Cisco 642-832

642-832 Troubleshooting and Maintaining Cisco IP Switched Networks (TSHOOT)

Practice Test
Version

Cisco 642-832: Practice Exam QUESTION NO: 1 Which two statements about the Cisco Aironet Desktop Utility (ADU) are true? (Select two) A. The Aironet Desktop Utility (ADU) profile manager feature can create and manage only one profile for the wireless client adapter. B. The Aironet Desktop Utility (ADU) can support only one wireless client adapter installed and used at a time. C. The Aironet Desktop Utility (ADU) can be used to establish the association between the client adapter and the access point, manage authentication to the wireless network, and enable encryption. D. The Aironet Desktop Utility (ADU) and the Microsoft Wireless Configuration Manager can be used at the same time to configure the wireless client adapter. Answer: B,C Explanation: You can configure your Cisco Aironet Wireless LAN Client Adapter through the Cisco ADU or a third-party tool, such as the Microsoft Wireless Configuration Manager. Because third-party tools may not provide all the functionality available in ADU, Cisco recommends that you use ADU. The Aironet Desktop Utility (ADU) can support only one wireless client adapter as well as Aironet Desktop Utility establish the association between the client adapter and Access Point, allows to authenticate wireless client, allows to configure encryption by setting static WEP, WPA/WPA2 passphrase.

Section 3: Perform routine IOS device maintenance (0 Questions)

Section 4: Isolate sub-optimal internetwork operation at the correctly defined OSI Model layer (2 Questions)

QUESTION NO: 2 At which layer of the OSI model does the Spanning Tree Protocol (STP) operate at? A. Layer 5

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

2

Cisco 642-832: Practice Exam B. Layer 4 C. Layer 3 D. Layer 2 E. Layer 1 Answer: D Explanation: Spanning-Tree Protocol (STP) is a Layer 2 (L2) protocol designed to run on bridges and switches. The specification for STP is called 802.1d. The main purpose of STP is to ensure that you do not run into a loop situation when you have redundant paths in your network. Loops are deadly to a network.

QUESTION NO: 3 In computer networking a multicast address is an identifier for a group of hosts that have joined a multicast group. Multicast addressing can be used in the Link Layer (OSI Layer 2), such as Ethernet Multicast, as well as at the Internet Layer (OSI Layer 3) as IPv4 or IPv6 Multicast. Which two descriptions are correct regarding multicast addressing? A. The first 23 bits of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. B. The last 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. C. To calculate the Layer 2 multicast address, the host maps the last 23 bits of the IP address into the last 24 bits of the MAC address. The high-order bit is set to 0. D. The first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. Answer: C,D

Explanation: The point of this question is the form of multicast MAC address, and the conversion between the multicast MAC address and IP address. The multicast MAC address is 6 bytes(48 bits), the first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E, the last 3 bytes(24 bits) of the multicast MAC address =0 + 23 bit(the last 23 bit of the IP address). "0x01-00-5E" is a reserved value that indicates a multicast application. So option B and D are correct.

QUESTION NO: 4

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

3

Cisco 642-832: Practice Exam EIGRP is being used as the routing protocol on the company network. While troubleshooting some network connectivity issues, you notice a large number of EIGRP SIA (Stuck in Active) messages. What causes these SIA routes? (Select two) A. The neighboring router stops receiving ACK packets from this router. B. The neighboring router starts receiving route updates from this router. C. The neighboring router is too busy to answer the query (generally caused by high CPU utilization). D. The neighboring router is having memory problems and cannot allocate the memory to process the query or build the reply packet. Answer: C,D Explanation: SIA routes are due to the fact that reply packets are not received. This could be caused by a router which is unable to send reply packets. The router could have reached the limit of its capacity, or it could be malfunctioning. Incorrect Answers: A: Missing replies, not missing ACKs, cause SIA. B: Routes updates do not cause SIA.Notes: If a router does not receive a reply to all outstanding queries within 3 minutes, the route goes to the stuck in active (SIA) state. The router then resets the neighbors that fail to reply by going active on all routes known through that neighbor, and it readvertises all routes to that neighbor.Reference: Enhanced Interior Gateway Routing Protocolhttp://www.cisco.com/warp/public/103/eigrp3.html

QUESTION NO: 5

Part of the routing table of router R1 is displayed below: S 62.99.153.0/24 [1/0] via 209.177.64.130 172.209.12.0/32 is subnetted, 1 subnets D EX 172.209.1 [170/2590720] via 209.179.2.114, 06:47:28, Serial0/0/0.1239 62.113.17.0/24 is variably subnetted, 2 subnets, 2 masks D EX 99.3.215.0/24 [170/27316] via 209.180.96.45, 09:52:10, FastEthernet11/0/0 [170/27316] via 209.180.96.44, 09:52:10, FastEthernet11/0/0 25.248.17.0/24 [90/1512111] via 209.179.66.25, 10:33:13, Serial0/0/0.1400001 [90/1512111] via 209.179.66.41, 10:33:13, Serial0/0/0.1402001 62.113.1.0/24 is variably subnetted, 12 subnets, 2 masks D 62.113.1.227/32 "Pass Any Exam. Any Time." - www.actualtests.com 4

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam [90/2611727] via 209.180.96.45, 10:33:13, FastEthernet1/0/0 [90/2611727] via 209.180.96.44, 10:33:13, FastEthernet1/0/0 S* 0.0.0.0/0 [1/0] via 209.180.96.14 From analyzing the above command output, what is the administrative distance of the external EIGRP routes? A. 24 B. 32 C. 90 D. 170 E. 27316 F. None of the other alternatives apply Answer: D Explanation: By default an external EIGRP route has a value of 170. By examining the exhibit we see that this default value of the external EIGRP routes (see D-EX in exhibit) indeed is set to 170. The first value within the brackets display the AD, so with a value of [170/27316] the AD is 170 and the metric of the route is 27316. Incorrect Answers: A: This is the subnet mask used for some of the routes in the table. B: This is the subnet mask used for some of the routes in the table. C: This is the AD of the internal EIGRP routes, which is the default E: This is the EIGRP metric of the external EIGRP routes.Reference: What Is Administrative Distance?http://www.cisco.com/warp/public/105/admin_distance.html

QUESTION NO: 6

The network is shown below, along with the relevant router configurations:

R1# show run interface Loopback0 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0 ip address 172.29.1.1 255.255.255.0 media-type 10BaseT "Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

5

Cisco 642-832: Practice Exam ! ! router eigrp 999 redistribute connected network 172.29.0.0 auto-summary no eigrp log-neighbor-changes ! ip classless no ip http server R2# show run interface Ethernet0 ip address 172.29.1.2 255.255.255.0 media-type 10BaseT ! interface Ethernet1 ip address 172.19.2.2 255.255.255.0 media-type 10BaseT ! router eigrp 999 network 172.19.0.0 network 172.29.0.0 ! ip classless no ip http server R3# show run interface Ethernet1/0 ip address 172.19.2.3 255.255.255.0 ! router eigrp 999 network 172.19.0.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip http server

With the topology found in the graphic, what will the R1 loopback 0 be in the R3 routing table? A. It will show up in the routing table as D 10.0.0/8. "Pass Any Exam. Any Time." - www.actualtests.com 6

Ac

tua

lTe

sts

.co

m

0/8 in the routing table of the other routers. D. C. If the command "variance 3" was added to the EIGRP configuration of R5.www. it will redistribute the connected loopback network into EIGRP. R5-R2-R1 and R5-R3-R1. Study the exhibits carefully./24.Cisco 642-832: Practice Exam B. it would be redistributed because it is a connected route. which path or paths would be chosen to route traffic from R5 to network X? A. and it will also be summarized since that is the default behavior of EIGRP. Any Time. It will show up in the routing table as D EX 10. It will show up in the routing table as D 10. D: Although it was not configured under the EIGRP network command. "Pass Any Exam.co m . R5-R3-R1 and R5-R4-R1.0. Incorrect Answers: A: The route will be external. choice B is correct. EIGRP summarizes at network boundaries by default so the network will appear as the class A network of 10.0.0. C: It will be external because of redistribution." .com 7 Ac tua lTe The EIGRP network is displayed in the following topology diagram: sts .0.0.actualtests. Because redistributed routes will show up as external EIGRP routes in the routing table. since it was redistributed into EIGRP. C. It will not show up in R3 routing table because there is no network command on R1. QUESTION NO: 7 You work as a network technician. Although the loopback interface is using a /24 subnet mask.0/8.0. Answer: B Explanation: Because router R1 is configured with route redistribution. R5-R2-R1 B.

shtml QUESTION NO: 8 The following command was issued on Router 2: Given the above output shown above. which means equal cost load balancing. The variable n can take a value between 1 and 128. R5-R2-R1. C. B.Cisco 642-832: Practice Exam D. 192. 192.actualtests. the path is not used in load balancing. Traffic is also distributed among the links with unequal costs. E.168.168.co m 8 . D. Use the variance n command in order to instruct the router to include routes with a metric of less than n times the minimum metric route for that destination. with respect to the metric.com Ac tua lTe sts . Any Time.0 is equal path load balancing with 172.1.0.1.www. Interior Gateway Routing Protocol (IGRP) and EIGRP also support unequal cost path load balancing. This is why chose D is wrong as this path has an Advertised Distance of 25 which is greater than the successors FD. The link below refers to an example that is nearly identical to the example in this question.168." . Reference: http://www. 192.1. Therefore.1.168. which statement is true? A.0 is a summarized route. The default is 1. None of the other alternatives apply Answer: A "Pass Any Exam. proportionately. and R3-R1 = 10 as well with the FD between R5 .1. R5 can get to Net X using the path R5-R3 = metric of 10. which is 60 Important Note: If a path does not meet the feasibility condition. except theirs used a variance of 2 and this question used a variance of 3. or 3x20.16. In this instance.0 is a redistributed route into EIGRP. and R5-R4-R1. In this question the variance 3 command is used . we can load balance on any route that had an FD of 3x the successor. Answer: B Explanation: Every routing protocol supports equal cost path load balancing.cisco.R1 being 10 + 10 = 20.com/en/US/tech/tk365/technologies_tech_note09186a008009437d.0 is a static route. In addition.R5-R3-R1. 192.

the metric formula reduces to: metric = (1 × bandwidth) + (1 × delay) metric = bandwidth + delay K Values should be same to become the EIGRP neighbors. by default. Given the debug output on RouterA. sts . K1 = K3 = 1. and RouterB. RouterA received a hello packet with mismatched authentication parameters. B. the less desirable it is.1. F.2. K2 = K4 = K5 = 0. Any Time.1.load)] + (K3 × delay)] × [K5 ÷ (reliability + K4)] The elements in this equation are as follows: * By default. Therefore.2.com Ac tua lTe A. RouterA will form an adjacency with RouterB. The higher the metric associated with a route. D. RouterA received a hello packet with mismatched autonomous system numbers. IP address 10.actualtests. QUESTION NO: 10 Study the exhibit below carefully: "Pass Any Exam." . which two statements are true? Answer: A. RouterA received a hello packet with mismatched metric-calculation mechanisms.co m 9 .www. E. QUESTION NO: 9 A network administrator is troubleshooting an EIGRP connection between RouterA. For EIGRP. C.F Explanation: Metrics are the mathematics used to select a route. RouterA will not form an adjacency with RouterB. the Bellman-Ford algorithm uses the following equation and creates the overall 24-bit metric assigned to a route: * metric = [(K1 × bandwidth) + [( K2 × bandwidth) ÷ (256 . RouterA received a hello packet with mismatched hello timers.2. IP address 10.1.Cisco 642-832: Practice Exam Explanation: When EIGRP learns the routing information from the different routing protocol it uses D EX symbol to indicate that this routing information has learned from other routing protocol.

Often.0/24 E.0 eigrp stub A. the remote router must forward all nonlocal traffic to a distribution router. reduces resource utilization. connected routes. so it becomes unnecessary for the remote router to hold a complete routing table. Generally.0. The router responds to queries for summaries. When using the EIGRP Stub Routing feature. 192.com 10 Ac tua lTe sts . and internal routes with the message "inaccessible.Cisco 642-832: Practice Exam If the configuration shown below is added to Router1. In a hub and spoke network. 10. the distribution router will be connected to 100 or more remote routers.0/24 B. 10.D. The remote router is adjacent only to one or more distribution routers. one or more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more distribution routers (the hub). This type of configuration is commonly used in WAN topologies where the distribution router is directly connected to a WAN. Stub routing is commonly used in a hub and spoke network topology.168.20. which three route entries will EIGRP advertise to neighboring routers? (Select three) router eigrp 10 network 10.1.0/24 C.1. In a hub and spoke topology.E Explanation: The Enhanced Interior Gateway Routing Protocol (EIGRP) Stub Routing feature improves network stability.actualtests. you need to configure the distribution and remote routers to use EIGRP. "Pass Any Exam.1.2. and to configure only the remote router as a stub. The distribution router can be connected to many more remote routers.1. the distribution router need not send anything more than a default route to the remote router.www.co m . and simplifies stub router configuration.0/24 D.0/8 Answer: C. 10.0.0. external routes. redistributed static routes.0.3." . 10. Only specified routes are propagated from the remote (stub) router. Any Time. The only route for IP traffic to follow into the remote router is through a distribution router." A router that is configured as a stub will send a special peer information packet to all neighboring routers to report its status as a stub router.

RIP and IGRP routers merely broadcast or multicast updates on configured interfaces. C. R1 does not show R2 as a neighbor and does not accept routing updates from R2. much the same way that OSPF routers do.1/24. What could be the cause of the problem? A. D. Interface E0 on router R1 has not been configured with a secondary IP address of 10.www.Cisco 642-832: Practice Exam Any neighbor that receives a packet informing it of the stub status will not query the stub router for any routes. However. EIGRP cannot exchange routing updates with a neighbor's router interface that is configured with two IP addresses. Hellos "Pass Any Exam.actualtests.co m .2. EIGRP routers establish adjacencies with neighbor routers by using small hello packets." . The stub router will depend on the distribution router to send the proper updates to all peers. B. The no auto-summary command has not been issued under the EIGRP process on both routers. EIGRP has been configured on routers R1 and R2. EIGRP routers actively establish relationships with their neighbors. EIGRP cannot form neighbor relationship and exchange routing updates with a secondary address.1.com 11 Ac tua lTe sts . QUESTION NO: 11 Refer to the exhibit. In contrast. and a router that has a stub peer will not query that peer. Answer: D Explanation: Remember that simple distance vector routers do not establish any relationship with their neighbors. Any Time.

This is the normal operation of EIGRP. in fact. acknowledgements). B. If you wished to view the statistics for these packets. it takes a very long time for a query to be answered. D. Any Time. that the router that issued the query gives up and clears its connection to the router that isn't answering. show ip eigrp traffic C. The most basic SIA routes occur when it simply takes too long for a query to reach the other end of the network and for a reply to travel back. replies. Some query or reply packets are lost between the routers. The neighboring router starts receiving route updates from this router. D: Ack packets don't reply to Queries. A failure causes traffic on a link between two neighboring routers to flow in only one direction (unidirectional link). Answer: A.html QUESTION NO: 13 EIGRP uses five generic packet types (hello.www. EIGRP routers do the following: Dynamically learn of new routes that join their network Identify routers that become either unreachable or inoperable Rediscover routers that had previously been unreachable QUESTION NO: 12 While troubleshooting an EIGRP routing problem you notice that one of the company routers have generated a large number of SIA messages." . The neighboring router stops receiving ACK packets from this router. or a router with insufficient memory. queries. those neighbors (and their routes) remain viable. Note: In some circumstances. only Reply do.co m 12 . debug eigrp packets B. effectively restarting the neighbor session.cisco. An EIGRP router assumes that as long as it is receiving hello packets from known neighbors.Cisco 642-832: Practice Exam are sent by default every five seconds. which IOS command should you use? A.Reference:http://www. What are two possible causes for EIGRP Stuck-InActive routes? (Select two) A. By forming adjacencies. Incorrect Answers: B: Does not apply to SIA. This is known as a stuck in active (SIA) route.com/warp/public/103/eigrp3. So long.com Ac tua lTe sts . show ip eigrp topology "Pass Any Exam. C. This is normally due to too many routing topology changes.C Explanation: The acknowledgement does not reach the destination or they are too delayed.actualtests. updates.

The hello times do not match. Answer: A.co m .html#wp1018815 . The K-values do not match.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter 09186a00800ca5a9. Example: The following is sample output from the show ip eigrp traffic command: Router# show ip eigrp traffic IP-EIGRP Traffic Statistics for process 77 Hellos sent/received: 218/205 Updates sent/received: 7/23 Queries sent/received: 2/0 Replies sent/received: 0/2 Acks sent/received: 21/14 QUESTION NO: 14 A." . C. What is a likely cause of this problem between neighbors? (Select two) lTe sts Reference :http://www. Incorrect Answers: B: It is possible for two routers to become EIGRP neighbors even though the hello and hold timers do not match. The AS numbers do not match. show ip eigrp neighbors Answer: B Explanation: The show ip eigrp traffic command displays the number of Enhanced IGRP (EIGRP) packets sent and received. D.D Explanation: Peer relationships and adjacencies between routers will not be formed between EIGRP routers if the neighbor resides in a different autonomous system or if the metric-calculation mechanism (K values) is misaligned for that link. Any Time.actualtests.Section 2: Troubleshoot OSPF(9 Questions) C: It is possible for two routers to become EIGRP neighbors even though the hello and hold timers "Pass Any Exam.www.com 13 Ac tua While troubleshooting a routing problem on the company EIGRP network you discover that one of the routers is failing to establish adjacencies with its neighbor. The hold times do not match.cisco. B.Cisco 642-832: Practice Exam D.

