass Any Exam. giving another router an opportunity to take over the active role. If port Fa1/1 on Switch_A goes down.co A. D.actualtests. If port Fa1/1 on Switch_A goes down. C. it would take over the role of active for the HSRP group. the new priority value for the switch would be 190. HSRP reduces the router's priority by a configurable amount as soon as the interface goes down. If the current standby device were to have the higher priority value.www.Cisco 642-832: Practice Exam QUESTION NO: 82 Refer to the exhibit. the priority will be decreased by 10 from 200 to 190. the decrement value for an interface is 10." .

" . Checksum Sum 0x67581 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 "Pass Any Exam. Checksum Sum 0x218D Number of areas in this router is 1.actualtests.3 It is an autonomous system boundary router Redistributing External Routes from. static SPF schedule delay 5 secs.3. show ipv6 ospf m 80 .Cisco 642-832: Practice Exam Answer: D Routing Process "ospfv3 1" with ID 172. Any Time. Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. show ipv6 ospf interface D.www.com Ac tua lTe Explanation: Sample Output for the show ipv6 ospf Command The following is sample output from the show ipv6 ospf command: Router# show ipv6 ospf sts . 1 normal 0 stub 0 nssa Area 1 Number of interfaces in this area is 2 SPF algorithm executed 9 times Number of LSA 15. show ip ospf interface C.co A.16. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 1. show ip ospf B.

16. OSPF version 2 has been enabled to support IPv6. The configuration of OSPFv3 is not a subcommand mode of the router ospf command as it is in OSPFv2 configuration. The following describes the steps to configure OSPF for IPv6: "Pass Any Exam.) Explanation: OSPFv3 supports IPv6. The output was generated by the show ip interface command. E. Interface FastEthernet 0/0 was configured with the ipv6 ospf 1 area 1 command. B.6.com Ac Answer: A.com/en/US/docs/ios/ipv6/configuration/guide/ip6ospf.C tua A.actualtests. instead of using the network area command to identify networks that are part of the OSPFv3 network.Cisco 642-832: Practice Exam Flood list length 0 Reference: http://www.0. D.html#wp1071056 QUESTION NO: 84 Refer to the exhibit. F. What two statements are true? (Choose two.255 area 1 lTe sts . The IP address of the backup designated router (BDR) is FE80::205:5FFF:FED3:5808.www. For example.0 0. This is the designated router (DR) on the FastEthernet 0/0 link. The router was configured with the commands: router ospf 1 network 172." . the interfaces are directly configured to specify that IPv6 networks are part of the OSPFv3 network. Any Time. C.co m 81 .cisco.0.

and then the SPF algorithm is performed. the OSPF database is cleared and repopulated." .com/en/US/docs/ios/ipv6/configuration/guide/ip6ospf_support_TSD_Island_of_Content_Chapter.1 is converted into a valid IPv6 address.1:0:0:0:0:0:0 B.cisco. the IPv4 address 192. Which three IPv6 addresses are acceptable formats for the IPv4 address? (Choose three.co m 82 .168. C0A8:1E01:: E.30. Any Time.) A. What does this command accomplish? A.1 D.168.1 C. The route table is cleared.168. E. QUESTION NO: 85 The command "clear ipv6 ospf process" was issued on a router. C. 192.www.html sts . The OSPF database is repopulated and then the shortest path first (SPF) algorithm is performed. When the force-spf keyword is used with the clear ipv6 ospf command.Cisco 642-832: Practice Exam There are several commonly used OSPFv3 show commands.30. 192. the OSPF database is not cleared before the SPF algorithm is performed. Reference: http://www.168. 0:0:0:0:0:0:192.30.168. including the show ipv6 ospf [ process-id ] [ area-id ] interfacee [ interface ] command. B.actualtests. The OSPF adjacencies are cleared and initiated again. ::192. D.1:: F. The shortest path first (SPF) algorithm is performed on the LSA database. None of the other alternatives apply Answer: C Section 9: Troubleshoot IPv6 and IPv4 interoperability (4 Questions) QUESTION NO: 86 To enable BGP tunneling over the IPv4 backbone. ::C0A8:1E01 "Pass Any Exam.30.30. Then the OSPF neighbors are reformed.com Ac tua lTe Explanation: When the process keyword is used with the clear ipv6 ospf command.

F are the correct answers.16 address acceptable for IPv6 format: 0:0:0:0:0:10:10:100:16 or ::10:10:100:16 or ::A:A:64:10 So Answer B. C. Here is the example of IPv4 10. dual stack. Which statement is true about incorporating IPv6 into an already existing IPv4 network? sts QUESTION NO: 87 . E. Any Time.com 83 Ac tua A. Most of these strategies involve tunneling.0 Router(Config-if)#ipv6 address affe::1/64 "Pass Any Exam.1 255. Here is the example to configure IPv4 and IPv6 address on the same interface: Router(Config)#int s0/0 Router(Config-if)#ip address 1. A router routing for IPv6 and IPv4 must convert IPv4 packets to IPv6 packets to route them. Answer: B Explanation: The transition from IPv4 to IPv6 does not require an upgrade on all nodes at the same time.100.Cisco 642-832: Practice Exam Answer: B.1. Many transition mechanisms like dual stack. C. so you can route IPv4 route and IPv6 route simultaneously. IPv4 Compatible IPv6 Address. A mechanism exists for creating IPv6 addresses that are compatible with IPv4. IPv4 and IPv6 networks can be routed simultaneously. tunneling etc enable smooth integration of IPv4 to IPv6.C.F Explanation: Many transition strategies have been developed for IPv4 networks to migrate to IPv6 service and for IPv6 networks to intercommunicate over IPv4 networks.www.co m .255. These addresses use 0s in the first 96 bits of the address and one of the two formats for the remaining portion of the address. You can configure IPv4 as well as IPv6 Address on same router's same interface.255. Only OSPF version 3 can be utilized for routing IPv4 and IPv6. None of the other alternatives apply lTe Company network is implemting IPv6 into their existing IPv4 netwrok.actualtests." .10. B. IPv6 can be routed using the same routing protocol versions as IPv4 D.1.

Reference: Routing IPv6 over IPv4 www. the IPv6 packet is encapsulated in an IPv4 packet using an IPv4 protocol type of 41.1 would be converted to the 2002:1315:4463:1::/64 IPv6 address. The specification of a 48-bit external routing prefix in the IPv6 Aggregatable Global Unicast Address Format that provides just enough space to hold the 32 bits required for the 32-bit IPv4 tunnel endpoint address (called V4ADDR in Figure 3) makes this setup possible. as defined in the Transition Mechanisms RFC. Which two statements are true about these tunnels? (Choose two) A. Which two statements about this kind of tunneling are accurate? (Choose two) A.html QUESTION NO: 89 A Company is using 6to4 tunnels in their IPv6 network.com 84 Ac tua Explanation: The 6to4 transition mechanism provides a solution to the complexity problem of building manually configured tunnels to an ISP by advertising a site's IPv4 tunnel endpoint (to be used for a dynamic tunnel) in a special external routing prefix for that site. Each 6to4 site receives a /48 prefix in a 6to4 tunnel." . Prepending a reserved IPv6 code to the hexadecimal representation of 192. the first two bytes of the IPv6 address will be 0x2002 and the next four bytes will be the hexadecimal equivalent of the IPv4 address.www. B. D. In a 6to4 tunnel.99. 6to4 is a manual tunnel method. Sending and Receiving Rules for 6to4 Routers When the requesting site's 6to4 router sees that it must send a packet to another site (that is.actualtests. there is a nonlocal destination).0. Prepending 0x2002 with the IPv4 address creates an IPv6 address that is used in 6to4 tunneling. "Pass Any Exam. 2002::/48 is the address range specifically assigned to 6to4. B. lTe sts .168.cisco. C. the IPv4 address 192.168. In a 6to4 tunnel.co m Answer: C. Any Time.com/web/about/ac123/ac147/ac174/ac197/about_cisco_ipj_archive_article09186a0080 0c830a. and that the next hop destination prefix contains the special 6to4 Top Level Aggregation (TLA) value of 2002::/16.E .Cisco 642-832: Practice Exam QUESTION NO: 88 A company is using 6to4 tunneling within their IPv6 network.1 facilitates 6to4 tunneling. E.

168.C Explanation: The 6to4 method uses the reserved prefix 2002::/16 concatenated with the hexadecimal equivalent of the IPv4 address to allow an IPv4 site to create and use a /48 IPv6 prefix based on a single Globally routable reachable IPv4 address.99.Cisco 642-832: Practice Exam C.168.1 would be converted to the 2002:c0a8:6301::/48 IPv6 address. For example. can you tell me why VLAN updates from switch CK-P2S1 are not applied to switch CK-P1S1? (Choose three. In a 6to4 tunnel. the first two bytes of the IPv6 address will be locally derived and the next two bytes will be the hexadecimal equivalent of the IPv4 address. In a 6to4 tunnel.1 would be converted to the 2002:c0a8:6301::/16 IPv6 address. E.www.co m 85 .99. On the basis of the following exhibit. in a 6to4 tunnel. the IPv4 address 192.com Ac tua lTe QUESTION NO: 90 sts Section 10: Troubleshoot switch-to-switch connectivity for the VLAN based solution (9 Questions) ." . Reference: BSCI study guide volume 2. Cisco Press.actualtests.) "Pass Any Exam. the IPv4 address 192. Any Time. In a 6to4 tunnel. page 8-75. Answer: A. the first two bytes of the IPv6 address will be locally derived and the next two bytes will be the hexadecimal equivalent of the IPv4 address. D.

C.Cisco 642-832: Practice Exam Explanation: Determine the VTP mode of operation of the switch and include the mode when setting the VTP domain name information on the switch.www.co m 86 . with all other switches set to client mode for purposes of controlling VTP information. It is generally recommended that you have several servers in the domain. The passwords do not match. B. Switch CK-P1S1 is in transparent mode. From the privileged mode or VLAN configuration mode. C. It is also highly recommended that you use secure mode in your VTP domain. use the vtp password password command. D. lTe sts . This will prevent unauthorized switches from participating in the VTP domain. The MD5 digests do not match. The VTP domains are different. be sure to verify that the configuration revision number is set to 0 before adding the switch to the VTP domain.actualtests. Assigning a password to the domain will accomplish this.D tua A.com Ac Answer: B." . Any Time. "Pass Any Exam. If you leave the switch in server mode.

What should be done to fix the problem? "Pass Any Exam.co m 87 .www.com Ac tua lTe sts .Cisco 642-832: Practice Exam QUESTION NO: 91 Two switches connect multiple VLANs as shown below: SW1 configuration exhibit: SW2 configuration exhibit: Refer to the exhibits and the show interfaces fastethernet0/1 switchport outputs. Any Time." .actualtests. Users in VLAN 5 on switch SW1 complain that they do not have connectivity to the users in VLAN 5 on switch SW2.

F. 3. SW13 is configured as a VTP server with a different domain name.Cisco 642-832: Practice Exam A. 4. C. SW13 is configured with only VLAN1. SW13 is configured as a VTP server with the domain name R1. 5. For example. is a member of the VLAN.co m . C. No traffic is being passed on VLANs 2. SW13 has a lower VTP configuration revision than the current VTP revision. However. defines which VLANs can be trunked over the link. B." . Configure the same number of VLANs on both switches. Right before the network problem occurred. E. VTP servers can also specify other configuration parameters such as VTP version and VTP pruning for the entire VTP domain. What three configuration issues on SW13 could be causing the network outage? (Select three) sts . There might be times when the trunk link should not carry all VLANs. D. too. traffic passes on VLAN 1 and indicates all switches are operational. VTP information is "Pass Any Exam. Create switch virtual interfaces (SVI) on both switches to route the traffic. E.com 88 Ac tua lTe In the network. 4. Define VLAN5 in the allowed list for the trunk port on SW2 B. Define VLAN5 in the allowed list for the trunk port on SW1. D.C. If the VLAN does not extend past the far end of the trunk link. 2. a switch named SW13 was taken out of the lab and added to the network.www. SW13 has a higher VTP configuration revision than the current VTP revision. F. propagating broadcasts across the trunk makes no sense. 3. 20 are active on the network. 10. a Catalyst switch is in the VTP server mode and in the "no management domain" state until the switch receives an advertisement for a domain over a trunk link or a VLAN management domain is configured. By default. a switch transports all active VLANs (1 to 4094) over a trunk link.F Explanation: VTP Modes: 1. 5. modify. None of the other alternatives apply. QUESTION NO: 92 A. Suddenly the whole network goes down. and delete VLANs. SW13 is not configured to participate in VTP. 20. Answer: D Explanation: switchport trunk allowed vlan .actualtests. VLANs 1. VLAN Trunking Protocol (VTP) is running with a domain name of R1. A switch that has been put in VTP server mode and had a domain name specified can create. Answer: A. Any Time. Disable pruning for all VLANs in both switches. Server By default. 10. broadcasts are forwarded to every switch port on a VLAN-including the trunk link because it.

What could be the cause of this? sts . Reference: Trunking between Catalyst 4000. the 802. Transparent VTP transparent switches do not participate in VTP. Client will make contact with the VTP server in between 5 minutes. 2.com 89 Ac A. To your surprise you notice a non-zero entry in the 'Giants' column. To resolve this issue. what is the revision number. but it is not possible to create." . before connecting any switch into LAN verify that new switch is in which mode. is that highest than other switch operated in server mode? 3. IEEE 802. this means that if a maximum-sized Ethernet frame gets tagged. Client The VTP client maintains a full list of all VLANs within the VTP domain.10 C.co m . but the information is local to the switch (VLAN information is not propagated to other switches) and is stored in NVRAM QUESTION NO: 93 Answer: A Explanation: The 802.3 is 1518 bytes. VLANs can be configured on a switch in the VTP transparent mode.3ac to extend the maximum Ethernet size to 1522 bytes. Misconfigured NIC D. VTP clients behave the same way as VTP servers. A VTP transparent switch does not advertise its VLAN configuration.actualtests. in VTP Version 2.Cisco 642-832: Practice Exam stored in NVRAM. Any changes made must be received from a VTP server advertisement. and does not synchronize its VLAN configuration based on received advertisements. So. transparent switches do forward VTP advertisements that the switches receive out their trunk ports. a number that violates the IEEE 802. it copies the advertisements from that VTP server having highest Revision number. Recalling that the maximum size for an Ethernet frame as specified by IEEE 802. IEEE 802. or delete VLANs on a VTP client. Note: The show port command is used to display port status and counters. the frame size will be 1522 bytes.3 standard.1Q standard can create an interesting scenario on the network. and 6000 Family Switches Using 802. However.3 frame size) on the port.1Q B. Any Time. All of the above tua lTe You're a network administer and you issue the command (show port 3/1) on an Ethernet port. User configuration E. Giants denote the number of received giant frames (frames that exceed the maximum IEEE 802. change. but it does not store the information in NVRAM.3 committee created a subgroup called 802.www.1q Encapsulation "Pass Any Exam. 5000.

actualtests.1Q capable ports to talk to old 802.1Q link. For these sole reasons-loss of means of identification and loss of classification-the use of the native VLAN should be avoided.1Q link. The native VLAN information is identical at each end of the link. Each switch has identical modules. The link is using IEEE 802. This VLAN is implicitly used for all the untagged traffic received on an 802. What is probably causing this problem? (Select all that apply)? A. On the other hand. However.3 ports directly by sending and receiving untagged traffic. Reference : http://www. that is to say. the tagging rules are dictated by standards such as ISL or 802. there is no risk of identity loss and therefore of security weaknesses. E.1Q.Cisco 642-832: Practice Exam http://www.com/warp/public/473/27. it may be very detrimental because packets associated with the native VLAN lose their tags.html QUESTION NO: 94 You have a trunk link operating between two switches and you're experiencing problems with frames leaking between the two VLANs.1Q protocol B. This capability is desirable because it allows 802. Not enough information to determine. Answer: A. VLAN numbers and identification are carried in a special extended format that allows the forwarding path to maintain VLAN isolation from end to end without any loss of information.co m 90 .shtml "Pass Any Exam.cisco. their identity enforcement.1E protocol C." . software revisions and VLAN configuration information. for example. The link is using IEEE 802. Instead.com Ac tua lTe sts .cisco.www. as well as their Class of Service (802.1p bits) when transmitted over an 802. the IEEE committee that defined 802.com/en/US/products/hw/switches/ps708/products_white_paper09186a00801315 9f.1Q decided that because of backward compatibility it was desirable to support the so-called native VLAN. outside of a switch. Any Time. Spanning tree is disabled D. The native VLAN information is different at each end of the link.F Explanation: While internal to a switch.1Q capable port. Spanning tree protocol is disabled on all VLANs. ISL is a Cisco proprietary technology and is in a sense a compact form of the extended packet header used inside the device: since every packet always gets a tag. a VLAN that is not associated explicitly to any tag on an 802. in all other cases. F.

actualtests. it may be beneficial to clear the port immediately after. B.co m 91 ." .1Q-802. D. Two trunking encapsulations are available on all Ethernet interfaces: Inter-Switch Link (ISL)-ISL is a Cisco-proprietary trunking encapsulation 802. Clear the affected port and bring it up again.Cisco 642-832: Practice Exam QUESTION NO: 95 CORRECT TEXT What command could you enter to display the trunking status of a module/port in the switch? (Type in the answer below): Answer: show trunk QUESTION NO: 96 You are troubleshooting a Catalyst 5000 trunk in the network. Logical management of the switch. Remove all the VLANs set Answer: B QUESTION NO: 97 Which kind of management can be performed from the console port of a Cisco 6500 switch? A.1Q is an industry-standard trunking encapsulation When a trunk is first brought up using either of these methods. D. Any Time. tua lTe sts .www. What should you do if there's a disagreement about the VLANs configured to use the trunk? A. Reload the active VLAN configuration B. C. Out-of-band management of the switch. A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch.com Ac Explanation: In this situation you may want to set or clear the VLANS on both ends. C. Answer: D "Pass Any Exam. Physical management of the switch. In-band management of the switch. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network. Explicitly set the trunk for the VLAN to be on.

F.actualtests. Switch2 is a VTP server in the Company domain.com Ac tua Explanation: : A VTP server in a given domain with the highest revision number will overwrite the VTP configuration of all other switch in the same VTP domain. (server. lTe sts . client. A network can have more than one VTP domain.co m 92 . The default VTP mode is server. Switch2 has a higher VTP configuration revision number than the current VTP revision.www. Answer: A.C. QUESTION NO: 98 A VTP domain has six active VLANs. When you issue a command "show port 3/1" on a switch. Switch2 is a VTP server in a different domain. providing for remote out of band management of the device. Just prior to the failure. all VLANs except VLAN1 fail. Each VTP domain has it own server(s) that do not influence clients in other VTP domains.F Section 11: Troubleshoot loop prevention for the VLAN based solution (18 Questions) QUESTION NO: 99 You need to troubleshoot an issue on the switched LAN." .10 B. IEEE 802. A. Switch2 is configured for only VLAN1.Cisco 642-832: Practice Exam Explanation: When you configure a switch or a router from the console. E. Switch2 was added to the network. Modems are often attached to the console port. Which three issues on Switch2 could be the cause? Select three. Cisco best practices advises one to configure the correct VTP domain. you observe the Giants column has a non-zero entry. Any Time. B. C. What could cause this? A. and VTP revision number before adding any new switch to a network. Switch2 is not a VTP domain. VTP mode. D. it is considered 'out of band' because you don't get in there from any of the paths that the network device is a part of. transparent). VTP password. Without notice. Switch2 has a lower VTP configuration revision number than the current VTP revision. Misconfigured NIC "Pass Any Exam.

3 committee is extending the maximum standard frame size in order to address this issue. None of the other alternatives apply Answer: D Explanation: 802. Internal means that a tag is inserted within the frame: Note:With ISL.com Ac tua lTe sts .1Q uses an internal tagging mechanism. the trunking device inserts a 4-byte tag and recomputes the frame check sequence (FCS): The EtherType field that identifies the 802.Cisco 642-832: Practice Exam C. In addition to the 12-bit VLAN-ID. shtml#basic_char "Pass Any Exam.cisco. The tagging mechanism implies a modification of the frame. Reference: http://www. Note: Inserting a tag into a frame that already has the maximum Ethernet size creates a 1522-byte frame that can be considered a "baby giant" by the receiving equipment. Any Time." .1p priority tagging. IEEE 802. 3 bits are reserved for IEEE 802.www. The IEEE 802.com/en/US/products/hw/switches/ps700/products_tech_note09186a008012ecf3. the frame is encapsulated instead. User configuration D.actualtests.1Q E.1Q frame is 0x8100.co m 93 .

The port on switch SW3 is forwarding and receiving BPDUs correctly. B. The port on switch SW3 is forwarding. sending. The port on switch SW1 is forwarding and sending BPDUs correctly.Cisco 642-832: Practice Exam QUESTION NO: 100 SW1 configuration exhibit: SW2 configuration exhibit: SW3 configuration exhibit: Study the exhibits carefully. and receiving BPDUs correctly.com Ac tua lTe sts ." . "Pass Any Exam.co m 94 . C. D. which statement is true? A. The port on switch SW1 is blocking and sending BPDUs correctly.actualtests. The port on switch SW2 is blocking and sending BPDUs correctly.www. F. Based on the information shown above. G. E. Any Time. None of the other alternatives apply. The port on switch SW2 is forwarding and receiving BPDUs correctly.

into an active state if allowed to forward traffic. finally. the port is finally allowed to become a Root Port or Designated Port because the switch can advertise the port by sending BPDUs to other switches. In the Blocking state.co m 95 . This state is special and is not part of the normal STP progression for a port. Learning -After a period of time called the Forward Delay in the Listening state. The STP port states are as follows: Disabled -Ports that are administratively shut down by the network administrator. the port is allowed to receive and send BPDUs so that it can actively participate in the Spanning Tree topology process. In addition. the port is allowed to move into the Forwarding state.actualtests. In other words.Cisco 642-832: Practice Exam Answer: B Explanation: STP States To participate in STP. it returns to the Blocking state. each port of a switch must progress through several states. and send and receive BPDUs. ports that are put into standby mode to remove a bridging loop enter the Blocking state. However. The port can now send and receive data frames. Blocking -After a port initializes. moving through several passive states and. QUESTION NO: 101 The switched LAN is shown below: "Pass Any Exam. The port is now a fullyfunctioning switch port within the Spanning Tree topology.com Ac tua lTe sts . it begins in the Blocking state so that no bridging loops can form. This gives the port an extra period of silent participation and allows the switch to assemble at least some address table information.www. In the Listening state. Forwarding -After another Forward Delay period of time in the Learning state. Should the port lose its Root Port or Designated Port status. the port still cannot send or receive data frames. or by the system due to a fault condition. Listening -The port will be moved from Blocking to Listening if the switch thinks that the port can be selected as a Root Port or Designated Port." . a port is allowed to receive only BPDUs so that the switch can hear from other neighboring switches. A port begins its life in a Disabled state. the port is allowed to move into the Learning state. The port still sends and receives BPDUs as before. Any Time. collect MAC addresses in its address table. Here. the switch can now learn new MAC addresses to add to its address table. Instead. are in the Disabled state. the port is on its way to begin forwarding traffic. a port cannot receive or transmit data and cannot add MAC addresses to its address table. In addition.

In the Blocking state. Blocking -After a port initializes." . Explanation: STP States To participate in STP. Instead.Cisco 642-832: Practice Exam Study the exhibit above carefully. All ports will be in forwarding mode. B. The STP port states are as follows: Disabled -Ports that are administratively shut down by the network administrator. or by the system due to a fault condition. it begins in the Blocking state so that no bridging loops can form. If the STP configuration is correct. ports that are put into standby mode to remove a bridging loop enter the Blocking state. A port begins its life in a Disabled state. finally.www. into an active state if allowed to forward traffic. None of the other alternatives apply.co m .actualtests. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in standby mode. Switch SW5 is configured as the root switch for VLAN 10 but not for VLAN 20. This state is special and is not part of the normal STP progression for a port. In other "Pass Any Exam. D. a port is allowed to receive only BPDUs so that the switch can hear from other neighboring switches. Any Time. each port of a switch must progress through several states. C. moving through several passive states and. Listening -The port will be moved from Blocking to Listening if the switch thinks that the port can be selected as a Root Port or Designated Port.com 96 Ac Answer: D tua lTe sts . In addition. a port cannot receive or transmit data and cannot add MAC addresses to its address table. are in the Disabled state. E. what will be true about Switch SW5? A. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in blocking mode. All ports in VLAN 10 will be in forwarding mode.

BPDUs will be sent out every 10 seconds.D Explanation: STP operation is controlled by three timers. The 802. Any Time. the port is on its way to begin forwarding traffic.1D standard specifies a default value of 2 seconds.actualtests. the port is allowed to receive and send BPDUs so that it can actively participate in the Spanning Tree topology process. Answer: C." . However. F. it returns to the Blocking state. Forwarding -After another Forward Delay period of time in the Learning state. The time spent in the learning state will be 15 seconds. and send and receive BPDUs. Learning -After a period of time called the Forward Delay in the Listening state. QUESTION NO: 102 The following output was shown on switch SW1: Based on the "show spanning-tree vlan 200" output shown in the exhibit.www. B. the port is allowed to move into the Forwarding state. The port still sends and receives BPDUs as before. the switch can now learn new MAC addresses to add to its address table. The time spent in the listening state will be 30 seconds.Cisco 642-832: Practice Exam words. E. The port can now send and receive data frames. The Hello Time is the amount of time between the sending of Configuration BPDUs. In the Listening state.com 97 Ac tua lTe sts . which two statements about the STP process for VLAN 200 are true? (Select two) A.co m . "Pass Any Exam. Here. the port is allowed to move into the Learning state. The maximum length of time that the BPDU information will be saved is 30 seconds. BPDUs will be sent out every two seconds. In addition. the port is finally allowed to become a Root Port or Designated Port because the switch can advertise the port by sending BPDUs to other switches. the port still cannot send or receive data frames. D. This switch is the root bridge for VLAN 200. C. This gives the port an extra period of silent participation and allows the switch to assemble at least some address table information. Should the port lose its Root Port or Designated Port status. collect MAC addresses in its address table. The port is now a fullyfunctioning switch port within the Spanning Tree topology.

As long as the bridge receives a continuous stream of BPDUs every 2 seconds. the receiving bridge maintains a continuous copy of the BPDU values. When a failure occurs on a directly connected link. Max Age is only an issue when the link failure is not on a directly connected link.www.com Ac tua lTe sts . if the device sending this best BPDU fails. or if the Root Bridges stop sending periodic BPDUs during this time.co m 98 . This is a single value that controls both states.Cisco 642-832: Practice Exam This value controls Configuration BPDUs as the Root Bridge generates them.actualtests. the bridge invalidates the saved BPDUs and begins looking for a new Root Port. Recall that each port saves a copy of the best BPDU it has seen. Max Age is the STP timer that controls how long a bridge stores a BPDU before discarding it. Any Time. QUESTION NO: 103 Refer to the following network exhibits: "Pass Any Exam. If the outage lasts for more than 20 seconds. and a Hello Time of 2 seconds. Forward Delay is the amount of time the bridge spends in the Listening and Learning states." . However. a maximum of three lost BPDUs. If BPDUs stop arriving for the time interval ranging from 2 to 20 seconds because of a network disturbance. so Max Age is not considered in transitioning the port to Forwarding mode. The default value of 15 seconds was originally derived assuming a maximum network size of seven bridge hops. a mechanism must exist to allow other bridges to take over. 2 to 20 seconds is the range between the expected receipt of a BPDU and the expiration of the Max Age time. Other bridges propagate BPDUs from the Root Bridge as they are received. the default Max Age time. the timer will expire. The Forward Delay timer also controls the bridge table age-out period after a change in the active topology. the switch knows there will not be any BPDUs coming in on that link.

actualtests. each port of a switch must progress through several states. are in the Disabled state. The STP port states are as follows: Disabled -Ports that are administratively shut down by the network administrator. or by the system due to a fault condition.Cisco 642-832: Practice Exam SW1 configuration exhibit: SW2 configuration exhibit: 00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex). with SW1 FastEthernet0/4 (half duplex) . finally. into an active state if allowed to forward traffic.com 99 Ac tua lTe sts Refer to the network topology exhibit and the partial configuration exhibits of switch SW1 and SW2. Interface Fa 0/6 on switch SW2 will transition to a forwarding state and create a bridging loop. What would be the possible outcome of the problem shown in this message? A. D. The root port on switch SW1 will automatically transition to full-duplex mode.www.co m . Answer: B Explanation: STP States To participate in STP. C. Any Time. B.with TBA05071417(Cat6K-B) 0/4 (half duplex). STP is configured on all switches in the network. None of the other alternatives apply." . The interfaces between switches SW1 and SW2 will transition to a blocking state. A port begins its life in a Disabled state. SW2 receives this error message on the console port: . E. The root port on switch SW2 will fallback to full-duplex mode. This state is special and is not part of the normal STP progression for a "Pass Any Exam. moving through several passive states and.

the switch can now learn new MAC addresses to add to its address table.actualtests. the port still cannot send or receive data frames. The port is now a fully functioning switch port within the Spanning Tree topology. In the Listening state. a port is allowed to receive only BPDUs so that the switch can hear from other neighboring switches. a port cannot receive or transmit data and cannot add MAC addresses to its address table. Learning -After a period of time called the Forward Delay in the Listening state. The port can now send and receive data frames. the port is finally allowed to become a Root Port or Designated Port because the switch can advertise the port by sending BPDUs to other switches. the port is allowed to receive and send BPDUs so that it can actively participate in the Spanning Tree topology process. In the Blocking state. Based on the output shown above. The following "show" command was issued on a switch: Study the exhibit carefully. However. ports that are put into standby mode to remove a bridging loop enter the Blocking state. "Pass Any Exam. which statement is true? A. the port is on its way to begin forwarding traffic.co m 100 . it begins in the Blocking state so that no bridging loops can form. In addition." . Here. collect MAC addresses in its address table. Blocking -After a port initializes.www.com Ac tua lTe QUESTION NO: 104 sts . Switch 6 has been configured with the "spanning-tree vlan 1 hello-time2" global configuration command. Instead. The port still sends and receives BPDUs as before. the port is allowed to move into the Learning state. Should the port lose its Root Port or Designated Port status. Forwarding -After another Forward Delay period of time in the Learning state. This gives the port an extra period of silent participation and allows the switch to assemble at least some address table information. In other words. and send and receive BPDUs. In addition.Cisco 642-832: Practice Exam port. the port is allowed to move into the Forwarding state. it returns to the Blocking state. Any Time. Listening -The port will be moved from Blocking to Listening if the switch thinks that the port can be selected as a Root Port or Designated Port.

* Let the switch become the Root by automatically choosing a Bridge Priority value: Switch(config)# spanning-tree vlan vlan-id root {primary | secondary} [diameter diameter] This command is actually a macro on the Catalyst that executes several other commands.576. Switch SW6 has been configured with the "spanning-tree vlan 1 root primary" global configuration command. Switch SW6 has been configured with the "spanning-tree vlan 1 root secondary" global configuration command. Answer: E Explanation: To configure a Catalyst switch to become the Root Bridge . the Root Priority is set to 28. Switch SW6 has been configured with the "spanning-tree vlan 1 priority24577" global configuration command. If the current Root Priority is less than that. so the VLAN ID must always be given.768. Actual Bridge Priorities are not given in the command. The result is a more direct and automatic way to force one switch to become the Root Bridge .actualtests.Cisco 642-832: Practice Exam B. There is no way to query or listen to the network to find another potential secondary Root." . D.co m 101 . the local switch sets its priority to 4096 less than the current Root. F. For the secondary Root Bridge .768) that might be used elsewhere. Rather. the local switch sets its priority to 24. The root bridge has been configured with the "spanning-tree vlan 1 root secondary" global configuration command. so this priority is used under the assumption that it is less than the default priorities (32. This command modifies the switch's Bridge Priority value to become less than the Bridge Priority of the current Root Bridge . when the macro command is issued.www. use one of the following methods: * Directly modify the Bridge Priority value so that a switch can be given a lower-than-default Bridge ID value to win a Root Bridge election: Switch (config)# spanning-tree vlan vlan-id priority bridge-priority The bridge-priority value defaults to 32. Any Time. Remember that Catalyst switches run one instance of STP for each VLAN (PVST+). QUESTION NO: 105 The switched LAN is displayed below: "Pass Any Exam. but you can also assign a value of 0 to 65. C. These values are modified only once.com Ac tua lTe sts . E. the switch modifies STP values according to the current values in use within the active network. You should designate an appropriate Root Bridge for each VLAN.576. None of the other alternatives apply. Use the primary keyword to make the switch attempt to become the primary Root Bridge .672.535. If the current Root Priority is more than 24.

Switch SW1 is the root switch for the default VLAN. switches with Cisco PVST and PVST+ maintain a separate spanning-tree instance for each active VLAN configured on it.co m . the switch checks the switch priority of the root switches for each VLAN.com 102 Ac tua lTe sts . To reduce the broadcast domain. the switch sets its own priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the specified VLAN. To configure a switch to become the root for the specified VLAN. E. 4096 is the value of the least-significant bit of a 4-bit switch priority value. the switch sets its own priority for the specified VLAN to 4096 less than the lowest switch priority. use the spanning-tree vlan vlanid root primary global configuration command to modify the switch priority from the default value (32768) to a significantly lower value. B. Switch SW1 will change its spanning tree priority to become root for VLAN 2 only. No other switch in the network will be able to become root as long as switch SW1 is up and running. D. C.Cisco 642-832: Practice Exam In this network. the switch with the lowest bridge ID becomes the root switch for that VLAN. None of the other alternatives apply Answer: D Explanation: By default. the network administrator decides to split users on the network into VLAN 2 and VLAN 10. For each VLAN. STP has been implemented. Switch SW1 will remain root for the default VLAN and will become root for VLAN 2. All ports of the root switch SW1 will remain in forwarding mode throughout the reconvergence of the spanning tree domain. consisting of the switch priority and the switch MAC address." . When this command is entered. Because of the extended system ID support.actualtests. Any Time. A bridge ID. The administrator issues the command spanning-tree vlan 2 root primary on switch SW1. QUESTION NO: 106 "Pass Any Exam. If any root switch for the specified VLAN has a switch priority lower than 24576.www. What will happen as a result of this change? A. is associated with each instance.

Changing the bridge priority of S1 to 4096 would improve network performance. Disabling the Spanning Tree Protocol would improve network performance. The spanning-tree Algorithm relies on a set of parameters to make decisions. The spanning-tree algorithm is defined in the IEEE 802.768. Changing the bridge priority of S2 to 36864 would improve network performance. The Bridge ID (BID) parameter is an 8-byte field consisting of an ordered pair of numbers. including the Bridge ID. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance. Path Cost and Port ID. F.) Answer: B.actualtests. Algorithms rely on a set of rules. lTe sts . The Bridge Priority is a decimal number used to measure the preference of a bridge in the spanning-tree Algorithm.1D standard. The Bridge ID (BID) is used by STP to determine the center of the bridged network. The first is a 2-byte decimal number called the Bridge Priority. C. which two statements are true? (Choose two.com 103 Ac tua A. will be covered in the following two topics. D. The Bridge ID (BID) is the first parameter used by the spanningtree algorithm. The possible values range between 0 and 65.D Explanation: An algorithm is a formula or set of steps for solving a particular problem. "Pass Any Exam. The parameters used by the algorithm.535. Based on the exhibit." . Front Line users have been complaining that they experience slower network performance when accessing the server farm than the Reception office experiences. The default setting is 32. They have a clear beginning and end. E. Changing the bridge priority of S1 to 36864 would improve network performance. The spanning-tree algorithm is no exception. Although there is complete connectivity throughout the network.Cisco 642-832: Practice Exam Refer to the exhibit.www. B. Any Time. The spanning-tree algorithm characterizes STP. are explored here. The remaining parameters. Changing the bridge priority of S3 to 4096 would improve network performance. known as the Root Bridge . and the second is a 6-byte (hexadecimal) MAC address.co m . All network links are FastEthernet.

E. VLAN 2 traffic will be blocked on Switch SWB port 1/1. B." . Catalyst 6000 switches each have a pool of 1024 MAC addresses assigned to the supervisor module or backplane for this purpose. the STP port priority setting determines which port is enabled and which port is in a blocking state. One trunk port sends or receives all traffic for the VLAN. VLAN 2 traffic will be blocked on Switch SWA port 0/2.co m Assuming that VLAN 1 and VLAN 2 traffic is enabled on the above network. VLAN 1 traffic will be blocked on Switch SWB port 1/1. The trunk port with the lower priority (higher values) for the same VLAN remains in a Blocking state for that VLAN.com Ac tua Answer: A lTe A. VLAN 1 and 2 traffic will be blocked on Switch SWA port 0/1. D. used as BIDs for the VLAN spanning-tree instances (one per VLAN).Cisco 642-832: Practice Exam The MAC address in the BID is one of the MAC addresses of the switch.actualtests. what effect will the following command have when entered on port 0/2 on switch SWA? 104 . sts . one for each instance of STP.www. The priorities on a parallel trunk port can be set so that the port carries all the traffic for a given VLAN. Any Time. VLAN 1 and 2 traffic will be blocked on Switch SWA port 0/2. "Pass Any Exam. For example. QUESTION NO: 107 Exhibit spanning-tree vlan 1 port-priority 16 Explanation: Load Sharing Using STP Port Priorities When two ports on the same switch form a loop. Each switch has a pool of MAC addresses. C. The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN.

Spantree ports 4/1-24 fast start enabled.com 105 Ac What command would you enter to reproduce this output? (Type in answer below) tua lTe sts . bridges. Connecting hubs. Switch is now the root switch for active VLAN 1. switches.actualtests. Use with caution.Cisco 642-832: Practice Exam QUESTION NO: 108 CORRECT TEXT Refer to the output shown on switch SW1 below: VLAN 1 bridge priority set to 8192. Answer: set spantree root 1 QUESTION NO: 109 CORRECT TEXT Refer to the output shown on switch SW1 below: Warning: Spantree port fast start should only be enabled on ports connected to a single host. VLAN 1 bridge max aging time set to 20.co m . etc.www." . VLAN 1 bridge forward delay set to 15. What command could you enter to reproduce this output? (Type in answer below) "Pass Any Exam. VLAN 1 bridge hello time set to 2. concentrators. to a fast start port can cause temporary spanning tree loops. Any Time.

since they are closest to the root bridge. assuming all other parameters are left as default. BPDU timer "Pass Any Exam. P3/2 will be elected the nondesignated port.D lTe A. all ports directly connected to the root bridge will become designated ports. ASW13 will be elected the root bridge. port F3/2 will become the non-designated port. DSW11will be elected the root bridge. Also. the switch with the lowest bridge ID will become the root bridge.co m . hello timer B.Cisco 642-832: Practice Exam Answer: set spantree portfast 4/1-24 enable QUESTION NO: 110 Given the above diagram and assuming that STP is enabled on all switch devices. which two statements are true? (Choose two. DSW12 will be elected the root bridge. Which STP timer will have to expire before the other switches can actively restore connectivity with topology change procedure of STP? A. B. Any Time.) Explanation: The root bridge should be placed as close to the core as possible and should be the most centrally located. This makes DSW11 the root bridge. P2/2 will be elected the nondesignated port. F.com 106 Ac tua Answer: A. configuration BPDUs will no longer be sent." . QUESTION NO: 111 If the root bridge fails. By default. sts . C. E. D. In this case. P3/1 will be elected the nondesignated port.actualtests.www.

all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a predefined interval (Max Age).htm Exhibit SW1#show spanning-tree vlan 200 VLAN200 Spanning tree enabled protocol ieee Root ID Priority 32968 Address 000c. Max age takes into account that the switch at the periphery of the network should not time out the root information under stable condition (that is.ef00 Cost 19 Port 2 (FastEthernet0/2) Hello time 10 Sec Max Age 20 sec Forward Delay 30 sec Bridge ID Priority 32968 (priority 32768 sys-id-ext 200) Address 000c. As such. Reference: http://www.com/support/supportnote/ves1012/app/stp. the bridge assumes that the link to the root bridge is down.Cisco 642-832: Practice Exam C.ce29.ce2a." .actualtests. Any Time.zyxel. if the root is still alive).com 107 Ac tua QUESTION NO: 112 lTe sts .co m . This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. Forward_delay timer D. the formula for max age is as follows: Max_age = End-to-end_BPDU_propa_delay + Message_age_overestimate = 14 + 6 = 20 sec This explains how IEEE reaches the default recommended value for max age.www. Dead timer F.4180 Hello Time 2 sec Max Age 20 Sec Forward Delay 15 sec Interface Role Sts Cost PrioNbr Type "Pass Any Exam. This is the value that max age needs to take into account the total BPDU propagation delay and the message age overestimate. Max_age timer E. Wait timer Answer: D Explanation: Once a stable network topology has been established.

co m .www. BPDUs will be sent out every 10 seconds. sts . F. It will consider the value of the timers contained in the BPDU that it is receiving. and max age) are included in each BPDU. The time spent in the learning state will be 15 seconds D. E. None of the choices. Combine all the VLAN spanning trees into a single spanning tree. Set forward delay and max-age timers to the maximum possible values. This switch is the root bridge for VLAN 200. that means only a timer configured on the root bridge of the STP is important. This is equal to two seconds by default. An IEEE bridge is not concerned about its local configuration of the timers value. The time spent in the listening state will be 30 seconds C. C. D. even if it is not required to configure the same timer value in the entire network. BDPUs will be sent out every two seconds. So. the new root would start to impose its local timer value to the entire network. as listed below: hello: the hello time is the time between each Bridge Protocol Data Unit (BPDU) that is sent on a port. B. it is at least mandatory to configure any timer changes on the root bridge and on the backup root bridge. The maximum length of time that the BPDU information will be saved is 30 seconds. Answer: B.3 P2p Based on the show spanning-tree vlan 200 output shown in the exhibit.actualtests. Obviously. Change the router VTP server mode.2 P2p Fa0/3 Altn BLK 19 128. B.F QUESTION NO: 113 What should you do to reduce spanning-tree protocol BPDU traffic during extended periods of instability in your VLANs? A. Disable the root bridge Answer: B Explanation: There are several STP timers. in case you would lose the root. Effectively.Cisco 642-832: Practice Exam --------------------------------------------------------------------------------------Fa0/2 Root FWD 19 128. forward delay. E. Any Time. "Pass Any Exam." . which two statements about the STP process for VLAN 200 are true? (Choose two) A.com 108 Ac tua lTe Explanation: Changing the Spanning Tree Protocol Timers T he STP timers (hello.

even if it is not required to configure the same timer value in the entire network." . In order to reduce the number of BPDU's in the spanning tree topology.Cisco 642-832: Practice Exam but can be tuned to be between one and ten seconds. but it will also increase the convergence time during a topology change. in case you would lose the root. Obviously. that means only a timer configured on the root bridge of the STP is important. and max age) are included in each BPDU.1q trunking 5 "Pass Any Exam. max age : the max age timer controls the maximum length of time a bridge port saves its configuration BPDU information. An IEEE bridge is not concerned about its local configuration of the timers value. This will reduce the BPDU traffic. Effectively. QUESTION NO: 114 The network is displayed in the diagram below: You use the following information for switch SWA: Port Mode Encapsulation Status Native VLAN fa0/1 desirable n-802.actualtests. it is at least mandatory to configure any timer changes on the root bridge and on the backup root bridge. forward delay: the forward delay is the time spent in the listening and learning state. The STP timers (hello. but can be tuned to be between four and 30 seconds. Any Time. the new root would start to impose its local timer value to the entire network. This is by default equal to 15 seconds. the forward delay and max-age timers should be increased. So.www.co m 109 . It will consider the value of the timers contained in the BPDU that it is receiving.com Ac tua lTe sts . This is 20 seconds by default and can be tuned to be between six and 40 seconds. forward delay.

it must have been configured and the VLAN is indeed allowed to traverse the trunk. B. D: By default. VLAN 107 does not exist on switch SWA. it must have been configured and the VLAN is indeed allowed to traverse the trunk.actualtests.co m . C. show spantree statistics "Pass Any Exam. E. 8-100. 8-100. VTP is pruning VLAN 107. D. VLAN 107 is known and active within the management domain. Incorrect Answers: A: Based on the output shown above. 102-105. VLAN 107 should be able to once again gain access to the network resources. B: Based on the output shown above. 106. Spanning tree is not enabled on VLAN 107. Any Time. VLAN 7. By disabling VTP pruning. VLAN 107 is not configured on the trunk.com 110 Ac tua lTe sts . Only VLAN 101 has been configured to not pass along this trunk. show spantree backbonefast B.Cisco 642-832: Practice Exam Port VLANs is allowed on trunk fa0/ 1 1-100. Therefore. 102-115. None of the other alternatives apply Answer: C Explanation: In this example. Therefore. 101. 197-999. VLAN 107 is being pruned incorrectly in this case. STP is enabled on all VLANs. 1002-1005 SW users in VLAN 107 complain that they are unable to gain access to the resources through the SW1 router." . and 107 are being pruned. What is the cause of this problem? A. QUESTION NO: 115 Which of the following commands would you enter if you wanted to display spanning tree statistical information? A. VLAN 107 is known and active within the management domain. 1002-1005 Port VLANs in spanning tree forwarding state and not pruned fa0/1 1-6.www. 108-999. 102-1005 Port VLANs is owned and active in management domain fa0/1 1-6. Only VLAN 101 has been configured to not pass along this trunk.

you can issue a show running-configuration command "Pass Any Exam. show spantree portvlancost . The following list various commands to use for troubleshooting Catalyst switches: show spantree vlan_id . show spantree uplinkfast D. show spantree backbonefast .cisco. False Answer: C Explanation: The show spanning-tree command only displays information for ports with an active link (green light is on). There is not enough information to determine C. show spantree portstate F.Shows spanning tree statistical information. show spantree blockedports .Shows the path cost for the VLANs on a port.actualtests. Any Time. If these conditions are not met. show spantree blockedports E. True B.www.Shows the uplinkfast settings. show spantree portstate . show spantree uplinkfast .Displays only the blocked ports.Displays whether the spanning tree Backbone Fast Convergence feature is enabled.Determines the current spanning tree state of a Token Ring port within a spanning tree. show spantree portvlancost Answer: B Explanation: The command 'show spantree statistics' is the correct IOS command to show spanning tree statistical information and is obviously the correct answer choice. show spantree statistics .Cisco 642-832: Practice Exam C.x/command/reference/sh_sp_ te.html Is the following statement True or False? The "show spanning-tree" command only shows information about ports with their red or amber lights on.com 111 Ac QUESTION NO: 116 tua lTe sts .Provides a summary of connected spanning tree ports by VLAN. show spantree summary .com/en/US/docs/switches/lan/catalyst6500/catos/8. Reference: http://www. A." .co m .Shows the current state of the spanning tree for the "vlan_id" entered from the perspective of the switch on which it is entered.

This interface is a member of VLAN7. This interface is a member of a voice VLAN. This interface is a member of VLAN1. E. Section 12: Troubleshoot Access Ports for the VLAN based solution (6 Questions) QUESTION NO: 117 Refer to the show interface Gi0/1 switchport command output shown in the exhibit. This interface is a dot1q trunk passing all configured VLANs.actualtests.www.co m 112 .Cisco 642-832: Practice Exam to confirm the configuration.com Ac tua lTe sts . "Pass Any Exam. Which two statements are true about this interface? (Choose two." . C. Any Time. B. D. This interface is configured for access mode.) A.

Cisco 642-832: Practice Exam Answer: C. On the basis of the output generated by the show commands. show vlan: This commands shows the vlan." .www. Based upon the output of show vlan on switch CAT2. You should also manually configure the encapsulation mode. which two statements are true? (Choose two.) "Pass Any Exam. that interfaces Fa0/13 and Fa0/14 have a duplex mismatch with another switch lTe sts .D Explanation: In Exhibit.actualtests. Any Time. that interfaces Fa0/13 and Fa0/14 are down C. ports belonging to VLAN means that port on access mode. that interfaces Fa0/13 and Fa0/14 have a domain mismatch with another switch E. QUESTION NO: 118 Refer to the exhibit. QUESTION NO: 119 Refer to the exhibit.com Ac Answer: C tua A. that interfaces Fa0/13 and Fa0/14 are in VLAN 1 B.co m 113 . that interfaces Fa0/13 and Fa0/14 are trunk interfaces D. The corresponding switch port at the other end of the trunk should be similarly configured because negotiation is not allowed. what can we conclude about interfaces Fa0/13 and Fa0/14? Explanation: trunk -This setting places the port in permanent trunking mode. It doesn't shows the port on trunk mode. Operation mode is in static access and Access mode VLAN is 7 so it means this port is operating on access mode as a member of VLAN 7.

the IEEE 802. There are no native VLANs configured on the trunk.1q header. F. Answer: C. VLAN 1 will not be encapsulated with an 802.1Q protocol can also carry VLAN associations over trunk links.E Explanation: The IEEE 802. Because it has not been assigned to any VLAN. E. In particular." . D. allowing VLAN trunks to exist and operate between equipment from multiple vendors. Any Time. VLAN 2 will not be encapsulated with an 802. and protocols and algorithms used to provide VLAN services.Cisco 642-832: Practice Exam A.1q header. this frame identification method is standardized. All interfaces on the switch have been configured as access ports. interface gigabitethernet 0/1 does not appear in the show vlan output. "Pass Any Exam.com 114 Ac tua lTe sts .actualtests.www. interface gigabitethernet 0/1 does not appear in the show vlan output. However. B.1Q standard defines an architecture for VLAN use. C.co m . services provided with VLANs. Because it is configured as a trunk interface.

A new workstation has consistently been unable to obtain an IP address from the DHCP server when the workstation boots.1Q trunk link. In the event that an end station is connected to an 802.com Ac tua lTe sts . Filters E. PortFast on the switch port connected to the workstation D. while giving normal access stations some inherent connectivity over the trunk. BackboneFast on the switch port connected to the server C.Cisco 642-832: Practice Exam Like Cisco ISL. Ports in VLAN 5 B. This method is referred to as single-tagging or internal tagging . VLAN information on port 0/5 D. It doesn't show the port on trunk mode. Any Time. the end station can receive and understand only the native VLAN frames. trunking on the switch "Pass Any Exam. 802.co m 115 .1Q can be used for VLAN identification with Ethernet trunks.1Q embeds its tagging information within the Layer 2 frame. IEEE 802.1Q also introduces the concept of a native VLAN on a trunk. Instead of encapsulating each frame with a VLAN ID header and trailer. QUESTION NO: 121 You work as a network Technician. and the new workstation obtains an address when manually forced to renew its address.actualtests. 802. UplinkFast on the switch port connected to the server B. What should be configured on the switch to allow the workstation to obtain an IP address at boot? A. show vlan: This commands shows the vlan. This provides a simple way to offer full trunk encapsulation to the devices that can understand it. ports belonging to VLAN means that port on access mode. Frames belonging to this VLAN are not encapsulated with any tagging information. What will this command display? (Select two) A. Utilization C.E Explanation: #show vlan id 5 : Shows all ports belonging to VLAN 5 and MTU of ports and type. MTU and type Answer: A." .www. Older workstations function normally. QUESTION NO: 120 The administrator has issue the "show vlan id 5" command.

the port normally enters the spanning tree Listening state. When the Forward Delay timer expires.com 116 Ac tua lTe sts . A. which command sequence would correct the problem? m QUESTION NO: 122 .co Refer to the exhibit. the port is transitioned to the Forwarding state (less than 2 seconds after the cable is plugged in). the port enters the Learning state. the port is immediately transitioned to the Forwarding state. When a device is connected to a port. bypassing the Listening and Learning states. the port is transitioned to the Forwarding or Blocking state. Any Time. IOSbased switches only use PortFast on access ports connected to end stations. When PortFast is enabled on a switch or trunk port. When the Forward Delay timer expires a second time.Cisco 642-832: Practice Exam Answer: C Explanation: Spanning tree PortFast is a Catalyst feature that causes a switch or trunk port to enter the spanning tree Forwarding state immediately. On the basis of the information in the exhibit.www. As soon as the switch detects the link.actualtests. SW1(config)# interface fastethernet 0/1 SW1(config-if)# no shut "Pass Any Exam." . The user who is connected to interface FastEthernet 0/1 is on VLAN 10 and cannot access network resources.

None of the other alternatives apply Answer: E Explanation: Promiscuous: The switch port connects to a router. SW1(config)# interface fastethernet 0/1 SW1(config-if)# switchport mode access E. Community E.co m 117 . in which the rules of private VLANs are ignored. or other common gateway device. Isolated C. This port can communicate with anything else connected to the primary or any secondary VLAN. Promiscuous F.www.Cisco 642-832: Practice Exam B. firewall. the port is in promiscuous mode.com Ac tua lTe QUESTION NO: 123 sts Section 13: Troubleshoot private VLANS (1 Question) . Primary D.actualtests. it means interface is in down state. Just bring into up state using no shutdown command Switch SW1 has been configured with Private VLANs." . SW1(config)# vlan 10 SW1(config-vlan)# no shut Answer: A Explanation: In Exhibit Operation Mode is down. Any Time. With that type of PVLAN port should the default gateway be configured? A. In other words. Trunk B. SW1(config)# interface fastethernet 0/1 SW1(config-if)# switchport mode access SW1(config-if)# switchport access vlan 10 C. SW1(config)# vlan 10 SW1(config-vlan)# state active D. "Pass Any Exam.

C. Interface FastEthernet 0/1 was configured with the switchport port-security violation restrict command. Any Time. Given the output that was generated.actualtests. which security statement is true? tua lTe sts ." . Interface FastEthernet 0/1 was configured with the switchport port-security aging command. Interface FastEthernet 0/1 was configured with the switchport port-security protect command. B. The "show port-security interface fa0/1" command was issued on switch SW1. When the number of secure IP addresses reaches 10. E. When the number of secure MAC addresses reaches 10.www. Answer: D.Cisco 642-832: Practice Exam Section 14: Troubleshoot port security (4 Questions) QUESTION NO: 124 A PC host is connected to a switch in the network shown below: Configuration exhibit: A.E Explanation: Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or number of MAC addresses. the interface will immediately shut down. F. Those addresses can be learned dynamically or "Pass Any Exam. the interface will immediately shut down and an SNMP trap notification will be sent.co m .com 118 Ac Study the exhibits carefully. None of the other alternatives apply. D.