0. then the neighbor router at 5.0/8 was learned from an OSPF neighbor within the area.www. A default route is configured on the local router. and DR is selected as expected. OSPF router 5. D. B. m .0. Network 6.2 is an ABR. The default route is learned from an OSPF neighbor.0/8 shows that it was leaned via IA.Section 2: Troubleshoot OSPF(9 Questions) QUESTION NO: 15 QUESTION NO: 16 Refer to the exhibit.actualtests. C.Cisco 642-832: Practice Exam do not match.com 14 Ac tua lTe Explanation: In this example.0.0.0.0. Any Time. Since this came from a neighbor in a different area. the network 6." . which statement is true? Answer: B QUESTION NO: 17 DR (Designated Router) is for environments where many routers on the same network such as Ethernet.0. What is the CK-RTC status? "Pass Any Exam. On the basis of the information presented.co A. In the following presented network. The various route types used by OSPF are: sts . all routers are reloaded simultaneously.2 must be an ABR.0. or Inter-area.

FULL/DR G. all routers are running Open Shortest Path First (OSPF) over the Ethernet network: tua Answer: E lTe A. 2WAY/BDR B.actualtests. None of the other alternatives apply sts .co m 15 . FULL/BDR C.com Ac Explanation: How OSPF Forms Its Neighbors : In this example topology." . 2WAY/DR E.www. FULL/DROTHER F. Any Time. 2WAY/DROTHER D.Cisco 642-832: Practice Exam "Pass Any Exam.

Synchronization of link state databases is maintained via flooding of LSAs.1.168. In this case. External routes are imported into a separate link state database.170.3.168. the "show ip ospf neighbor"is performed on R4.168. then it would show 2way/drother with R2.com/en/US/customer/tech/tk365/technologies_tech_note09186a0080094059.170.1.170.2 1 FULL/DROTHER 00:00:31 192.1.4 Ethernet0 1 2WAY/DROTHER 00:00:34 170.actualtests. By default.1. R4 is the DR (due to higher router ID)so it will have FULL adjacency with all routers including R2. This is normal behavior for OSPF.8 Ethernet0 1 FULL/BDR 00:00:39 170.4 FastEthernet0/0 Reference: www.168. E.168. C.8 170. Which three of the statements below are true regarding the OSPF link state database? (Select three) A.shtml QUESTION NO: 18 While troubleshooting some connectivity issues.168.170.4 1 FULL/DR 00:00:35 192.168.1.co m .3.168.170.170.1.170.3 170.3.2 Ethernet0 Notice that R7 establishes full adjacency only with the Designated Router (DR) and the Backup Designated Router (BDR).www.3 FastEthernet0/0 Router1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.1.com 16 Ac tua lTe sts . you issue the "show ip ospf database" in order to examine the link state database.168.3.2 1 2WAY/DROTHER 00:00:35 192.1.3.168.2 FastEthernet0/0 192. Any Time.1.3 Ethernet0 1 FULL/DR 00:00:32 170.3. "Pass Any Exam.3.168. All other routers have a two-way adjacency established.Cisco 642-832: Practice Exam This is sample output of the show ip ospf neighbor command on R7 and R8: R7# show ip ospf neighbor Neighbor ID 170.170.1.1 1 FULL/DROTHER 00:00:31 192.1 FastEthernet0/0 192.4 170. Router4# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.cisco. Information in the link state database is used to build a routing table by calculating a shortestpath tree. If the "show ip ospf neighbor" had been performed on R1. D.2 Pri State Dead Time Address Interface 1 2WAY/DROTHER 00:00:34 170.168.2 FastEthernet0/0 192.3. link state databases are refreshed every 10 minutes in the absence of topology changes. B. Each router has an identical link state database.3 FastEthernet0/0 192.3 1 FULL/BDR 00:00:31 192." .1.3 1 FULL/BDR 00:00:35 192.1.

show ip protocol D. Incorrect Answers: A: To display general information about Open Shortest Path First (OSPF) routing processes. OSPF also uses the SPF algorithm to build the database tables. Information in the Routing Information Sources field of the show ip protocols output can help you identify a router suspected of delivering bad routing information." . includes subnets in redistribution rip with metric mapped to 2 igrp 2 with metric mapped to 100 igrp 32 with metric mapped to 1Number of areas in this router is 3Area 192. "Pass Any Exam.Example:R1# show ip ospfRouting Process "ospf 201" with ID 192.D Explanation: The Link state database is a collection of link state advertisement for all routers and networks.42.110. show ip route C.Reference: Building Scalable Cisco Networks (Cisco Press) page 178.com Ac tua lTe sts .42. but not the networks being routed.actualtests. D: The OSPF database does not display the networks being routed.110. Incorrect Answers: B: Only one link state database is maintained. show ip ospf B. show ip ospf database E. ensuring that the databases are synchronized.C. LSA flooding occurs whenever there is a change in the OSPF topology.co m 17 .Cisco 642-832: Practice Exam Answer: A. QUESTION NO: 19 Which command should you use to verify what networks are being routed by a given OSPF process? A. None of the other alternatives apply Answer: C Explanation: The information displayed by the show ip protocols command is useful in debugging routing operations. igrp 200 with metric mapped to 2. this command will display the routed networks. but not the networks that are being routed. use the show ip ospf command in EXEC mode.0 Number of interfaces in this area is 1 Area has simple password authentication SPF algorithm executed 6 times B: This will display the active routing table.200Supports only single TOS(TOS0) routeIt is an area border and autonomous system boundary routerRedistributing External Routes from. E: The default refresh time is 30 minutes. and it is used for all OSPF routes.www. This command will display the areas assigned and other useful information. Any Time. For OSPF routers. Each router in the OSPF network maintains an identical database.

0. B) has a path to its ASBR.com 18 Ac tua lTe sts .89.53 144.53 22 ASBR INTER 0.96. It does not include ABR. C: The show ip ospf neighbor command displays OSPF-neighbor information on a per-interface basis.3 3 160.89. exchange.103.89.96.144.0. B: The show running-config command displays the currently used configuration mode. Example: Router R# show ip ospf border-routers OSPF Process 109 internal Routing Table Destination Next Hop Cost Type Rte Type Area SPF No 160. Which two IOS commands let you view the state of the link? (Select two) "Pass Any Exam.co m .3 3 160.52 144. The required information will not be displayed.3 3 Incorrect Answers: A: The show ip protocols command only displays routing protocol parameters and current timer values. show running-config C.144.0. ASBR or SPF information.103.89. Which IOS privileged mode command would you enter to confirm that your network: A) has a path to its ABR. QUESTION NO: 21 An OSPF link can be in multiple states at any given moment (ie.89.89. Any Time.0.0.51 10 ABR INTRA 0.53 10 ABR INTRA 0.97. The SPF No in the output is the internal number of SPF calculation that installs this route." . show ip protocols B.52 160. full).51 160. and C) the SPF calculation is functional? A.51 20 ASBR INTER 0.1.103. show ip ospf neighbor D.www.3 3 160.Cisco 642-832: Practice Exam QUESTION NO: 20 You have a multi-area OSPF network and you're concerned because one of the sites is having connectivity problem to resources in a different area.0.1.actualtests.0.0. show ip ospf border-routers Answer: D Explanation: The show ip ospf border-routers command displays the internal OSPF routing table entries to an area border router (ABR) and autonomous system boundary router (ASBR). Exstart.

the metric. show ip protocols C. We need retrieve OSPF link state information. the routers transition to the exstart state. None of the other alternatives apply Answer: A Explanation: The "show ip protocol" command displays values about routing timers and network information associated with the entire router . show ip ospf interface Answer: C. It includes link state information.www. Incorrect Answers: A: The show ip ospf command is used to display general information about OSPF routing processes.com Ac tua QUESTION NO: 22 lTe sts . the AS number associated with the routing process.co m 19 . C: The output of the show ip ospf neighbor command is used To display OSPF-neighbor information on a per-interface basis. default metric. show ip ospf interface D.B: The command "show ip protocols" displays the parameters and current state of the active routing protocol process. However. It does not show any link state information. Note: exstart state: After two OSPF neighboring routers establish bi-directional communication and complete DR/BDR election (on multi-access networks). show ip ospf E. show ip ospf neighbor D. Which command would display OSPF parameters such as filters. show ip interface F. D: The show ip ospf interface command is used to display OSPF-related interface information for a particular interface. show ip protocol B. show ip ospf B. This includes.actualtests. and number of areas configured on a router? A. and the maximum paths. "Pass Any Exam. it does not include any link state information." . show ip route C. maximum paths. number of areas configured on the router. This includes the link state of the specified interface. Any Time.D Explanation: The link state exstart is an OSPF link state (see note below).Cisco 642-832: Practice Exam A.

10. You trainee shows you the IOS command output displayed in the exhibit. What command did Tess use to produce this output? .com 20 Ac A. show ip RIP B. show ipv6 ospf C. Hold time between two SPFs 10 secs "Pass Any Exam.1 SPF schedule delay 5 secs. and since OSPFv3 is used exclusively for IPv6 networks we know that the correct answer must be "show ipv6 ospf." To display general information about Open Shortest Path First (OSPF) routing processes. show ipv6 ospf interface F.actualtests.www. show ip ospf D. use the show ipv6 ospf command in user EXEC or privileged EXEC mode." . Any Time.co m . Example: The following is sample output from the show ipv6 ospf command: Router# show ipv6 ospf Routing Process "ospfv3 1" with ID 10. show ipv4 ospf G.10. None of the other alternatives apply tua lTe sts You work as a network technician.Cisco 642-832: Practice Exam QUESTION NO: 23 Exhibit: Answer: B Explanation: In this case we can see that OSPFv3 is being used. show ip ospf interface E.

show ospf B.co Reference: http://www. flushed after 0 Outgoing update filter list for all interfaces is not set "Pass Any Exam. Checksum Sum 0x000000 Number of areas in this router is 1." . Sample output: Rt Router # show ip protocols Routing Protocol is "ospf 200" Sending updates every 0 seconds Invalid after 0 seconds.www. SPI 1000 SPF algorithm executed 2 times Number of LSA 5.actualtests. None of the other alternatives apply tua lTe Which IOS command would you use to find out which networks are routed by a particular OSPF process? sts . show ip ospf database E. The output includes a list of the networks routing for individual ospf processes.com 21 Ac A. 1 normal 0 stub 0 nssa Area BACKBONE(0) Number of interfaces in this area is 1 MD5 Authentication. Any Time.com/en/US/docs/ios/12_3t/ipv6/ipv6_15g. show ip route C.html#wp2139460 m . Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. hold down 0. show ip protocols D. It displays the parameters and current state of the active routing protocol process. Checksum Sum 0x02A005 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 QUESTION NO: 24 Answer: C Explanation: The show ip protocols command display current routing protocols.Cisco 642-832: Practice Exam Minimum LSA interval 5 secs.cisco.

co m 22 . the output does not include the networks routing for individual ospf processes. 2d00h.0 neighbor 172.10. D.16.10. C.1 neighbor is down.10. E.1.0/24 is not a 'connected' route. The prefix 10.0/24 [110/11] via 192. However. Ethernet0/0 Why is this prefix not in the local BGP table of the R1? A.1.1 remote-as 65002 no auto-summary Routing table information: show ip route | include 10 O 10.0. B: The show ip route command displays the IP routing table.1.10. This route is not a BGP learned route." .6.0/24 prefix was not injected into the local BGP table on a Company router named R1.1. B. None of the other alternatives apply "Pass Any Exam. The following information is available from this router: . The 172.com Ac tua lTe sts A problem was reported that the 10.www. D: The show ip ospf database command displays the contents of the topological database maintained by the router.actualtests.5/32 Routing Information Sources: Gateway Distance Last Update Distance: (default is 110) Incorrect Answers: A: The show ospf command displays summary information regarding the global OSPF configuration.16. The network command is wrong. The command also shows the router ID and the OSPF process ID.Section 3: Troubleshoot eBGP(21 Questions) QUESTION NO: 25 R1 Configuration: router bgp 65001 network 10.Cisco 642-832: Practice Exam Incoming update filter list for all interfaces is not set Redistributing: ospf 200 Routing for Networks: 172. Any Time.168.10.10.31.0.

even if it is learned via an IGP.255.actualtests. These networks must also exist in the routing table of the local router or they will not be sent out in updates. C: There is no such command. the route will not get injected into the BGP routing table.Cisco 642-832: Practice Exam Answer: D Explanation: The network command is used with IGPs. to determine the interfaces on which to send and receive updates. show ip bgp summary E. show ip bgp paths C. This is a major difference between BGP and IGPs. Incorrect Answers: A: The show ip bgp command displays routes in the BGP routing table.cisco. the network command does not affect what interfaces BGP runs on. or routes learned by way of a dynamic routing protocol. show ip bgp peers D. However. In this example. show ip bgp protocols Answer: D Explanation: The show ip bgp summary command displays the status of all BGP connections. The mask keyword can be used with the network command to specify individual subnets.0 mask 255. such as RIP.10.255. Without the correct subnet mask specified. The network statement follows this syntax: Router(config-router)# network network-number [ mask network-mask ] In BGP. both interior and external.co m . when configuring BGP. it does not list the neighbors. configuring just a network statement will not establish a BGP neighbor relationship.com 23 Ac tua Which IOS command would you enter if you wanted to view a list of IBGP and EBGP neighbor relationships that are configured? lTe sts . B: The show ip bgp paths command is used to display all the BGP paths in the database.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1 "Pass Any Exam. show ip bgp B. Neighbors with corresponding AS values will be listed. such as RIP. However. The command also indicates which directly connected networks to advertise.0" under the BGP routing process. Any Time. the correct syntax should be "network 10. the route is known via OSPF. the network command tells the BGP process what locally learned networks to advertise. QUESTION NO: 26 A. not the neighbors. The networks can be connected routes. In this case. static routes. Therefore.Reference:http://www. Routes learned by the BGP process are propagated by default but are often filtered by a routing policy.10.www." .

BGP is still listening for a connection "Pass Any Exam. The BGP session to the 10.3. sts .Cisco 642-832: Practice Exam _r/1rprt1/1rbgp. the state transitions to the Active state. If the connect retry timer expires.1 neighbor. the timer is reset. Any Time. It is normally initiated by an administrator or a network event.cisco.2. and a TCP connection is initiated.www. B.3.D lTe A.1. it transitions to OpenSent. initiated by the system or the administrator. The router is trying to create a BGP peering session with the 10.2.htm E: There is no such command. The BGP session to the 10. the state remains in the Connect state. If the TCP connection is successful.htm QUESTION NO: 27 Which two of the following descriptions are correct according to the displayed output of the command show ip bgp summary? (Choose two. and the router tries to connect again. The router is attempting to establish a BGP peering session with the 10. BGP initializes its resources and resets a connect retry timer. At the start event. C. If the connect retry timer expires. While active.3. If the TCP connection fails.In the Active state. the state transitions to OpenSent. * Connect . BGP is waiting for a start event.3.1.1.Reference:http://www. BGP is waiting for the TCP connection to be completed. In case of any other event. Then it starts listening for a TCP notice that BGP can transition back to Idle from any other state in case of errors. the state returns to Idle. BGP restarts the connect timer and returns to the Connect state.3 neighbor." .com Ac tua Answer: A.Idle is the first state of a BGP connection.1 neighbor is established.1.co m 24 . * Active .In the Connect state.) Explanation: Show ip bgp summary command displays the summary of all BGP connections.3 neighbor is created. If it is successful. but the router received no BGP routing updates from the 10. D. The six states of the BGP FSM are described as follows: * Idle .actualtests.2 neighbor.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1 _r/1rprt1/1rbgp. BGP is trying to acquire a peer by initiating a TCP connection.