Cisco 642-832: Practice Exam configured statically. Shutdown: If any frames are seen from a nonallowed address. an SNMP trap is sent. 2. Port Security Implementation: When Switch port security rules violate different action can be applied: 1. and a Simple Network Management Protocol (SNMP) trap is sent. The port will then provide access to frames from only those addresses. Restrict: Frames from the nonallowed address are dropped. and manual intervention or errdisable recovery must be used to make the interface usable. Protect: Frames from the nonallowed address are dropped.com Ac tua lTe sts ." . If.co m 119 . QUESTION NO: 125 The following show command was issued on switch SW1: "Pass Any Exam. however. The port will not be shutdown. because it is in protect mode -. the interface is errdisabled. a log message is created. and port access will be limited to those four dynamically learned addresses. the port will allow any four MAC addresses to be learned dynamically. a log entry is made. but there is no log of the violation.actualtests.not shutdown. 3. the number of addresses is limited to four but no specific MAC addresses are configured. Any Time.www.

The port will then provide access to frames from only those addresses. The packets with the new source addresses will be dropped until a sufficient number of secure MAC addresses are removed from the secure address list. None of the other alternatives apply Answer: A Explanation: Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or number of MAC addresses. C. All secure addresses will age out and be removed from the secure address list. E.actualtests.www. the port will allow any four MAC addresses to be learned dynamically. This will cause the security violation counter to increment. B. and an SNMP trap notification will be sent. Port Security Implementation: "Pass Any Exam.Cisco 642-832: Practice Exam Based on the output shown. D. and port access will be limited to those four dynamically learned addresses." . however. the number of addresses is limited to four but no specific MAC addresses are configured. Any Time. The interface will be placed into the error-disabled state immediately. If. The first address learned on the port will be removed from the secure address list and be replaced with the new address.co m 120 . Those addresses can be learned dynamically or configured statically.com Ac tua lTe sts . what will happen when one additional user is connected to interface FastEthernet 5/1? A.

Restrict: Frames from the nonallowed address are dropped." . Protect: Frames from the nonallowed address are dropped. 2. Any Time. and a Simple Network Management Protocol (SNMP) trap is sent. and manual intervention or errdisable recovery must be used to make the interface usable. an SNMP trap is sent. the interface is errdisabled. 3. a log entry is made.actualtests.com Ac QUESTION NO: 126 tua Section 15: Troubleshoot general switch security (3 Questions) lTe sts When Switch port security rules violate different action can be applied: 1.www. Shutdown: If any frames are seen from a nonallowed address.Cisco 642-832: Practice Exam Exhibit: "Pass Any Exam. a log message is created. but there is no log of the violation. .co m 121 .

www. Reference: LAN Switch Security: What Hackers Know About Your Switches. Snooping attack B. Any Time. Cisco Press.Cisco 642-832: Practice Exam Answer: E You can use the binding keyword to display all the known DHCP bindings that have been overheard. you can display its status with the following command: lTe A. None of the other alternatives apply sts . MAC flooding attack G.actualtests. Christopher Paggen .CCIE No. MAC spoofing attacks consist of malicious clients generating traffic by using MAC addresses that do not belong to them. "Pass Any Exam. Rogue device attack C. 2659.co m You issue the "show ip dhcp snooping" command on SW3 as shown in the exhibit. 2659. IP spoofing attacks are exactly like MAC spoofing attacks. by Eric Vyncke CCIE No. Chapter 5." . STP attack D. The switch maintains these in its own database. A switch can use the DHCP snooping bindings to prevent IP and MAC address spoofing attacks. except that the client uses an IP address that isn't his. VLAN attack E.com Ac Switch#show ip dhcp snooping [binding] tua Explanation: When DHCP snooping is configured. Spoofing attack F. What type of attack is being defended against? 122 .

In access map configuration mode. or are bridged within a VLAN. Unlike router ACLs.5? . The traffic will be forwarded to the router processor for further processing. If no sequence number is entered. Any Time. C.com 123 Ac Explanation: VLAN maps. perform these steps: Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. Each access-map can have multiple entries. Also enter the match command to specify an IP packet or a non-IP packet (with only a known MAC address). tua lTe sts A.co m Study the exhibit carefully. This access-list will select the traffic that will be either forwarded or dropped by the access-map. The default is to forward traffic. optionally enter an action forward or action drop . None of the other alternatives apply . Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one "Pass Any Exam.10. D.16. and to match the packet against one or more ACLs (standard or extended). What will happen to traffic within VLAN 14 with a source address of 172.www.actualtests. VLAN maps can be configured on the switch to filter all packets that are routed into or out of a VLAN. VLAN maps are used strictly for security packet filtering. B. can filter all traffic traversing a switch. also known as VLAN ACLs or VACLs. VLAN maps are not defined by direction (input or output). The traffic will be forwarded to the TCAM for further processing. The traffic will be forwarded without further processing.Cisco 642-832: Practice Exam QUESTION NO: 127 The following "show" command was issued on SW1: Answer: A To create a VLAN map and apply it to one or more VLANs. E. The order of these entries is determined by the sequence . The traffic will be dropped. accessmap entries are added with sequence numbers in increments of 10." . Enter the vlan access-map access-map-name [ sequence ] global configuration command to create a VLAN ACL map entry. Only traffic matching the 'permit' condition in an access-list will be passed to the access-map for further processing.

or other common gateway device. A single access-map can be used on multiple VLANs. D. also called VLAN maps. Router ACLs can be applied to the input and output directions of a VLAN interface." . VLAN maps can be used to filter packets exchanged between devices in the same VLAN. To filter both bridged and routed traffic. Any Time. firewall. Bridged ACLs can be applied to the input and output directions of a VLAN interface. B. VLAN maps and router ACLs can be used in combination.D QUESTION NO: 129 Switch SW1 has been configured with Private VLANs. VLAN ACLs. Isolated C. Primary D. "Pass Any Exam. None of the other alternatives apply Answer: E Explanation: Promiscuous: The switch port connects to a router. sts . VLAN maps can be applied to a VLAN interface Answer: A. Only router ACLs can be applied to a VLAN interface.Cisco 642-832: Practice Exam or more VLANs.com 124 Ac tua lTe Explanation: Router ACLs are applied on interfaces as either inbound or outbound. This port can communicate with anything else connected to the primary or any secondary VLAN. Community E. Trunk B.actualtests.B. VLAN maps can be used by themselves or in conjunction with router ACLs. E. Section 16: Troubleshoot VACL and PACL (3 Questions) QUESTION NO: 128 What is true about access control on bridged and routed VLAN traffic? (Select three) A. With that type of PVLAN port should the default gateway be configured? A. Promiscuous F.co m . C.www. which filter both bridged and routed packets.

co m Answer: A 125 .com Ac tua There are two types of secondary VLANs: * Isolated VLANs-Ports within an isolated VLAN cannot communicate with each other at the Layer 2 level. QUESTION NO: 130 In the event that two devices need access to a common server. C. . lTe sts Explanation: Private VLANs partition a regular VLAN domain into subdomains and can have multiple VLAN pairs. in which the rules of private VLANs are ignored.actualtests. but they cannot communicate with each other. DHCP snooping Section 17: Troubleshoot switch virtual interfaces (SVIs) (1 Question) QUESTION NO: 131 An SVI has been configured on a device.www. private VLANs B.Cisco 642-832: Practice Exam In other words. Which two statements are true about a switched virtual interface (SVI)? (Select two) A. "Pass Any Exam. one for each subdomain. * Community VLANs-Ports within a community VLAN can communicate with each other but cannot communicate with ports in other communities at the Layer 2 level. the port is in promiscuous mode. An SVI is created by entering the no switchport command in interface configuration mode. All secondary (private vlan) share the same primary VLANs. Any Time. BPDU guard D. dynamic ARP inspection E. D. which security feature should be configured to mitigate attacks between these devices? A. SVI is another name for a routed port." . port security C. B. Multiple SVIs can be associated with a VLAN. An SVI is normally created for the default VLAN (VLAN1) to permit remote switch administration. A subdomain is represented by a primary VLAN and a secondary VLAN.

Static IP routes are cleared across a switchover and recreated from entries in the configuration file on the redundant supervisor engine. routed traffic is interrupted until route tables reconverge. B. First. is not synchronized to the redundant supervisor engine and is lost on switchover. the redundant supervisor engine is fully initialized and configured. E. As a result. This allows a network address to be assigned to a logical interface-that of the VLAN itself. Answer: A. which shortens the switchover time if the active supervisor engine fails.www.com 126 Ac tua QUESTION NO: 132 lTe Section 18: Troubleshoot switch supervisor redundancy (3 Questions) sts . and then assign any Layer 3 functionality to it with the following configuration commands: Switch(config)# interface vlan vlan-id Switch(config-if)# ip address ip-address mask [secondary] The VLAN must be defined and active on the switch before the SVI can be used." . This is useful when the switch has many ports assigned to a common VLAN. when it is configured.Cisco 642-832: Practice Exam E. Information about dynamic routing states. The Forwarding Information Base (FIB) tables are cleared on a switchover. With route processor redundancy (RPR+). maintained on the active supervisor engine. Static IP routes are maintained across a switchover because they are configured from entries in the configuration file. is synchronized to the redundant supervisor engine and is transferred during the switchover. "Pass Any Exam. An SVI provides a default gateway for a VLAN. The logical Layer 3 interface is known as an SVI . Any Time. Make sure the new VLAN interface is also enabled with the no shutdown interface configuration command Company has a Catalyst 6500 and you need to configure redundancy between the supervisor modules. C. maintained on the active supervisor engine. you can also enable Layer 3 functionality for an entire VLAN on the switch. D. it uses the much more intuitive interface name vlan vlan-id . However. Information about dynamic routing states.co m .actualtests. Which three statements are true about the RPR + operations when the redundant supervisor engine switched over the failed primary supervisor engine? (Choose three) A. as if the VLAN itself is a physical interface.E Explanation: On a multilayer switch. define or identify the VLAN interface. and routing is needed in and out of that VLAN.

routed traffic is interrupted until route tables reconverge. both supervisor engines must run the same version of Cisco IOS software. Enter a " copy running-config startup-config " command to synchronize the configuration on the redundant supervisor engine. the redundant supervisor engine comes online in RPR mode. Network services are disrupted until the redundant supervisor engine takes over and the switch recovers. routed traffic continues without any interruption when the failover occurs. Only one supervisor engine is active. As a result. As a result.actualtests. The Forwarding Information Base (FIB) tables are cleared on a switchover. Answer: A. The Forwarding Information Base (FIB) tables are maintained during the switchover. sts . Use global configuration mode with RPR+ redundancy. Reference: http://www. Information about dynamic states maintained on the active supervisor engine is not synchronized to the redundant supervisor engine and is lost on switchover.Cisco 642-832: Practice Exam F. Configuration changes made through SNMP are not synchronized to the redundant supervisor engine. Static IP routes are maintained across a switchover because they are configured from entries in the configuration file.com/en/US/docs/switches/lan/catalyst6500/ios/12.C.www.com Ac tua lTe With RPR+.html QUESTION NO: 133 "Pass Any Exam.1E/native/configuration/guide/r edund. Supervisor engine redundancy does not provide supervisor engine mirroring or supervisor engine load balancing." .D Explanation: The following guidelines and restrictions apply to RPR+: RPR+ redundancy does not support configuration entered in VLAN database mode. Any Time. If the supervisor engines are not running the same version of Cisco IOS software.co m 127 .cisco.

OSPF. C. NSF combined with SSO enables supervisor engine load balancing C. Any Time. Redundancy provides fast supervisor switchover for all Cisco Catalyst 6500 series switches. B. independent of SSO B.actualtests. Switchover ensures that Layer 2 through Layer 4 traffic is not interrupted.co m 128 .Cisco 642-832: Practice Exam Which two characteristics apply to Cisco Catalyst 6500 Series Switch supervisor redundancy using NSF? (Choose two.) A. supports IPv4 and IPv6 multicast E. or IS-IS. Wireless.F Explanation: The purpose of NSF is to enable the Layer 3 switch to continue forwarding packets from an NSFcapable neighboring router when the primary route processor (RP) is failing and the backup RP is taking over. D. dependent on FIB tables Answer: E. IS-IS.www.. OSPF. supported by RIPv2. VOIP and Video) (8 Questions) QUESTION NO: 135 Exhibit: "Pass Any Exam. Redundancy requires BGP. prevents route flapping F.com Ac tua lTe sts . So it prevents the route flapping and it depends on FIB (Forwarding Information Base) table. EIGRP. Switchover can be caused by clock synchronization failure between supervisors. QUESTION NO: 134 Which statement best describes Cisco supervisor engine redundancy using Stateful Switchover? A. Answer: D Explanation: Section 19: Troubleshoot switch support of advanced services (i. and EIGRP D.e." .

Reference: http://www. Any WLC that is connected to the network and that is configured for Layer 2 LWAPP mode responds with a Layer 2 discovery response.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.actualtests. B. Any Time.cisco. or if the WLC or the LAP fails to receive an LWAPP discovery response to the Layer 2 LWAPP discovery message broadcast.co m . the LAP resets and returns to step 1.www. the LAP attempts a Layer 3 LWAPP WLC discovery. If the LAP does not support Layer 2 mode. The lightweight access point will send Layer 2 and Layer 3 Lightweight Access Point (LWAPP) mode discovery request messages at the same time. If step 1 fails.shtml QUESTION NO: 136 Exhibit: "Pass Any Exam. Answer: C Explanation: This procedure for a LAP to register with a WLC is: The LAP issues a DHCP request to a DHCP server in order to get an IP address. Please study the exhibit carefully. the LAP will try Layer 3 LWAPP WLC discovery. the LAP proceeds to step 3. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery request messages only. unless an assignment was made previously with a static IP address. the LAP (lightweight access point) attempts to register to a WLC (Wireless LAN Controller). The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery request messages.com 129 Ac tua lTe sts . the LAP broadcasts an LWAPP discovery message in a Layer 2 LWAPP frame. If step 3 fails. If Layer 2 LWAPP mode is supported on the LAP. The lightweight access point will send Layer 3 Lightweight Access Point (LWAPP) mode discovery request messages only.Cisco 642-832: Practice Exam You work as a network technician. D. If the attempt fails. What kind of message is transmitted? A. or if the LAP or the WLC does not support Layer 2 LWAPP mode." . C. In this wireless network.

As a result of these new duplicate wavefronts. D. Dual antennas typically ensure that if one antenna is in an RF null then the other is not. Any Time. Diversity is the use of two antennas for each radio. The transmitted signal from the AP arrives at the client at slightly different times resulting in phase shifting. E. multiple wavefronts are created.www. F.co m 130 . When an RF signal is reflected off an object. to increase the odds that you receive a better signal on either of the antennas. If signal 2 is close to 360 degrees out of phase with signal 1. The antennas used to provide a diversity solution can be in the same physical housing or must be two separate but equal antennas in the same location. When a radio frequency (RF) signal is transmitted towards the receiver. Diversity provides relief to a wireless network in a multipath scenario.cisco." . Diversity antennas are physically separated from the radio and each other. there are multiple wavefronts that reach the receiver. If signal 1 is in phase with signal 2. C. resulting in multipath interference at the client end (ClientA). You can move the antenna to get it out of the null point and provide a way to receive the signal correctly. B. On its way. the result is essentially zero signal or a dead spot in the WLAN. Which of the following statements is true? A. Reference: http://www. the RF signal encounters objects that reflect. None of the other alternatives apply. Multipath interference is less of an issue when using a DSSS technology because multipath is frequency selective. the general behavior of the RF signal is to grow wider as it is transmitted further. Answer: B Explanation: In order to understand diversity using dual antenna's. which provides better performance in multipath environments. Multipath interference can be solved by using dual antennas. you must understand multipath distortion. refract. diffract or interfere with the signal.com Ac tua lTe sts .com/en/US/tech/tk722/tk809/technologies_tech_note09186a008019f646. to ensure that one encounters less multipath propagation effects than the other.shtml "Pass Any Exam. the result is essentially zero signal or a dead spot in the WLAN.actualtests.Cisco 642-832: Practice Exam In this scenario the signal transmitted from the AP is reflected off a wall.

authentication request/response. association request/response D. The AP confirms authentication and registers the client.www. authentication request/response E.com Ac tua lTe sts .sht ml QUESTION NO: 138 Network topology exhibit: "Pass Any Exam. A client is searching for an access point (AP). The client evaluates the AP responses and selects the best AP. authentication request/response." . association request/response.Cisco 642-832: Practice Exam QUESTION NO: 137 On the wireless LAN. association request/response. probe request/response. None of the other alternatives apply Answer: C Explanation: From the Cisco FAQ on Cisco Aironet Wireless Security: What steps does Open Authentication involve for a client to associate with the AP? The client sends a probe request to the APs. Reference: http://www. probe request/response. probe request/response. Any Time. authentication request/response B.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297. The APs send back probe responses. What is the correct process order that this client and access point goes through in order to create a connection? A. The client then sends an association request to the AP.co m 131 . probe request/response C.cisco. The AP confirms the association and registers the client.actualtests. The client sends an authentication request to the AP. association request/response.

. B. Figure 3 Sequence of Events for L2 Roam illustrates a L2 roam.with a unique IP subnet range. Any Time.within the same IP subnet. . Figure: Sequence of Events for L2 Roam "Pass Any Exam. . . A L2 roam occurs when a WLAN client moves from one access point to another within the same subnet.actualtests. L3 roaming occurs after the L2 roam has completed. If the client moves to a new access point on a different IP subnet...Cisco 642-832: Practice Exam Answer: B. tua lTe All access points should be configured. The client station is responsible for detecting.. D. Roaming is always a client station decision. . and roaming to an alternative access point.C.with the native VLAN...E Explanation: This question shows an example of layer 2 roaming.co m 132 .. with identical SSIDs... .." .only with the native VLAN. E. what are three requirements for configuring these Aironet access points (APs) that will allow for all wireless clients to work without service interruption while roaming from access point to access point? (Select three) .www.com Ac A.with the same guest mode SSID. C. . F... sts In this WLAN segment.. evaluating...

on the native VLAN . Any Time. if it is configured for 802. Using its own source address. When a roaming event occurs. The probe responses and beacons received from access points are discarded unless they have matching Service Set Identifier (SSID) and encryption settings.com Ac tua lTe sts . Reference: http://www.1X authentication. on the client's virtual local area network (VLAN). The client scans all IEEE 802. 2 On each channel the client station sends a probe.html QUESTION NO: 139 "Pass Any Exam. the client station scans each 802.11 channels for alternative access points.www. As the client moves out of the range of access point A. the client discovers access point B and reauthenticates and reassociates to it. access point B sends a MAC multicast.1X. Access point A receives this multicast and removes the client MAC address from its association table. This updates the content addressable memory ( CAM ) tables of the upstream switch and directs further LAN traffic for the client to access point B and not access point A. 2. and waits for a probe responses or beacons from access points on that channel. 3.co m 133 . A client moves from access point A coverage area into access point B coverage area ( with both access points in the same subnet ). After associating to the new access point B. using the source address of the client." . telling access point A that access point B now has the client associated to it.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801c 5223.cisco.actualtests. maximum retries) is triggered. a roaming event (for example. the client begins IEEE 802. 4.11 channel. Access point B sends a null media access control (MAC) multicast.Cisco 642-832: Practice Exam The arrows in the figure indicate the following events: 1. In this case.

An omnidirectional antenna. C. using either a Layer 2 infrastructure oranIP-routed network When a Cisco LWAPP-enabled access point boots up. An antenna gives the wireless system three fundamental properties: gain.com 134 Ac tua lTe sts . In electronics.shtml "Pass Any Exam. LWAPP allows encrypted communications between lightweight access points and WLAN controllers. Gain implies increase e. it immediately looks for a wireless LAN controller within the network. E.wireless-computer-networking. After it finds a wireless LAN controller.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00807f34d3.Cisco 642-832: Practice Exam Which three statements are true about implementing wireless LANs in the network using Cisco devices? (Select three) A. Answer: A. Gain is a measure of increase in power. The WLAN solution Engine (WLSE) is used to control lightweight access points.e. Gain is the amount of increase in energy that an antenna adds to a radio frequency (RF) signal. F.com/dBi. and policy enforcement for an entire WLAN system Provide a generic encapsulation and transport mechanism for multivendor access point interoperability. that standardizes the communications protocol between lightweight access points and WLAN systems such as controllers. This antenna exists as a mathematical concept used only as a known reference to measure antenna gain per dBi. switches. B. encryption . Polarization is the physical orientation of the element on the antenna that actually emits the RF energy.B. LWAPP is a draft Internet Engineering Task Force (IETF) standard. authored by Cisco Systems. for example. direction and polarization.cisco. freeing up their computing resources to focus exclusively on wireless access instead offiltering and policy enforcement Enable centralized traffic handling.actualtests. the LWAPP-enabled access point sends out encrypted "neighbor" messages. Antenna power is a relative value reference to dBi. and routers. gain.radiates equally in all directions. Characteristics of antennas are directionality. D. and polarization. Its goals are to: Reduce the amount of processing within access points.htm http://www. the term "gain" is often repeated but misunderstood." . authentication. Any Time. The reference level or dBi is the strength of the signal that would be transmitted by a non-directional isotropic antenna i.g 20 dBi but without respect to where the increase originated. One of the advantages of the lightweight WLAN solution is that the devices act indepently. References: http://wireless-network.C Explanation: DBi is a unit measuring the gain of an antenna. is usually a vertical polarized antenna. Power over Ethernet (PoE) is only available when a WLAN controller is integrated into the network. Direction is the shape of the transmission pattern.www.co m .

com 135 Ac tua lTe sts A. In the traditional switched world. A PC connected to a switch port via an IP phone is unaware of the presence of the phone.co m Based on the diagram shown above. the connectivity between Cisco IP phone access port and the workstation CK-PC has been established. C.www.1p encapsulation in order to coexist on the same LAN segment with a PC." . QUESTION NO: 141 Look at the graphic below. The traffic on the voice VLAN must be tagged with 802. how to manage the traffic? "Pass Any Exam. A PC connected to a switch port via an IP phone must support a trunking encapsulation. Just as data devices come up and reside in the native VLAN (default VLAN). The new auxiliary VLAN is used to represent other types of devices collectively. which statement is true about the voice traffic coming to the switch access port that is connected to the IP phone? . but. no other devices should be attached to the IP phone. D. A data device VLAN (data subnet) is referred to as a port VLAN ID or PVID. data devices continue to reside in the native VLAN (or default VLAN) of the switch. To improve the quality of the voice traffic. The switch then provides the phone with its configured VLAN ID (voice subnet). if one has been configured on the switch. E. B. Any Time.Cisco 642-832: Practice Exam QUESTION NO: 140 An IP phone connects a user to a switch as shown below: Answer: A Explanation: The new voice VLAN is called an auxiliary VLAN in the Catalyst software command-line interface (CLI). Today those devices are IP phones (hence the notion of a voice VLAN). it communicates with the switch using CDP. data devices reside in a data VLAN. . other types of non-data devices will also be part of the auxiliary VLAN. The voice VLAN must be configured as a native VLAN on the switch. Meanwhile.actualtests. IP phones come up and reside in the auxiliary VLAN. in the future. also known as the voice VLAN ID or VVID. When the IP phone powers up.

sts Answer: A ." .co A. m . If CoS values from the PC cannot be trusted. use the cos keyword so that the CoS bits are overwritten to value by the IP Phone as packets are forwarded to the switch. use the following interface configuration command: Switch(config-if)# switchport priority extend {cos value | trust} Normally. D.Cisco 642-832: Practice Exam A switch instructs an attached IP Phone through CDP messages as to how it should extend QoS trust to its own user data switch port. The switch port FaO/4 would trust the priority for the frames received from the CK-PC. This is mentioned here to show how trust boundaries also exist at any connected IP Phones. In this case. should normally be untrusted and have all inbound CoS values set to 0. This is because the PC's applications might try to spoof CoS or Differentiated Services Code Point (DSCP) settings to gain premium network service. The switch port FaO/4 would neglect the priority of the frames received from the CK-PC. Any Time. they should be overwritten to a value of 0. The IP phone access port would trust the priority of the frames received from the CK-PC. To configure the trust extension.com 136 Ac Example: interface fastethernet 0/1 switchport voice vlan 200 switchport priority extend cos 0 tua lTe Explanation: The CK-PC connected to the phone.www. "Pass Any Exam.actualtests. The IP phone access port will override the priority of the frames received from the CK-PC. B. the QoS information from a PC connected to an IP Phone should not be trusted. C. however.

mls qos trust [ cos ] : Configure the port trust state.B.D 137 .1Q trunk is needed. The egress queue assigned to the packet is based on the packet CoS value 3. mls qos trust device cisco-phone : Configure the Cisco IP Phone as a trusted device on the interface. The switch instructs the phone to follow the mode that is selected. a special-case trunk is negotiated by Dynamic Trunking Protocol (DTP) and CDP." .co m Answer: A. All traffic is sent through one egress queue. the port is not trusted. switchport voice vlan vlan-id B. tua lTe sts . switchport priority extend cos_value D.Cisco 642-832: Practice Exam QUESTION NO: 142 You need to configure a new Cisco router to be installed in the VOIP network. just configure the switch port where it connects. If an 802. which Catalyst switch interface command should be issued in order for the switch to instruct the phone to override the incoming CoS from the CK-PC before sending the packet to the switch? "Pass Any Exam. mls qos trust device cisco-phone C. Which three interface commands will configure the switch port to support a connected Cisco phone and to trust the CoS values received on the port if CDP discovers that a Cisco phone is attached? (Select three) A. Use the cos keyword to classify ingress packets with the packet CoS values.www. Any Time. mls qos trust override cos Section 20: Troubleshoot a VoIP support solution (7 Questions) QUESTION NO: 143 Based on the graphic below.actualtests.com Ac Explanation: 1. In addition. By default. To configure the IP Phone uplink. mls qos trust cos E. Use the following interface configuration command to select the voice VLAN mode that will be used: Switch(config-if)# switchport voice vlan { vlan-id | dot1p | untagged | none} 2. the switch port does not need any special trunking configuration commands if a trunk is wanted.

mis qos cos 2 override Answer: B Explanation: Overriding the CoS Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco7960 IP Phone port.actualtests. "Pass Any Exam.Cisco 642-832: Practice Exam A. switchport priority extend cos 11 B. E. C. RTP will be used to negotiate aCoS value based upon bandwidth utilization on the link." .html Refer to the exhibit.1_14_ea1/config uration/guide/swvoip. The IP phone is enabled to override with aCoS value of 3 the existing CoS marking of the PC attached to the IP phone. The switch will no longer tag incoming voice packets and will extend the trust boundary to the distribution layer switch.com Ac tua QUESTION NO: 144 lTe sts . the trust boundary has been moved to the PC attached to the IP phone. B. What is the effect when the switchport priority extend cos 3 command is configured on the switch port interface connected to the IP phone? A. D. The computer is now establishing theCoS value and has effectively become the trust boundary. Any Time. switchport priority extend cos 2 C.www.com/en/US/docs/switches/lan/catalyst2950/software/release/12. Effectively. follow these steps to override the CoS priority received from the nonvoice port on the Cisco7960 IP Phone: Reference: http://www.cisco.co m 138 . Beginning in privileged EXEC mode. The PC can generate packets with an assigned CoS value. You can configure the switch to override the priority of frames arriving on the IP phone port from connected devices. mis qos cos 2 D.

Incorrect Answers: A: This would indicate a routing problem.cisco. Mis-routed packets B. Which of the following network problems would indicate a need to implement QoS features? (Select three) A. a segment that is too large.html QUESTION NO: 145 VOIP is being implemented in the network and you need to assess the need for QoS. The CoS value is a number from 0 to 7.D Explanation: Loss. Packet loss due to congestion E. Reference: http://www. Normally. Seven is the highest priority. E: Broadcast storms indicate a problem on a LAN segment.Cisco 642-832: Practice Exam Answer: C Explanation: The "switchport priority extend cos <priority>" is used to set the IP phone access port to override the priority received from the PC or the attached device." QoS would not help in this situation. jitter. FTP connections unsuccessful Answer: B.com Ac tua lTe sts . In this case. Jitter is a timing mismatch between two way traffic.1_14_ea1/config uration/guide/swvoip. a bad application." . such as a babbling host. Delay of critical traffic D. and delay is when a packet takes too long to get somewhere. and delay are the three reasons for implementing QoS features on modern networks. etc.com/en/US/docs/switches/lan/catalyst2950/software/release/12. too many hosts. FTP sessions are not delay sensitive due to the re-transmission nature of TCP and do not require QoS. Data link layer broadcast storms F. What causes network jitter? "Pass Any Exam. Excess jitter C.co m 139 .C.www.actualtests. Any Time. Loss is when a packet disappears on a network. The default is 0. or packets being "black-holed. QoS would not help in this situation. F: If only FTP sessions were having issues. QUESTION NO: 146 Jitter is causing problems with the VOIP application in the network. then the FTP application or FTP server should be corrected. it has been set to mark all traffic with a class of service value of 3.

packets are sent in a continuous stream with the packets being spaced evenly apart. improper queuing. this steady stream can become lumpy. or the delay between each packet can vary instead of remaining constant.co m 140 .actualtests.Cisco 642-832: Practice Exam A. Any Time." . In general. Due to network congestion. At the sending side. but there are instantaneous and total limits on buffering ability. traffic requiring low latency also requires a minimum variation in latency. Packet drops C. Transmitting too many small packets D.www.com Ac tua lTe According to the information presented in the following exhibit. Compression Answer: A Explanation: Delay variation or jitter is the difference in the delay times of consecutive packets. Variable queue delays B. A jitter buffer is often used to smooth out arrival times. "Pass Any Exam. Any type of buffering used to reduce jitter directly increases total network delay. can you tell me the reason that the trust state of interface FastEthernet 0/3 displays "not trusted"? sts QUESTION NO: 147 . Note: Jitter in Packet Voice Networks : Jitter is defined as a variation in the delay of received packets. or configuration errors.

" . Any Time.Cisco 642-832: Practice Exam "Pass Any Exam.co m 141 .www.actualtests.com Ac tua lTe sts .

ToS has not been configured. Any Time. DSCP map needs to be configured for VOIP. network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer. CDP runs on all media that support Subnetwork Access Protocol ( SNAP).com Ac tua Answer: D lTe A. Because CDP runs over the data-link layer only.co m 142 .Cisco 642-832: Practice Exam Explanation: CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Ciscomanufactured devices (routers.actualtests. The command mis qos needs to be turned on in global configuration mode. access servers. and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP. There is no CDP neighbor and trusted state also no trusted. sts . D. "Pass Any Exam. Communication between Switch and IP Phone is performed by CDP protocol. transparent protocols. bridges." . C. There is not a Cisco Phone attached to the interface. This feature enables applications to send SNMP queries to neighboring devices.www. two systems that support different network-layer protocols can learn about each other. B.

E. IP telephony applications require prioritization over other traffic as they are more delay sensitive. the voice traffic should be marked to give priority as close to the source as possible.Cisco 642-832: Practice Exam QUESTION NO: 148 You are a network administrator of a large investor relations company that uses a switched network to carry both data and IP telephony services. IP phones can only receive IP addresses through DHCP if they are in separate VLAN. Finally. The use of a queuing method that will give VoIP traffic strict priority over other traffic. In order to properly provide for QoS across the network. The proper classification and marking of the traffic as close to the source as possible. "Pass Any Exam.actualtests. The CDP frames from the IP phone can only be recognized by the switch if the phone is in an auxiliary vlan. but the bandwidth they do is very delicate. instead of dropping the voice packets when links become busy. Answer: A. WRED (Weighted Random Early Detection) could be configured to prevent congestion. B.www. The use of RTP header compression for the VoIP traffic.C. D. The use of WRED. If anything happens with the connection or the integrity of the data transfer in either direction the conversation won't seam natural. IP phones require inline power and must be in separate VLAN to receive inline power. C. D.E Explanation: In order to optimize the quality of VOIP calls. To ensure the highest degree of integrity you should put voice traffic on its own separate VLAN and give that VLAN the highest priority. Answer: B Explanation: Voice conversations don't take up a lot of bandwidth. By providing a strict queue for VOIP traffic." . Why should you carry voice traffic on a separate VLAN? A. This will ensure that the traffic is prioritized end to end. you will ensure that voice calls take precedence over the other traffic types.com 143 Ac tua lTe sts . QoS should be implemented to ensure that VOIP traffic is prioritized over other traffic types. WRED can be used to selectively drop less important traffic types.co m . Any Time. The use of 802.1QinQ trunking for VoIP traffic. C. B. QUESTION NO: 149 Which QoS mechanisms can you use on a converged network to improve VoIP quality? (Select three) A.

High availability Answer: A.actualtests. All traffic has an equal chance of being dropped.co m .) A. B.html lTe sts . QoS classified at layer 3 using IP precedence or DSCP. which is a kind of integrated service: "Pass Any Exam. Intelligent platforms C. compression of any kind lowers the quality of VOIP.E QUESTION NO: 151 Which of the characteristics below is associated with the (QoS) Integrated Services Model? A. D. Implemented using FIFO queues. Answer: B Explanation: Cisco IOS QoS includes the following features that provide controlled load service. D: The trunking method used will have no bearing on the VOIP quality. but it will not help with improving the voice quality.Section 21: Troubleshoot a video support solution(3 Questions) QUESTION NO: 150 The Company is rolling out Cisco's Architecture for Voice.C. Which of the following choices represent the fundamental intelligent network services in Cisco's AVVID? (Select all that apply. Guaranteed rate service.cisco. Any Time. Security E." . Video and Integrated Data (AVVID). Mobility and scalability D. Cisco AVVID Network Infrastructure addresses five primary concerns of network deployment: High availability Quality of service (QoS) Security Mobility and Scalability Reference: http://www. C.www.D. In general.Cisco 642-832: Practice Exam Incorrect Answers: B: Compression can be used to lower the bandwidth required to transmit VOIP calls. Quality of Service (QoS) B.com 144 Ac tua Explanation: By creating a robust foundation of basic connectivity and protocol implementation.com/en/US/netsol/netwarch/ns19/ns24/networking_solutions_audience_business _benefit09186a008009d678.

the CoS value can be marked up in a way that results in the packet being dropped. which allows applications to have low delay and high throughput even during times of congestion. adaptive real-time applications such as playback of a recorded conference can use this kind of service. and ingress interface are Layer 2 characteristics that are set by the access layer as it passes traffic to the distribution layer. If a frame is determined to be in excess of the predefined rate limit. which is typically a fixed number internal to the switch. For example. and ingress interface are established by the voice submodule (distribution layer) as traffic passes to the core layer. DSCP." . The distribution layer inspects a frame to see if it has exceeded a predefined rate of traffic within a certain time frame. F. Any Time. the Frame Relay discard eligible (DE) bit. Traffic inbound from the access layer to the distribution layer can be trusted or reset depending upon the ability of the access layer switches. C. No traffic marking occurs at the core layer. or is "trusted" that it is entering the network with the appropriate tag. Layer 2/3 QoS tags are trusted from distribution layer switches and used to prioritize and queue the traffic as it traverses the core. a Voice over IP (VoIP) application can reserve 32 Mbps end to end using this kind of service. once it has made a switching decision to the core layer.cisco.Cisco 642-832: Practice Exam Resource Reservation Protocol (RSVP) can be used by applications to signal their QoS requirements to the router. Cisco IOS QoS uses weighted fair queuing (WFQ) with RSVP to provide this kind of service. QoS group.co m Ø Guaranteed Rate Service. Your boss is interested in the QoS technology in the context of video traffic.html#1000946 145 . Traffic is marked (or remarked) at Layers 2 and 3 by the access switch as it enters the network. strips these off. E.www. Ø Controlled Load Service. IP address. which allows applications to reserve bandwidth to meet their requirements. IP precedence. For example. MAC address.com Ac tua lTe You work as a network technician. Priority access into the core is provided based on Layer 3 QoS tags.actualtests. What can be said of application of this technology in this type of network? (Select three) sts . the ATM cell loss priority (CLP) bit. "Pass Any Exam. Intelligent queuing mechanisms can be used with RSVP to provide the following kinds of services: QUESTION NO: 152 A. Multiprotocol Label Switching (MPLS). Cisco IOS QoS uses RSVP with Weighted Random Early Detection (WRED) to provide this kind of service.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter0 9186a008007ff07. The distribution layer. D. The access layer is the initial point at which traffic enters the network. B. Reference: http://www.

and policing should be performed as close to the traffic-sources as possible. The rest of the 3550 configuration is the default configuration.Cisco 642-832: Practice Exam Answer: A. Any Time. or reset the COS value to a different value.co m 146 . Core) due to oversubscription ratios.B. Queuing. specifically at the Campus Access-Edge. Host A and Host B are connected to the Catalyst 3550 switch and have been assigned to their respective VLANs. 10.10. which statement is true? lTe sts .com Ac tua Refer to the exhibit. but is unable to ping Host B. Host A is able to ping its default gateway. These switches also perform the necessary functions to map the layer 2 COS values to a layer 3 TOS or DSCP value when sending traffic into the cloud. needs to be provisioned at all Campus Layers (Access. on the other hand.10.www.actualtests.1.C Explanation: Three main types of QoS policies are required within the Campus: 1)Classification and Marking 2)Policing and Markdown 3)Queuing Classification. Distribution." . Section 22: Troubleshoot Layer 3 Security (4 Questions) QUESTION NO: 153 "Pass Any Exam. Given the output displayed in the exhibit. rest the COS value to 0. marking. Distribution and edge switches can be configured to trust the COS markings of incoming traffic.

Interface VLAN 10 must be configured on the SW1 switch. this has been a router's function. you must use a Layer 3 device. E. D.co m 147 . This is known as interVLAN routing . The router must have a physical or logical connection to each VLAN so that it can forward packets between them. VTP must be configured to support interVLAN routing. The global config command ip routing must be configured on the SW1 switch. VLANs 10 and 15 must be created in the VLAN database mode.actualtests. Layer 3 switching can occur between any type of interface. Any Time.Cisco 642-832: Practice Exam Answer: D Explanation: To transport packets between VLANs. as appropriate.com Ac tua A. Multilayer switches can perform both Layer 2 switching and interVLAN routing. HSRP must be configured on SW1.www. lTe sts ." . Layer 2 switching occurs between interfaces that are assigned to Layer 2 VLANs or Layer 2 trunks. B. as long as the interface can have a Layer 3 address assigned to it. Switch(config)# ip routing command enables the routing on Layer 3 Swtich "Pass Any Exam. Traditionally. C. A separate router is required to support interVLAN routing. F.

C. and VLAN10 are configured on the switch D-SW1.com Ac tua A.10.actualtests.255.1.1. On the basis of the exhibited output. F. which configuration solution could rectify the problem? Answer: C Explanation: Although a routed port is configured for connectivity with an external router.0.1 255. Configure default gateways to IP address 10.1 255. Configure default gateways to IP address 10. Any Time.www.1. Hosts are able to ping each other but are unable to reach the servers.1 on each host.0 "Pass Any Exam. Assign an IP address of 10.10.0/24.1 on each host.1. lTe sts .10.255. Host computers are on VLAN 2 (10.0).1.3. E.1.Cisco 642-832: Practice Exam QUESTION NO: 154 Refer to the exhibit. Configure a default route that points toward network 200.3. D.0. VLAN2. Enable IP routing on the switch D-SW1.1.1/24 to VLAN3.20.2.255. servers are on VLAN 3 (10.1.255. VLAN3.2 on each host.1.0 RouteSwitch(config)# interface vlan 20 RouteSwitch(config-if)# ip address 10." . Example: To route between VLANs 10 and 20 which have been configured on the multilayer switch use the following configuration: RouteSwitch(config)# interface vlan 10 RouteSwitch(config-if)# ip address 10.0).2.0). B.co m 148 . Configure default gateways to IP address 200. Inter-VLAN routing would most likely be achieved through the use of a virtual interface. and the management VLAN is on VLAN10 (10.1.

Answer: C Explanation: "Pass Any Exam.Cisco 642-832: Practice Exam QUESTION NO: 155 The network is displayed in the following network topology exhibit: Router configuration exhibit: A. InterVLAN routing has been configured properly. and the workstations have connectivity to each other. Although interVLAN routing is not enabled. D.co m . InterVLAN routing will not occur since no routing protocol has been configured.com 149 Ac Based on the network diagram and routing table output in the exhibit. the workstations will not have connectivity to each other. Any Time.actualtests. None of the other alternatives apply. which of these statements is true? tua lTe sts ." . both workstations will have connectivity to each other. C. E. Although interVLAN routing is enabled.www. B.

1 255.168.10.com Ac tua Study the following graphic carefully Host1 and Host2. InterVLAN routing can be performed by an external router that connects to each of the VLANs on a switch. Traditionally.10 Router(config-subif)# description Management VLAN 10 Router(config-subif)# encapsulation dot1q 10 Router(config-subif)# ip address 192. which description is correct when trying to ping from host to host? lTe sts .0 Router(config)# interface fa 0/0.20. Separate physical connections can be used.actualtests.168.255. are in the same subnet. The router must have a physical or logical connection to each VLAN so that it can forward packets between them.www. The Switch Port which is connected with Router should be trunk link.255.0 Router(config)# interface fa 0/0. you must use a Layer 3 device. To transport packets between VLANs.1 255. This is known as interVLAN routing . A trunk port should be configured on the link between CK-SW1 and CK-SW2 to ping successfully.0 QUESTION NO: 156 A. "Pass Any Exam. Any Time. which belong to different VLANs. or the router can access each of the VLANs through a single trunk link.255.91. According to the information displayed. this has been a router's function. VLANs are essentially isolated from each other so that packets in one VLAN cannot cross into another VLAN.168.Cisco 642-832: Practice Exam A Layer 2 network can also exist as a VLAN inside one or more switches.255. You need to configure like: Switch(config)# interface fa 0/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk encapsulation dot1q In Router you need to configure like: Router(config)# interface fa 0/0 Router(config-if)# description VLAN 1 Router(config-if)# ip address 192.255.1 255.20 Router(config-subif)# description Engineering VLAN 20 Router(config-subif)# encapsulation dot1q 20 Router(config-subif)# ip address 192.co m 150 .255." .

D. E." . What will happen to traffic within VLAN 14 with a source address of 172. QUESTION NO: 157 The following "show" command was issued on R1: Study the exhibit carefully. B. The traffic will be forwarded to the TCAM for further processing. The traffic will be forwarded to the router processor for further processing.10. The ping command will be successful without any further configuration changes.actualtests.co m Section 23: Troubleshoot issues related to ACLs used to secure access to Cisco routers (2 Questions) 151 .16.5? A. in this case the "switchport mode access" command has been used for these ports so the VLAN information will be sent along untagged.com Ac tua lTe sts . Any Time. The traffic will be dropped. Devices that are in different VLANs can ping each other as long as they are in the same subnet when the VLAN information is untagged. The two hosts should be in the same VLAN in order to ping successfully. you must use a Layer 3 device. A Layer 3 device is a must in order for the ping command to be successful. The traffic will be forwarded without further processing. However. C. None of the other alternatives apply Answer: A "Pass Any Exam. to transport packets between VLANs.Cisco 642-832: Practice Exam B. D. C.www. Answer: D Explanation: Normally.

(Multiple set clause entries will cause PBR to use the routing table. and to match the packet against one or more ACLs (standard or extended).185. Check the routing table for 212. C. lTe QUESTION NO: 158 sts . D.) Answer: B "Pass Any Exam.126. perform these steps: Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. In access map configuration mode. optionally enter an action forward or action drop . Enter the vlan access-map access-map-name [ sequence ] global configuration command to create a VLAN ACL map entry. Any Time. A single access-map can be used on multiple VLANs. also known as VLAN ACLs or VACLs. Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one or more VLANs. If no sequence number is entered. Unlike router ACLs.co m 152 . you need to understand why the policy routing match counts are not increasing. This access-list will select the traffic that will be either forwarded or dropped by the access-map.50." . The order of these entries is determined by the sequence .actualtests. VLAN maps are used strictly for security packet filtering.www. Also enter the match command to specify an IP packet or a non-IP packet (with only a known MAC address). or are bridged within a VLAN. Remove any two of the set clauses. Based upon the configuration.com Ac tua Refer to the exhibit. Only traffic matching the 'permit' condition in an access-list will be passed to the access-map for further processing. VLAN maps are not defined by direction (input or output). Which would be the first logical step to take? Select the best response. B. VLAN maps can be configured on the switch to filter all packets that are routed into or out of a VLAN. Confirm if there are other problematic route-map statements that precede divert. Check the access list for log hits. Each access-map can have multiple entries.Cisco 642-832: Practice Exam Explanation: VLAN maps. accessmap entries are added with sequence numbers in increments of 10. To create a VLAN map and apply it to one or more VLANs. The default is to forward traffic. can filter all traffic traversing a switch. A.

" .actualtests. You study the exhibit carefully. Any Time. sets the port state to unauthorized E. What is the function of this configuration? A.co m 153 . mitigates the risk of rogue devices gaining unauthorized access to the network B. sets the maximum number of retries to supplicant for EAP-request frames of types other than EAP-Request/Identify D.www.com Ac tua lTe sts .Cisco 642-832: Practice Exam Explanation: Section 24: Troubleshoot configuration issues related to accessing the AAA server for authentication purposes (1 Questions) QUESTION NO: 159 Exhibit: You work as a network administrator. configures a guest VLAN on this interface Answer: A "Pass Any Exam. sets the port state to authorized C.

NTP. Disable CDP on ports where it is not necessary C. a switch port will not pass any traffic until a user has authenticated with the switch. Another method used to prevent VLAN hopping is to prevent automatic trunk configuration. When it is enabled.finger. which is known as dot1x authentication.1Q and ISL tagging attacks. RCP etc.www. Reference: VLAN Security White Paper.co m 154 .) (4 Questions) QUESTION NO: 160 You want to enhance the security within the LAN and prevent VLAN hopping. Cisco Systems http://www.e. Hackers used 802. Section 25: Troubleshoot security issues related to IOS services (i. the user can use the port normally. if a switch port were configured as DTP auto and were to receive a fake DTP packet." .. By not granting connectivity or by placing a device into a VLAN not in use. unauthorized access can be thwarted through fundamental physical and logical barriers.actualtests. For example.shtml "Pass Any Exam.com/en/US/products/hw/switches/ps708/products_white_paper09186a00801315 9f. HTTP.cisco. What two steps can be taken to help prevent this? (Select two) A. Any Time. Therefore.com Ac tua lTe sts . FTP. Implement port security Answer: C.D Explanation: To prevent VLAN hoping you should disable unused ports and put them in an unused VLAN. which are malicious schemes that allow a user on a VLAN to get unauthorized access to another VLAN. If the authentication is successful.Cisco 642-832: Practice Exam Explanation: Cisco switches supports port-based authentication with combination of AAA. or a separate unrouted VLAN. Enable BPD guard B. Place unused ports in a common unrouted VLAN D. a malicious user could start communicating with other VLANs through that compromised port. Prevent automatic trunk configuration E. it might become a trunk port and it might start accepting traffic destined for any VLAN.

in a situation where the CAM table is filled up. VLAN hopping C. The switch learns about these MAC addresses and puts them in its CAM table.com 155 Ac tua lTe sts . The switch continues to flood the frames with destination addresses that do not have an entry in the CAM tables to all the ports on the VLAN associated with the port it is receiving the frame on. this port is under the attacker's control and a machine connected to this port is being used to send frames with spoofed MAC addresses to the switch.ru/cisco/ch05lev1sec2. causing switch CAM tables to be filled and forcing unicast traffic to be transmitted out all switch ports. MAC spoofing B. Which type of Layer 2 attack is being used here? A.co m . when a machine receiving a frame responds to it. Any Time. MAC address flooding D.soundonair. During this attack. when the switch receives a legitimate frame for which it does not know which port to forward the frame to. eventually the switch's CAM table becomes filled with entries for these bogus MAC addresses mapped to the compromised port. In reality. the switch is unable to create this CAM entry. Under normal operations. Reference: http://book. If the attacker keeps sending these frames in a large-enough quantity.www." . numerous frames are forwarded to a switch which causes the CAM table to fill to capacity. It puts this mapping in its CAM table. allowing it to send any future frames destined for this MAC address directly to this port rather than flood all the ports on the VLAN. At this point.Cisco 642-832: Practice Exam QUESTION NO: 161 The network is being flooded with invalid Layer 2 addresses. the switch floods all the connected ports belonging to the VLAN on which it has received the frame. the switch learns that the MAC address associated with that machine sits on the port on which it has received the response frame. Session hijacking Answer: C Explanation: Port security is especially useful in the face of MAC address flooding attacks. thinking that these MAC addresses actually exist on the port on which it is receiving them. and the switch continues to learn of them. an attacker tries to fill up a switch's CAM tables by sending a large number of frames to it with source MAC addresses that the switch is unaware of at that time. However.actualtests. How does this action benefit the attacker? "Pass Any Exam.html QUESTION NO: 162 A MAC address flood attack is occurring on the LAN. DHCP flooding E. In these attacks.

B. D. All traffic is tagged with a specific VLAN ID from the VLAN of the attacker and is now viewable.actualtests. allowing the attacker to start sniffing. which will in turn send them to the desired destination but not before recording the traffic patterns. makes the switch display the characteristics of a hub. Reference: http://www. Clients will forward packets to the attacking device. This.) A. Simple Network Management Protocol "Pass Any Exam. B. All traffic is flooded out all ports and an attacker is able to capture all data. in essence. The goal is to flood the switches CAM (content addressable memory) table.html QUESTION NO: 163 Which of the following characteristics describe the BPDU Guard feature? (Choose all that apply.com Ac tua lTe sts . where it sends packets to all ports.) A. C. or port/MAC table with these bogus requests.Cisco 642-832: Practice Exam A. and once flooded. A BPDU Guard port receiving a BPDU will be disabled." . A MAC flooding attack looks like traffic from thousands or computers moving into one port. None of the other alternatives apply Answer: D Explanation: MAC flooding basically involves bombarding the switch with spoofed ARP requests in the hope of making the switch "fail open". BPDU Guard and PortFast should not be enabled on the same port.E QUESTION NO: 164 Which of the following are valid modes of accessing the data plane? (Choose all that apply. RADIUS D. Answer: A. All traffic is redirected to the VLAN that the attacker used to flood the CAM table.co m 156 . A BPDU Guard port receiving a BPDU will go into err-disable state. F. Serial connection B. E. BPDU Guard is used to ensure that superior BPDUs are not received on a switch port. Any Time. C. The success of this attack is almost completely dependant on the model and manufacturer of the switch. the switch will broadcast openly onto a LAN. D.governmentsecurity.org/archive/t2605. Secure Shell C. BPDU Guard can be enabled on any switch port. E. but it's actually the attacker spoofing the MAC address of thousands of non-existent hosts.www. A BPDU Guard port should only be configured on ports with PortFast enabled.

The correct bandwidth should be configured on the interface.www.co m . Bottom-up "Pass Any Exam.com 157 Ac A. B. Managed overlay VPN topology C. C. Any Time.F QUESTION NO: 165 Which of the following is not an essential prerequisite for AutoQoS to be correctly applied to an interface? (Choose all that apply. AutoQoS must be enabled globally before it can be enabled on the interface. Extranet VPN B. A QoS policy must not be currently attached to the interface. CEF must be enabled.B. Top-down C. E. Answer: A. Central-site VPN topology E.E QUESTION NO: 166 Answer: E QUESTION NO: 167 Which of the following is not considered a common approach to narrow the field of potential problem causes? (Choose the best answer. D. Full mesh VPN topology F.) A.E.Cisco 642-832: Practice Exam E. Telnet Answer: A. Comparing configurations D. Hub-and-spoke VPN topology D.actualtests. F. An IP address must be configured on the interface if its speed is equal to or less than 768 kbps. Remote-access VPN topology tua lTe Which of the following topology situations would be a qood candidate for configuring DMVPN? sts . The interface must be configured as a Multilink PPP interface.) A." . HTTP F.D. Following the traffic path B.

co m .168. RP Discovery Protocol (RDP) E.1. E.1. Any Time.168. C.168.50. Creates a tree from a central RP to all last-hop routers. Examine SLAs Answer: F QUESTION NO: 168 Which of the following best describes the following command: ip flow-export destination 192.50 for packets up to an MTU of 1500.1. it is a NetFlov/ command that v/ill export 1500-byte packets to IP address 192.168. Memory requirements are higher for shared distribution tree than for source distribution tree. QUESTION NO: 169 A. it is not a valid NetFlow command. B.168.50. RP Helios F." . It is a NetFlov/ command that v/ill specify that the NetFlov/ collector's IP address is 192. It is an SNMP command that exports flows to destination address 1Q2.1.1. RPARP(RARP) Answer: A. "Pass Any Exam. it is a NetFlov/ command that allows IP address 192.168. it is an SNMP command that exports 1500-byte packets to IP address 192. Divide and conquer F. D.) lTe sts Answer: E . Statically defined RP B.com 158 Ac tua Which of the following are valid methods of providing a router with information concerning the location of the RP? (Choose all that apply.C QUESTION NO: 170 Which of the following are shared distribution tree characteristics? (Choose all that apply. Auto-RP D.www.50 over UDP port 1500.50 1500? A.Cisco 642-832: Practice Exam E.1. F.actualtests.50 to send traffic to port 1500. Bootstrap Router C.) A. B.B.

www. D.F QUESTION NO: 171 Given the multicast IP address of 224. Place (*. The configuration file in NVRAM is copied to an FTP server. B.G) entry in a router's multicast routing to table. The configuration on the FTP server is copied to NVRAM.Cisco 642-832: Practice Exam C.com 159 Ac tua Which of the following is an accurate description of the command copy startup-config ftp://kevin:cisco@192. 00-00-0c-c0-05-0a B.74? lTe sts .co m . 01-00-5e-cl-05-0a Answer: D QUESTION NO: 172 A. D. 00-00-0c-cl-05-0a C. 01-00-5e-41-05-0a E. The configuration on the FTP server is copied to RAM. 00-00-0c-01-00-5e F. F. Answer: D QUESTION NO: 173 Which of the following commands can be used to gather information about the AS-PATH of a BGP route? (Choose all that apply. what would the corresponding multicast MAC address be? A. Place (S.10. An optimal path is created between each source router and each last-hop router. The command is not valid on a Cisco router. show ip bgp neighbors "Pass Any Exam. 01-00-5e-00-00-0c D.) A. The configuration file in RAM is copied to an FTP server. C." .1.168. Answer: C. Uses a rendezvous point.G) entry in each router's multicast routing table.193. F.5. The configuration will be copied from NVRAM to an FTP server with a filename of Kevin.actualtests. E. Any Time. E.