* Established . and the neighbor negotiation is complete. A same AS is an IBGP peer and a different AS is an EBGP peer. which statement is true? "Pass Any Exam. the system sends an error notification message and goes back to idle. If the system receives an update or keepalive message. The open message is checked for correctness. If it is non-zero. If a keepalive message is received. or the incapability of a neighbor to reach the IP address of its peer. In the case of any TCP disconnect or in response to any stop event. BGP sends a notification message with the corresponding error code. If the negotiated hold time is zero (0). such as an expiration of the hold timer. If there are no errors.actualtests. For any other errors.com 25 Ac tua lTe sts . initiated by the system or the administrator. * OpenSent . When a TCP disconnect is detected." .In the OpenSent state. In case of errors. the state falls back to Idle. In general.Cisco 642-832: Practice Exam that may be initiated from another peer. the state falls back to Active. the hold timer and the keepalive timer are not restarted. a neighbor state that is switching between "Connect" and "Active" is an indication that something is wrong and that there are problems with the TCP connection. If a notification message is received. * OpenConfirm . the hold time is negotiated and the smaller value is taken. assuming that the negotiated hold time is not zero.Established is the final state in the neighbor negotiation. BGP is waiting for an open message from its peer. BGP is waiting for a keepalive or notification message. the system sends a notification message with an FSM error code and returns to the Idle state. BGP does this by comparing its AS number to the AS number of its peer. the state returns to Idle. BGP recognizes whether the peer belongs to the same AS or to a different AS. BGP starts sending keepalive messages and resets the keepalive timer.www. The system sends periodic keepalive messages at the rate set by the keepalive timer. In response to any other event. BGP starts exchanging update packets with its peers. The state may go back to Idle in case of other events. It could be because of many TCP retransmissions.co m .While in OpenConfirm state. Then it returns to the Idle state. At this stage. the state goes to the Established state. QUESTION NO: 28 The "show ip bgp" command was issued on a Router as shown below: Based on the Router2 output. the hold timer is restarted at the receipt of an update or keepalive message. At the OpenSent state. such as an incompatible version number or an unacceptable AS. it restarts the hold time. Any Time. such as a stop event initiated by the system or the operator.

0 143.11. None of the other alternatives apply. BGP will automatically load balance between the two.16. the path with the highest weight will be preferred.5 0 100 0 200 1 * 143.200.internal Origin codes: i .250. > best. The best path to reach the 192.10.168. 203.0 prefixes were learned via EBGP from the 10. h history.200.200. 192.41 0 100 0 500 1 From the information above. 128.200.63. Within a router.12 EBGP neighbors.11.0 is via next hop 10. the best path to 192.63.10.0. you issue the "show ip bgp" command as shown below: routerR>show ip bgp BGP table version is 1046033.2 0 400 0 200 1 * 143.200. which path will the network 143.41 E.12 due to the fact that the weight is higher (101) than the path via the alternative next hop.168. The 192. i .0. In this case.5 0 300 0 300 1 * 143.13.13.16.200.0.2 B.11.200.co m .16. d damped. D.actualtests.Cisco 642-832: Practice Exam A.11.200.208.200.0.168.12. The best path to reach the 192.IGP.5 D.200.0 prefer to take to exit the AS? A.0 203.200.11 and 10. ? -incomplete Network Next Hop Metric LocPrf Weight Path * > 143. B.168. All of the above will be used in a round robin fashion.11. QUESTION NO: 29 While verifying BGP operation on the Company router.com 26 Ac tua lTe sts . Answer: D Explanation: The best path to any given destination is noted by the ">" in the IP BGP table. * valid.0 prefix is via 10. Answer: A "Pass Any Exam.208.168.100 Status codes: s suppressed. C.16. Any Time." .12. Weight is a Cisco proprietary method for path determination and the weight value is used above all other values.200.63.0 prefix is via 10.11.168.250.0 128.214.11 and 10.0 prefix is via both 10.32. The best path to reach the 192.www.213. E.0 192.162.16.16.200.200. e EGP. local router ID is 198.5 C.63.214.12.0.0 and 192. 128.

1 has a BGP password set but RTR does not.F "Pass Any Exam.0. F.0.0. Answer: A.0. QUESTION NO: 30 Refer to the exhibit.2. Any Time. Network Next Hop Metric LocPrf Weight Path * > 128. as noted by the">" which refers to the best path for this destination.Cisco 642-832: Practice Exam Explanation: Local preference (LocPref) is a well-known discretionary attribute that provides an indication to routers in the AS about which path is preferred to exit the AS.2 0 400 0 200 1 The preferred exit path of the AS is therefore 128.0." .63.0.5 has a BGP password set but RTR does not. A path with a higher local preference is more preferred. On the basis of the information that is presented in the exhibit. Neighbor 10.actualtests.0.1 does not. B. which two statements are true? (Choose two. RTR has a BGP password set but neighbor 10. In this scenario the following entry has the highest local preference value of 400. Neighbor 10.co m . D.0.www.0 128.1 has an incorrect password set. E.63. C.0.com 27 Ac tua lTe sts . RTR has a BGP password set but neighbor 10.0. Router RTR is attempting to establish BGP neighbor relationships with routers RT1 and RT3.0.5 has an incorrect password set.0.0. RTR has a BGP password set but neighbor 10.214.) A. RTR has a BGP password set but neighbor 10.5 does not.213.214.

The administrator changes the access list to allow this route.Cisco 642-832: Practice Exam Explanation: The above log message means that there is an invalid MD5 password on one neighbor." Only one configuration step is required to use BGP password authentication.actualtests.125. The administrator determines that an access list is the cause of the problem." . Use the service-policy command to adjust the QOS policy to allow the route to propagate. all BGP routes are lost while the neighbor relationships are reset. but caution should be exercised when issuing this command on a production router. In order to force BGP to clear its table and reset BGP sessions. On an Internet backbone router.168. where the other neighbor is configured for authentication while the other is not. use the clear ip bgp * command : Router# clear ip bgp * The asterisk (*) is a wildcard that matches all table entries. C.27.co m 28 . the error message would indicated "Bad MD5 digest" not "No MD5 digest. The route is not now in any of the routing tables. but the route still does not appear in any of the routing tables.0 QUESTION NO: 32 Refer to the exhibit.0/24 that should be propagated to all of the devices. What should be done to propagate this route? A. B. neighbor {ip-address | peer-group} password [0-7] password-string QUESTION NO: 31 A company has a BGP network and a BGP route of 196. that step is enabling password authentication on a peer-by-peer basis using the neighbor ip-address password password command. as shown in the following: Router# clear ip bgp 192. Change both the inbound and outbound policy related to this route. Any Time. Routers RTA and RTB are running BGP but the session is active.com Ac tua lTe sts .0.www. This is expedient and very useful in a lab situation. it may be more appropriate to use this command with a specific IP address. Answer: A Explanation: When configuring BGP. What command needs to be added to establish the BGP session? "Pass Any Exam. D. changes made to an existing configuration may not appear immediately. If both sides were configured and there was a password mismatch. Use the release BGP routing command. Clear the BGP session. Therefore.

When BGP is running between routers in the same AS.co m 29 .10.1 255.255.0 via BGP.10.255.255 s0/0 ip route 10.com Ac tua lTe A. QUESTION NO: 33 Refer to the exhibit.255.10.Cisco 642-832: Practice Exam Answer: A Explanation: When BGP is running between routers in different autonomous systems.10.1 next-hop-self sts .10.176. A static route can be used to form an adjacency between EBGP neighbors. Which one of these statements is true? "Pass Any Exam." . neighbor 10. ip route 10.actualtests. BGP allows the path that packets take to be manipulated by the AS.10. Router RT3 discovers network 202.0 C. It is important to understand how BGP works to avoid creating problems for your AS as a result of running BGP.1 255. network 10.56.10.255. Any Time.255 s0/1 B. no synchronization D. it is called External BGP (EBGP).www.10. it is called Internal BGP (IBGP). as described in this module.

actualtests.1. RT1 advertised network 202.0/24 with a metric of 1000. E. RT1 advertised network 202. F. D.176. B. RT3 has a BGP metric of 782 to reach 192.com Ac tua lTe A.168.1. C.0.1.50.56. which two statements are true? (Choose two.168.) "Pass Any Exam.0/24 with a metric of 782.168. RT3 has an IGP metric of 782 to reach 192. On the basis of the information in the exhibit.1.1.www. Any Time.0/24." . sts .50.176. RT3 has an IGP metric of 1782 to reach 202. RT3 is directly connected to RT1 using subnet 192.176.Cisco 642-832: Practice Exam Answer: C Explanation: QUESTION NO: 34 Refer to the exhibit.co m 30 .

E.168." . the command "show ip bgp" is required to display the contents of the actual BGP routing table. we know the serial 0/0/1 interface has been configured with a metric of 75. Any Time.168.1 (ISP).co m 31 . C. The serial 0/0/1 interface on the ISP router has been configured with the set metric 50 command.www. F. "Pass Any Exam. The output was generated by entering the show ip bgp command on the ISP router. B. the traffic will be forwarded to SanJose2 because of the higher MED value of SanJose2.com Ac A. the traffic will be forwarded to SanJose1 because of the lower MED value of SanJose1. as this is the metric to the peer with IP address 192.1.actualtests.Cisco 642-832: Practice Exam Answer: D. D. This output was seen on ISP because the local router ID is 192. When traffic is sent from the ISP to autonomous system 64512.2 (the other side of the serial 0/0/1 interface).100. Since we know that this output must have been seen by ISP. The output was generated by entering the show ip bgp command on the SanJose1 router. The serial 0/0/1 interface on the ISP router has been configured with the set metric 75 command. tua lTe sts .F Explanation: The "show ip route bgp" command will display any BGP-learned routes that make it into the IP routing table. When traffic is sent from the ISP to autonomous system 64512.

com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb. the best solution would be to disable synchronization. Synchronization in autonomous system 100 is turned is on. In this scenario. Since this AS does not appear to be a transit AS. B.cisco. The BGP routers in autonomous system 100 are not logically fully-meshed. EBGP routes received on router R2 show up in the BGP table on routers R1 and R3 but not in their IP routing tables. C. This prevents BGP from validating iBGP routes in IGP.C Explanation: If your AS passes traffic from another AS to a third AS. the routers must learn of the same route via an IGP.Cisco 642-832: Practice Exam QUESTION NO: 35 Refer to the exhibit. E. What would cause this? Answer: B. Routers R1 and R3 do not receive the same routes via an IGP. EBGP multihop is not configured on routers R1 and R3. Synchronization in autonomous system 100 is turned is off.actualtests. A BGP router with synchronization enabled does not install iBGP learned routes into its routing table if it is not able to validate those routes in its IGP. Any Time. . All routers are configured for BGP.com Ac tua lTe sts A. BGP should not advertise a route before all routers in your AS learn about the route via IGP. BGP waits until IGP propagates the route within the AS and then advertises it to external peers. or synchronization should be turned off. Issue the no synchronization command under router bgp in order to disable synchronization. D.co m 32 .www. http://www. Reference: BGP Case Studies." .shtml#synch QUESTION NO: 36 The network consists of two separate autonomous systems as shown below: "Pass Any Exam.

actualtests. None of the other alternatives apply are true. E. Incorrect Answers: A: We must specify router R1 as neighbor.12. neighbor 165. D. Answer: D "Pass Any Exam.12.50.50.50. The IBGP routers do not need to be directly connected.2) as its client.co m 33 . Furthermore. B. Which one of the following IBGP characteristics is true? A.50.2 route-reflector-client Configures the router R2 as a BGP route reflector and configures the specified neighbor R1 (165.1 route-reflector-client D.www.com Ac tua Explanation: B: RouterR2(config-router)# neighbor 165. The IBGP routers must always be fully meshed.12. which two of the commands below would you enter on R2 to satisfy your goals? (Select two) A. lTe sts .12.2 remote-as 64000 We configure router R1 (165. neighbor 165.2) as a neighbor in AS 64000.Cisco 642-832: Practice Exam You need to configure Router R2 as a BGP route reflector and Router R1 as the client." .12.12. C.50.12. Assuming that Router R3 isn't running BGP. not R2 itself (165.50. D: RouterR2(config-router)# neighbor 165. Any Time.2 remote-as 64000 C.1). The IBGP routers can be in a different AS.12.2 route reflector-client Answer: B. neighbor 165.12.50. not R2 itself (165.12.1). we should use the local AS (64000). not the remote AS 65100.50.1 remote-as 65100 B.50.50. neighbor 165. The IBGP routers must be directly connected. C: We must specify router R1 as route reflector client.D QUESTION NO: 37 The network consists of a series of routers that are all configured for IBGP.

QUESTION NO: 38 Based on the above configuration.1 255. if the network is also running an interior routing protocol such as EIGRP or OSPF.0. so answer choice B matches the address and the mask.0.168. Peers that are in different autonomous systems are using EBGP.0 B.Cisco 642-832: Practice Exam Explanation: The IBGP routers do not have to be directly connected.1 remote-as 65002 sts .10.0 E. network 10.255. To specify the route as classless." .255.255. "Pass Any Exam.255. Any Time.www. network 10.255.10.255 D.255.0.0.0.10. the remote IBGP router could be many hops away.0 ! int serial 0 ip address 172.252 ! router bgp 65001 neighbor 192.1. For example.0 mask 255. the mask keyword should be included or the network will be summarized at the network boundary.1.0.255. not IBGP.255. Incorrect Answers: A: Using route reflectors or confederations a full mesh topology is not necessary.1 mask 255.0. B: The IBGP routers must be placed in the same AS.com Ac tua lTe interface ethernet 0 ip address 10. network 10.10.actualtests. network 10.0/16 prefix into the BGP routing table? A.0 mask 255.10.0 mask 255.0 Answer: B Explanation: The /16 mask is equal to 255.co m A BGP router is configured as shown below: 34 .255. C: The IBGP routers do not have to be directly connected.10.10.0.1 255.255.0.0. which of the following BGP statements would inject the 10.10.0. The remote IBGP peers need only be reachable via a TCP connection. as long as it is reachable via the IGP that is being used.0 C.16. network 10.

A peer group member running EBGP Answer: A QUESTION NO: 40 What is the correct command to summarize these prefixes into a single summary prefix of 192. A peer router running EBGP C.168. network 192.0 E. aggregate-address 192.0 neighbor 192.actualtests.1.Cisco 642-832: Practice Exam QUESTION NO: 39 Router R-1 is configured for BGP routing as shown below: router bgp 65300 network 27.168.252." .12.3.252.255.252.252.255.12.23.0 as-set "Pass Any Exam.0.com 35 Ac tua The BGP routing table consists of the following network routes: lTe sts Explanation: Both the local and remote router is configured with the same autonomous system number so they are peer routers running IBGP.1 remote-as 65300 From the perspective of router R-1. Any Time. network 192.168. what kind of router is the router with IP address 192.0 mask 0.0 D. network 192.0 summary-only F.12.0. aggregate-address 192. A peer group member running IBGP E.www.255 C.1? A. A community member running IBGP D.0 B.12.168.255.0 255.12.168.12.0 255.1.0/22 while also allowing for the advertisement of the more specific prefixes? A. . aggregate-address 192.0 255.168.0 mask 255.255.0.co m . A peer router running IBGP B.168.12.23.

Configure weight B.a Class B network.0 B. as specified in choice E. as well as a missing subnet mask. Router (config-router)#network 154. use the "summary-only" keyword. C: The network-advertise is an invalid command. Syntax: network network-number [ mask network-mask ] [ route-map map-name ] Mask and route-map are optional.255. Router (config-router)#network-advertise 154.0 255. To advertise only the aggregated route. Router (config-router)#network 164.255. None of the other alternatives apply Answer: D Explanation: The network command is used to specify the networks to be advertised by the Border Gateway Protocol (BGP) and multiprotocol BGP routing processes. The classful subnet mask of 154. When used alone. Router (config-router)#network 154.1.0 mask 255.0 is 255. then an exact match must exist in the routing table." .1.2. Which of the following commands would you use if you wanted to advertise the subnet 154.0.1.2.1.2.com Ac tua lTe sts .255.1. use the "aggregate-address" command. QUESTION NO: 42 You are the administrator of a company with BGP connections to multiple ISP's. How could you configure BGP to make it favor one particular ISP for outbound traffic? A.0 D. along with the individual specific routing entries.Cisco 642-832: Practice Exam Answer: D Explanation: To summarize BGP prefixes into one aggregated route.co m 36 .0 . QUESTION NO: 41 Router R1 needs to be configured to advertise a specific network.2.actualtests.2.0 to the EBGP neighbors on your subnet? A. Incorrect Answers: A: If we do not specify the subnet mask then additional networks are allowed to be advertised. Any Time.2. B: This is using the incorrect IP address.0 E. this will advertise the aggregate route. Enable route reflector "Pass Any Exam.0 C. If the mask keyword is configured.www.255.1.255.

all IBGP peers must be configured to be fully meshed. When terminating multiple ISP connections into the same router. and then the route reflectors connect with each other. Peer groups E. With route reflectors. With confederations.actualtests. Incorrect Answers: B: A route reflector cannot be used to influence outbound traffic. Route maps C. Enable the Longer Autonomous System path option. The full mesh topology that is currently in place is inefficiently using up bandwidth from all of the BGP traffic.com 37 Ac tua An ISP is running a large IBPG network with 25 routers. Any Time. weight can be used to affect which path is chosen for outbound traffic." . Weight is a Cisco BGP parameter that is local to the router. A route reflector modifies the BGP split horizon rule by allowing the router configured as the route reflector to propagate routes learned by IBGP to other IBGP peers. more manageable sub autonomous systems. the route with the highest weight will be preferred. If they are not. Answer: A Explanation: If the router learns about more than one route to the same destination. There are two ways to overcome the scalability issues of a full IBGP mesh: route reflectors and confederations. D: This choice describes ASD path pre-pending.co m . Create a distribute list D. and also reduces the BGP routing traffic. Another solution to the scalability problem of IBGP is the use of confederations. which would be used to influence the path that incoming traffic takes. Aggregate addresses Answer: A Explanation: In general. "Pass Any Exam.Cisco 642-832: Practice Exam C. This can considerably reduce the number of IBGP sessions. All of the above. What can the administrator configure to reduce the number of BGP neighbor relationships within the AS? lTe QUESTION NO: 43 sts . C: Distribute lists restrict the routing information that the router learns or advertises. This saves on the number of BGP TCP sessions that must be maintained. By itself a distribute list cannot make routes from one ISP be preferred to routers from another ISP. E. A. then all of the IBGP routers will not have the updated information from the external BGP routers. internal BGP routers peer only with the route reflector. Route redistribution D. the AS is broken up into smaller. not outgoing. Route reflectors B.www.