15 seconds D. The new router will become active immediately because it's the newest router introduced into the group. D. 20 seconds F. The new router has preempt configured and a higher priority F. sh ip bgp database Answer: B. The new router will never become active unless the existing active router becomes unavailable. Any Time.www.E QUESTION NO: 174 How long will a port remain in the listening state by default? A.com 160 Ac tua A new router is added to an existing HSRP standby group. One of the existing routers is in an active state." . Until the root directs it to start forwarding E. the other is in a standby state. The new router has a higher priority value. Under what circumstance will the new router become the active router? lTe sts Answer: C . show ip route bgp D. 50 seconds C. Answer: E QUESTION NO: 176 Which of the following is not a valid reason for a packet to be punted? "Pass Any Exam. B. C.actualtests. show ip bgp E. Depends on the number of switches in the spanning tree domain B. debug ip bgp updates C.co m . The new router can become active only when the existing active router and the existing standby router become unavailable.Cisco 642-832: Practice Exam B. show ip bgp summary F. E. Depends on the pott speed QUESTION NO: 175 A. The new router has a lower priority value.D.

" .actualtests. The TCAM has reached capacity B. B. Divide and conquer F. Answer: A. OSPF LSA type 1 triggers an LSA type 3 at an ABR.Cisco 642-832: Practice Exam A.C QUESTION NO: 177 Which of the following are not true OSPF LSA rules? A. F.E QUESTION NO: 178 A. OSPF LSA type 5 triggers an LSA type 7 at an A5BR but only in N5SAs. D. OSPF LSA type 7 triggers an LSA type 5 at an ABR between an NSSA and the backbone area. OSPF LSA type 3 triggers an LSA type 4 at an ABR. A packet belonging to a GRE tunnel Answer: B. Follow the traffic path Answer: E QUESTION NO: 179 Which of the following are not BGRP data structures? (Choose all that apply. Component swapping C.) "Pass Any Exam. Top down D. Which of the following troubleshooting methods would be most appropriate to make the best use of the troubleshooters1 time? lTe sts . Any Time. OSPF LSA type 5 triggers an LSA type 7 at an ABR between an NSSA and the backbone area. An unknown destination MAC address C. A packet being discarded due to a security violation D. Bottom up B.www.D. A Telnet packet from a session being initiated with the switch E.com Ac tua Several troubleshooters are about to work on the same problem. Routing protocols sending broadcast traffic F. C. Shoot from the hip E.co m 161 . E. OSFP LSA type 2 triggers an LSA type 3 at an ABR.

EIGRP topology table Answer: A.D.) "Pass Any Exam. EIGRP neighbor table D." .F QUESTION NO: 182 Which of the following would be considered reasonable network maintenance tasks? (Choose all that apply.Cisco 642-832: Practice Exam A. MAC forwarding table is full D. EIGRP database table B.F QUESTION NO: 181 A. Bad cabling C. 2fff:f:f:f::f/64 E. 2001:aaaa: 1234:456c: 1/64 C.actualtests.) A. ff02:33ab:l:32::2/128 F.com Ac tua You examine the port statistics on a Cisco Catalyst switch and notice an excessive number of frames are being dropped.B. 2001:bad:2345:a:b::cef/128 Answer: B.www.co m 162 . EIGRP adjacency table E. Which of the following are possible reasons for the drops? lTe sts . Any Time. EIGRP interface table F.D QUESTION NO: 180 Which of the following is a valid host IPv6 address? (Choose all that apply. Port configured for full duplex F. 2001:000a:lb2c::/64 D. ff02:a:b:c::l/64 B. Unknown destination MAC address B. Network congestion Answer: B. EIGRP CEF table C. Port configured for half duplex E.

Cisco 642-832: Practice Exam A. DHCPOFER.) "Pass Any Exam. DHCPOFFER. Any Time. DHCPACK F." . Schedule documentation checks. DHCPREQUEST. DHCPREQUEST.1. Providing support to sales and marketing E. Use the Cisco Rollback feature.actualtests. DHCPREQUEST. DHCPOFFER. DHCPACK B.C. B. DHCPREQUEST.B. Giving presentations to management F. DHCPACK E.com 163 Ac tua lTe sts . Automate documentation. Use the Cisco Configuration Archive tool. Require documentation prior to a ticket being closed out. Troubleshooting problem reports C. C. DHCPDISCOVER D. DHCPOFFER. DHCPDISCOVER. DHCPDISCOVER.1. Ensuring compliance with legal regulations and corporate policies B. Use the Cisco Auto Configuration tool. DHCPOFFER. DHCPOFFER Answer: B QUESTION NO: 184 Which of the following statements regarding documentation would not be considered a helpful step in the troubleshooting process? A. DHCPREQUE5T. Planning for network expansion D.F QUESTION NO: 183 Which of the following options represents the correct sequence of DHCP messages after a client initially boots? A. Monitoring and tuning network performance Answer: A. DHCPACK C.co m . DHCPDISCOVER.www. DHCPDISCOVER. DHCPACK. E. Answer: A QUESTION NO: 185 Which of the following statements are true concerning the command ip sla monitor responder type tcpconnect ipaddress 10.1 port 23? (Choose all that apply. D. DHCPACK. DHCPREQUEST. F. DHCPDISCOVER.

www.com Ac tua lTe sts . On each router that exists between the client and the server C. The command will initiate a probe with a destination IP address of 10. E. The command is used on the IP SLA responder and the IP SLA source.1.Cisco 642-832: Practice Exam A. The command is used to make the router a responder.1. configure tftp running-config Answer: B QUESTION NO: 188 Which of the following is not a characteristic of fast switching? "Pass Any Exam.co m 164 . copy startup-config running-config E.1. copy archive running config D. D. The command will initiate a probe with a source port of 23. The command will allow only source address 10.) A. C. The command will initiate a probe with a destination Telnet port. Only when a router separates the client from the server D.1. configure archive running-config B. Only when there is a duplicate IP address caused by a combination of static and dynamic IP address allocations B.D QUESTION NO: 186 In what situation would the command ip helper-address be required? (Choose the best answer. Only when the client is on the same subnet as the server F. F. copy tftp running-config F. Only when the DHCP pool is out of IP addresses Answer: C QUESTION NO: 187 Which of the following commands will restore a previously archived configuration by replacing the running configuration with the archived configuration? A. configure replace C. Answer: A." . Only if the DHCP sever issues a DHCPNAK to the initial request E. Any Time.1.actualtests. B.1 to source probes.

E.Cisco 642-832: Practice Exam A.F QUESTION NO: 191 Which of the following statements concerning IGMP are correct? (Choose all that apply. C. use the information in the fast cache.com 165 Ac Which of the following pieces of information will the command show interface provide? (Choose all that apply. compared to process switching. D. show ipsec crypto map E. Fast switching reduces a routers CPU utilization. E. show ipsec crypto map sa Answer: A QUESTION NO: 190 A. show crypto map ipsec sa B. F. The fast cache contains information about how traffic from different data flows should be forwarded. Any Time. Layer 2 status F." .co m .actualtests.www. Even though the fast switching is enabled.) "Pass Any Exam. It can be enabled with the interface command ip route-cache. except for the first packet. Fast switching uses a fast cache maintained in a router's control plane. B.) tua lTe sts . show crypto engine connections active D. Cable type connected to interface E. Input queue drops Answer: A. Output queue drops C. All packets of a flow. Answer: D QUESTION NO: 189 Which of the following commands will display a router's crypto map IPsec security association settings? A. show crypto map sa F.B. Interface CPU utilization D. show crypto map C. Layer 1 status B. the first packet of a flow is still process switched.

B. EIGRP advertises the best routes to its neighbor.E QUESTION NO: 192 Which of the following are byproducts of a structured maintenance plan? (Choose all that apply." . EIGRP allows unequal cost load balancing.com 166 Ac tua lTe sts . EIGRP advertises all routes to its neighbor.E. OSPF allows unequal cost load balancing. Improved expenditure forecasts D. B. With IGMPvl.) A. D. D. C.actualtests. Increased downtime E. An IGMPv2 router can only allow IGMPv2 hosts to execute a join request.Cisco 642-832: Practice Exam A.D QUESTION NO: 194 Which of the following commands will remove all dynamic entries for a router's NAT table? A. Answer: A.www. OSPF requires neighbor adjacencies before updates are sent. F.co m . a leave message is supported. Hosts issuing IGMPvl requests will be correctly interpreted by IGMPv2 hosts due to backward compatibility. Any Time. E.D. F. B. An IGMPv2 host will send an IGMFVl report on an IGMFVl router.F QUESTION NO: 193 Which of the following are correct statements? A. EIGRP uses "cost" to determine best path. Predictable security vulnerabilities B. Predictable equipment obsolescence F.C. An IGMPv2 router will ignore IGMPv2 leave messages when IGMFVl hosts are present. C. Economies of scale C. Answer: C. With IGMFV2. E. clear nat translations "Pass Any Exam. Consumption of fewer resources Answer: A. queries are sent to a specific group.C.

) A. Standards-based protocol C.Cisco 642-832: Practice Exam B. clear ip nat translations* C. authorization.co m . VPN client software F." . Cisco proprietary B.C. GRE or IPsec configuration D. clear ip nat translations F. MTU size E.actualtests.www. Overlapping IP address space C. clear ip nat translations all Answer: B QUESTION NO: 195 Which of the following are TACACS+ characteristics? (Choose all that apply.C. Uses UDP for a transport layer F. User authentication B.) A. and accounting D. Provides separate services for authentication. clear ip nat statistics D.) lTe sts Answer: A. Encrypts the entire packet QUESTION NO: 196 A. Encrypts only the password E.F . clear ip nat transactions * E. Any Time. Authentication server configured ly Answer: B. User authentication ID and password "Pass Any Exam.D QUESTION NO: 197 Which of the following would provide good baseline documentation to have on hand when analyzing potential problems? (Choose all that apply.com 167 Ac tua Which of the following are common issues that should be considered when establishing or troubleshooting site-to-site VPNs? (Choose all that apply.

Output of show process cpu Answer: C.D QUESTION NO: 199 A. A Root Guard port receiving inferior BPDU goes into a root-inconsistent state. sh ip route B. It should be applied to all switch ports. sh ip adjacency </p_address> F. Any Time. User profile C. Output of debug D.www. E. sh ip route <ip_addres$> E.co m 168 . C.Cisco 642-832: Practice Exam B. sh ip cef <ip_address> C.D. F. The port returns to a forwarding state if inferior BPDUs stop.F QUESTION NO: 198 Which of the following characteristics describe the Root Guard feature? (Choose all that apply. sh adjacency <ip_address> D.) A. Answer: B. Result of ping F. Output of show interface E.com Ac tua Which of the following commands provides data plane information required to forward a packet to a specific ip address? lTe sts . The port must be put into forwarding state manually after root-inconsistent state has been corrected. While the port is in a root-inconsistent state no user data is sent across that port." .actualtests. B. A Root Guard port receiving superior BPDU goes into a root-inconsistent state.E. sh ip cef <mac_addrQss> <ip_address> Answer: B QUESTION NO: 200 Which of the following management types can be used to deploy appropriate quality-of-service solutions to make the most efficient use of bandwidth? "Pass Any Exam. D.

E.Cisco 642-832: Practice Exam A." . FIB switching C. A faulty cable from host to switch or between switches F. Configuration management Answer: D QUESTION NO: 201 Whichof the following are valid modes of packet switching on most routers? (Choose all that apply.www.F QUESTION NO: 202 Which of the following is an unlikely reason for the ARP process to fail? A. The trunking encapsulation type is inconsistent on the two ends of the link Answer: A. CEF switching is disabled on the switch B. Accounting management C. The source device and destination device are in different VLANs C. The host is connected to the switch through an IP phone E.co m . Process switching F. "Pass Any Exam.com 169 Ac tua lTe sts . Fast switching Answer: A.) A.actualtests. Performance management E. Operations management D. Any Time. Cache switching D.D QUESTION NO: 203 Which of the following is not a characteristic of Cisco Express Forwarding? A. Cisco Express Fonvarding B. The adjacency table is populated from a router's ARP cache. Optimized switching E. Fault management B. The VLAN is excluded from the trunk D. Security management F.

0000. D. 0000. 0000.ac22 B.F QUESTION NO: 205 A. E.www. On most router platforms CEF is enabled by default. The FIB is populated from a router's IP routing table.cala F. C.acl6 D.E. 0000. Hypothesize underlying causes E.0c07.0c70. Eliminate potential causes B.com 170 Ac tua Which of the following virtual MAC addresses is correct for the HSRP group 22? lTe sts .actualtests. Answer: D QUESTION NO: 204 Which of the following are considered subcomponents of the problem diagnosis step of the troubleshooting flow? (Choose all that apply.ac07 Answer: C QUESTION NO: 206 Which of the following procedures are involved in the recommended three-step troubleshooting flow? (Choose the best three answers. 0000. CEF does not require the first packet of a data flow to be process switched.B.) A. Problem report "Pass Any Exam.co m .ac22 E. Examine collected information Answer: A. F. Document causes D. Any Time. 0000.0c70.) A.22ac C. CEF can be enabled with the interface command ip cef.Cisco 642-832: Practice Exam B. Verif/ hypothesis F. Collect information C.D." .0c07. CEF maintains the Forward Information Base and the adjacency table.0d22.0c07.

M.1. Any Time.0. Problem collaboration C. OSPF link-state database E.M A. Problem documentation F.com 171 Ac tua A router simultaneously receives all the following routes in various routing updates. EIGRP route 10. Ping 10.Cisco 642-832: Practice Exam B.www. RIP route 10. Probiem authentication Answer: A." .actualtests. OSPF routing information base D. Problem resolution E. RIP route 10. Ping 10.) lTe sts .1.0.1 Data Pattern M.0. OSPF adjacency table F.0/16 F. OSPF neighbor table Answer: B.C.0/24 B.D QUESTION NO: 207 Which of the following data structures exist on a router for the OSPF routing protocol? A.1 timeout 0 "Pass Any Exam.C. RIP route 10. Problem diagnosis D.0/24 Answer: B.1.2.2.E QUESTION NO: 209 Which of the following commands would result in the following output: M.co m .1.0.0/24 C.1.0/16 E.1.D.0/16 D.1. OSPF route 10.F QUESTION NO: 208 A. B. OSPF topology table B. Which of the following routes would end up in the routing table? (Choose all that apply. OSPF route 10.1.1. OSPF interface table C.D.2.

Rl(config-if)#ipv6 default-information originate B. FF02::5 Answer: F QUESTION NO: 212 Which of the following commands shows all routes learned via EIGRP? (Choose all that apply.Cisco 642-832: Practice Exam C. Rl(config-router)#aggregate-address ::/0 summarize-routes QUESTION NO: 211 The 0SPFv3 process will send hello packets to which of the follov/ing well-known addresses? A. FF02::10 E.www. Any Time.255. Ping 10.1 size 1500 df-bit D. 224." .com 172 Ac tua lTe sts Answer: D .255 B.1.1. show ip eigrp routes "Pass Any Exam. Rl(config-router)#ipv6 rip route . 224.co m .1.1 size 1500 F. Ping 10.0.0.:/0 originate F.1.1. FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFF:FFF D.1.0.1 source loopback 0 E. Rl(config-if)#ipv6 rip <process-name> default-information only E.1 size 1500 Strict Answer: C QUESTION NO: 210 Which of the following commands will cause RIPng to originate a default route advertisement while suppressing all other routes? A.1.actualtests.10 F. 255. Ping 10. show ip eigrp topology B. Rl(config-router)#ipv6 rip <process-name> default-information only C.0.1. show ip eigrp adjacency C. Ping 10. Rl(config)#ipv6 route ::/0 null 0 D.255.) A.6 C.

Nonswitch port C.www. A route-map containing a seed command F.F QUESTION NO: 215 Which of the following characteristics are common to both RIPv2 and RIPng? (Choose all that apply. A route map containing a metric command Answer: C. Switch port D. Root port Answer: A.co m . Designated port B. The default-metric command configured under the appropriate interface B.actualtests. Interface can be added to RIP routing process in either interface configuration mode or in router configuration mode "Pass Any Exam.E. Any Time.) A.D. show ip route eigrp F. The metric parameter in the network command of a routing process C.F QUESTION NO: 214 Which of the following is a valid method for defining a seed metric? (Choose all that apply. The metric parameter in the redistribute command D. show ip eigrp forwarding Answer: A QUESTION NO: 213 Which of the following three port types are valid Spanning Tree port types? (Choose the best three answers.) A." . The default-metric command E.com 173 Ac tua lTe sts . show ip eigrp database E. Nondesignated port F. Nonroot port E.Cisco 642-832: Practice Exam D.) A. Link-local address used for next-hop addresses B.

Uses a multicast to send routing updates D. Use hop count as a metric E.txt B.168.1.1/route. and use static routes to point the IPv4 address to those interfaces.1/route. Create an IPv4 tunnel and assign the tunnel IPv6 addresses. Create IFV6 interfaces on both ends of the network. Any Time.1/route. Use an IPv6 routing protocol like OSPFv3 and assign IPv4 packets to that process. B. and use either static routes or a routing process to direct IPv6 packets through those interfaces. Maximum hop count is 15 with 16 being "unreachable" Answer: C.com 174 Ac tua lTe sts . show ip route | to tftp://192. Create IPv4 interfaces on both ends of the network.1.E.F QUESTION NO: 216 Which of the following commands will enable you to see the contents of the IP routing table and send the output to a TFTP server at the same time? A.txt C show ip route | include tftp://192.www. F.txt Answer: B QUESTION NO: 217 Which of the following solutions will encapsulate IPv6 packets with IPv4 headers? A.1/route.1. E.co m . Quality of Service "Pass Any Exam.1/route. IPv6 packets cannot be encapsulated with IPv4 headers because the addresses are not compatible." . Answer: F QUESTION NO: 218 Which of the following is not a typical wireless troubleshooting target? A.1.168.1.actualtests. show ip route | tee tftp://192.txt D.168. D.D.168. C. show ip route ft include tJtp://19Z168. Create an IPv4 tunnel and use the tunnel mode ipv6ip command. Distance-vector routing protocol F.Cisco 642-832: Practice Exam C. show ip route | redirect tftp://192.txt E.

User profiles F. A. MTU Answer: A.) "Pass Any Exam.actualtests. DHCP configuration Answer: D QUESTION NO: 219 Which of the following is a valid representation of the following IPv6 address: 2001:0000:0000:0abc:0000:0000:000a:000b? Choose the answer with the least number of digits.com 175 Ac tua Which of the following are troubleshooting targets common to both site-to-site and remote-access VPNs? (Choose all that apply. 2001::abc:0:0:a:b Answer: F QUESTION NO: 220 A. Trunk configuration C.B.co m . Access lists D. Routing protocol configuration E." . 2001::0abc:0000:0000:a:b E. Which of the following are possible solutions? (Choose all that apply. Power over Ethernet F.F QUESTION NO: 221 You are using NBAR to get a statistical baseline for the applications running on your network but discover that some applications are not being recognized. 2001:0000:0000:abc::a:b F. 2001::abc:0:0:000a:000b D. Misconfiguration of VPN end points C.www. 2001::abc::a:b C.Cisco 642-832: Practice Exam B. DMVPN E. Any Time. Overiapping IP address space D. Routing loops B. 2001:0000:0:abc:0000:0000:a:b B.) lTe sts .

The applications not being recognized can be rerouted to an NBAR collector.0.B. B.C QUESTION NO: 222 Which of the following statements are true for routers but not true for Layer 3 Ethernet switches? (Choose all that apply. C. D. F.0. E. Uses subinterfaces to define trunks E. F.co m 176 . Traditionally used as a standalone device for inter-VLAN communication C.Cisco 642-832: Practice Exam A.com Ac tua lTe sts . Use the ip nbar pdlm command to allow NBAR to reference a new PDLM in flash memory.0 0. A large BGP table. The router sends a large number of ARP requests. A large number of BGP sessions. Use the ip nbar port-map command to allow NBAR to recognize certain applications with anev/ port number. B. A flapping interface. C. A router is configured with the following command: ip route 0. May have Ethernet as well as non-Ethernet interfaces B. Answer: A. All interface buffers are continually in use.www. D. Answer: B QUESTION NO: 224 "Pass Any Exam.) A.0 fa 0/1.D QUESTION NO: 223 Which of the following events would not explain excessive CPU utilization? A. Any Time. If NBAR doesn't recognize certain applications you must contact Cisco and ask them to email you a new PDLM for that application." . Use the copy nbar flash: command to download a new PDLM file to flash.0. Use the ip nbar pdlm command to download a new NBAR reference file from the Cisco website. E.actualtests.0. Makes use of TCAMs D. Can use both Layer 2 and Layer 3 to make forwarding decisions F. Allows the definition of Switched Virtual Interfaces (SVI) Answer: A. which has a more complete list of applications.

www. broadcast. broadcast.C. whereas an ARP reply uses a address. unicast. multicast B. Changing configurations C.co m Which of the following is not a typical maintenance task within a network maintenance model? .F QUESTION NO: 227 A network administrator enters the command clear ip route * and as a result he sees the message. multicast. Monitoring network performance E. broadcast." . "Please update the network documentation to record why the ip routing table was cleared. Any Time. 2801 C. 2851 D. Providing technical customer support B." Which "Pass Any Exam. broadcast C.D. unicast D. 2811 B. 1841 F. Replacing hardware F. multicast Answer: C QUESTION NO: 225 Answer: A QUESTION NO: 226 A. unicast E. Scheduling backups . 3825 Answer: A.B.Cisco 642-832: Practice Exam Which of the following correctly fills in the missing words of this sentence: An ARP request uses a address. 2821 E.com 177 Ac Which of the following router models will support 1000 tunnels? tua lTe sts A. broadcast F. A.actualtests. Updating software D. unicast.

co m 178 .com Ac You issue the command show process memory | include BGP and notice that BGP is consuming a large percentage of the router's memory.C sts . Increase the BGP update timer.) A. Answer: A. F. Use a default route instead of maintaining a full BGP table. Attacker sends multiple DHCP requests flooding DHCP server B. B. Any Time. CEF Answer: E QUESTION NO: 228 Which of the following types of attacks does DHCP snooping prevent? (Choose all that apply.) tua QUESTION NO: 229 lTe Answer: A. Attacker connects rogue server initiating DHCP requests C. Debug D. SNMP C.F QUESTION NO: 230 "Pass Any Exam. Attacker sends gratuitous ARP replies.actualtests. EEM F.Cisco 642-832: Practice Exam router feature was used in this case? A. Filter unneeded BGP routes. thereby jamming the DHCP server F. Attacker connects rogue server replying to DHCP requests D. SysLog E. E. C. Upgrade the router memory. Compress the BGP table. Run BGP on a different platform that already has more memory. D. Attacker sends unsolicited DHCP replies. Attacker sends DHCP jam signal causing DHCP server to crash E. NetFlow B. Which of the following steps would result in lowering the amount of memory being consumed by BGP? (Choose all that apply. thereby jamming the DHCP server A.www.C." .

Any Time. C.co m 179 ." . A route's feasible distance is the sum of the router's metric to reach the neighbor. D. F. Uses a hierarchical structure divided into areas F.www. B. Which of the following statements is true? A. The successor route will end up in the routing table.com Ac tua lTe sts . C. B. Has the same packet types D. Answer: B QUESTION NO: 232 Which of the following statements is correct? A. "Pass Any Exam. Several processes can exist simultaneously B. A route's feasible successor is the sum of the router's metric to reach the neighbor. D. A route's successor route is the feasible distance plus the advertised distance. A route's feasible successor is calculated as the successor plus the feasible distance.actualtests. The best three routes with equal cost paths will end up in the routing table. plus the advertised distance. A route's feasible distance is the sum of the advertised distance and the successor distance. E. The successor route will be any route with three times the value of the advertised distance. A route's feasible distance is calculated as the advertised distance plus the feasible successor's distance. EIGRP will only advertise routes that are within three hops of the current router. Can support multiple subnets on a single link E. An error will result because a router cannot be configured with an EIGRP variance of 3 because the maximum variance number is 2. and so will any route with a metric at most three times greater than the value of the successor's metric. and so will any route with a metric at least one third the value of the successor's metric. Adjacencies formed with neighbors Answer: D QUESTION NO: 231 A router has been configured with an EIGRP variance of 3. E. plus the advertised distance. The successor route will end up in the routing table. F.Cisco 642-832: Practice Exam Which of the following characteristics applies only to OSPFv3 and not to OSPFv2? A. Requires direct connectivity from the backbone area to all other areas C.

Listing of interconnections D. The interface you configured for AutoQoS is set to half-duplex. C.D.) ." . The interface's bandwidth is not correctly configured. EtherChannel F. IGP community elements C. AutoQoS was configured on only one end of the link.actualtests.C. Physical topology diagram E.) A. Frame forwarding D. B. The interface you configured for AutoQoS has no IP address.com 180 Ac tua A. Inventory of network equipment QUESTION NO: 234 Answer: A.www. Routing protocols lTe sts Which of the following troubleshooting targets is considered to be a Layer 2 issue? (Choose all that apply. E. Building schematic B. D. Any Time.F .co m Answer: C. Which of the following are possible reasons for AutoQoS not functioning correctly? (Choose all that apply. Spanning Tree Protocol B.Cisco 642-832: Practice Exam Answer: A QUESTION NO: 233 Which of the following are considered common elements found in a set of network documents? (Choose all that apply.E.E QUESTION NO: 235 You are using AutoQoS Enterprise and realize that the results are not what you expected.) A. CEF is not enabled on the interface. "Pass Any Exam. Cabling C. Logical topology diagram F. Packet forwarding E.

The default hello timers are 3 seconds. E. Answer: B." . An SVI port does not run 5TP or DTP.www. C. B. An SVI is considered to be in a down state only when none of the ports in the corresponding VLAN are active. NAT mapping B. tua lTe Which of the following characteristics are true assuming you are troubleshooting a network currently enabled for VRRP? (Choose all that apply.co m . To create a trunk.Cisco 642-832: Practice Exam F. D. F.E QUESTION NO: 236 Which of the following statements are true regarding Layer 3 switches? (Choose all that apply. A routed port is considered to be in a down state if it is not operational at both Layer 1 and Layer 2. F. It is a Cisco Proprietary protocol.com 181 Ac A.) sts . A routed port does not run STP or DTP.C QUESTION NO: 238 Which of the following types of NAT allows multiple private internal IP addresses to use a single public external IP address? A. There are several routers in the group simultaneously forwarding traffic for the group. You enabled AutoQoS on the interface but forgot to enable globally first. Any Time. E. an SVI can be logically divided into subinterfaces. NAT overloading C. NAT caching "Pass Any Exam.C. B.) A.D. The network is load balancing among different members of the VRRP group. The default hello timers are 1 second. An SVI is considered to be in a down state if it is not operational at both Layer 1 and Layer 2. Answer: A. C. The interface IP address is being used as the virtual IP address.B.actualtests. D.D QUESTION NO: 237 Answer: B.

which is five hours behind GMT? sts . Mismatched EtherChannel protocol B.com Ac A. Overlapping NAT Answer: B QUESTION NO: 239 Which of the following scenarios are likely reasons for an EtherChannel to fail? A.www. Mismatched EtherChannel distribution algorithm D. Mismatched link speed Answer: A.actualtests. Mismatched trunk mode E. NTP timezone EST -5 F." . Dynamic NAT F.co m 182 . clock EST-5 E. Mismatched native VLAN F. Any Time. Mismatched EtherChannel port selection C.F QUESTION NO: 240 Answer: F Explanation: Topi 4: More Questions (50 Questions) QUESTION NO: 241 "Pass Any Exam.Cisco 642-832: Practice Exam D. dock GMT -5 D. dock timezone EST -5 tua lTe Which of the following NTP command specifies that a router is in the Eastern time zone.D. clock timezone GMT -5 C.E. timezone EST -5 B. Static NAT E.

not of the opposite tunnel. The IP address on the E0/0 interface for the Branch4 router has the wrong IP mask. notice that the "tunnel destination" must be the IP address of the interface. It should be 255.com 183 Ac tua lTe You are working as a network technician.150 network from appearing in the HQ router's routing table? A. Below are the questions of this lab-sim.168. You are required to troubleshoot these problems. B. Before going to the questions of this sim.Cisco 642-832: Practice Exam Notice: The tunnel source on one router must be specified as the tunnel destination on the other router. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol.255. we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers. What is preventing the 192.1.255. Any Time.252.co m .www." .actualtests. study the exhibit carefully. The default route is missing from the Branch4 router. sts . "Pass Any Exam.