The network was originated via redistribution of an interior gateway protocol into BGP.0.0 as the next hop for a network when using the "show ip bgp" command? (Choose two) A.cisco. Which option would ensure that only the summary route would appear in the routing table of RTA? "Pass Any Exam. B. or via a network or aggregate command in the BGP configuration. A network in the BGP table with a next hop address of 0.com Ac tua Reference: http://www. the show ip route command on RTA reveals the RTB individual networks as well as its summary route. .actualtests. D.shtml#tw o lTe sts A.0 mean in the show ip bgp command output? QUESTION NO: 45 Refer to the exhibit diagram and configuration.Cisco 642-832: Practice Exam QUESTION NO: 44 What are the two reasons for the appearance of 0.0.com/en/US/tech/tk365/technologies_q_and_a_item09186a00800949e8. The network was defined by a static route. RTB is summarizing its networks from AS 64100 with the aggregate-address command. The network was learned via IBGP.cisco." . The network was originated via a network or aggregate command. Answer: A. The network was learned via EBGP. C.com : 38 .www.0 means that the network is locally originated via redistribution of Interior Gateway Protocol (IGP) into BGP. Any Time. What does a next hop of 0.0.0.E Q.co m Explanation: From BGP FAQ on www. E.0.0. However.

sts Answer: D . lTe Explanation: The aggregate-address <address> <netmask> command advertises the summary address as well as theadvertisement of the more specific routes. Delete the four network statements and leave only the aggregate-address statement in the BGP configuration.actualtests.168.com Ac tua The purpose of aggregate-address <network> <netmask> summary-only command is to suppress the advertisement of more specific routes.10.252.255. Add a static route with a prefix of 192. However. Create a route map permitting only the summary address.729: %TCP-6-BADAUTH No MD5 digest from 10.3(11002) On the basis of the information that is provided.24. B. what is the cause of the problem? "Pass Any Exam. m 39 . this console message was generated on router R2: *Mar 1 03:09:07.0 pointing to the null0 interface." . C.co A. Any Time. BGP has been configured on the routers in the network.10.Cisco 642-832: Practice Exam QUESTION NO: 46 Refer to the exhibit. Add the keyword summary-only to the aggregate-address command. the IBGP peers in autonomous system 65200 have not converged.23. In addition.23.www.0 255.2(179) to 10. D.

Which two statements are correct? (Choose two. BGP authentication can be used on eBGP peers only.www. OSPF must be configured with the same MD5 authentication. Any Time.) A.Cisco 642-832: Practice Exam Answer: D QUESTION NO: 47 Refer to the exhibit. sts .com Ac tua lTe Explanation: The above log message is relating the invalid MD5 password on neighbor." . C. B. D. C. BGP authentication can be used on iBGP peers when the connection is configured between the loopback interfaces. B. All the routes were redistributed into BGP from an IGP. The password that is used for BGP authentication on both BGP peers in autonomous system 65200 must be the same. All six routes will be installed in the routing table. Both peers need to use the same password for MD5 authentication. m 40 .co A. All the routes were originated by BGP with the network command. "Pass Any Exam.actualtests.

the administrator notices that none of the OSPF routes are showing up in EIGRP.D Explanation: Because the AS paths shown all end with a ? we know that all of the routes had beed redistributed into BGP.www. Two routes will be installed in the routing table. No default metric configured for EIGRP sts During a redistribution of routes from OSPF into EIGRP. Missing ip classless command C. Four routes will be installed in the routing table. Section 4: Troubleshoot routing redistribution solution (5 Questions) QUESTION NO: 48 Answer: A. Remember while redistributing into RIP or EIGRP. CEF not enabled D.D Explanation: Possible reasons for OSPF routes not showing up include the use of distribute lists to control routing and no metric is configured either with the redistribute command or with default-metric.co m 41 . Any Time. Answer: A. will all be inserted into the routing table." . E.Cisco 642-832: Practice Exam D. The four best paths.) . as noted with the > sign. Here are the default seed metrics for various protocols: RIP : Infinity EIGRP : Infinity OSPF : 20 IS-IS: 0 QUESTION NO: 49 "Pass Any Exam. What are two possible causes? (Choose two. you should provide the metric.com Ac tua lTe A.actualtests. Incorrect distribute lists have been configured B.

The routes originating from the RIP routing domain.Cisco 642-832: Practice Exam Refer to the exhibit and the partial configuration on router R2. Only routes originating in the OSPF routing domain. B. which is often a complicated task. On router R4 all RIP routes are redistributed into the OSPF domain. E. Route maps are different from numbered access lists because they can be modified without changing the entire list." .www. A route map is defined using the syntax shown in the figure. There will be no EIGRP external routes in the routing table of R1. from there conditions can be configured for the route map.com 42 Ac A. which EIGRP external routes will be present in the routing table of R1? Select the best response. All routes originating from RIP and OSPF routing domains.co m . Answer: C Explanation: The route-map command is used to configure policy routing. This map-tag can be set to something easily recognizable name. of the route map. A second redistribution is configured on router R2 using a route map. Route maps operate similar to access lists.actualtests. tua lTe sts . D. None of the other alternatives apply. Syntax: RouterA(Config)#route-map map-tag [permit | deny ] <Sequence Number> RouterA(Config-map-router)# The map-tag is the name. Each route map statement is given a number. action is taken. The route-map command changes the mode on the router to the route-map configuration mode. If a "Pass Any Exam. Based on the configuration on router R2. or ID. C. by examining one line at a time and when a match is found. Any Time.

Network A and Network B C. Network B B.Cisco 642-832: Practice Exam sequence number is not specified.actualtests. In this exhibit an access-list is created to deny from 100.co m 43 . Network A D. and so on. The second condition will automatically be numbered as 20." . The routing protocols EIGRP and OSPF have been configured as indicated in the exhibit. While redistributing OSPF routes into EIGRP the RED rout-map is used.0 and 200. The optional sequence number can be used to indicate the position that a new route map is to have in the list of route maps already configured with the same name. neither Network A nor Network B "Pass Any Exam.0. Any Time. the first route map condition will automatically be numbered as ten (10). Given the partial configuration of router R2.com Ac tua lTe sts . and it denies advertising the RIP domain network into EIGRP. QUESTION NO: 50 Refer to the exhibit. which network will be present in the routing table of R4? A.0 (RIP Domain) and that is called by route-map ABC.www.10.10.10.

This command is available for all IP routing protocols and can be applied to either inbound or outbound routing updates. A network administrator has discovered that R2 is receiving OSPF routes for the networks 10.Cisco 642-832: Practice Exam Answer: A Explanation: In this exhibit the OSPF domain is redistributed into the EIGRP 100 domain so Network B will present into Router R4. This is a set of rules that precisely controls what routes a router will send or receive in a routing update. Apply an inbound ACL to the R2 serial interface. Any Time. R3 and R4 are performing two-way route redistribution between OSPF and RIP.www.com 44 Ac A.0. D. the syntax for configuring a route filter is as follows: Router(config-router)# distribute-list access-list-number in [ interface-name ] When applied to outbound updates.20.0/16. Set the OSPF default metric to 20. QUESTION NO: 51 Refer to the network shown below: Answer: C Explanation: Use the distribute-list command to pick and choose which routing updates a router will send or receive. the distribute-list creates a route filter. Configure distribute-lists on R3 and R4. Change the RIP administrative distance on R3 to 110.20.0.0.0/16 and 10." .21.0/16 and a routing loop has occurred. Change the OSPF administrative distance on R3 to 110. Which action will correct this problem? sts .co m . E.0. the Network A network will not be seen on router R4 (The bottom router which is improperly labeled Network B) because EIGRP 50 was not redistributed into EIGRP 100.actualtests. By referencing an access list. B.21. None of the other alternatives apply tua lTe R1 and R2 belong to the RIP routing domain that includes the networks 10. F. the syntax can be more complicated as shown in the following: "Pass Any Exam.0/16 and 10. However. C. When applied to inbound updates.

none of the routes learned from OSPF will be advertised into RIP. C.com 45 Ac tua lTe sts ." . so there is no need to define the metric using the default-metric command during the redistribution. Because OSPF has a longer mask for the same major network than RIP and because RIP version 1 is being used. R2 is configured with a twoway redistribution between RIP and OSPF domains.co m .actualtests.www. D. All routers can ping each other.0. The metric for the OSPF routes that are redistributed into RIP is too low.Cisco 642-832: Practice Exam Router(config-router)# distribute-list access-list-number out [ interface-name | routing-process | as-number ] The routing-process and as-number options are invoked when exchanging routes between different routing protocols. QUESTION NO: 52 RIP and OSPF are configured on the routers as shown in the exhibit. Example: Router A(config)# router ospf 109 Router A(config-router)# redistribute rip subnets Router "Pass Any Exam. the keyword subnets is not required to redistribute protocols into OSPF. OSPF and RIP use the same major network 172. Without the subnets keyword. Therefore. Answer: B Explanation: The subnets keyword tells OSPF to redistribute all subnet routes.16. What could the problem be? A. Any Time. The process of redistribution of RIP into OSPF does not require any metric conversion. but R1 cannot see any of the OSPF routes in its routing table. a fact that prevents OSPF routes from being advertised into RIP.0. only networks that are not subnetted are redistributed by OSPF. B.

Note: A DHCP server can be considered to be a BOOTP server. None of the other alternatives apply Answer: A Explanation: The ip helper-address command is used to have the Cisco IOS software forward User Datagram Protocol (UDP) broadcasts. 53 (DNS) "Pass Any Exam.62. the ip helper-address command allows you to control which broadcast packets and which protocols are forwarded. which three UDP ports get enabled automatically by default? (Select three) A.0 0.0. IP Helper is used to accommodate compatibility routers using different IP routing protocols. IP Helper is used to direct BOOTP clients to a BOOTP server.com Ac tua lTe sts . IP Helper is used to prevent the router form forwarding IP broadcasts. To enable BOOTP broadcast forwarding for a set of clients. However.63. the main purpose of the IP helper feature is not to prevent the router from forwarding IP broadcasts. C: IP helper does not use IPX. even though a DHCP server is more advanced. received on an interface.0.255 area 0 Section 5: Troubleshoot a DHCP client and server solution (13 Questions) QUESTION NO: 53 What is the purpose of configuring router R1 with the "IP Helper address" command? A.0 0.Cisco 642-832: Practice Exam A(config-router)# network 130.10.co m 46 .255 area 0 Router A(config-router)# network 130. configure a helper address on the router interface closest to the client. The helper address should specify the address of the DHCP server. Any Time.www. Incorrect Answers: B: Combined with the ip forward-protocol global configuration command. B.actualtests. DHCP protocol information is carried inside of BOOTP packets.10." . QUESTION NO: 54 When you execute the "ip helper-address" command on a router. E.0. including BOOTP.0. IP Helper is used to allow IPX clients to communicate with IP-based servers. C. D. D: This is false.

The IP helper-address can be configured to forward any UDP broadcast based on UDP port number. By default. The two debug commands will generate output on RTA when Host A requests an IP address. 69 (TFTP) C.Cisco 642-832: Practice Exam B.cisco. 49 (TACACS) Answer: A. Router RTA has been configured as a DHCP server." . 515 (LPR) D. the IP helper-address will forward the following UDP broadcasts: DNS (port 53).actualtests.com Ac tua lTe Refer to the exhibit.html "Pass Any Exam. time service (port 37) Trivial File Transfer Protocol (TFTP) (port 69) Terminal Access Control Access Control System (TACACS) service (port 49) NetBIOS name server (port 137) NetBIOS datagram server (port 138) Boot Protocol (DHCP/BootP) client and server datagrams (ports 67 and 68) IEN-116 name service (port 42) Reference: Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks http://www. Which set of DHCPD debug messages is in the correct sequence? sts QUESTION NO: 55 . 161 (SNMP) E.E Explanation: To forward the BootP/DHCP request from the client to the DHCP server. Any Time.B. the ip helper-address interface command is used.com/warp/public/473/100.www.co m 47 .

0.www.1.3).1134.1. DHCPD:checking for expired leases.Cisco 642-832: Practice Exam A.a029 to relay 10.a029 to relay 10.actualtests.1.a029. DHCPD:unicasting BOOTREPLY for client 0b07.co m .253.0." . DHCPD: DHCPDISCOVER received from client DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPOFFER to client DHCPD: Sending DHCPACK to client C.0. DHCPD: Sending DHCPACK to client DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPREQUEST received from client F. DHCPD:assigned IP address 10.1134.a029 (10.1134. Any Time.3). DHCPD: Sending DHCPOFFER to client DHCPD: DHCPDISCOVER received from client DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPACK to client B. DHCPD:Sending DHCPOFFER to client 0b07. Note that for this question.a029 through relay 10. "Pass Any Exam. DHCPD:Sending DHCPACK to client 0b07. DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPACK to client E.a029 (10.0.a029.253.1134.1134. DHCPD:DHCPREQUEST received from client 0b07.253. DHCPD:unicasting BOOTREPLY for client 0b07. DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPACK to client D.com 48 Ac tua Answer: C lTe sts .3 to client 0b07. DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPACK to client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPREQUEST received from client Explanation: The following example shows a combination of DHCP server events and decoded receptions and transmissions: Router# debug ip dhcp server events Router# debug ip dhcp server packets DHCPD:DHCPDISCOVER received from client 0b07. the correct order of events are highlighted above.1.0.1.0.1.1134.1134.

html#wp1020307 QUESTION NO: 56 Refer to the exhibit.168.3. Answer: F Explanation: Configuring the Address Lease Time: By default. use the following command in DHCP pool configuration mode: "Pass Any Exam. The ip address dhcp interface configuration command must be issued for the Fa0/1 interface of router RTA." . C. F. The VLAN1-POOL argument must be issued for the Fa0/1 interface on router RTA. Router RTA has been configured as a DHCP server for router RTC. each IP address assigned by a DHCP server comes with a one-day lease.2 DHCP command.cisco.2 interface configuration command must be issued for the Fa0/1 interface on router RTA. which statement about DHCP is true? A.1. On the basis of the information that is provided. D. Router RTA must be configured with the default-router 192. which is the amount of time that the address is valid.Cisco 642-832: Practice Exam Reference: http://www.168. Any Time. To change the lease value for an IP address. B.co m . E. Router RTC must be configured with the ip address dhcp global configuration command.actualtests.com 49 Ac tua lTe sts . The ip helper-address 192.com/en/US/docs/ios/debug/command/reference/db_h1. The lease 2 0 0 DHCP configuration command would change the default DHCP lease time to 48 hours on router RTA.www.

"Pass Any Exam. router R2 will retrieve domain name and other option information from R1. B. D.www.Cisco 642-832: Practice Exam Reference: http://www. C.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/easyip2. Which statement is true about the information that is given? A. The DHCP clients of router R2 will receive the same option information that the clients of R1 receive.actualtests.co m . Router R2 will distribute incorrect default router option information to DHCP clients because it is importing this information from R1. For the import all command to work on router R2. its Fa0/1 interface must be configured as a DHCP client. As configured.ht m#22915 QUESTION NO: 57 Refer to the exhibit.com 50 Ac tua lTe sts ." .cisco. Any Time.

1 10. such as DNS and WINs addresses.255.0.www. the remote server can request or "import" these option parameters from the centralized server.0 255.0.0.com 51 Ac tua lTe sts .Cisco 642-832: Practice Exam Answer: C Explanation: DHCP Server Options Import and Autoconfiguration Example: The following example shows a remote and central server configured to support DHCP options import and autoconfiguration." . In response to a DHCP request from a local client behind CPE equipment.2 ! interface FastEthernet0/0 ip address 10.0. Any Time.0.0. within the DHCP pools.0.0 ! Specifes the domain name for the client domain-name central ! Specifies DNS server that will respond to DHCP clients when they need to correlate host ! name to ip address dns-server 10.0 duplex auto speed auto Remote Router ! "Pass Any Exam.255.255.0.actualtests.0.0.co m .0.1 255. The central server is configured to automatically update DHCP options. Central Router !do not assign this range to DHCP clients ip dhcp-excluded address 10. See below for a diagram of the network topology.5 ! ip dhcp pool central ! Specifies network number and mask for DHCP clients network 10.2 !Specifies the NETBIOS WINS server netbios-name-server 10.0.255.

RTA(config)# interface fastethernet0/1 RTA(config-if)# ip forward-protocol udp 69 C. whenever the copy running-config tftp command is issued with default options on switch ASw1.0.2. RTA(config)# interface fastethernet0/1 RTA(config-if)# ip helper-address 10.2.24 ASw1(config-if-range)# ip forward-protocol udp 69 B.Cisco 642-832: Practice Exam ip dhcp pool client ! Imports DHCP options parameters into DHCP server database import all network 20.255. As shown in the example. and R 2 is acting as the remote router. Reference: http://www. Any Time.1.10 D.1. interface Fa0/1 needs to have the "ip address dhcp" command applied.co m . an error is produced.html#wp1009276 QUESTION NO: 58 A. making it a DHCP client.255. A network administrator consoles into the ASw1 switch and attempts to save the switch configuration to the TFTP server that is located at IP address 10.2. RTA(config)# interface fastethernet0/0 RTA(config-if)# ip helper-address 10.10/24. However.com 52 Ac tua lTe Refer to the exhibit.cisco.www. Router R 1 is acting as the central router.1.0 ! interface FastEthernet0/0 ip address dhcp duplex auto speed auto In our example. ASw1(config)# interface range fastethernet 0/1 .10 "Pass Any Exam. Which configuration would correct this situation? sts .actualtests.0." .0 255.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0 9186a00800ca75c.

www.ciscopress." . the administrator must provide DHCP and DNS servers on all subnets or use the Cisco IOS software helper address feature. the ip helper-address command will forward these 8 UDP ports: Reference: http://www. which statement is true? "Pass Any Exam. so the first option is not very appealing.actualtests. but routers. By using the ip helper-address command. RTA(config)# interface fastethernet0/0 RTA(config-if)# ip forward-protocol udp 69 F. Running services such as DHCP or DNS on several computers creates overhead and administrative problems. For this reason. Some clients are unable to make a connection without services such as DHCP. In a complex hierarchical network. When possible.asp?p=330807&seqNum=9 Refer to the exhibit. administrators use the ip helper-address command to relay broadcast requests for these key User Datagram Protocol (UDP) services.co m 53 .com Ac tua QUESTION NO: 59 lTe sts . Any Time. by default.com/articles/article. ASw1# copy tftp running-config Answer: C Explanation: DHCP is not the only critical service that uses broadcasts. Cisco routers and other devices might use broadcasts to locate TFTP servers. Based upon the information in the exhibit. clients might not reside on the same subnet as key servers. Some clients might need to broadcast to locate a TACACS security server.Cisco 642-832: Practice Exam E. a router can be configured to accept a broadcast request for a UDP service and then forward it as a unicast to a specific IP address By default. do not forward client broadcasts beyond their subnet. Such remote clients broadcast to locate these servers.

Which two statements are true? (Choose two) "Pass Any Exam.200.co m 54 . The Cisco IOS DHCP relay agent is enabled on an interface only when the ip helper-address is configured." .com Ac tua QUESTION NO: 60 lTe sts . C.168. DHCP requests from the host will be rebroadcasted to R2. B.Cisco 642-832: Practice Exam A.168. Answer: D Explanation: A DHCP relay agent is any host that forwards DHCP packets between clients and servers.www. E.actualtests. the R1 fa0/0 interface must be configured with the ip helperaddresses command. If multiple helper-addresses are configured. the R2 fa0/0 interface must be configured with the ip helperaddresses command.100. it tries to get response from first. The agents forward requests and replies between clients and servers when they are not on the same physical subnet. Any Time. To complete this configuration. R1 will then forward the requests to 192. R1 will forward DHCP requests to 192.1. if no response got from the first helper address then sends the request to second one.1.1 and 192. D. Relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface.100.168. To complete this configuration. If there is no response.1 as unicast messages. R1 will forward all DHCP requests to both 192.168. Refer to the exhibit.200.

Cisco 642-832: Practice Exam

Answer: A,E

Explanation: While routers accept and generate broadcasts, they do not forward them. This can be quite a problem when a broadcast needs to get to a device such as a DHCP or TFTP server that's on one side of a router with other subnets on the other side.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

A. DHCPDISCOVER packets will reach the DHCP server. B. The router will not forward DHCPDISCOVER packets because it has not been configured to do so. C. This configuration is applied to interface Fa0/1. D. DHCPDISCOVER packets will not reach the DHCP server because DHCPDISCOVER packets are broadcasts. E. DHCPDISCOVER packets will not reach the DHCP server because ports 67 and 68 have not been explicitly allowed by the ip forward-protocol command. F. This configuration is applied to interface Fa0/0.

lTe

sts

.co

m

55

Cisco 642-832: Practice Exam

This command does forward eight common UDP service broadcasts by default. TIME, port 37 TACACS, port 49 DNS, port 53 BOOTP/DHCP Server, port 67 BOOTP/DHCP Client, port 68 TFTP, port 69 NetBIOS name service, port 137 NetBIOS datagram service, port 138 That's going to cover most scenarios where the ip helper-address command will be useful, but what about those situations where the broadcast you need forwarded is not on this list? You can use the ip forward-protocol command to add any UDP port number to the list. In this particular case, ports 67 and 68 were not included, so the BOOTP packets will not be sent to the DHCP server.

QUESTION NO: 61 On router R1, which three of the following protocols will be forwarded to a host specified by the "ip helper-address" interface configuration command if the configuration has not been modified by the "ip forward-protocol udp" global configuration command? (Choose three)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

R1(config)#int e0 R1(config-if)#ip helper-address ? A.B.C.D IP destination address R1(config-if)#ip helper-address 10.1.1.1

lTe

If this PC attempts to locate a DNS server with a broadcast, the broadcast will be stopped by the router and will never get to the DNS server. By configuring the ip helper-address command on the router, UDP broadcasts such as this will be translated into a unicast by the router, making the communication possible. The command should be configured on the interface that will be receiving the broadcasts.

sts

.co

m

56

Cisco 642-832: Practice Exam A. BOOTP B. TFTP C. ARP D. DNS E. proxy-ARP F. FTP G. CDP Answer: A,B,D Explanation: To forward the BootP/DHCP request from the client to the DHCP server, the ip helper-address interface command is used. The IP helper-address can be configured to forward any UDP broadcast based on UDP port number. By default, the IP helper-address will forward the following UDP broadcasts: DNS (port 53), time service (port 37) Trivial File Transfer Protocol (TFTP) (port 69) Terminal Access Control Access Control System (TACACS) service (port 49) NetBIOS name server (port 137) NetBIOS datagram server (port 138) Boot Protocol (DHCP/BootP) client and server datagrams (ports 67 and 68) IEN-116 name service (port 42) Reference: Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks http://www.cisco.com/warp/public/473/100.html

Refer to the exhibit. Which statement is true about the configuration?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

QUESTION NO: 62

sts

.co

m

57

Cisco 642-832: Practice Exam

Explanation: When configuring the Router as a DHCP server you should follow these steps: Define the pool using ip dhcp pool <poolname> Define the network to assign to client to the pool using : network network/mask Define the lease time using lease days Define the DNS server to resolve name/ip using: dns-server <ip address> Define the Default Gateway to assign to the client: degault-router <router ip add> In exhibit there is no dns-server in pool 1 and pool 2. If a dns server is not defined in the pool, it takes from the previous pool, same thing will happen here, pool 1 and pool 2 use the 10.10.20.50 as the DNS server from the pool 0.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Answer: C

tua

A. Hosts belonging to DHCP pool 1 and pool 2 will retain their IP settings for 30 hours before they must renew. B. Hosts will receive IP settings from pool 1 until the addresses run out, and then hosts will receive the settings from pool 2. C. Hosts in the 10.10.20.0/24 subnet will use 10.10.20.50 as its DNS server. D. DHCP pool 0 needs to have the ip dhcp excluded-address command to exclude the default router and DNS servers.

lTe

sts

.co

m

58

Cisco 642-832: Practice Exam QUESTION NO: 63 Refer to the exhibit. The DHCP configuration that is shown is configured on a Cisco router. Which statement is true?

Answer: D

Explanation: There are two pools with different networks. Pool 1 has 172.16.1.0/24 and pool 2 has 172.16.2.0/24. Suppose that the router has fa0/0 interface with IP address 172.16.1.1 and fa0/1 with IP address 172.16.2.1. When a client sends the DHCP request on fa0/0 the router will assign the IP address from pool 1 and when a client sends the DHCP request on fa0/1 Router will assign IP address from pool 2 because the pool selection is based on the network address of the associated interface IP address.

QUESTION NO: 64 Refer to the exhibit. A network administrator has configured DHCP services on the router as shown. DHCP clients connected to the FastEthernet0/0 interface are working properly. DHCP clients connected to the FastEthernet0/1 interface are not receiving addresses. Which two statements contain recommendations that will solve the problem? (Choose two.) "Pass Any Exam. Any Time." - www.actualtests.com 59

Ac

tua

A. The router will distribute IP addresses from pool 1 until its addresses are exhausted. Then the router will begin distributing addresses from pool 2. B. The configuration is invalid because the DHCP options are global configuration commands. C. The configuration is incomplete until the DHCP pools are bound to the appropriate interface or interfaces. D. The router will choose which pool to use based upon the interface the DHCP request was received on.

lTe

sts

.co

m

Cisco 642-832: Practice Exam

A. The network shown in the output under the ip dhcp pool Central command should be changed to network 10.10.0.0 with a mask of 255.255.255.0. B. A second DHCP pool for network 10.10.0.0/24 should be configured. C. An ip dhcp excluded-address global configuration command for network 10.10.0.0/24 should be issued. D. The ip helper-address 10.0.0.1 command should be issued so that the address can be added to the FastEthernet0/0 configuration. E. The ip helper-address 10.0.0.1 command should be issued so that the address can be added to the FastEthernet0/1 configuration. Answer: B,C Explanation: In the exhibit, the DHCP pool has been configured for the 10.0.0.0 255.255.255.0 network so clients connected to fa0/0 are receiving an IP address but clients connected to fa0/1 are not receiving an IP address because the DHCP pool for 10.10.0.0/24 network has not been configured. So to assign an IP address to clients connected to fa0/1 interface you should configure the DHCP pool for 10.10.0.0/24 network.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

60

0." .0. The first DHCP client to connect to the FastEthernet 0/0 interface will receive the IP address 10.Cisco 642-832: Practice Exam QUESTION NO: 65 Refer to the exhibit.10.0. E.1 D. So to assign IP addresses to clients connected to fa0/1 interface you should configure "Pass Any Exam. DHCP requests received on the FastEthernet 0/1 interface will be forwarded to 10.2.0. Which two statements are true about the partial configuration that is shown? (Choose two.) A.www.actualtests.0.0. The first DHCP client to connect to the FastEthernet 0/0 interface will receive the IP address 10. Answer: A. the DHCP pool has been configured for the 10. C.0. The first DHCP client to connect to the FastEthernet 0/1 interface will receive the IP address 10.0 network so clients connected to fa0/0 are receiving an IP address but clients connected to fa0/1 are not receiving IP address because the DHCP pool for the 10.255.1.6.0.0/24 network has not been configured. Any Time.E Explanation: In the exhibit.0. Hosts connected to the FastEthernet0/1 interface will not receive DHCP replies from the router.0 255. B.com 61 Ac tua lTe sts .0.co m .10.255.

C.168. Answer: A.1.10.168.2 will have their traffic sent to Catalyst_A.) A.1 will have their traffic sent to 192.168. Catalyst_A is load sharing traffic in VLAN 50.1.0.Cisco 642-832: Practice Exam the DHCP pool for 10.0/24 network." . D.actualtests. The command standby 1 preempt was added to Catalyst_A.co m .www. Hosts using the default gateway address of 192. Hosts using the default gateway address of 192.1. Section 6: Troubleshoot NAT (0 Questions) Section 7: Troubleshoot first hop redundancy protocols (18 Questions) QUESTION NO: 66 Refer to the exhibit. B.11 even after Catalyst_A becomes available again. Which two statements are true about the output from the show standby vlan 50 command? (Choose two. Any Time.com 62 Ac tua lTe sts .B Explanation: "Pass Any Exam.

so if you configure just one router to have a higher priority. The default priority is 100. tua lTe sts Resign -A router that is the active router sends this message when it is about to shut down or when a router that has a higher priority sends a hello message. it sends a coup message. Standby -The router is prepared to assume packet-transfer functions if the active router fails. To configure a router as the active router." . that router cannot become the active router. The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group.www.co m . HSRP works by the exchange of multicast messages that advertise priority among HSRPconfigured routers. QUESTION NO: 67 "Pass Any Exam.actualtests. Any Time. Listening -The router is receiving hello messages. Coup -When a standby router assumes the function of the active router. that router will be the default active router.forwarding functions between routers is completely transparent to all hosts on the network.Cisco 642-832: Practice Exam HSRP uses a priority scheme to determine which HSRP-configured router is to be the default active router. When the active router fails to send a hello message within a configurable period of time. the standby router with the highest priority becomes the active router. By default. you assign it a priority that is higher than the priority of all the other HSRP-configured routers. The configurations of both routers include this command so that each router can be the standby router for the other router. At any time. an HSRP router sends hello messages every three seconds. The transition of packet. If you do not use the standby preempt command in the configuration for a router. HSRP-configured routers are in one of the following states: . The 1 indicates that this command applies to Hot Standby group 1. HSRP-configured routers exchange three types of multicast messages: Hello -The hello message conveys to other HSRP routers the router's HSRP priority and state information. Active -The router is performing packet-transfer functions.com 63 Ac Speaking and listening -The router is sending and receiving hello messages.

You can configure a router to preempt or immediately take over the active role if its priority is the highest at any time. each router has a common gateway IP address.16. The router with IP address 172.111.D. Based upon the debug output that is shown. . B.Cisco 642-832: Practice Exam Refer to the exhibit.16. This address is used for all routing protocol and management traffic initiated by or destined to the router. which three statements about HSRP are true? (Choose three. F." . Use the following interface configuration command to allow preemption: Switch(config-if)# standby group preempt [delay seconds] By default. without delay.11.16. This address is also referred to as the HSRP address or the standby address .11.112 has nonpreempt configured. Any Time.11. the router can preempt another immediately. You can use the delay keyword to force it to wait for seconds before becoming active.112 is preferred over the router with IP address 172. The final active router is the router with IP address 172.16.16.) Answer: B. You can assign the HSRP address with the following interface command: Switch(config-if)# standby group ip ip-address [secondary] When HSRP is used on an interface that has secondary IP addresses. E.16.11. The router with IP address 172.www.11. the virtual router address. The priority of the router with IP address 172.actualtests.16. In addition.111 has preempt configured.111. Clients can point to that virtual router address as their default gateway. C. This is usually done if there are "Pass Any Exam.11. The IP address 172. D. knowing that a router always keeps that address active. you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address.com 64 Ac tua lTe sts A.112 is using default HSRP priority. The router with IP address 172. Keep in mind that the actual interface address and the virtual (standby) address must be configured to be in the same IP subnet. that is kept alive by HSRP.E Explanation: Each router in an HSRP group has its own unique IP address assigned to an interface.11.115 is the virtual HSRP IP address.co m .

www. If you do not use the standby preempt command in the configuration for a router.11.11.111.11. C. QUESTION NO: 69 Examine the router output above.11. lTe sts . B.111 will be the active router because its HSRP priority is preferred over router 172. The 1 indicates that this command applies to Hot Standby group 1. Which two items are correct? (Choose two.16. The IP address 172.Cisco 642-832: Practice Exam routing protocols that need time to converge.112. QUESTION NO: 68 What can be determined about the HSRP relationship from the displayed debug output? Answer: F Explanation: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group.112 will be the active router because its HSRP priority is preferred over router 172.16. The nonpreempt feature is enabled on the 172.11. Router 172.111 router. that router cannot become the active router.112 router.111 is the virtual HSRP router IP address.com 65 Ac tua A.11. The IP address 172.actualtests.16. Any Time.11. Router 172.co m . F.16. D.112 is the virtual HSRP router IP address." . E. The preempt feature is not enabled on the 172.16.16. The configurations of both routers include this command so that each router can be the standby router for the other router.16.) "Pass Any Exam.11.16.