Answer: C Explanation: As you can guess.0. Any Time. D. The IP address on the tunnel interface on P4S-Branch4 is incorrect. When running EIGRP over GRE tunnels. It should be 192.www.252.255.0 0. you must manually configure the neighbor address using the eigrp neighbor ipaddress command. The network statement under router EIGRP on the Branch4 router is incorrect. It should be network 192.0. you will need to use the show running-config command on Branch4 router From the "Pass Any Exam.255.actualtests." .1.com Ac tua lTe sts . E.168.Cisco 642-832: Practice Exam C.12 255.co m 184 .1.168.255.

14 0.168. QUESTION NO: 242 You are working as a network technician. By configuring "network 192.0. not of the opposite tunnel.168.1.150 network.14 to HQ so HQ router will not know about the existence of 192. Any Time.0" the Branch4 will only advertise host 192. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol.co m 185 ." . "Pass Any Exam. we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers.actualtests.1. notice that the "tunnel destination" must be the IP address of the interface. study the exhibit carefully.www.1.Cisco 642-832: Practice Exam From the show running-config output of Branch4. we learn that the EIGRP network was wrongly configured on this router. Before going to the questions of this sim. You are required to troubleshoot these problems.0.com Ac tua lTe sts .168.

It should be serial 2/0.co m 186 .Cisco 642-832: Practice Exam Notice: The tunnel source on one router must be specified as the tunnel destination on the other router. Answer: B Explanation: Section: (none) QUESTION NO: 243 "Pass Any Exam. It should be 10. E. Below are the questions of this lab-sim. . C. The tunnel interface for tunnel 5 on the HQ router is in the administrative down state.www. Any Time." . we learn that the tunnel source configured on HQ is Serial1/0 but HQ router connects to the Internet via Serial2/0 interface -> the tunnel source configured on HQ router was incorrect.16 255. What is the reason that tunnel 5 on the HQ router is down when its companion tunnel on the Branch5 router is up? A. The IP address on the tunnel interface on Branch5 is incorrect.actualtests.255. The tunnel numbers for tunnel between the HQ router and the Branch5 router do not match.168.252. It should be 192. B.1 to match the interface address of the Branch5 router.5.com Ac tua lTe sts Use the show running-config command on HQ router.255. The tunnel destination address for tunnel 5 is incorrect on the HQ router. The tunnel source for tunnel 5 is incorrect on the HQ router.1.2. D.

When running EIGRP over GRE tunnels. Below are the questions of this lab-sim. What is preventing the HQ router and the Branch1 router from building up an EIGRP neighbor relationship? A. we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers. sts . Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. study the exhibit carefully.www.com 187 Ac tua lTe You are working as a network technician. "Pass Any Exam." . You are required to troubleshoot these problems. Before going to the questions of this sim.co m .Cisco 642-832: Practice Exam Notice: The tunnel source on one router must be specified as the tunnel destination on the other router.actualtests. you must manually configure the neighbor address using the eigrp neighbor ipaddress command. Any Time. not of the opposite tunnel. notice that the "tunnel destination" must be the IP address of the interface.

D.2.com Ac tua lTe sts . It should be serial 2/0." . The tunnel interface numbers for the tunnel between the HQ router and Branch1 router do not match.www. "Pass Any Exam. The default route is missing from the Branch1 router.actualtests.Cisco 642-832: Practice Exam B. It should be 10.co m 188 .1. C. The tunnel source is incorrect on the Branch1 router. E. The tunnel destination address is incorrect on the HQ router. Any Time. Answer: B Explanation: Use the show running-config command on HQ and Branch1 routers and we will see the tunnel destination address was wrongly configured on HQ router.1 to match the interface address of the Branch1 router.

actualtests.co m 189 .com Ac tua lTe sts . Any Time.www.Cisco 642-832: Practice Exam QUESTION NO: 244 "Pass Any Exam." .

For the following statements. Any Time. not of the opposite tunnel.www. Before going to the questions of this sim.10 interface on the Branch3 router? A.168. B. we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol.com 190 Ac tua lTe You are working as a network technician. You are required to troubleshoot these problems. The tunnel interface numbers for the tunnel between the HQ router and the Branch3 router do not match "Pass Any Exam. The default route is missing from the Branch3 router.co m . sts .Cisco 642-832: Practice Exam Notice: The tunnel source on one router must be specified as the tunnel destination on the other router.actualtests. study the exhibit carefully. notice that the "tunnel destination" must be the IP address of the interface.1. Below are the questions of this lab-sim." . what is preventing a successful ping between the HQ router and the 192.

Cisco 642-832: Practice Exam C. The tunnel source is incorrect on the Branch3 router. It should be serial 2/0. D. The IP address on the tunnel interface for the Branch3 router has wrong IP mask. It should be 255.255.255.252 E. The network statement under router EIGRP on the Branch3 router is incorrect. It should be network 192.168.2.0.0.0.0.255. Answer: A Explanation:

The Branch3 router is missing the default route to HQ router's interface (Serial2/0) so the ping command will not work.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

191

Cisco 642-832: Practice Exam QUESTION NO: 245

You are working as a network technician, study the exhibit carefully. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Before going to the questions of this sim, we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers, notice that the "Pass Any Exam. Any Time." - www.actualtests.com 192

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam "tunnel destination" must be the IP address of the interface, not of the opposite tunnel.

Answer: E

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: First we should check the configuration of both HQ and Branch 2 routers by using the show running-config command On HQ router:

tua

lTe

A. The default route is missing from the Branch2 router. B. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ip address command. C. The tunnel numbers for the tunnel between the HQ router and the Branch2 router do not match. D. The tunnel source is incorrect on the Branch2 router. It should be serial 2/0. E. The AS number for the EIGRP process on Branch2 should be 1 and not 11.

sts

.co

m

Notice: The tunnel source on one router must be specified as the tunnel destination on the other router. Below are the questions of this lab-sim. What is the reason for the ping between the HQ router and the 192.168.1.193 interface on the Branch2 router failing?

193

Cisco 642-832: Practice Exam

On Branch2 router

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

194

Cisco 642-832: Practice Exam

From the outputs we learn that the AS numbers in two routers are not the same. They therefore do not become EIGRP neighbors and the ping between two routers should fail.

QUESTION NO: 246 This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDK click on the button to left side of the screen that "Pass Any Exam. Any Time." - www.actualtests.com 195

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam corresponds to the section you wish to access. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.

Answer: B,D Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Digital Certificate B. Pre-Shared Key C. Transport Mode D. Tunnel Mode E. GRE/IPSEC Transport Mode F. GRE/IPSEC Tunnel Mode

sts

.co

Which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two)

m

196

you will need to refer to the SDM and the topology." .www. Any Time. To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access. neither of which is currently visible. lTe sts .com Ac tua This item contains several questions that you must answer. In order to complete the questions. You can view these questions by clicking on the Questions button to the left.Cisco 642-832: Practice Exam QUESTION NO: 247 Which algorithm as defined by the transform set is used for providing data confidentiality when connected to Tyre? "Pass Any Exam.co m 197 . Changing questions can be accomplished by clicking the numbers to the left of each question.actualtests. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.

ESP-3DES-SHA1 C.com 198 Ac tua lTe sts .actualtests.www.co m .Cisco 642-832: Practice Exam A.ESP-3DES. which eliminates the need to coordinate and negotiate individual parameters". Data confidentiality therefore means encryption." . "The transform set is a group of attributes that are exchanged together. In the picture above. we can see 3 parts of the transform-set ESP-3DES-SHA2: IPsec protocol: ESP IPsec encryption type: 3DES IPsec authentication: SHA2 The question wants to ask which algorithm is used for providing data confidentiality (encryption). ESP-3DES E. ESP-3DES-SHA2 D. therefore the answer should be D . ESP-SHA-HMAC Answer: D Explanation: In the site-to-site VPN branch we see something like this so the answer should be ESP-3DES-SHA2 or ESP-3DES? To answer this question. You can view these questions by clicking on the Questions button to the left. Any Time. Changing questions can be accomplished by clicking "Pass Any Exam. QUESTION NO: 248 This item contains several questions that you must answer. ESP-3DES-SHA B. we should review the concept: "Data confidentiality is the use of encryption to scramble data as it travels across an insecure media".

55.195.D Explanation: "Pass Any Exam.5.co m 199 .actualtests. peer address 192. To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access.159 B.0/24 E.168. subnet 10.0/24 Answer: A." . In order to complete the questions.168. neither of which is currently visible. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.4. peer address 192.0/24 F. subnet 10. subnet 10.Cisco 642-832: Practice Exam the numbers to the left of each question.38. you will need to refer to the SDM and the topology.192 C. Which defined peer IP address an local subnet belong to Crete? (Choose two) A.23 D.23.15. peer address 192.168.www.89.7.com Ac tua lTe sts . Any Time.

" . To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access. In order to complete the questions. Any Time. you will need to refer to the SDM and the topology. 102 "Pass Any Exam.co m . You can view these questions by clicking on the Questions button to the left. lTe sts . neither of which is currently visible.com 200 Ac tua This item contains several questions that you must answer.Cisco 642-832: Practice Exam QUESTION NO: 249 Which IPSec rule is used for the Olympia branch and what does it define? (Choose two) A. Changing questions can be accomplished by clicking the numbers to the left of each question. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.actualtests.www.

0/24 will use the VPN E. 116 C.28.33.5.E Explanation: "Pass Any Exam. IP traffic sourced from 10. 127 D.10. we learn that the IPSec Rule is 116.10.5.Cisco 642-832: Practice Exam B.15.0/24 will use the VPN.8. You will see a "permit" rule for traffic from 10.10.0/24 destined to 10.0/24 to 10.10.com Ac tua lTe From the output above.0/24 will use the VPN.10.28. Answer: B.co m 201 .0/24 destined to 10. IP traffic sourced from 10.10.10.actualtests.0/24 destined to 10. F.www. IP traffic sourced from 10.10.0/24 (notice that the picture shown the wildcard which are inverse subnet masks) sts . Next click on "IPSec Rules" and select the Name/Number of 116 to view the rule applied to it.8. Any Time." .

actualtests.144 Answer: C.29. The application is not specified within the inspection rule SDM_LOW E. click on the button to left side of the screen that corresponds to the section you wish to access. As a recent addition to the network engineering team.219. The session originated from a trusted interface D. The packet has a source address of 10. Changing questions can be accomplished by clicking the numbers to the left of each question. you can return to your questions by clicking on the Questions button to the left.com Ac tua Off Shore Industries is a large worldwide sailing charter." . answer the following questions: Which two options would be correct for a permissible incoming TCP packet on an untrusted interface in this configuration? (Choose two) lTe sts . The company has recently upgraded its Internet connectivity. The packet has a source address of 198. The packet has a source address of 172. You can view these questions by clicking on the Questions button to the left. you will need to refer to the SDM and the topology. In order to complete the questions.www. When you have finished viewing the topology the SDM.12 B.16.co m 202 .Cisco 642-832: Practice Exam QUESTION NO: 250 This item contains several questions that you must answer. To gain access to either the topology or the SDM. "Pass Any Exam. Using the SDM output from Firewall and ACL Tasks under the Configure tab. Any Time. A. you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility.E Explanation: The "incoming TCP packet on an untrusted interface" refers to the traffic sent from the outside to the outer interface of the router.133.61.94.29 C. neither of which is currently visible.

16. neither of which is currently visible. Any Time. When you have finished viewing the topology the SDM.144 is not in the "deny" lists so it satisfies the "permit any" line. click on the button to left side of the screen that corresponds to the section you wish to access. To gain access to either the topology or the SDM. you can return to your questions by clicking on the Questions button to the left.0/8 networks so A and B are not correct.0. there may be more filter rules than the ones shown above) The access list denies traffic from 172. m 203 .Cisco 642-832: Practice Exam "Pass Any Exam.co (Notice: In the real exam.0.219.actualtests.com Ac This item contains several questions that you must answer. you will need to refer to the SDM and the topology. In order to complete the questions. E is correct because the IP address of 198. You can view these questions by clicking on the Questions button to the left. tua lTe QUESTION NO: 251 sts . D is obviously incorrect because the SDM_LOW did specify the filter rule. The access list 101 only filter packets from "returning traffic" and it does not proceed traffic originated from a trusted (inside) interface so C is correct. Changing questions can be accomplished by clicking the numbers to the left of each question.29." .www.133.12/30 and 10.

You can view these questions by clicking on the Questions button to the left.C Explanation: The "incoming TCP packet on a trusted packet" refers to the packet originates from the inside (trusted) interface. To gain access to either the topology or the SDM. As a recent addition to the network engineering team. you can return to your questions by clicking on the Questions button to the left. click on the button to left side of the screen that corresponds to the section you wish to access.com Ac The configured access list denies packets in the 172.16.107 B. you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility.108 while allow other packets to go through (except 255. When you have finished viewing the topology the SDM.www.16.0.255.Cisco 642-832: Practice Exam Off Shore Industries is a large worldwide sailing charter. you will need to refer to the SDM and the topology.16. Using the SDM output from Firewall and ACL Tasks under the Configure tab.81. The company has recently upgraded its Internet connectivity. The destination address is not specified within the inspection rule SDM_LOW.actualtests.219. Answer: A.40 D.255. The packet has a source address of 198. "Pass Any Exam.79. Changing questions can be accomplished by clicking the numbers to the left of each question." .81.108/30 subnetwork so it will only drop packets that have a source address of 172.133. The packet has a source address of 10. neither of which is currently visible. QUESTION NO: 252 This item contains several questions that you must answer.co m 204 .108 C.0. In order to complete the questions. The packet has a source address of 172.233.255 and 127. Any Time.81. answer the following questions: Which two statements would specify a permissible incoming TCP packet on a trusted interface in this configuration? (Choose two) A.0/8) tua lTe sts .

from the above picture we see that the "Originating traffic" starts from FastEthernet0/0 to Serial0/0/0. Moreover. So Fa0/0 is the inside interface and S0/0/0 is the outside interface. Both FastEthernet 0/0 and Serial 0/0/0 are trusted interface.Cisco 642-832: Practice Exam Answer: C Explanation: The trusted interface is the inside interface and the untrusted interface is the outside interface. C. FastEthernet 0/0 is a trusted interface and Serial 0/0/0 is an untrusted interface D. As a recent addition to the network engineering team. B. "Pass Any Exam. Using the SDM output from Firewall and ACL Tasks under the Configure tab.actualtests. Any Time. The company has recently upgraded its Internet connectivity. sts . you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. FastEthernet 0/0 is an untrusted interface and Serial 0/0/0 is a trusted interface.www." .com Ac tua lTe A. Both FastEthernet 0/0 and Serial 0/0/0 are untrusted interfaces.co Off Shore Industries is a large worldwide sailing charter. answer the following questions: Which statement is true? m 205 .

actualtests.com 206 Ac tua lTe sts . Any Time.www.B. D.Cisco 642-832: Practice Exam QUESTION NO: 253 Which three statements accurately describe IOS Firewall configurations? (Choose three) A.C QUESTION NO: 254 Study this exhibit carefully.co m . The IP inspection rule can be applied in the inbound direction on the secured interface. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL. and access-list 100 was configured for the untrusted interface "Pass Any Exam. The IP inspection rule can be applied in the outbound direction on the unsecured interface." . For temporary openings to be created dynamically by Cisco IOS Firewall. What information can be derived from the SDM firewall configuration displayed? A. the access-list for the returning traffic must be a standard ACL. Answer: A. C. B. Access-list 101 was configured for the trusted interface.

Based upon the custom firewall rules. and access-list 101 was configured for the untrusted interface. D. E." . Any Time. QUESTION NO: 255 Which two statements are true about the Cisco Classic (CBAC) IOS Firewall set? (Choose two) A.E lTe sts . and access-list 101 was configured for the outbound direction on the untrusted interface. Temporary ACL entries that allow selected traffic to pass are created and persist for the duration of the communication session. It can be used to protect against denial of service attacks C. Which two encapsulation methods require that an 827 ADSL router be configured with a PPP username and CHAP password? (Choose two) A. D. "Pass Any Exam. an ACL entry is statically created and added to the existing ACL permanently.com 207 Ac QUESTION NO: 256 tua Answer: B. Access-list 100 was configured for the inbound direction. Answer: B Explanation: The last line of access-list 100 is used to "permit" all the traffic so it is the inside (trusted) interface. The last line of access-list 101 is used to "deny" all traffic so it is the outside (untrusted) interface. Traffic originating from the router is considered trusted. and access-list 101 was configured for the outbound direction on the trusted interface. B. PPPoE with the 827 configured as the PPPoE client C. Access-list 100 was configured for the inbound direction.C Explanation: When configuring PPPoE (as the PPPoE client) and PPPoA.Cisco 642-832: Practice Exam B. It can be used to block bulk encryption attacks. we need a username and password to match with those configured at the Internet Service Provider (ISP).www. RFC 1483 Bridged with the 827 configured as the PPPoE client E. Access-list 100 was configured for the trusted interface.co m .actualtests. RFC 1482 Bridged with the 827 configured as a bridge Answer: B. PPPoE with the 827 configured as a bridge B. C. so it is not inspected. PPPoA D.

Any Time. This device is configured as RFC 1483/2684 bridge D. This device is configured as a PPPoE client B. This configuration is used for PPPoA client. Router Net is unable to establish an ADSL connection with its provider. This device is configured an an aggregation router Answer: B Explanation: Notice that the command "encapsulation aaa15mux ppp dialer" is configured under interface ATM0/0.actualtests. study the exhibit carefully." .www.com Ac tua lTe sts . This device is configured as a PPPoA client C. Which action would correct this problem? "Pass Any Exam.Cisco 642-832: Practice Exam QUESTION NO: 257 Router NetworkTut is configured as shown below: Given the above configuration. QUESTION NO: 258 As a network engineer. which statement is true? A.co m 208 .

add the ip mtu 1496 command C.www.actualtests. add the dialer pool-member 0 command. add the pppoe enable command B. On the Dialer0 interface. Any Time. The encapsulation ppp command is required D.Cisco 642-832: Practice Exam Answer: C QUESTION NO: 259 Which statement about PPPoA configuration is correct? A." . On the Dialer0 Interface. The ip mtu 1496 command must be applied on the dialer interface C. The ip mtu 1492 command must be applied on the dialer interface Answer: A QUESTION NO: 260 "Pass Any Exam. sts . The dsl operating-mode auto command is required if the default mode has been changed.co m 209 . add the dialer pool-member 1 command D. On the ATM0/0 interface. B. On the ATM0/0 interface.com Ac tua lTe A.

www.0." .1.255".2.0.0. Answer: C Explanation: The network 10. None of the above.1.0 0. The first three statements of ACL 112 should have permitted the ICMP traffic and the last statement should deny the identified traffic.1. The configuration has been applied to router NET to mitigate the threat of certain types of ICMPbased attacks while allowing some ICMP traffic to the corporate LAN to work.com 210 Ac tua lTe sts Configuration Exhibit: NET(config)# access-list 112 deny icmp any any echo log NET(config)# access-list 112 deny imp any any redirect log NET(config)# access-list 112 deny icmp any any mask-request log NET(config)# access-list 112 permit icmp any 10. ACL 112 should have been applied to interface Fa0/1 in an outbound direction G. E.1.co m . However.1.0 0.com.255". The last statement of ACL 112 should have been "access-list 112 deny icmp any 10. which configuration option would correctly configure router NET? . ACL 112 should have been applied to interface Fa0/0 in an inbound direction. If the last statement is "access-list 112 permit icmp any 10.actualtests.0. On the basis of the information in the exhibit.255 NET(config)# interface Fa0/1 NET(config-if)# ip access-group 112 in You work as a network administrator at networkTut.1.255".1.0 is the internal LAN network.255".1. it will allow ICMP traffic sent from the Internet to work and thus makes the router vulnerable to ICMP-based attacks QUESTION NO: 261 "Pass Any Exam.0. the configuration is incorrect.2.0.0 0.2. F.0 0. The last statement of ACL 112 should have been "access-list 112 deny icmp any 10.0. study the exhibit carefully.0.Cisco 642-832: Practice Exam Network Topology Exhibit: A.0. D.1. The last statement of ACL 112 should have been "access-list 112 permit icmp any 10. B. Any Time.0. C.0 0.

Any Time. to perform application-level accounting Answer: B QUESTION NO: 263 A. to extract relevant SNMP information D.com Ac tua Authentication is the process of determining if a user or identity is who they claim to be." . do you know what is a recommended practice for secure configuration management? A. Use SSH or SSL C. to provide a keepalive mechanism B. Deny echo replies on all edge routers Answer: B QUESTION NO: 262 As a network engineer. Enable trust levels D. Disable post scan B. Which statement about the authentication process is correct? lTe sts . to pull event logs from the router C. Refer to the exhibit.Cisco 642-832: Practice Exam As a network technician.www.actualtests. The LIST1 list will disable authentication on the console port. do you know for what purpose SDM uses Security Device Event Exchange (SDEE)? A. "Pass Any Exam.co m 211 .

Cisco 642-832: Practice Exam B.www. F. Answer: A Explanation: The command "aaa authentication login LIST1 none" tells the router not to use any authentication method for the LIST1. authorization and accounting. D. The command login authentication group will associate the AM authentication to a specified interface. The default login authentication will automatically be applied to all login connections D. the LIST1 list will not authenticate anyone on the console port. If the radius server returns an error. . Two authentication options are prescribed by the displayed aaa authentication command Answer: D. D. then the user Bob could be able to enter privileged mode as long as the proper enable password is entered. group radius should be used instead of group tacacs+. Which option about the AAA authentication enable default group radius enable command is correct? 212 . then a user connecting via the console port would not be able to gain access since no other authentication method has been defined.com Ac Refer to the exhibit. If a TACACS+ server is not available. All login requests will be authenticated using the group tacacs+ method C. C. Because no method list is specified. the radius server will be used. B. The command "login authentication LIST1" under console mode applies the LIST1 for the logging using console port. B.actualtests. the enable password will be used. E. Which two statements about the AAA configuration are true? (Choose two) tua lTe sts A." . QUESTION NO: 264 Answer: A QUESTION NO: 265 A. The aaa new-model command forces the router to override every other authentication method previously configured for the router lines. Any Time. To increase security. If the radius server returns a 'failed' message.co m In computer security. C. If a TACACS+ server is not available. AAA stands for authentication. the enable password will be used. If the group database is unavailable.F "Pass Any Exam. A good security practice is to have the none parameter configured as the final method used to ensure that no other authentication method will be used.

"Pass Any Exam. Reverse Route Injection (RRI) is configured on at the remote site to inject the central site networks C. The MTU size of the GRE tunnel interface Answer: C. The crypto ACL number B. Step 1: Interesting traffic initiates the IPsec process. The cypto isakmp keepalive command is used to configure the Stateful Switchover (SSO) protocol. When you are using the SDM to configure a GRE tunnel over IPsec. Step 2: ESP authenticates IPsec peers and negotiates IKE SAs. The GRE tunnel source interface or IP address. Step 4: Data is securely transferred between IPsec peers. Each Hot Standby Routing Protocol (HSRP) standby group has two well-known MAC addresses and a virtual IP address. The IPSEC mode (tunnel or transport) C. B. They are tacacs+ and none QUESTION NO: 266 You need to configure a GRE tunnel on a IPSec router. The GRE tunnel interface IP address D.actualtests." . Two authentication options are prescribed by the above command. Any Time.com Ac tua lTe sts . and tunnel destination IP address E. Step 3: ESP negotiates IPsec SA settings and sets up matching IPsec SAs in the peers.www.Cisco 642-832: Practice Exam Explanation: The aaa new-model command will override previously configured authentication method -> D is correct. D.D QUESTION NO: 267 Which statement correctly describes IPsec VPN backup technology? A. which two parameters are required when defining the tunnel interface information? (Select two) A.co m 213 . The cypto isakmp keepalive command is used to configure stateless failover Answer: D QUESTION NO: 268 IPSec VPN is a widely-acknowledged solution for enterprise network. What are the four steps to setup an IPsec VPN? A.

Step 1: Interesting traffic initiates the IPsec process. Step 4: Data is securely transferred between IPsec peers.Cisco 642-832: Practice Exam B. Step 2: AH authenticates IPsec peers and negotiates IKE SAs. Step 3: IKE authenticates IPsec peers and negotiates IKE SAs. HSRP B. Step 4: Data is securely transferred between IPsec peers. D. C. Step 4: Data is securely transferred between IPsec peers. Step 3: AH negotiates IPsec SA settings and sets up matching IPsec SAs in the peers.actualtests. Dual Router Mode (DRM) IPsec C. Answer: C A. Cisco IOS Software-based routers. Step 2: IKE authenticates IPsec peers and negotiates IKE SAs.www. RRI Answer: A. Step 3: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers.that is. What are the two options that are used to provide High Availability IPsec? (Choose two) .com 214 Ac tua lTe sts Study the exhibit carefully.co QUESTION NO: 269 m . Step 1: Interesting traffic initiates the IPsec process. Step 1: Interesting traffic initiates the IPsec process. Any Time. Step 2: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. IPsec Backup Peerings D." .D "Pass Any Exam. The Cisco IOS IPsec High Availability (IPsec HA) Enhancements feature provides an infrastructure for reliable and secure networks to provide transparent availability of the VPN gateways .

sts .www. we perform the following steps: 1. C.3 as the IP of the virtual router). D.co IPSec VPN is a widely-acknowledged solution for enterprise network. main mode utilizes six packets while aggressive mode utilizes only three packets.Cisco 642-832: Practice Exam Explanation: The "standby ip" command specifies HSRP is being used (and it establishes 192. crypto map {map-name} {seq-name} ipsec-isakmp (creates or modifies a crypto map entry and enters crypto map configuration mode) 3. To establish IKE SA. Reverse Route Injection (RRI) is the process of injecting a static route into the Interior Gateway Protocol (IGP) routing table. Which three IPsec VPN statements are true? (Choose three) m QUESTION NO: 270 215 . IKE keepalives are unidirectional and sent every ten seconds B.D QUESTION NO: 271 A new router was configured with the following commands: "Pass Any Exam. Any Time.0.com Ac tua lTe A. To configure RRI under a static crypto map. The "crypto map" and "reverse-route" lines specify Reverse Route Injection (RRI) is being used. IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers. configure terminal 2. reverse-route [static | tag tag-id [static] | remote-peer [static] | remote-peer ip-address [static]] (creates source proxy information for a crypto map entry) Answer: A.actualtests." .168.C. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH) protocol for exchanging keys.