The local IP address of Router A is 10. Router A will assume the active state if its priority is the highest.com Ac Explanation: Since preemption has been configured. Any Time. it would now be 95 + 10 (which is the default value) so the total value would then become 105. it will become the active router as long as it has a higher priority value.www. the current priority shows it to be 95. If Ethernet 0/2 goes down.co A. If the interface were to come up. B.1.Cisco 642-832: Practice Exam Answer: C. Which two problems are the most likely cause of the exhibited output? (Choose two.6.com/en/US/docs/switches/lan/catalyst3550/software/release/12. If fast0/2 were to come up as well. we know that when any router comes back up. the priority will become 105.0.1.D QUESTION NO: 70 Refer to the exhibit. Reference: http://www. When Ethernet 0/3 of RouterA comes back up. The local IP address of Router A is 10.20.1_12c_ea1/confi guration/guide/swhsrp. C.cisco.html tua lTe sts .) "Pass Any Exam. the standby router will take over. E. D.0. In this example.actualtests. m 66 . it would then be 105 + 15 (special override as seen in the command) = 120." .

Keep in mind that the actual interface address and the virtual (standby) address must be configured to be in the same IP subnet. spanning tree issues C." .actualtests. which three statements about HSRP are true? (Choose three. QUESTION NO: 71 Refer to the exhibit. HSRP misconfiguration 67 .com Ac tua Explanation: Each router in an HSRP group has its own unique IP address assigned to an interface. This address is used for all routing protocol and management traffic initiated by or destined to the router.www. Based upon the debug output that is shown. This address is also referred to as the HSRP address or the standby address . Any Time. the virtual router address that is kept alive by HSRP. Clients can point to that virtual router address as their default gateway. each router has a common gateway IP address.E When HSRP is used on an interface that has secondary IP addresses.co m A. In addition. VRRP misconfiguration B. You can assign the HSRP address with the following interface command: Switch(config-if)# standby group ip ip-address [secondary] lTe sts . you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address. physical layer issues E. transport layer issues D. knowing that a router always keeps that address active.Cisco 642-832: Practice Exam Answer: D.) "Pass Any Exam.

Cisco 642-832: Practice Exam Answer: B.co A. E.16. F. Keep in mind that the actual interface address and the virtual (standby) address must be configured to be in the same IP subnet.11. the router can preempt another immediately. "Pass Any Exam.112 has nonpreempt configured. without delay. This address is used for all routing protocol and management traffic initiated by or destined to the router.16. m 68 . The final active router is the router with IP address 172.111.16. The router with IP address 172." . The priority of the router with IP address 172.111 has preempt configured.11. that is kept alive by HSRP.E Switch(config-if)# standby group ip ip-address [secondary] When HSRP is used on an interface that has secondary IP addresses. You can assign the HSRP address with the following interface command: tua lTe sts .111.11. Use the following interface configuration command to allow preemption: Switch(config-if)# standby group preempt [delay seconds] By default.www.115 is the virtual HSRP IP address. knowing that a router always keeps that address active. The router with IP address 172. you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address. B. C.112 is preferred over the router with IP address 172.112 is using default HSRP priority. The IP address 172. The router with IP address 172.11. D.11. each router has a common gateway IP address.D.com Ac Explanation: Each router in an HSRP group has its own unique IP address assigned to an interface.16. the virtual router address.16.11. You can configure a router to preempt or immediately take over the active role if its priority is the highest at any time.16. Clients can point to that virtual router address as their default gateway. This is usually done if there are routing protocols that need time to converge. This address is also referred to as the HSRP address or the standby address .16. Any Time. In addition.11. You can use the delay keyword to force it to wait for seconds before becoming active.actualtests.

C. Which two items are correct? (Choose two. By default. In this example. . To set the priority.Cisco 642-832: Practice Exam QUESTION NO: 72 Examine the router output above.D Explanation: Since preemption has been configured. the current priority shows it to be 95. use the following interface configuration command: Switch(config-if)# standby group priority priority When HSRP is configured on an interface. Reference: http://www. B.cisco.actualtests. If the interface were to come up.html HSRP election is based on a priority value (0 to 255) that is configured on each router in the group. If all router priorities are equal or set to the default value. The local IP address of Router A is 10." .20. the priority will become 105. The router with the highest priority value (255 is highest) becomes the active router for the group.1.0. the standby router will take over. the priority is 100.1_12c_ea1/confi guration/guide/swhsrp.6. the router with the highest IP address on the HSRP interface becomes the active router. The local IP address of Router A is 10.co m . If Ethernet 0/2 goes down. If fast0/2 were to come up as well. it will become the active router as long as it has a higher priority value.) Answer: C.0. When Ethernet 0/3 of RouterA comes back up. Any Time. Router A will assume the active state if its priority is the highest. the router progresses through a series of states before "Pass Any Exam. it would then be 105 + 15 (special override as seen in the command) = 120.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1. E.www.com 69 Ac tua lTe sts A. it would now be 95 + 10 (which is the default value) so the total value would then become 105. D. we know that when any router comes back up.

Active.com Ac A. Standby.11. This forces a router to listen for others in a group and see where it fits into the pecking order. The 1 indicates that this command applies to Hot Standby group 1. finally. The IP address 172.112 is the virtual HSRP router IP address.16.111 will be the active router because its HSRP priority is preferred over router 172. Router 172.16. QUESTION NO: 73 What can be determined about the HSRP relationship from the displayed debug output? Answer: F Explanation: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group.111.11. The nonpreempt feature is enabled on the 172. Init. E.Cisco 642-832: Practice Exam becoming active. B.112 will be the active router because its HSRP priority is preferred over router 172. Speak. The configurations of both routers include this command so that each router can be the standby router for the other router. tua lTe sts . Router 172. The IP address 172.11.112 router.16. that router cannot become the active router. D.16.16.11.111 router. C. The HSRP state sequence is Disabled. Listen. If you do not use the standby preempt command in the configuration for a router.11.actualtests.11.co m 70 . "Pass Any Exam. The preempt feature is not enabled on the 172." .16.16.111 is the virtual HSRP router IP address.112.11.www. F.16.11. and. Any Time.

pdf QUESTION NO: 75 Network topology exhibit: "Pass Any Exam.cisco. and backbone switches and conformed to Cisco's modular three-tier (Access/Distribution/Core) design philosophy. Delay reduction C. Hot Standby Routing Protocol (HSRP) D.C." . Quality of Service (QoS) F. The testing demonstrated the following high availability and resilience features of Catalyst switches: per-VLAN Spanning Tree (PVST) using Cisco's InterSwitch Link (ISL) and 802.) A. the demonstration was based on a model of a "real world" campus (in one of Cisco's Enterprise Solution Center labs in San Jose . many organizations are beginning to make reliability/availability features a key selection criteria for network infrastructure products. This switched internetwork consisted of wiring closet.D Explanation: Because the importance of high availability networks is increasingly being recognized. wiring center.com Ac tua lTe sts .com/warp/public/779/largeent/learn/technologies/campuslan. Spanning Tree Protocol (STP) B. Cisco Systems engaged ZD Tag to observe and confirm the results of a series of tests demonstrating the high availability features of Cisco Catalyst Layer 2/Layer 3 switches. Any Time.1Q VLAN Trunking Cisco Spanning Tree Enhancements. Dynamic routing protocols E. Jitter management Answer: A.actualtests.co m 71 .Cisco 642-832: Practice Exam QUESTION NO: 74 Which three of the following network features are methods used to achieve high availability? (Select all that apply. including UplinkFast and PortFast Cisco Hot Standby Router Protocol (HSRP) and HSRP Track Cisco IOS per-destination load balancing over equal cost OSPF paths Cisco IOS fast convergence for OSPF Reference: http://www.www. With this in mind. California ). In order to maximize the relevance of the results.

Any Time. R2 will be the standby router because it has the higher IP address. In this scenario the following are true: * Host A can ping the headquarter office * HSRP is configured on R1 * First R1 and then R2 are configured and reloaded Based on this information.www. R2 will be the active router because it has the higher priority that is configured. D. Please study the exhibit carefully. E. it will not become the active router because the HSRP preemption was not configured." . what can be said of this network? A. Answer: C Explanation: Even though router R2 has a higher priority. C.co m . B. F.Cisco 642-832: Practice Exam R1 configuration exhibit: R2 configuration exhibit: You work as a network technician.com 72 Ac tua lTe sts . R1 will be the active router because it booted first.actualtests. "Pass Any Exam. Since the "standby 62 preempt" command was not configured. R2 will be the active router because it booted last. R1 will be the standby router because it has the lower IP address. R1 will be the active router because it has the lower priority that is configured.

R3 is the active router because the standby timer has been incorrectly configured.10.Cisco 642-832: Practice Exam the first HSRP router to boot up will become the active router and remain the active router even when another device with a higher priority is added. Any Time. It then became the active router. D. C. Based on the R3 "debug standby" output in the exhibit. B.co m 73 . R3 is the active router because it has a lower IP address then the tying priority router on that VLAN. with no standby router.com Ac A. R3 is the active router and is advertising the virtual IP address 10. it can be seen that the standby router is unknown. R3 is the active router because it is the only HSRP-enabled router on that segment F. and the active timer is expired meaning that this router was unable to locate any other HSRP enabled routers on the LAN.www. None of the other alternatives apply tua lTe You are troubleshooting a redundancy issue with the network.10. which HSRP statement is true? sts . Host A has sent an ARP message to the default gateway IP address 10. E. R3 is the active router because it has a lower priority on that VLAN. Which statement is true? "Pass Any Exam.actualtests." . QUESTION NO: 77 Refer to the exhibit.10.1. QUESTION NO: 76 Exhibit: Answer: E Explanation: In the output shown.110.111 on VLAN 11.

When router DSW1 sends the ARP message to 10. Because of the invalid timers that are configured. Router DSW2 is the Active Virtual Gateway (AVG) router because it has highest IP address even having equal priority. . One router is elected the active virtual gateway (AVG)." . E. This router has the highest priority value.Cisco 642-832: Practice Exam Explanation: The Gateway Load Balancing Protocol (GLBP) is a Cisco-proprietary protocol designed to overcome the limitations of existing redundant router protocols. In any event. DSw2 will not reply. DSw2 will reply with the IP address of the next AVF. the virtual MAC address supported by one of the routers in the group is returned. DSw1 will not reply. Because of the invalid timers that are configured. D. B.www.10. or the highest IP address in the group. but the terminology is different and the behavior is much more dynamic and robust. The AVG answers all ARP requests for the virtual router address.1 Router DSW 2 will reply to DSW 1 as a Active Virtual Router.actualtests. Some of the concepts are the same as with HSRP/VRRP. DSw2 will reply with the MAC address of the next AVF.co m 74 . DSw1 will reply with the IP address of the next AVF. if there is no highest priority. Any Time. The trick behind this load balancing lies in the GLBP group.com Ac tua lTe Answer: B sts A.10. According to exhibit. C. DSw1 will reply with the MAC address of the next AVF. QUESTION NO: 78 Exhibit: "Pass Any Exam. Which MAC address it returns depends on which load-balancing algorithm it is configured to use. F.

2.255.10. Based on the "debug standby" output in the exhibit.6. R5 is the active router because it has a lower IP address than the tying priority router on that VLAN. D.www. R5 is the active router because it is the only HRSP-enabled router on that segment.10.co m You have configured HSRP on router R5 as shown.1.0 standby 34 ip 20.21 standby 35 priority 100 interface ethernet 1 ip address 20.1.21 "Pass Any Exam.6.1 255. E." . C.255. R5 is the active router because it has a lower priority on that VLAN.2 255. R5 is the active router because the standby timer has been incorrectly configured. Any Time.111 on VLAN 11.255. R5 is the active router and is advertising the virtual IP address 10.2.1. None of the other alternatives apply sts .actualtests.0 standby 35 ip 20.6. tua lTe A.com 75 Ac Explanation: Answer A is correct because there is no response from the HSRP neighbor. B.Cisco 642-832: Practice Exam Answer: A QUESTION NO: 79 Routers R1 and R2 are configured for HSRP as shown below: Router R1: interface ethernet 0 ip address 20. the neighbor discovery timer has expired and the standby router is unknown. As we can see from the exhibit. F. which HSRP statement is true? .6.255.

1. physical layer issues B.0 standby 35 ip 20.0 standby 34 ip 20. While debugging router R2 you notice very frequent HSRP group state transitions.www. Any Time.255." . Which three statements accurately describe this GLBP topology? (Choose three. HSRP defines six states in which an HSRP router may run: initial. Besides. The most common problems are Physical Layer Problems or excessive network traffic caused by Spanning-Tree Issues. What is the most likely cause of this? A.2. Note: Hot Standby Routing Protocol (HSRP) is a Cisco proprietary protocol used for allowing redundant connections. learn.2. failure to set the command standby 35 preempt Answer: A Explanation: R2 is not able to from the standby state to reach the active state.255.co m 76 . C: Not a likely cause.6. It can keep core connectivity if the primary routing process fails.255.255.com Ac tua lTe sts . This could be caused by missing HSRP hello messages.1.Cisco 642-832: Practice Exam Router R2: interface ethernet 0 ip address 20. listen. There are several possible causes for HSRP packets to get lost between the peers. no spanning tree loops C.1 255.2 255.6. QUESTION NO: 80 Refer to the exhibit.6.actualtests. Incorrect Answers: B: Spanning tree loops does not affect this problem. in the example here the default values were indeed used.21 interface ethernet 1 ip address 20. standby.) "Pass Any Exam. speak.1.21 standby 34 priority 100 You have configured the routers R1 & R2 with HSRP. and active. use of non-default HSRP timers D.6.

there would be two backup AVGs. If another router were added to this GLBP group. Router B will forward packets sent to the virtual MAC address of Router A. Router A alternately responds to ARP requests with different virtual MAC addresses.0101 and would become the Active VF if R1 were down.actualtests. In this case R1 is the AVG and R2 is the standby.com 77 Ac tua lTe A. R2 would act as a VRF and would already be forwarding and routing packets.Cisco 642-832: Practice Exam Answer: A. As an AVF router R2 is already forwarding/routing packets QUESTION NO: 81 Network topology exhibit: "Pass Any Exam. E. Router B is in GLBP listen state. C. If Router A becomes unavailable. Router B will transition from blocking state to forwarding state when it becomes the AVG. Any additional routers would be in a listen state. there is 1 AVG and 1 standby VG." . F.www. the primary responsibility is to answer ARP requests to the virtual IP address. sts .b400.co m . In this scenario. Any Time. B.B. As the role of the Active VG. D. Router A is responsible for answering ARP requests sent to the virtual IP address. R1 responds to ARP requests with different virtual MAC addresses. R2 is the Standby VFfor the VMAC 0008. As the role of the Active VG and load balancing.E Explanation: With GLBP the following is true: With GLB.

the two routers on the network are configured for GLBP (Gateway Load Balancing Protocol). What can be said about this? A. The default gateway address of each host should be set to the virtual IP address. With standard HSRP and VRRP.actualtests. these standby routers pass no traffic in normal operation . One member is elected to be the active router to forward packets sent to the virtual IP address for the group." .com/networks/Routers/HSRP-GLBP-VRRP. Instead of the hassle of configuring all the hosts with a static Default Gateway. and this is how the load is balanced between the routers. which results in an extra administrative burden of going around and configuring every host and creating 2 or more groups of hosts that each use a different default gateway. B. and all routers in the virtual router group participate in forwarding packets Reference: http://www. The hosts will learn the proper default gateway IP address from Router R1. The hosts will have different default gateway IP addresses and different MAC addresses for each rtouter. Therefore the concept cam about for using multiple virtual router groups. E. you can lket them use ARP's to find their own.infocellar. Any Time. The default gateway address of each host should be set to the real IP address of the router. but not identical. D. Multiple gateways in a "GLBP redundancy group" respond to client Address Resolution Protocol (ARP) requests in a shared and ordered fashion.Cisco 642-832: Practice Exam In this network segment.co m 78 . As such. The other routers in the group are redundant until the active router fails. each with their own unique virtual MAC addresses. which are configured for the same set of routers.which is wasteful.com Ac tua lTe sts . But to share the load. C. function for the user as the HSRP and VRRP. Answer: B Explanation: GLBP performs a similar. Both HSRP and VRRP protocols allow multiple routers to participate in a virtual router group configured with a virtual IP address. Each host is configured with the same virtual IP address. workstation traffic is divided across all possible gateways.but it can do this using only ONE virtual IP address!!! Underneath that one virtual IP address is multiple virtual MAC addresses. None of the other alternatives apply. GLBP is similar in that it provides load balancing over multiple routers (gateways) .www.htm "Pass Any Exam. the hosts must be configured for different default gateways.