To use CBAC to shut down Distributed Denial of Service attacks F. To prevent other ISPs from running LDP with the ISP routers D. Before MPLS is enabled. the ip cef command is only required on the Ethernet 0 interfaces of routers 1 and 4. Answer: E Explanation: "Pass Any Exam.www. To prevent customers from running TDP with the ISP routers B.actualtests.Cisco 642-832: Practice Exam The configuration above was found on an Internet Service Provider's (ISP) Multiprotocol Label Switching (MPLS) network. To use IPS to protect against session-replay attacks G.co m 216 . By doing this. Routers 1. the ip cef command is only requited on routers 1 and 4. E. C. To prevent customers from running LDP with the ISP routers C. the TDP neighbor session between the customer and ISP routers will not be formed. Which frame mode MPLS configuration statement is true? A. After MPLS is enabled. the ip cef command is only required on the Ethernet 0 interfaces of routers 1 and 4. To prevent man-in-the-middle attacks E. the ip cef command is only required on routers 1 and 4. None of the above Answer: A Explanation: The 711 port is used for Tag Distribution Protocol (TDP) and the administrator usually wants to block this type of traffic between the ISP and customer routers due to security reason. What is its purpose? A.com Ac tua lTe sts . Routers A and B are customer routers." . The routers are operating with various IOS versions. Any Time. B. After MPLS is enabled. D. Before MPLS is enabled. 2. 3 and 4 are provider routers. Before MPLS is enabled. the ip cef command must be applied to all provider routers. QUESTION NO: 272 Study the exhibit carefully.

QUESTION NO: 273 DRAG DROP Drag each type of attack on the left to the description on the left. 4) Worm: Executes arbitrary code and installs copies of itself in the memory of the Infected computer "Pass Any Exam. Any Time.actualtests. 3) Port redirection: Compromised system that is used as a jump-off point for attacks against other targets.com Ac tua lTe sts .Cisco 642-832: Practice Exam CEF is the fundamental requirement of the MPLS architecture and must be enabled globally on all routers that want to use MPLS." . Answer: Explanation: 1) Trojan horse: Programs that appear desirable but actually contain something harmful.co m 217 . 2) Virus: Malicious software attached to other programs and which execute a particular unwanted function on a user workstation.www.

Any Time.Cisco 642-832: Practice Exam QUESTION NO: 274 DRAG DROP Drag and drop question.www." .co m . the bottom describes the planes.com 218 Ac tua lTe Explanation: sts . Drag the above items to the proper location at the below Answer: Control Plane: Exchange routing updates between neighboring devices Exchanges labels between peer devices Compiles a list of all labels advertised and received Data Plane: Performs label swapping "Pass Any Exam.actualtests. The upper gives the MPLS functions.

Any Time." .actualtests.www.co m 219 .Cisco 642-832: Practice Exam Performs packet forwarding Builds a mapping of destination networks to active labels QUESTION NO: 275 DRAG DROP Drag the protocols that are used to distribute MPLS labels from the above to the target area on the below.(Not all options will be used) Answer: Explanation: "Pass Any Exam.com Ac tua lTe sts .

actualtests.co 1) LDP 2) RSVP 3) BGPv4 m 220 .Cisco 642-832: Practice Exam Answer: "Pass Any Exam. Any Time." .com Ac tua lTe Drag each element of the Cisco IOS Firewall Feature Set from the above and drop onto its description on the below.www. sts QUESTION NO: 276 DRAG DROP .

" .Cisco 642-832: Practice Exam Explanation: QUESTION NO: 277 DRAG DROP Match the xDSL type on the above to the most appropriate implementation on the below. Any Time. "Pass Any Exam.com Ac tua lTe sts .actualtests.co m 221 .www.

Any Time.www.Cisco 642-832: Practice Exam Answer: "Pass Any Exam." .co m 222 .com Ac Explanation: tua lTe sts .actualtests.

Cisco 642-832: Practice Exam QUESTION NO: 278 DRAG DROP Drag and drop the xDSL type on the above to the appropriate xDSL description on the below.www. Answer: "Pass Any Exam.co m 223 ." . Any Time.actualtests.com Ac tua lTe sts .

Any Time.co m 224 .com Ac tua lTe sts ." . "Pass Any Exam.actualtests.Cisco 642-832: Practice Exam Explanation: QUESTION NO: 279 DRAG DROP Identify the recommended steps for worm attack mitigation by dragging and dropping them into the target area in the correct order.www.

actualtests.com Ac tua lTe sts .Cisco 642-832: Practice Exam Answer: "Pass Any Exam.co m 225 .www." . Any Time.

Any Time." .actualtests.com Ac tua lTe sts .www.Cisco 642-832: Practice Exam Explanation: "Pass Any Exam.co m 226 .

Cisco 642-832: Practice Exam 1) Containment ." . "Pass Any Exam.track down each infected machine inside your network 4) Treatment .www.upgrade all systems to the lastest operating system code version 3) Quarantine .com Ac tua lTe sts .1.stop the spread of the worm inside your network and within your network 2) Inoculation . Any Time.30 network on interface serial 0/0 to the correct target area on the right.1.clean and patch each infected system QUESTION NO: 280 DRAG DROP Drag the IOS commands from the left that would be used to implement a GRE tunnel using the 10.0.co m 227 .actualtests.

co m 228 .www.Cisco 642-832: Practice Exam Explanation: "Pass Any Exam. Any Time.actualtests.com Ac tua lTe sts Answer: ." .

255.1. Any Time.1.255.actualtests.1 255.2 4) tunnel mode gre ip lTe sts .www." .co m 229 .1.Cisco 642-832: Practice Exam QUESTION NO: 281 DRAG DROP Drag the DSL local loop topic on the left to the correct descriptions on the right.com Ac tua Global-level commands: 1) interface tunnel 0 Interface-level commands: 1) ip address 10.252 2) tunnel source serial 0/0 3) tunnel destination 10. "Pass Any Exam.1.

Cisco 642-832: Practice Exam Answer: QUESTION NO: 282 DRAG DROP Drag the DSL technologies on the left to their maximum(down/up) data rate values on the below. Any Time.actualtests.www." .co m 230 .com Ac tua lTe sts . "Pass Any Exam.

Any Time." .com Ac tua lTe sts .actualtests.Cisco 642-832: Practice Exam Answer: Explanation: "Pass Any Exam.co m 231 .www.

Cisco 642-832: Practice Exam Drag and drop each function on the above to the hybrid fiber-coaxial architecture component that it describes on the below. Any Time." .com Ac tua lTe QUESTION NO: 283 DRAG DROP sts .www. "Pass Any Exam.co m 232 .actualtests.

co m 233 ." .actualtests.com Ac tua lTe sts Explanation: . Any Time.Cisco 642-832: Practice Exam Answer: "Pass Any Exam.www.

Answer: "Pass Any Exam.Cisco 642-832: Practice Exam QUESTION NO: 284 DRAG DROP Drag and drop each management protocol on the above to the correct category on the below.www." .com Ac tua lTe sts . Any Time.actualtests.co m 234 .

Cisco 642-832: Practice Exam Explanation: "Pass Any Exam." .com Ac tua lTe sts .www.co m 235 . Any Time.actualtests.

co m .actualtests.www.com 236 Ac tua lTe sts . Any Time.Cisco 642-832: Practice Exam Secure: 1) SSH 2) SSL 3) IPSec 4) SNMPv3 Unsecure: 1) NTP 2) Telnet 3) Syslog 4) SNMPv2 QUESTION NO: 285 DRAG DROP Drag the IPsec protocol description from the above to the correct protocol type on the below." .(Not all descriptions will be used) "Pass Any Exam.

Cisco 642-832: Practice Exam Drag and Drop question, drag each item to its proper location.

Answer:

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

237

Cisco 642-832: Practice Exam 1) AH: Provides a framework for authenticating and securing data. 2) ESP: Provides a framework for encrypting, authenticating and securing data. 3) IKE: Provides a framework for the negotiation on security parameters and establishes authenticated keys.

QUESTION NO: 286 DRAG DROP Drag and drop the steps in the process for provisioning a cable modem to connect to a headend on the above to the below in the order defined by the DOCSIS standard.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

238

Cisco 642-832: Practice Exam

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

239

Cisco 642-832: Practice Exam

1) Scan and lock the downstream frequency: At power-on, the cable modem scans and locks the downstream path for the allocated RF data channel in order for physical and data link layers to be established. 2) Obtain upstream parameters: The cable modem listens to the management messages arriving via the downstream path. These include information regarding how and when to communicate in the upstream path. These are used to establish the upstream physical and data link layers. 3) Establish Layer 1 and 2 communications: Connection established from Cable modem (CM) to Cable modem termination system (CMTS) to build physical and data link layers. 4) Acquire IP configuration parameters via DHCP: After Layer 1 and 2 are established, Layer 3 can be allocated as well. This is done by the DHCP server. 5) Register and ensure QoS settings with the CMTS: The CM negotiates traffic types and QoS settings with the CMTS. 6) IP network initialization: Once Layers 1, 2, and 3 are established and the configuration file is pulled from the TFTP server, the CM provides routing services for hosts on the subscriber side of "Pass Any Exam. Any Time." - www.actualtests.com 240

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam the CM. It also performs some Network Address Translation (NAT) functions so that multiple hosts might be represented by a single public IP address.

QUESTION NO: 287 DRAG DROP Drag the correct statements about MPLS-based VPN on the left to the boxes on the right .(Not all statements will be used)

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

241

Cisco 642-832: Practice Exam

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

242

Cisco 642-832: Practice Exam QUESTION NO: 288 DRAG DROP cisco ios command to interface dialer 0 "Pass Any Exam.co m 243 .www." . Any Time.actualtests.com Ac 1) The VPN routers are contained in the IPv4 routing tables of the PE routers 2) RT are attributes attached to VPNv4 BGP routes to indicate their VPN memberships 3) RD are attributes attached to VPNv4 BGP routes to allow overlapping VPN address spaces tua lTe sts .

Any Time.actualtests.com Ac tua lTe sts .www.Cisco 642-832: Practice Exam Answer: Explanation: "Pass Any Exam.co m 244 ." .

sts . default routing information.actualtests.www. For example.Cisco 642-832: Practice Exam QUESTION NO: 289 "Pass Any Exam. the dialer pool to use. Any Time." .co m 245 .com Ac tua lTe The dialer interface indicates how to handle traffic from the clients. not "ip nat inside" because the dialer 0 interface is the logical interface connecting to the Internet. Notice that we have to use the "ip nat outside". the encapsulation protocol.

Any Time. NetworkTut has decided to connect to the internet by a broadband cable ISP.1.www. Your task is to enable this connection by use of the information below.actualtests.16.com 246 Ac tua Connection Encapsulation: PPP Connection Type: PPPoE client Connection Authentication: None Connection MTU: 1492 bytes Address: Dynamically assigned by the ISP Outbound Interface: E0/0 You will know that the connection has been successfully enabled when you can ping the simulated Internet address of 172.co m .Cisco 642-832: Practice Exam NetworkTut is a small export company . As part of its network expansion. Its network is up and operating normally.1 Note: Routing to the ISP: Manually configured default route lTe sts ." . Explanation: Enter the outbound e0/0 interface to enable PPPoE and bind the dialer profile 1 to this interface: R3(config)#interface e0/0 R3(config-if)#pppoe enable R3(config-if)#pppoe-client dial-pool-number 1 (interface E0/0 is bound to the logical dialer 1 interface) R3(config-if)#no shutdown R3(config-if)#exit Create and configure the dialer interface of the router R3 for PPPoE with a maximum transmission unit (MTU) size of 1492 bytes and a negotiated IP address (dynamically assigned) R3(config)#interface dialer 1 (define a dialer rotary group and enters interface configuration mode) R3(config-if)#ip address negotiated R3(config-if)#ip mtu 1492 "Pass Any Exam.This firm has an existing enterprise network that is made up exclusively of routers that are using EIGRP as the IGP.

However. The portion of NetworkTut's security policy related to router access states: # The default user access authentication scheme requires that the user be authenticated using the router's local database.0 0. Save the configuration R3#copy running-config startup-config QUESTION NO: 290 You are a network support specialist for NetworkTut.6.0.Cisco 642-832: Practice Exam R3(config-if)#encapsulation ppp R3(config-if)#dialer pool 1 R3(config-if)#exit The "ip address negotiated" command instructs the client to use an IP address provided by the PPPoE server (using DHCP). For this router installation: # The corporate Tacacs server has an IP address of 10.actualtests. The "dialer pool 1" command associates the dialer back to the "pppoe-client dialpool-number 1" on the Ethernet interface.1.16.0.0. # The enable password for R1 is New1 You have successfully completed your task when you have verified that you can login into: # R1's console using the local user's ID of Net1 with a password of Sel # R2's console using the username of Net2 with a password of Loc and establish a SSH session from R2 to R1 using the test Tacacs user's ID of cisco with a password ofcisco123 "Pass Any Exam.com Ac tua lTe sts .0 dialer 1 R3(config)#exit Try pinging the simulated Internet address R3#ping 172." . # User vty access should be protected via a password that is validated using only the corporate Tacacs server. The router was successfully installed and is passing traffic.0. an IT training firm.1 The ping should work well and you will receive replies from the simulated Internet address.6. # User aux port access should be authenticated using the default authentication scheme. your manager is concerned about security and has tasked you with implementing access security for the new router R1.www. Manually configured a default route on router R3 R3(config)#ip route 0. They have just installed a new router (R1) into their network. Any Time. Notice that the pool numbers must match on the Ethernet interface and the dialer interface for the configuration to operate. # User console access should be authenticated using the default authentication scheme.254 and uses a shared key of Training.co m 247 .

actualtests.com Ac tua lTe sts . Define the MY_VTY_LIST (or another name) group to use the corporate Tacacs server for the authentication R1(config)#aaa authentication login MY_VTY_LIST group tacacs+ Configure user console access using the default authentication scheme R1(config)#line console 0 R1(config-line)#login authentication default R1(config-line)#exit Configure user aux port access using the default authentication scheme R1(config)#line aux 0 R1(config-line)#login authentication default R1(config-line)#exit Configure vty access using TACACS server by applying MY_VTY_LIST to the vty lines "Pass Any Exam.6.6. console and aux).Cisco 642-832: Practice Exam Explanation: R1>enable password: New1 R1#configure terminal R1(config)#aaa new-model (enable the AAA security services) R1(config)#tacacs-server host 10.www." . The "aaa authentication login" specifies the authentication will take place at login. such as tty. Any Time. vty. login authentication is automatically applied for all login connections. Because we used the list "default".co m 248 .254 key Training (notice that the key is case sensitive) The default user access authentication scheme requires that the user be authenticated using the router's local database R1(config)#aaa authentication login default local (verify login authentication using the local user database.

1.1 and 172.1.1 D.1.16.2.16.1 Router(configuration)#exit Router#debug ip packet 199 What will the debug output on the console show? A.1.1.1 Answer: D QUESTION NO: 292 What level of logging is enabled on a Router where the following logs are seen? "Pass Any Exam.1." .1 Router(configuration)#access-list 199 permit tcp host 172. All IP packets passing through the router B.Cisco 642-832: Practice Exam R1(config)#line vty 0 15 R1(config-line)#login authentication MY_VTY_LIST R1(config-line)#end R1#copy running-config startup-config Logout R1 to test the console password of R1 R1#exit Press RETURN to get started. that means you configured the console password correctly! If you wish to continue entering privileged EXEC mode again.1. Login to R1 using SSH from R2 R2>enable username: Net2 password: Loc R2#ssh 10.actualtests.1.1 host 10.2.16.1 C.1 (10.co m 249 .1. (Press Enter here) Username: Net1 Password: Sel R1> (Now you see you are in User Mode.16.1.1 is the IP address of R1 shown in the picture) You will be asked for the user ID(cisco) and password (cisco123). QUESTION NO: 291 The following commands are issued on a Cisco Router: Router(configuration)#access-list 199 permit tcp host 10. use the password New1).www.1.1 to 172. Any Time. Only IP packets with the source address of 10.com Ac tua lTe sts .1. All IP packets from 10.1 host 172.1.1.1.1. All IP Packets between 10.

2 B.1. ntp server 10.1.1. ip http server password backup Answer: B.1.1. ip http password backup D.1.com Ac tua lTe sts . ip http server username admin F.actualtests. changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1.1.1.1.2 prefer "Pass Any Exam.1 ntp server 10. Any Time. Which commands will you use to configurationure the router? A.1.2 as its NTP server before falling back to 10. ip http username admin B.10.1.1. ntp server 10. notifications Answer: D QUESTION NO: 293 You have the followings commands on your Cisco Router: You have been asked to switch from FTP to HTTP.1. Which two commands will you use to replace the existing commands? A.co m ip ftp username admin ip ftp password backup 250 .1. ip http client username admin C.1.1. ntp server 10. changed state to up A. ip http client password backup E.1 ntp server 10.1.1 ntp server 10.1 and 10.2.1. You want to configurationure a Cisco router to use 10.1." . critical C. errors D. alerts B.www.1.D QUESTION NO: 294 You have 2 NTP servers in your network .Cisco 642-832: Practice Exam %LINK-3-UPDOWN: Interface FastEthernet0/1.1.2 primary C.

1. errors E. errors. errors.co m .1. Interrupt-driven D.1. warnings C. critical. informational. alerts Answers: C B. emergencies D. Firefighting C. Foundational Answers: B. errors. Warnings only B.actualtests.com 251 Ac tua lTe sts . errors. critical. debugging. notifications. Policy-based E. critical. critical. critical.www.1. notifications. warnings. alerts Answers: C warnings.Cisco 642-832: Practice Exam D." . warnings. warnings. Any Time. alerts Answers: C warnings. Structured F. D Foundational "Pass Any Exam.1 fallback ntp server 10. ntp server 10. alerts Answers: C QUESTION NO: 296 Which two of the following options are categories of Network Maintenance tasks? A. alerts. warnings. errors.2 Answer: C QUESTION NO: 295 The following command is issued on a Cisco Router: Router(configuration)#logging console warnings Which alerts will be seen on the console? A.

It stands for which of the following ? A.co m 252 ." . Application E. D Foundational Answers: B. D QUESTION NO: 297 You enabled CDP on two Cisco Routers which are connected to each other. Any Time. Action Management C. Physical C. Protocol Management E. Which layer of the OSI model does the problem most likely exist? A.com Ac tua QUESTION NO: 298 lTe sts .www. Foundational Answers: B. FCAPS stands for: "Pass Any Exam. D B.Cisco 642-832: Practice Exam Answers: B. Fault Management B. Network Answer: D FCAPS is a network maintenance model defined by ISO.C. Data-Link F. Security Management Answer: A. The Line and Protocol status for the interfaces on both routers show as UP but the routers do not see each other a CDP neighbors. Session D.E QUESTION NO: 299 DRAG DROP FCAPS is a network maintenance model defined by ISO. Configurationuration Management D.actualtests.

Any Time.com Ac tua There are many Network Maintenance models." .actualtests.www.Cisco 642-832: Practice Exam Answer: QUESTION NO: 300 DRAG DROP Answer: "Pass Any Exam. Match the model names on the left to the options on the right: lTe sts Explanation: F-> Fault Management C-> Configurationuration Management A -> Accounting Management .co m 253 .

Accounting.actualtests. Configurationuration.Cisco 642-832: Practice Exam QUESTION NO: 301 DRAG DROP Answer: Explanation: EEM -> CLI based Management and Monitoring SDM -> Provides a GUI for Administration FTP -> Used for Backup and Restore "Pass Any Exam." . Any Time. Performance and Security (ISO) ITIL -> A collection of best practice recommendations Cisco Lifecycle -> Often referred to as the PPDIOO model TMN -> Telecommunications Management Network 254 .www.com Ac tua lTe sts Match the items on the left to their purpose on the right .co m Explanation: FCAPS -> Fault.

" .com Ac tua lTe Figure 1 sts . Any Time.Cisco 642-832: Practice Exam QUESTION NO: 302 Following ticket consists of a problem description and existing configuration on the device. Figure 2 "Pass Any Exam.co m 255 .www.actualtests.

3 area 12 ! interface Serial0/0/0/0.1.1." .12 point-to-point ip address 10.Cisco 642-832: Practice Exam Trouble Ticket Statement: Client 1 is able to ping 10.0.1.1.1 255.0 0.0.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 TSHOOT On which device is the fault condition located? A.0. R2 C.12 point-to-point ip address 10.com Ac tua lTe sts .2 255.2 but not 10.0 0.actualtests. R1 B.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT Configuration on R2: router ospf 1 log-adjacency-changes network 10.1.255.www.1.1.1.1. Client1 Answer: A QUESTION NO: 303 "Pass Any Exam. Initial troubleshooting shows that R1 does not have any OSPF neighbors or any OSPF routes Configuration on R1: router ospf 1 log-adjacency-changes network 10.0. Any Time.1. DSW1 D.co m 256 .1.3 area 12 default-information originate always ! interface Serial0/0/0/0.255.1.1.255.255.

Figure 2 Trouble Ticket Statement: "Pass Any Exam.actualtests.Cisco 642-832: Practice Exam Following ticket consists of a problem description and existing configuration on the device. Any Time.com Ac tua lTe sts Figure 1 .co m 257 ." .www.

2 but not 10.0.actualtests." . NAT B. Static Routing D.3 area 12 ! interface Serial0/0/0/0.1.0.1. "Pass Any Exam.2 255.12 point-to-point ip address 10.0.12 point-to-point ip address 10.1.1.1.0 0.255. Switch to Switch Connectivity Answer: B QUESTION NO: 304 Following ticket consists of a problem description and existing configuration on the device.1.1.3 area 12 default-information originate always ! interface Serial0/0/0/0. Any Time. OSPF C.www.1.1.1.1.255.1 255. Initial troubleshooting shows that R1 does not have any OSPF neighbors or any OSPF routes Configuration on R1: router ospf 1 log-adjacency-changes network 10.Cisco 642-832: Practice Exam Client 1 is able to ping 10.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT Configuration on R2: router ospf 1 log-adjacency-changes network 10.1.0.0 0.1.255.co m 258 .255.com Ac tua lTe sts .252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 TSHOOT Fault Condition is related to which technology? A.

" .1.1.1. Any Time.com 259 Ac tua lTe sts .1.2 but not 10.www.actualtests.1. Initial troubleshooting shows that R1 does not have any OSPF neighbors or any OSPF routes "Pass Any Exam.co m .Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement: Client 1 is able to ping 10.

12 point-to-point ip address 10.2 255.Cisco 642-832: Practice Exam Configuration on R1: router ospf 1 log-adjacency-changes network 10.0.www.1.255.12 tua lTe sts . "Pass Any Exam.com Ac A.1.1. Any Time.1.0 0.1.0.1. ip nat outside must be added on S0/0/0/0.12 B.co m 260 ." .255.3 area 12 ! interface Serial0/0/0/0.0. ip ospf authentication message-digest command has to be added under the OSPF routing process C.3 area 12 default-information originate always ! interface Serial0/0/0/0.255.0.actualtests.1.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT Configuration on R2: router ospf 1 log-adjacency-changes network 10. ip ospf authentication message-digest command has to be added on S0/0/0/0.0 0.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 TSHOOT What is the solution of the fault condition? Answer: A QUESTION NO: 305 Following ticket consists of a problem description and existing configuration on the device.1.1.4 must be added on R1 D.1 255.12 point-to-point ip address 10. A static route to 10.1.

co m . DSW1 is configurationured to be active router but it never becomes active even though the HSRP communication between DSW1 "Pass Any Exam." .www.actualtests.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement HSRP has been configurationured between DSW1 and DSW2. Any Time.com 261 Ac tua lTe sts .

1.21.Cisco 642-832: Practice Exam and DSW2 is working.0 On which device is the fault condition located? A. DSW1 D.255.128 255. R3 Answer: C QUESTION NO: 306 Following ticket consists of a problem description and existing configuration on the device.128 255.255.2.128 255. "Pass Any Exam.254 standby 10 priority 200 standby 10 preempt standby 10 track 1 decrement 60 Configuration on R4 interface loopback0 ip address 10.2.255.0.com Ac tua lTe sts .255. R4 B.255.0 metric threshold threshold metric up 1 down 2 ! track 10 ip route 10." .21.21. DSW2 C. Configuration on DSW1 track 1 ip route 10.0 standby 10 ip 10.0 metric threshold threshold metric up 63 down 64 ! interface Vlan10 ip address 10.2.255.1.1 255.1.255.2.www.co m 262 .actualtests. Any Time.

Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement HSRP has been configurationured between DSW1 and DSW2. Any Time." .actualtests.com 263 Ac tua lTe sts .co m .www. DSW1 is configurationured to be active router but it never becomes active even though the HSRP communication between DSW1 "Pass Any Exam.

255.www.21.21.1 255.255. Configuration on DSW1 track 1 ip route 10.Cisco 642-832: Practice Exam and DSW2 is working.0 metric threshold threshold metric up 63 down 64 ! interface Vlan10 ip address 10.1.0 Fault Condition is related to which technology? A. Switch to Switch Connectivity Answer: B QUESTION NO: 307 Following ticket consists of a problem description and existing configuration on the device. Any Time.2.128 255.actualtests.1. HSRP C.0 standby 10 ip 10.255.0.255.2.255.128 255.2.1.com Ac tua lTe sts .255.2.255.128 255." .21. OSPF D.0 metric threshold threshold metric up 1 down 2 ! track 10 ip route 10. GLBP B. "Pass Any Exam.co m 264 .254 standby 10 priority 200 standby 10 preempt standby 10 track 1 decrement 60 Configuration on R4 interface loopback0 ip address 10.

actualtests.www.co m .Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement HSRP has been configurationured between DSW1 and DSW2.com 265 Ac tua lTe sts . DSW1 is configurationured to be active router but it never becomes active even though the HSRP communication between DSW1 "Pass Any Exam. Any Time." .

1.2.com Ac A. Change standby 10 track 1 decrement 60 to standby 10 track 1 decrement 100 tua lTe sts .254 standby 10 priority 200 standby 10 preempt standby 10 track 1 decrement 60 Configuration on R4 interface loopback0 ip address 10. Change standby 10 track 1 decrement 60 to standby 10 track 10 decrement 60 D.www. Change standby priority to 140 B.1 255. Change standby priority to 260 C.co m 266 .255.21.255.0 metric threshold threshold metric up 1 down 2 ! track 10 ip route 10.128 255.21.1.128 255.128 255.2.255.Cisco 642-832: Practice Exam and DSW2 is working.0 standby 10 ip 10.0 What is the solution of fault condition? Answer: C QUESTION NO: 308 Following ticket consists of a problem description and existing configuration on the device. Any Time.255.1." .255. "Pass Any Exam.255.0.2.0 metric threshold threshold metric up 63 down 64 ! interface Vlan10 ip address 10.255.21.2.actualtests. Configuration on DSW1 track 1 ip route 10.

65.200.com 267 Ac tua lTe sts . R1 also does not show any active "Pass Any Exam.226 but not the Web Server at 209. Any Time.co m .actualtests.200.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement Client 1 is able to ping 209.www.65. Initial troubleshooting shows and R1 does not have any BGP routes.241." .

224 mask 255.Cisco 642-832: Practice Exam BGP neighbor Configuration on R1 router bgp 65001 no synchronization bgp log-neighbor-changes network 209.252 neighbor 209.www. R1 B.56.65.200.com Ac tua lTe sts . "Pass Any Exam." .actualtests. R2 Answer: A QUESTION NO: 309 Following ticket consists of a problem description and existing configuration on the device. R4 D.co m 268 .255.200.255. DSW1 C. Any Time.226 remote-as 65002 no auto-summary On which device is the fault condition located? A.