Cisco 642-832: Practice Exam QUESTION NO: 82 Refer to the exhibit." . it would take over the role of active for the HSRP group. If Switch_A had the highest priority number. tua Switch(config-if)# standby group track type mod/num [decrementvalue] lTe Explanation: HSRP has a mechanism for detecting link failures and swaying the election. What conclusion is valid? Answer: D Section 8: Troubleshoot IPv6 routing (3 Questions) QUESTION NO: 83 Refer to the output. m 79 . it would not take over as active router.co A. when fa1/1 on Switch_A goes down. If the current standby device were to have the higher priority value. D. Assume that Switch_A is active for the standby group and the standby device has only the default HSRP configuration.www. If port Fa1/1 on Switch_A goes down. What IOS command produces this output? "Pass Any Exam. If port Fa1/1 on Switch_A goes down. When a specific interface is tracked. the priority will be decreased by 10 from 200 to 190.actualtests. sts . B. the standby device will take over as active. the new priority value for the switch would be 190. So.com Ac By default. C. HSRP reduces the router's priority by a configurable amount as soon as the interface goes down. giving another router an opportunity to take over the active role. the decrement value for an interface is 10. Any Time.

www. show ip ospf interface C.3 It is an autonomous system boundary router Redistributing External Routes from.com Ac tua lTe Explanation: Sample Output for the show ipv6 ospf Command The following is sample output from the show ipv6 ospf command: Router# show ipv6 ospf sts .3. Checksum Sum 0x67581 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 "Pass Any Exam. 1 normal 0 stub 0 nssa Area 1 Number of interfaces in this area is 2 SPF algorithm executed 9 times Number of LSA 15.Cisco 642-832: Practice Exam Answer: D Routing Process "ospfv3 1" with ID 172. Checksum Sum 0x218D Number of areas in this router is 1.actualtests. Hold time between two SPFs 10 secs Minimum LSA interval 5 secs.co A. show ipv6 ospf interface D. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 1. show ip ospf B. show ipv6 ospf m 80 . Any Time. static SPF schedule delay 5 secs.16." .

html#wp1071056 QUESTION NO: 84 Refer to the exhibit. F.16. E.0.255 area 1 lTe sts .0 0.6. The following describes the steps to configure OSPF for IPv6: "Pass Any Exam. What two statements are true? (Choose two. The IP address of the backup designated router (BDR) is FE80::205:5FFF:FED3:5808. For example." .com Ac Answer: A. OSPF version 2 has been enabled to support IPv6. the interfaces are directly configured to specify that IPv6 networks are part of the OSPFv3 network. instead of using the network area command to identify networks that are part of the OSPFv3 network. This is the designated router (DR) on the FastEthernet 0/0 link. Any Time.C tua A.com/en/US/docs/ios/ipv6/configuration/guide/ip6ospf. C.www.0. The configuration of OSPFv3 is not a subcommand mode of the router ospf command as it is in OSPFv2 configuration. D. B.Cisco 642-832: Practice Exam Flood list length 0 Reference: http://www.cisco. The router was configured with the commands: router ospf 1 network 172.actualtests.) Explanation: OSPFv3 supports IPv6.co m 81 . Interface FastEthernet 0/0 was configured with the ipv6 ospf 1 area 1 command. The output was generated by the show ip interface command.

30.30. 0:0:0:0:0:0:192.cisco. including the show ipv6 ospf [ process-id ] [ area-id ] interfacee [ interface ] command. B.168.168. The OSPF database is repopulated and then the shortest path first (SPF) algorithm is performed.168.1 C.com/en/US/docs/ios/ipv6/configuration/guide/ip6ospf_support_TSD_Island_of_Content_Chapter. Then the OSPF neighbors are reformed. 192. QUESTION NO: 85 The command "clear ipv6 ospf process" was issued on a router. The OSPF adjacencies are cleared and initiated again.30." .1 is converted into a valid IPv6 address.www.30. and then the SPF algorithm is performed. C. Any Time.1 D. C0A8:1E01:: E.actualtests. The shortest path first (SPF) algorithm is performed on the LSA database. The route table is cleared.30.) A. None of the other alternatives apply Answer: C Section 9: Troubleshoot IPv6 and IPv4 interoperability (4 Questions) QUESTION NO: 86 To enable BGP tunneling over the IPv4 backbone.Cisco 642-832: Practice Exam There are several commonly used OSPFv3 show commands.168. What does this command accomplish? A. Which three IPv6 addresses are acceptable formats for the IPv4 address? (Choose three. the OSPF database is cleared and repopulated. the OSPF database is not cleared before the SPF algorithm is performed.1:: F.co m 82 . E. ::192. the IPv4 address 192.com Ac tua lTe Explanation: When the process keyword is used with the clear ipv6 ospf command. When the force-spf keyword is used with the clear ipv6 ospf command. 192.168.html sts .1:0:0:0:0:0:0 B. ::C0A8:1E01 "Pass Any Exam. Reference: http://www. D.

C. These addresses use 0s in the first 96 bits of the address and one of the two formats for the remaining portion of the address. F are the correct answers.16 address acceptable for IPv6 format: 0:0:0:0:0:10:10:100:16 or ::10:10:100:16 or ::A:A:64:10 So Answer B. B.10. C." .actualtests. You can configure IPv4 as well as IPv6 Address on same router's same interface.www. tunneling etc enable smooth integration of IPv4 to IPv6.1 255. Here is the example to configure IPv4 and IPv6 address on the same interface: Router(Config)#int s0/0 Router(Config-if)#ip address 1. Any Time.255. Only OSPF version 3 can be utilized for routing IPv4 and IPv6.Cisco 642-832: Practice Exam Answer: B. A mechanism exists for creating IPv6 addresses that are compatible with IPv4. Answer: B Explanation: The transition from IPv4 to IPv6 does not require an upgrade on all nodes at the same time. A router routing for IPv6 and IPv4 must convert IPv4 packets to IPv6 packets to route them. None of the other alternatives apply lTe Company network is implemting IPv6 into their existing IPv4 netwrok.0 Router(Config-if)#ipv6 address affe::1/64 "Pass Any Exam. IPv4 Compatible IPv6 Address.100. C. IPv6 can be routed using the same routing protocol versions as IPv4 D.1.F Explanation: Many transition strategies have been developed for IPv4 networks to migrate to IPv6 service and for IPv6 networks to intercommunicate over IPv4 networks. so you can route IPv4 route and IPv6 route simultaneously. Here is the example of IPv4 10. Many transition mechanisms like dual stack. dual stack. Which statement is true about incorporating IPv6 into an already existing IPv4 network? sts QUESTION NO: 87 .255.com 83 Ac tua A.1. E. Most of these strategies involve tunneling.co m . IPv4 and IPv6 networks can be routed simultaneously.

6to4 is a manual tunnel method.cisco.actualtests. the first two bytes of the IPv6 address will be 0x2002 and the next four bytes will be the hexadecimal equivalent of the IPv4 address.com/web/about/ac123/ac147/ac174/ac197/about_cisco_ipj_archive_article09186a0080 0c830a.com 84 Ac tua Explanation: The 6to4 transition mechanism provides a solution to the complexity problem of building manually configured tunnels to an ISP by advertising a site's IPv4 tunnel endpoint (to be used for a dynamic tunnel) in a special external routing prefix for that site. Which two statements are true about these tunnels? (Choose two) A. lTe sts .1 would be converted to the 2002:1315:4463:1::/64 IPv6 address. 2002::/48 is the address range specifically assigned to 6to4. In a 6to4 tunnel.168. "Pass Any Exam.www. The specification of a 48-bit external routing prefix in the IPv6 Aggregatable Global Unicast Address Format that provides just enough space to hold the 32 bits required for the 32-bit IPv4 tunnel endpoint address (called V4ADDR in Figure 3) makes this setup possible. B. Reference: Routing IPv6 over IPv4 www. the IPv4 address 192.168.0. Prepending a reserved IPv6 code to the hexadecimal representation of 192. Any Time. In a 6to4 tunnel. there is a nonlocal destination). D. the IPv6 packet is encapsulated in an IPv4 packet using an IPv4 protocol type of 41.co m Answer: C. and that the next hop destination prefix contains the special 6to4 Top Level Aggregation (TLA) value of 2002::/16.html QUESTION NO: 89 A Company is using 6to4 tunnels in their IPv6 network. Each 6to4 site receives a /48 prefix in a 6to4 tunnel. Which two statements about this kind of tunneling are accurate? (Choose two) A.Cisco 642-832: Practice Exam QUESTION NO: 88 A company is using 6to4 tunneling within their IPv6 network. E.99.1 facilitates 6to4 tunneling. Prepending 0x2002 with the IPv4 address creates an IPv6 address that is used in 6to4 tunneling. C. B." . Sending and Receiving Rules for 6to4 Routers When the requesting site's 6to4 router sees that it must send a packet to another site (that is.E . as defined in the Transition Mechanisms RFC.

99. the first two bytes of the IPv6 address will be locally derived and the next two bytes will be the hexadecimal equivalent of the IPv4 address. In a 6to4 tunnel. the IPv4 address 192.99. the first two bytes of the IPv6 address will be locally derived and the next two bytes will be the hexadecimal equivalent of the IPv4 address. Answer: A.www. Reference: BSCI study guide volume 2. in a 6to4 tunnel. Any Time. the IPv4 address 192. Cisco Press. In a 6to4 tunnel. page 8-75. For example.C Explanation: The 6to4 method uses the reserved prefix 2002::/16 concatenated with the hexadecimal equivalent of the IPv4 address to allow an IPv4 site to create and use a /48 IPv6 prefix based on a single Globally routable reachable IPv4 address.) "Pass Any Exam. In a 6to4 tunnel.Cisco 642-832: Practice Exam C.168." . E. On the basis of the following exhibit.actualtests.1 would be converted to the 2002:c0a8:6301::/16 IPv6 address. D.com Ac tua lTe QUESTION NO: 90 sts Section 10: Troubleshoot switch-to-switch connectivity for the VLAN based solution (9 Questions) .168. can you tell me why VLAN updates from switch CK-P2S1 are not applied to switch CK-P1S1? (Choose three.1 would be converted to the 2002:c0a8:6301::/48 IPv6 address.co m 85 .

Any Time. be sure to verify that the configuration revision number is set to 0 before adding the switch to the VTP domain. B. This will prevent unauthorized switches from participating in the VTP domain. "Pass Any Exam.Cisco 642-832: Practice Exam Explanation: Determine the VTP mode of operation of the switch and include the mode when setting the VTP domain name information on the switch. It is generally recommended that you have several servers in the domain. with all other switches set to client mode for purposes of controlling VTP information. From the privileged mode or VLAN configuration mode.D tua A. If you leave the switch in server mode. lTe sts . The VTP domains are different. The passwords do not match.www. C. D. Assigning a password to the domain will accomplish this. Switch CK-P1S1 is in transparent mode.com Ac Answer: B.co m 86 ." . It is also highly recommended that you use secure mode in your VTP domain. The MD5 digests do not match.C.actualtests. use the vtp password password command.

co m 87 ." .com Ac tua lTe sts .Cisco 642-832: Practice Exam QUESTION NO: 91 Two switches connect multiple VLANs as shown below: SW1 configuration exhibit: SW2 configuration exhibit: Refer to the exhibits and the show interfaces fastethernet0/1 switchport outputs.www. Any Time. Users in VLAN 5 on switch SW1 complain that they do not have connectivity to the users in VLAN 5 on switch SW2. What should be done to fix the problem? "Pass Any Exam.actualtests.

For example. traffic passes on VLAN 1 and indicates all switches are operational. None of the other alternatives apply. 4. VTP servers can also specify other configuration parameters such as VTP version and VTP pruning for the entire VTP domain. is a member of the VLAN. Server By default.co m . A switch that has been put in VTP server mode and had a domain name specified can create. Create switch virtual interfaces (SVI) on both switches to route the traffic. Answer: D Explanation: switchport trunk allowed vlan . F. What three configuration issues on SW13 could be causing the network outage? (Select three) sts . defines which VLANs can be trunked over the link. By default. SW13 is configured as a VTP server with a different domain name. QUESTION NO: 92 A. 20 are active on the network. 2. If the VLAN does not extend past the far end of the trunk link.F Explanation: VTP Modes: 1. SW13 has a lower VTP configuration revision than the current VTP revision. C. D. Right before the network problem occurred. E. 20. VLANs 1.com 88 Ac tua lTe In the network. a switch transports all active VLANs (1 to 4094) over a trunk link. 5. 10." . However. propagating broadcasts across the trunk makes no sense. VTP information is "Pass Any Exam.actualtests. SW13 is not configured to participate in VTP.C. No traffic is being passed on VLANs 2. Define VLAN5 in the allowed list for the trunk port on SW2 B. D. Define VLAN5 in the allowed list for the trunk port on SW1. 3. Disable pruning for all VLANs in both switches. SW13 is configured as a VTP server with the domain name R1. VLAN Trunking Protocol (VTP) is running with a domain name of R1. F. There might be times when the trunk link should not carry all VLANs. SW13 has a higher VTP configuration revision than the current VTP revision. 3. and delete VLANs. 4. Answer: A. broadcasts are forwarded to every switch port on a VLAN-including the trunk link because it. Any Time. 10. B. E. a Catalyst switch is in the VTP server mode and in the "no management domain" state until the switch receives an advertisement for a domain over a trunk link or a VLAN management domain is configured. modify.www. a switch named SW13 was taken out of the lab and added to the network.Cisco 642-832: Practice Exam A. too. SW13 is configured with only VLAN1. 5. Suddenly the whole network goes down. C. Configure the same number of VLANs on both switches.

www. what is the revision number. User configuration E.actualtests.3 is 1518 bytes. Any changes made must be received from a VTP server advertisement. Reference: Trunking between Catalyst 4000.1Q B. IEEE 802.3 frame size) on the port. a number that violates the IEEE 802. the 802. in VTP Version 2. Transparent VTP transparent switches do not participate in VTP. To your surprise you notice a non-zero entry in the 'Giants' column. but it is not possible to create. What could be the cause of this? sts ." . Client will make contact with the VTP server in between 5 minutes. A VTP transparent switch does not advertise its VLAN configuration.com 89 Ac A. Misconfigured NIC D. Note: The show port command is used to display port status and counters. and 6000 Family Switches Using 802. All of the above tua lTe You're a network administer and you issue the command (show port 3/1) on an Ethernet port.Cisco 642-832: Practice Exam stored in NVRAM. 2. However.3 standard. it copies the advertisements from that VTP server having highest Revision number. and does not synchronize its VLAN configuration based on received advertisements. Client The VTP client maintains a full list of all VLANs within the VTP domain. the frame size will be 1522 bytes. is that highest than other switch operated in server mode? 3. Recalling that the maximum size for an Ethernet frame as specified by IEEE 802.co m . Giants denote the number of received giant frames (frames that exceed the maximum IEEE 802.3ac to extend the maximum Ethernet size to 1522 bytes. this means that if a maximum-sized Ethernet frame gets tagged.1q Encapsulation "Pass Any Exam. before connecting any switch into LAN verify that new switch is in which mode. VTP clients behave the same way as VTP servers. IEEE 802. but the information is local to the switch (VLAN information is not propagated to other switches) and is stored in NVRAM QUESTION NO: 93 Answer: A Explanation: The 802. change.1Q standard can create an interesting scenario on the network.10 C. To resolve this issue. So. transparent switches do forward VTP advertisements that the switches receive out their trunk ports.3 committee created a subgroup called 802. VLANs can be configured on a switch in the VTP transparent mode. Any Time. or delete VLANs on a VTP client. 5000. but it does not store the information in NVRAM.

1Q link. However. The link is using IEEE 802. Instead. On the other hand. that is to say.3 ports directly by sending and receiving untagged traffic. This capability is desirable because it allows 802. Spanning tree is disabled D.Cisco 642-832: Practice Exam http://www.1Q decided that because of backward compatibility it was desirable to support the so-called native VLAN.1Q capable ports to talk to old 802.1Q capable port.com Ac tua lTe sts . ISL is a Cisco proprietary technology and is in a sense a compact form of the extended packet header used inside the device: since every packet always gets a tag. Any Time. the IEEE committee that defined 802. a VLAN that is not associated explicitly to any tag on an 802. Not enough information to determine. there is no risk of identity loss and therefore of security weaknesses. as well as their Class of Service (802.actualtests.www.1Q protocol B. This VLAN is implicitly used for all the untagged traffic received on an 802.1Q. Reference : http://www. The native VLAN information is different at each end of the link. The native VLAN information is identical at each end of the link. The link is using IEEE 802." . F. Each switch has identical modules. the tagging rules are dictated by standards such as ISL or 802. for example.co m 90 .shtml "Pass Any Exam. For these sole reasons-loss of means of identification and loss of classification-the use of the native VLAN should be avoided. Spanning tree protocol is disabled on all VLANs. Answer: A.html QUESTION NO: 94 You have a trunk link operating between two switches and you're experiencing problems with frames leaking between the two VLANs.F Explanation: While internal to a switch.1E protocol C.cisco.1Q link.com/en/US/products/hw/switches/ps708/products_white_paper09186a00801315 9f. software revisions and VLAN configuration information. E.1p bits) when transmitted over an 802. What is probably causing this problem? (Select all that apply)? A. outside of a switch. VLAN numbers and identification are carried in a special extended format that allows the forwarding path to maintain VLAN isolation from end to end without any loss of information. in all other cases.cisco. it may be very detrimental because packets associated with the native VLAN lose their tags.com/warp/public/473/27. their identity enforcement.