HSRP C." . Initial troubleshooting shows and R1 does not have any BGP routes. R1 also does not show any active BGP neighbor lTe Trouble Ticket Statement sts Figure 2 .Cisco 642-832: Practice Exam Figure 1 router bgp 65001 no synchronization bgp log-neighbor-changes network 209.www.226 remote-as 65002 no auto-summary The Fault Condition is related to which technology? A.co m 269 .200. BGP "Pass Any Exam.com Ac Configuration on R1 tua Client 1 is able to ping 209.actualtests.56.252 neighbor 209. Any Time.200.255.255.65.65.200. EIGRP B.241.224 mask 255.200.226 but not the Web Server at 209.65.

actualtests.Cisco 642-832: Practice Exam D. Figure 1 "Pass Any Exam.www." .com Ac tua lTe sts . OSPF Answer: C Explanation: : QUESTION NO: 310 Following ticket consists of a problem description and existing configuration on the device.co m 270 . Any Time.

com 271 Ac tua lTe Client 1 is able to ping 209.255.200.200. Change neighbor 209. Any Time.224 mask 255.co m .226 remote-as 65002 statement to neighbor 209.actualtests.241.200.200.200. Initial troubleshooting shows and R1 does not have any BGP routes.www.200.65.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Configuration on R1 router bgp 65001 no synchronization bgp log-neighbor-changes network 209.56. Change neighbor 209.56.226 remote-as 65001 C.200.252 neighbor 209.56.200.226 but not the Web Server at 209." .226 remote-as 65002 "Pass Any Exam. Enable BGP synchronization B.226 remote-as 65002 statement to neighbor 209. R1 also does not show any active BGP neighbor sts .65.65.65.255.56.226 remote-as 65002 no auto-summary What is the solution of the fault condition? A.

56. Change neighbor 209." .226 remote-as 65002 statement to neighbor 209.co m 272 .com Ac tua lTe sts . Any Time. Figure 1 "Pass Any Exam.Cisco 642-832: Practice Exam D.actualtests.65.200.200.226 remote-as 65001 Answer: C QUESTION NO: 311 Following ticket consists of a problem description and existing configuration on the device.www.

1. DSW2 and all the routers are able to reach the WebServer sts . Initial troubleshooting shows that DSW1.1.actualtests.0 ! interface Serial0/0/0/1 ip address 209.65.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement ip nat inside source list nat_pool interface Serial0/0/0/1 overload ! ip access-list standard nat_pool permit 10.200.co m 273 .241.www.255.12 ip address 10.200. Any Time.65.255.com Ac tua Configuration on R1 lTe Client 1 and Client 2 are not able to reach the WebServer at 209.0.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT ip ospd authentication message-digest On Which device is the fault condition located? "Pass Any Exam.255.252 ip nat outside ! interface Serial0/0/0/0.1 255.1.255." .224 255.

co m 274 . R2 Answer: A QUESTION NO: 312 Following ticket consists of a problem description and existing configuration on the device. DSW1 C. R1 B.com Ac tua lTe sts . Any Time.actualtests." .www. R4 D. Figure 1 "Pass Any Exam.Cisco 642-832: Practice Exam A.

Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement ip nat inside source list nat_pool interface Serial0/0/0/1 overload ! ip access-list standard nat_pool permit 10.1.255.1.1 255.65.241. DSW2 and all the routers are able to reach the WebServer sts .200.0 ! interface Serial0/0/0/1 ip address 209.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT ip ospd authentication message-digest The Fault Condition is related to which technology? "Pass Any Exam. Any Time.255. Initial troubleshooting shows that DSW1.co m 275 .252 ip nat outside ! interface Serial0/0/0/0.com Ac tua Configuration on R1 lTe Client 1 and Client 2 are not able to reach the WebServer at 209.actualtests." .65.www.224 255.12 ip address 10.1.200.255.255.0.

NAT Answer: D QUESTION NO: 313 Following ticket consists of a problem description and existing configuration on the device." .actualtests.www.co m 276 .com Ac tua lTe sts . Figure 1 "Pass Any Exam. EIGRP B. HSRP C.Cisco 642-832: Practice Exam A. BGP D. Any Time.

" .200.255.12 ip address 10.65.co m 277 .www.255.255.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement ip nat inside source list nat_pool interface Serial0/0/0/1 overload ! ip access-list standard nat_pool permit 10.1 255.0.com Ac tua Configuration on R1 lTe Client 1 and Client 2 are not able to reach the WebServer at 209.255.actualtests. DSW2 and all the routers are able to reach the WebServer sts .1.1.1.224 255.241. Any Time.65.200. Initial troubleshooting shows that DSW1.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT ip ospd authentication message-digest What is the solution of the fault condition? "Pass Any Exam.0 ! interface Serial0/0/0/1 ip address 209.252 ip nat outside ! interface Serial0/0/0/0.

12 overload D.0. Add permit 10.0 statement from nat_pool access-list C.2. Change ip nat outside statement under Serial0/0/0/1 configuration to ip nat inside Answer: A QUESTION NO: 314 Following ticket consists of a problem description and existing configuration on the device. Remove permit 10." .0.com Ac tua lTe sts .0 statement in nat_pool access-list B.actualtests. Any Time.Cisco 642-832: Practice Exam A.www.co m 278 .1. Figure 1 "Pass Any Exam. Change ip nat inside source list nat_pool interface Serial0/0/0/1 overload to ip nat inside source list nat_pool interface Serial0/0/0/0.

" .0 0.200.255 ! interface Serial0/0/0/1 ip address 209.65.255. sts .224 255.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement router bgp 65001 no synchronization bgp log-neighbor-changes network 209.241.255.65.200.224 mask 255.200.200.0 0.actualtests.255.252 neighbor 209.0.0.65.255. Any Time.0.65.com Ac tua Config on R1 lTe Client 1 is not able to reach the WebServer at 209.65.2.226 remote-as 65002 no auto-summary ! access-list 30 permit host 209.252 ip nat outside ip access-group 30 in "Pass Any Exam.255. Initial troubleshooting shows that R1 is also not able to reach the WebServer. R1 also does not have any active BGP neighbor.241 access-list 30 deny 10.255 access-list 30 deny 10.www.200.255.1.co m 279 .0.

Cisco 642-832: Practice Exam On which device is the fault condition located? A. R2 Answer: A QUESTION NO: 315 Following ticket consists of a problem description and existing configuration on the device." . Figure 1 "Pass Any Exam.www.co m 280 .actualtests. R1 B.com Ac tua lTe sts . Any Time. DSW1 C. R4 D.

255.0.0 0.252 neighbor 209.200.252 ip nat outside ip access-group 30 in "Pass Any Exam.0 0.241 access-list 30 deny 10.0.200.255.255.255 ! interface Serial0/0/0/1 ip address 209.200.255 access-list 30 deny 10.65.www.65.1.241.65.224 mask 255. R1 also does not have any active BGP neighbor.65. Initial troubleshooting shows that R1 is also not able to reach the WebServer.224 255.226 remote-as 65002 no auto-summary ! access-list 30 permit host 209. sts .actualtests.0.0.200.65.2.200." .255.com Ac tua Config on R1 lTe Client 1 is not able to reach the WebServer at 209.255. Any Time.255.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement router bgp 65001 no synchronization bgp log-neighbor-changes network 209.co m 281 .

Any Time.actualtests. IP Access List Answer: D QUESTION NO: 316 Following ticket consists of a problem description and existing configuration on the device. BGP D." .com Ac tua lTe sts . Figure 1 "Pass Any Exam. IP Access B.co m 282 .www. IP NAT C.Cisco 642-832: Practice Exam The Fault Condition is related to which technology? A.

co m 283 .255.252 neighbor 209.www.255 access-list 30 deny 10.200.200.65.255.200.226 remote-as 65002 no auto-summary ! access-list 30 permit host 209.200.241 access-list 30 deny 10.65. sts .0 0.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement router bgp 65001 no synchronization bgp log-neighbor-changes network 209.0 0. Initial troubleshooting shows that R1 is also not able to reach the WebServer. Any Time.65.65.0.255 ! interface Serial0/0/0/1 ip address 209.65.actualtests.0.255.2.0." .255.1.com Ac tua Config on R1 lTe Client 1 is not able to reach the WebServer at 209.255.255. R1 also does not have any active BGP neighbor.0.252 ip nat outside ip access-group 30 in "Pass Any Exam.224 mask 255.224 255.241.200.

224/30 network in access list 30 B. Any Time.65.200.co m 284 . Add permit statement for 209.200. Remove Deny Statements from access-list 30 C. Figure 1 "Pass Any Exam. Use extended access-list instead of standard access-list Answer: A QUESTION NO: 317 Following ticket consists of a problem description and existing configuration on the device. Change neighbor 209." .com Ac tua lTe sts .Cisco 642-832: Practice Exam What is the solution of the fault condition? A.226 remote-as 65002 statement to neighbor 209.actualtests.226 remote-as 65001 D.65.65.www.200.

0 ! On which device is the fault condition located? "Pass Any Exam.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP Server Configuration on DSW1 vlan access-map test1 10 drop match ip address 10 ! vlan filter test1 vlan-list 10 ! ip access-list standard 10 permit 10.1 255.255.0.2.255.co m .0.com 285 Ac tua lTe sts .255 ! Interface VLAN10 ip address 10.2.255." . Any Time.0 0.www.1.actualtests.

DSW1 C.co m 286 . R4 B.com Ac tua lTe sts .www. Any Time. Client 1 D. Figure 1 "Pass Any Exam." . FTP Server Answer: B QUESTION NO: 318 Following ticket consists of a problem description and existing configuration on the device.Cisco 642-832: Practice Exam A.actualtests.

255.255 ! Interface VLAN10 ip address 10. Any Time.actualtests." .co m .255.1 255.2.2.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP Server Configuration on DSW1 vlan access-map test1 10 drop match ip address 10 ! vlan filter test1 vlan-list 10 ! ip access-list standard 10 permit 10.0.0 ! The Fault Condition is related to which technology? "Pass Any Exam.com 287 Ac tua lTe sts .255.0 0.www.0.1.

Cisco 642-832: Practice Exam A." . VLAN Access Map B. InterVLAN communication C. Any Time.www. IP Access List Answer: A QUESTION NO: 319 Following ticket consists of a problem description and existing configuration on the device.actualtests.co m 288 .com Ac tua lTe sts . DHCP D. Figure 1 "Pass Any Exam.

255.co m 289 .0 ! "Pass Any Exam.2.www.1 255.255.255.255 ! Interface VLAN10 ip address 10.actualtests.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP Server Configuration on DSW1 vlan access-map test1 10 drop match ip address 10 ! vlan filter test1 vlan-list 10 ! ip access-list standard 10 permit 10.0." .com Ac tua lTe sts .0 0. Any Time.0.2.1.

Change the IP Address of VLAN 10 on DSW1 C.com Ac tua lTe sts . Configurationure Static IP Address on Client 1 B." .actualtests.Cisco 642-832: Practice Exam What is the solution of the fault condition? A. Any Time.www. Figure 1 "Pass Any Exam.co m 290 . Add Permit any statement to access-list 10 D. Remove VLAN filter test1 from DSW1 Answer: D QUESTION NO: 320 Following ticket consists of a problem description and existing configuration on the device.

FTP Server Answer: B "Pass Any Exam. ASW1 C.co m 291 .0000." . DSW1 B.0001 tua Configuration on ASW1 lTe Client one is getting a 169.x IP address and is not able to ping Client 2 or DSW1.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement On which device is the fault condition located? A. Inital troubleshooting shows that port Fa1/0/1 on ASW1 is in errdisable state.x.actualtests. sts .com Ac Interface FastEthernet1/0/1 switchport mode access switchport port-security switchport port-security mac-address 0000.x. Any Time. Client 1 D.www.

Cisco 642-832: Practice Exam QUESTION NO: 321 Following ticket consists of a problem description and existing configuration on the device.com 292 Ac tua lTe sts ." .co m .www. Any Time. Figure 1 Figure 2 Trouble Ticket Statement "Pass Any Exam.actualtests.

x.x IP address and is not able to ping Client 2 or DSW1. Port Security Answer: D Following ticket consists of a problem description and existing configuration on the device. "Pass Any Exam. Inital troubleshooting shows that port Fa1/0/1 on ASW1 is in errdisable state.com Ac tua lTe QUESTION NO: 322 sts . InterVLAN communication C. Any Time.www.Cisco 642-832: Practice Exam Client one is getting a 169. DHCP D. Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport port-security switchport port-security mac-address 0000.co m 293 .0000. VLAN Access Map B.x." .actualtests.0001 The Fault Condition is related to which technology? A.

Configurationure Static IP Address on Client 1 B.x." .0000. Any Time. Inital troubleshooting shows that port Fa1/0/1 on ASW1 is in errdisable state.co m 294 .actualtests.0000.com Ac tua lTe sts Figure 2 .0001 command on port fa1/0/1 on ASW1 "Pass Any Exam. Issue shutdown command followed by no shutdown command on port fa1/0/1 on ASW1 D.x.www.0000.x IP address and is not able to ping Client 2 or DSW1. Issue no switchport port-security mac-address 0000. Issue no switchport port-security mac-address 0000.0001 What is the solution of the fault condition? A. Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport port-security switchport port-security mac-address 0000. Change the IP Address of VLAN 10 on DSW1 C.Cisco 642-832: Practice Exam Figure 1 Trouble Ticket Statement Client one is getting a 169.0001 command followed by shutdown and no shutdown command on port fa1/0/1 on ASW1 E.

Figure 1 "Pass Any Exam. Any Time.co m 295 .www.Cisco 642-832: Practice Exam Answer: D QUESTION NO: 323 Following ticket consists of a problem description and existing configuration on the device." .com Ac tua lTe sts .actualtests.

x IP address and are not able to ping DSW1 or the FTP Server. Client 1 D. "Pass Any Exam.x. Any Time.actualtests. Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport access vlan 1 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 1 On which device is the fault condition located? A." . FTP Server Answer: B QUESTION NO: 324 Following ticket consists of a problem description and existing configuration on the device. They are able to ping each other.x.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Client 1 and Client 2 are getting a 169.co m 296 . ASW1 C.com Ac tua lTe sts . DSW1 B.www.

x IP address and are not able to ping DSW1 or the FTP Server. "Pass Any Exam. Any Time.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement Client 1 and Client 2 are getting a 169.actualtests. They are able to ping each other." .co m .www.x.com 297 Ac tua lTe sts .x.

" .actualtests. Port Security Answer: A QUESTION NO: 325 Following ticket consists of a problem description and existing configuration on the device.www. DHCP D.co m 298 .com Ac tua lTe sts .Cisco 642-832: Practice Exam Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport access vlan 1 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 1 The Fault Condition is related to which technology? A. Any Time. InterVLAN communication C. VLAN B. "Pass Any Exam.

co m 299 .x.actualtests. Change the IP Address of VLAN 10 on DSW1 C.x.x IP address and are not able to ping DSW1 or the FTP Server.com Ac tua lTe sts Figure 2 . Any Time.www. They are able to ping each other.Cisco 642-832: Practice Exam Figure 1 Trouble Ticket Statement Client 1 and Client 2 are getting a 169. Given an IP address to VLAN 1 on DSW1 B. Give static IP addresses to Client 1 and Client 2 "Pass Any Exam. Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport access vlan 1 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 1 What is the solution of the fault condition? A. Issue switchport access vlan 10 command on interfaces fa1/0/1 and fa1/0/2 on ASW1 D." .

actualtests.www.co m 300 ." .com Ac tua lTe sts . Any Time. Figure 1 "Pass Any Exam.Cisco 642-832: Practice Exam Answer: C QUESTION NO: 326 Following ticket consists of a problem description and existing configuration on the device.

co m 301 .Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Client 1 and Client 2 are getting a 169.x IP address and are not able to ping DSW1 or the FTP Server.com Ac tua lTe sts .actualtests. ASW1 B.x. DSW1 C. Client 1 D.x. FTP Server Answer: A QUESTION NO: 327 Following ticket consists of a problem description and existing configuration on the device. Configuration on ASW1 Interface PortChannel13 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface PortChannel23 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface FastEthernet1/0/1 switchport mode access switchport access vlan 10 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 10 ! On Which device is the fault condition located? A. They are able to ping each other. "Pass Any Exam.www." . Any Time.

"Pass Any Exam. They are able to ping each other. Any Time.actualtests.com 302 Ac tua lTe sts .x IP address and are not able to ping DSW1 or the FTP Server.co m .Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement Client 1 and Client 2 are getting a 169." .x.www.x.

Cisco 642-832: Practice Exam Configuration on ASW1 Interface PortChannel13 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface PortChannel23 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface FastEthernet1/0/1 switchport mode access switchport access vlan 10 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 10 ! The Fault Condition is related to which technology? A.co m 303 .www." . Any Time.com Ac tua lTe sts .actualtests. InterVLAN communication C. DHCP D. "Pass Any Exam. Switch to Switch Connectivity Answer: D QUESTION NO: 328 Following ticket consists of a problem description and existing configuration on the device. VLAN B.

x." .com 304 Ac tua lTe sts .co m . Any Time.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement Client 1 and Client 2 are getting a 169. They are able to ping each other.www. "Pass Any Exam.actualtests.x IP address and are not able to ping DSW1 or the FTP Server.x.

200 on interface portchannel13 and portchannel23 on ASW1 D.www. Issue switchport trunk allowed vlan 10.com Ac Answer: C tua A. Issue switchport trunk allowed vlan none on interface portchannel13 and portchanngel23 on ASW1 lTe sts .Cisco 642-832: Practice Exam Configuration on ASW1 Interface PortChannel13 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface PortChannel23 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface FastEthernet1/0/1 switchport mode access switchport access vlan 10 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 10 ! What is the solution of the fault condition? QUESTION NO: 329 Following ticket consists of a problem description and existing configuration on the device. Any Time. Change the VLAN assignment on fa1/0/1 and fa1/0/2 on ASW1 to VLAN 1 B." .actualtests. "Pass Any Exam.co m 305 . Change the IP Address of VLAN 10 on DSW1 C.

co m .com 306 Ac tua lTe sts .actualtests.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement Client 1 is not able to reach the WebServer. "Pass Any Exam.www.34 interface. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0." . Any Time.

Cisco 642-832: Practice Exam Configuration on DSW1 router eigrp 10 network 10.1.4.4 0.0.0.0 network 10.2.1.1 0.0.0.0 network 10.2.4.13 0.0.0.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.1.4.8 0.0.0.0 network 10.2.2.1 0.0.0.0 network 10.2.4.14 0.0.0.0 no auto-summary Configuration on R4 router eigrp 1 network 10.1.4.5 0.0.0.0 no auto-summary redistribute ospf 1

On which device is the fault condition located? A. DSW1 B. DSW2 C. Client 1 D. R4 Answer: D

QUESTION NO: 330 Following ticket consists of a problem description and existing configuration on the device.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

307

Cisco 642-832: Practice Exam

Figure 1

Figure 2

Trouble Ticket Statement Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0.34 interface. "Pass Any Exam. Any Time." - www.actualtests.com 308

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam Configuration on DSW1 router eigrp 10 network 10.1.4.4 0.0.0.0 network 10.2.1.1 0.0.0.0 network 10.2.4.13 0.0.0.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.1.4.8 0.0.0.0 network 10.2.2.1 0.0.0.0 network 10.2.4.14 0.0.0.0 no auto-summary Configuration on R4 router eigrp 1 network 10.1.4.5 0.0.0.0 no auto-summary redistribute ospf 1

The Fault Condition is related to which technology? A. EIGRP B. InterVLAN communication C. OSPF D. Switch to Switch Connectivity Answer: A

QUESTION NO: 331 Following ticket consists of a problem description and existing configuration on the device.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

309

Cisco 642-832: Practice Exam

Figure 1

Figure 2

Trouble Ticket Statement Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0.34 interface. "Pass Any Exam. Any Time." - www.actualtests.com 310

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam Configuration on DSW1 router eigrp 10 network 10.1.4.4 0.0.0.0 network 10.2.1.1 0.0.0.0 network 10.2.4.13 0.0.0.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.1.4.8 0.0.0.0 network 10.2.2.1 0.0.0.0 network 10.2.4.14 0.0.0.0 no auto-summary Configuration on R4 router eigrp 1 network 10.1.4.5 0.0.0.0 no auto-summary redistribute ospf 1

What is the solution of the fault condition?

Answer: C

QUESTION NO: 332 Following ticket consists of a problem description and existing configuration on the device.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. Change the EIGRP AS to 1 on DSW1 B. Change the routing protocol on DSW1 and DSW2 to OSPF C. Change the EIGRP AS to 10 on R4 D. Advertise 10.1.1.8/30 network in EIGRP on R4

tua

lTe

sts

.co

m

311

Cisco 642-832: Practice Exam

Figure 1

Figure 2 Trouble Ticket Statement Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0.34 interface. "Pass Any Exam. Any Time." - www.actualtests.com 312

Ac

tua

lTe

sts

.co

m

1.0 0.255 The Fault Condition is related to which technology? A.0.0.4.0.255.com Ac tua lTe sts . EIGRP B.0.0.actualtests.0. OSPF D.0.www.0.0.255.2.0 area 34 redistribute eigrp 10 subnets ! route-map EIGRP->OSPF match ip address 1 ! access-list 1 permit 10.0 no auto-summary Configuration on R4 router eigrp 10 network 10. Route Redistribution C.4." .0 network 10.1.1.Cisco 642-832: Practice Exam Configuration on DSW1 router eigrp 10 network 10.255.2. IP Addressing Answer: B "Pass Any Exam.1 0.1 0.0 network 10.2.4.0 no auto-summary redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF ! router ospf 1 network 10.255 access-list 1 permit 209.2.0.0.0.4 0.4.0.2.0.0.14 0.1.0.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.1.5 0.8 0.0.co m 313 .255. Any Time.1.0 network 10.8 0.0.0 network 10.4.0.0 0.13 0.0.

www.actualtests.co m .com 314 Ac tua lTe sts . Figure 1 Figure 2 Trouble Ticket Statement "Pass Any Exam.Cisco 642-832: Practice Exam QUESTION NO: 333 Following ticket consists of a problem description and existing configuration on the device. Any Time." .

0.0.0.255 access-list 1 permit 209.0.0.0.255.1 0.0.0 network 10.34 interface.0 network 10.0.255 What is the solution of the fault condition? A.5 0.1 0.13 0.0 network 10.0.4.2.actualtests. Remove the redistribute command from OSPF process on R4 B.255.8 0.Cisco 642-832: Practice Exam Client 1 is not able to reach the WebServer.1.0.4.14 0.1.0.0 no auto-summary Configuration on R4 router eigrp 10 network 10. Change the route-map name in the redistribute command under OSPF process to EIGRP>OSPF on R4 "Pass Any Exam.4.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.2.com 315 Ac tua lTe sts .0.0.0 network 10.2.1.4.255.2.0.0.0.0 0.www. Any Time." .4 0.0.0.1.0 0.255.co m . Configuration on DSW1 router eigrp 10 network 10.0 no auto-summary redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF ! router ospf 1 network 10.1.1.2.0 area 34 redistribute eigrp 10 subnets ! route-map EIGRP->OSPF match ip address 1 ! access-list 1 permit 10.4.0.0.8 0. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0.

Cisco 642-832: Practice Exam C.actualtests. Change EIGRP AS to 1 on R4 D.com Ac tua lTe sts .1." .1.8/30 network in EIGRP on R4 Answer: B QUESTION NO: 334 Following ticket consists of a problem description and existing configuration on the device. Advertise 10. Any Time.www.co m 316 . Figure 1 "Pass Any Exam.

1.0 network 10.com Ac tua lTe Client 1 is not able to reach the WebServer.2.4 0.13 0.4." .www.34 interface.4.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Configuration on DSW1 router eigrp 10 network 10.1 0.0.14 0.4.2.0.0 network 10.2.0.0.2.2.0.1.0 no auto-summary Configuration on R4 router eigrp 10 "Pass Any Exam.1. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0.4.co m 317 .0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.0.1 0.0.0 network 10. Any Time. sts .actualtests.0.0.8 0.0.0 network 10.0.0.

0.0 0. Client 1 D.0. DSW2 C.0 0.4.0.1.255.com Ac tua lTe sts A.0.12 IPv6 address. Configuration on R2 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 2.co m On Which device is the fault condition located? 318 . R4 .1.255.actualtests.8 0.0.www.0 no auto-summary redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF ! router ospf 1 network 10. DSW1 B. Initial troubleshooting shows and R2 is not an OSPFv3 neighbor on R3.2 ! interface s0/0/0/0.5 0.255 access-list 1 permit 209. Trouble Ticket Statement DSW1 and R4 cannot ping R2's loopback or R2's s0/0/0/0. Any Time.0.2.23 ipv6 address 2026::1:1/122 "Pass Any Exam.0.1." .0 area 34 redistribute eigrp 10 subnets ! route-map EIGRP->OSPF match ip address 1 ! access-list 1 permit 10.Cisco 642-832: Practice Exam network 10.255.0.2.255.255 Answer: D QUESTION NO: 335 The network setup for this trouble ticket is shown in Figure 3.

DSW1 B. DSW2 C.3.3. R3 Answer: C "Pass Any Exam." .com Ac tua lTe sts .co m 319 . Any Time. R2 D.23 ipv6 address 2026::1:2/122 ipv6 ospf 6 area 0 Figure 3 On Which device is the fault condition located? A.www.Cisco 642-832: Practice Exam Configuration R3 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 3.actualtests.3 ! interface s0/0/0/0.

Initial troubleshooting shows and R2 is not an OSPFv3 neighbor on R3.com Ac tua lTe sts .co m 320 . Configuration on R2 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 2.Cisco 642-832: Practice Exam QUESTION NO: 336 The network setup for this trouble ticket is shown in Figure 3. Trouble Ticket Statement DSW1 and R4 cannot ping R2's loopback or R2's s0/0/0/0.3 ! interface s0/0/0/0." .actualtests.3.2. Any Time.2.23 ipv6 address 2026::1:1/122 Configuration R3 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 3.www.2 ! interface s0/0/0/0.23 ipv6 address 2026::1:2/122 ipv6 ospf 6 area 0 "Pass Any Exam.12 IPv6 address.3.

Trouble Ticket Statement DSW1 and R4 cannot ping R2's loopback or R2's s0/0/0/0. Route Redistribution C.www.12 IPv6 address.com Ac tua lTe sts . RIPng Answer: C QUESTION NO: 337 The network setup for this trouble ticket is shown in Figure 3. OSPFv3 D. IPv6 Addressing B.co m 321 . Any Time. Initial troubleshooting shows and R2 is not an OSPFv3 neighbor on R3." . Configuration on R2 "Pass Any Exam.Cisco 642-832: Practice Exam Figure 3 The Fault Condition is related to which technology? A.actualtests.

co m .2.com 322 Ac tua lTe sts ." .23 ipv6 address 2026::1:2/122 ipv6 ospf 6 area 0 Figure 3 What is the solution of the fault condition? "Pass Any Exam.3.2 ! interface s0/0/0/0.3 ! interface s0/0/0/0.www.Cisco 642-832: Practice Exam ipv6 unicast-routing ! ipv6 router ospf 6 router-id 2.23 ipv6 address 2026::1:1/122 Configuration R3 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 3.actualtests. Any Time.2.3.

Add ipv6 ospf 6 area 6 under s0/0/0/0. Any Time.actualtests.23 on R2 C.23 on R2 B." .Cisco 642-832: Practice Exam A.www.23 on R2 Answer: A "Pass Any Exam. Add ipv6 ospf 6 area 0 under S0/0/0/0. Enable IPv6 routing on s0/0/0/0. Remove IPv6 address from s0/0/0/0.23 on R2 D.com Ac tua lTe sts .co m 323 .

Sign up to vote on this title
UsefulNot useful