Reload the active VLAN configuration B. Remove all the VLANs set Answer: B QUESTION NO: 97 Which kind of management can be performed from the console port of a Cisco 6500 switch? A. What should you do if there's a disagreement about the VLANs configured to use the trunk? A. D. it may be beneficial to clear the port immediately after.1Q is an industry-standard trunking encapsulation When a trunk is first brought up using either of these methods. Two trunking encapsulations are available on all Ethernet interfaces: Inter-Switch Link (ISL)-ISL is a Cisco-proprietary trunking encapsulation 802. Physical management of the switch. Explicitly set the trunk for the VLAN to be on. B. C. D.www.co m 91 .Cisco 642-832: Practice Exam QUESTION NO: 95 CORRECT TEXT What command could you enter to display the trunking status of a module/port in the switch? (Type in the answer below): Answer: show trunk QUESTION NO: 96 You are troubleshooting a Catalyst 5000 trunk in the network.com Ac Explanation: In this situation you may want to set or clear the VLANS on both ends. Clear the affected port and bring it up again. Out-of-band management of the switch. A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch. C. Answer: D "Pass Any Exam. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network. In-band management of the switch. tua lTe sts .1Q-802. Any Time." .actualtests. Logical management of the switch.

(server. The default VTP mode is server. When you issue a command "show port 3/1" on a switch. and VTP revision number before adding any new switch to a network. D. lTe sts . Which three issues on Switch2 could be the cause? Select three. transparent). Misconfigured NIC "Pass Any Exam. Switch2 has a lower VTP configuration revision number than the current VTP revision. Any Time. all VLANs except VLAN1 fail. Modems are often attached to the console port. VTP password.C. Answer: A. it is considered 'out of band' because you don't get in there from any of the paths that the network device is a part of. Switch2 was added to the network. client. Switch2 is a VTP server in a different domain. A network can have more than one VTP domain.co m 92 . Just prior to the failure. Switch2 is not a VTP domain. F.F Section 11: Troubleshoot loop prevention for the VLAN based solution (18 Questions) QUESTION NO: 99 You need to troubleshoot an issue on the switched LAN. What could cause this? A. VTP mode. Cisco best practices advises one to configure the correct VTP domain." . Without notice. Switch2 has a higher VTP configuration revision number than the current VTP revision. Each VTP domain has it own server(s) that do not influence clients in other VTP domains. providing for remote out of band management of the device.com Ac tua Explanation: : A VTP server in a given domain with the highest revision number will overwrite the VTP configuration of all other switch in the same VTP domain. A.actualtests. B.Cisco 642-832: Practice Exam Explanation: When you configure a switch or a router from the console. C. Switch2 is a VTP server in the Company domain. Switch2 is configured for only VLAN1.www.10 B. you observe the Giants column has a non-zero entry. QUESTION NO: 98 A VTP domain has six active VLANs. IEEE 802. E.

" . Note: Inserting a tag into a frame that already has the maximum Ethernet size creates a 1522-byte frame that can be considered a "baby giant" by the receiving equipment. Reference: http://www. 3 bits are reserved for IEEE 802. None of the other alternatives apply Answer: D Explanation: 802.1p priority tagging. the frame is encapsulated instead. The tagging mechanism implies a modification of the frame.Cisco 642-832: Practice Exam C.com Ac tua lTe sts . The IEEE 802. Any Time. User configuration D.1Q uses an internal tagging mechanism.com/en/US/products/hw/switches/ps700/products_tech_note09186a008012ecf3. the trunking device inserts a 4-byte tag and recomputes the frame check sequence (FCS): The EtherType field that identifies the 802. In addition to the 12-bit VLAN-ID.co m 93 .cisco.actualtests.www.1Q frame is 0x8100.3 committee is extending the maximum standard frame size in order to address this issue. Internal means that a tag is inserted within the frame: Note:With ISL. IEEE 802.1Q E. shtml#basic_char "Pass Any Exam.

D. C. The port on switch SW2 is blocking and sending BPDUs correctly." . The port on switch SW3 is forwarding. The port on switch SW2 is forwarding and receiving BPDUs correctly. E. "Pass Any Exam. and receiving BPDUs correctly.com Ac tua lTe sts . Based on the information shown above. The port on switch SW3 is forwarding and receiving BPDUs correctly. which statement is true? A. B.www. F. None of the other alternatives apply. The port on switch SW1 is blocking and sending BPDUs correctly.actualtests. Any Time. G.Cisco 642-832: Practice Exam QUESTION NO: 100 SW1 configuration exhibit: SW2 configuration exhibit: SW3 configuration exhibit: Study the exhibits carefully.co m 94 . The port on switch SW1 is forwarding and sending BPDUs correctly. sending.

the switch can now learn new MAC addresses to add to its address table." . Should the port lose its Root Port or Designated Port status. collect MAC addresses in its address table.Cisco 642-832: Practice Exam Answer: B Explanation: STP States To participate in STP.co m 95 . The port is now a fullyfunctioning switch port within the Spanning Tree topology.www. Here. In addition. and send and receive BPDUs. Instead. the port is allowed to move into the Forwarding state. QUESTION NO: 101 The switched LAN is shown below: "Pass Any Exam.actualtests. In addition. finally. The port still sends and receives BPDUs as before. The port can now send and receive data frames. In other words. In the Blocking state. it returns to the Blocking state. or by the system due to a fault condition. ports that are put into standby mode to remove a bridging loop enter the Blocking state. This gives the port an extra period of silent participation and allows the switch to assemble at least some address table information. are in the Disabled state. The STP port states are as follows: Disabled -Ports that are administratively shut down by the network administrator. the port is allowed to move into the Learning state. moving through several passive states and. A port begins its life in a Disabled state. the port is allowed to receive and send BPDUs so that it can actively participate in the Spanning Tree topology process. Learning -After a period of time called the Forward Delay in the Listening state.com Ac tua lTe sts . Forwarding -After another Forward Delay period of time in the Learning state. the port still cannot send or receive data frames. the port is on its way to begin forwarding traffic. Blocking -After a port initializes. Any Time. This state is special and is not part of the normal STP progression for a port. Listening -The port will be moved from Blocking to Listening if the switch thinks that the port can be selected as a Root Port or Designated Port. the port is finally allowed to become a Root Port or Designated Port because the switch can advertise the port by sending BPDUs to other switches. it begins in the Blocking state so that no bridging loops can form. a port is allowed to receive only BPDUs so that the switch can hear from other neighboring switches. into an active state if allowed to forward traffic. In the Listening state. a port cannot receive or transmit data and cannot add MAC addresses to its address table. However. each port of a switch must progress through several states.

In other "Pass Any Exam. are in the Disabled state. finally.co m . C. ports that are put into standby mode to remove a bridging loop enter the Blocking state. D. a port is allowed to receive only BPDUs so that the switch can hear from other neighboring switches. it begins in the Blocking state so that no bridging loops can form. All ports will be in forwarding mode. Switch SW5 is configured as the root switch for VLAN 10 but not for VLAN 20. into an active state if allowed to forward traffic. If the STP configuration is correct. Blocking -After a port initializes. A port begins its life in a Disabled state. E. Explanation: STP States To participate in STP. each port of a switch must progress through several states. Any Time. what will be true about Switch SW5? A.actualtests.com 96 Ac Answer: D tua lTe sts .Cisco 642-832: Practice Exam Study the exhibit above carefully. In the Blocking state. moving through several passive states and." . Instead. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in standby mode. In addition. The STP port states are as follows: Disabled -Ports that are administratively shut down by the network administrator. a port cannot receive or transmit data and cannot add MAC addresses to its address table. None of the other alternatives apply. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in blocking mode. Listening -The port will be moved from Blocking to Listening if the switch thinks that the port can be selected as a Root Port or Designated Port. This state is special and is not part of the normal STP progression for a port. or by the system due to a fault condition. All ports in VLAN 10 will be in forwarding mode. B.www.

BPDUs will be sent out every two seconds. Learning -After a period of time called the Forward Delay in the Listening state. the port is finally allowed to become a Root Port or Designated Port because the switch can advertise the port by sending BPDUs to other switches. In the Listening state.co m .actualtests. This gives the port an extra period of silent participation and allows the switch to assemble at least some address table information.1D standard specifies a default value of 2 seconds. the port is on its way to begin forwarding traffic. B. Any Time. The maximum length of time that the BPDU information will be saved is 30 seconds. E. The Hello Time is the amount of time between the sending of Configuration BPDUs. The 802. However. The time spent in the listening state will be 30 seconds. collect MAC addresses in its address table. which two statements about the STP process for VLAN 200 are true? (Select two) A." . the port is allowed to receive and send BPDUs so that it can actively participate in the Spanning Tree topology process. Forwarding -After another Forward Delay period of time in the Learning state. C. QUESTION NO: 102 The following output was shown on switch SW1: Based on the "show spanning-tree vlan 200" output shown in the exhibit. Here. the port is allowed to move into the Forwarding state. The port can now send and receive data frames. Should the port lose its Root Port or Designated Port status. The port still sends and receives BPDUs as before. it returns to the Blocking state.com 97 Ac tua lTe sts . F. the port still cannot send or receive data frames.www. the switch can now learn new MAC addresses to add to its address table. "Pass Any Exam. D. This switch is the root bridge for VLAN 200. In addition. BPDUs will be sent out every 10 seconds. and send and receive BPDUs. The time spent in the learning state will be 15 seconds. The port is now a fullyfunctioning switch port within the Spanning Tree topology.Cisco 642-832: Practice Exam words. Answer: C.D Explanation: STP operation is controlled by three timers. the port is allowed to move into the Learning state.

2 to 20 seconds is the range between the expected receipt of a BPDU and the expiration of the Max Age time. the receiving bridge maintains a continuous copy of the BPDU values. Any Time. When a failure occurs on a directly connected link. The Forward Delay timer also controls the bridge table age-out period after a change in the active topology. This is a single value that controls both states. If BPDUs stop arriving for the time interval ranging from 2 to 20 seconds because of a network disturbance. Other bridges propagate BPDUs from the Root Bridge as they are received. The default value of 15 seconds was originally derived assuming a maximum network size of seven bridge hops. if the device sending this best BPDU fails. However. the default Max Age time. the bridge invalidates the saved BPDUs and begins looking for a new Root Port. As long as the bridge receives a continuous stream of BPDUs every 2 seconds. If the outage lasts for more than 20 seconds. Forward Delay is the amount of time the bridge spends in the Listening and Learning states.Cisco 642-832: Practice Exam This value controls Configuration BPDUs as the Root Bridge generates them." . so Max Age is not considered in transitioning the port to Forwarding mode. Max Age is only an issue when the link failure is not on a directly connected link. or if the Root Bridges stop sending periodic BPDUs during this time. the timer will expire. QUESTION NO: 103 Refer to the following network exhibits: "Pass Any Exam.actualtests. the switch knows there will not be any BPDUs coming in on that link.com Ac tua lTe sts .www. Recall that each port saves a copy of the best BPDU it has seen. a maximum of three lost BPDUs. and a Hello Time of 2 seconds. a mechanism must exist to allow other bridges to take over. Max Age is the STP timer that controls how long a bridge stores a BPDU before discarding it.co m 98 .

into an active state if allowed to forward traffic. The root port on switch SW1 will automatically transition to full-duplex mode. or by the system due to a fault condition.com 99 Ac tua lTe sts Refer to the network topology exhibit and the partial configuration exhibits of switch SW1 and SW2. each port of a switch must progress through several states. STP is configured on all switches in the network. The interfaces between switches SW1 and SW2 will transition to a blocking state. SW2 receives this error message on the console port: . with SW1 FastEthernet0/4 (half duplex) . moving through several passive states and. Any Time. B. The STP port states are as follows: Disabled -Ports that are administratively shut down by the network administrator.actualtests. finally. C. Interface Fa 0/6 on switch SW2 will transition to a forwarding state and create a bridging loop.Cisco 642-832: Practice Exam SW1 configuration exhibit: SW2 configuration exhibit: 00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex). Answer: B Explanation: STP States To participate in STP. The root port on switch SW2 will fallback to full-duplex mode.co m .www.with TBA05071417(Cat6K-B) 0/4 (half duplex). are in the Disabled state. A port begins its life in a Disabled state. What would be the possible outcome of the problem shown in this message? A. This state is special and is not part of the normal STP progression for a "Pass Any Exam. None of the other alternatives apply. D." . E.

The following "show" command was issued on a switch: Study the exhibit carefully. Instead. Blocking -After a port initializes. ports that are put into standby mode to remove a bridging loop enter the Blocking state. which statement is true? A. However." . Forwarding -After another Forward Delay period of time in the Learning state. In the Listening state.www. and send and receive BPDUs. This gives the port an extra period of silent participation and allows the switch to assemble at least some address table information. Here. In addition. Learning -After a period of time called the Forward Delay in the Listening state. The port is now a fully functioning switch port within the Spanning Tree topology. the port is allowed to move into the Forwarding state. the port is allowed to move into the Learning state. Any Time. Based on the output shown above. it returns to the Blocking state. The port can now send and receive data frames. a port is allowed to receive only BPDUs so that the switch can hear from other neighboring switches. Switch 6 has been configured with the "spanning-tree vlan 1 hello-time2" global configuration command. the port still cannot send or receive data frames. the port is allowed to receive and send BPDUs so that it can actively participate in the Spanning Tree topology process. "Pass Any Exam. the port is finally allowed to become a Root Port or Designated Port because the switch can advertise the port by sending BPDUs to other switches. In the Blocking state. the port is on its way to begin forwarding traffic.co m 100 .actualtests.Cisco 642-832: Practice Exam port. the switch can now learn new MAC addresses to add to its address table. a port cannot receive or transmit data and cannot add MAC addresses to its address table. The port still sends and receives BPDUs as before.com Ac tua lTe QUESTION NO: 104 sts . Listening -The port will be moved from Blocking to Listening if the switch thinks that the port can be selected as a Root Port or Designated Port. In addition. Should the port lose its Root Port or Designated Port status. it begins in the Blocking state so that no bridging loops can form. collect MAC addresses in its address table. In other words.

You should designate an appropriate Root Bridge for each VLAN. so the VLAN ID must always be given.actualtests.Cisco 642-832: Practice Exam B. None of the other alternatives apply. C. If the current Root Priority is less than that. Rather. the Root Priority is set to 28. E. These values are modified only once.www. so this priority is used under the assumption that it is less than the default priorities (32. There is no way to query or listen to the network to find another potential secondary Root.com Ac tua lTe sts . This command modifies the switch's Bridge Priority value to become less than the Bridge Priority of the current Root Bridge . Switch SW6 has been configured with the "spanning-tree vlan 1 root primary" global configuration command. * Let the switch become the Root by automatically choosing a Bridge Priority value: Switch(config)# spanning-tree vlan vlan-id root {primary | secondary} [diameter diameter] This command is actually a macro on the Catalyst that executes several other commands. the switch modifies STP values according to the current values in use within the active network. Answer: E Explanation: To configure a Catalyst switch to become the Root Bridge . the local switch sets its priority to 4096 less than the current Root. use one of the following methods: * Directly modify the Bridge Priority value so that a switch can be given a lower-than-default Bridge ID value to win a Root Bridge election: Switch (config)# spanning-tree vlan vlan-id priority bridge-priority The bridge-priority value defaults to 32. F. Switch SW6 has been configured with the "spanning-tree vlan 1 root secondary" global configuration command. the local switch sets its priority to 24. Remember that Catalyst switches run one instance of STP for each VLAN (PVST+). Actual Bridge Priorities are not given in the command. QUESTION NO: 105 The switched LAN is displayed below: "Pass Any Exam.768.576. Any Time. Use the primary keyword to make the switch attempt to become the primary Root Bridge . If the current Root Priority is more than 24. The result is a more direct and automatic way to force one switch to become the Root Bridge . but you can also assign a value of 0 to 65. For the secondary Root Bridge .768) that might be used elsewhere.co m 101 . Switch SW6 has been configured with the "spanning-tree vlan 1 priority24577" global configuration command.576. when the macro command is issued.535." . D.672. The root bridge has been configured with the "spanning-tree vlan 1 root secondary" global configuration command.

Switch SW1 is the root switch for the default VLAN. All ports of the root switch SW1 will remain in forwarding mode throughout the reconvergence of the spanning tree domain. The administrator issues the command spanning-tree vlan 2 root primary on switch SW1. use the spanning-tree vlan vlanid root primary global configuration command to modify the switch priority from the default value (32768) to a significantly lower value. No other switch in the network will be able to become root as long as switch SW1 is up and running. the switch sets its own priority for the specified VLAN to 4096 less than the lowest switch priority.actualtests.www. To configure a switch to become the root for the specified VLAN. Any Time. 4096 is the value of the least-significant bit of a 4-bit switch priority value. QUESTION NO: 106 "Pass Any Exam. To reduce the broadcast domain. E. If any root switch for the specified VLAN has a switch priority lower than 24576. is associated with each instance. C. What will happen as a result of this change? A." . the switch sets its own priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the specified VLAN. For each VLAN. Because of the extended system ID support. Switch SW1 will remain root for the default VLAN and will become root for VLAN 2. the switch checks the switch priority of the root switches for each VLAN. None of the other alternatives apply Answer: D Explanation: By default.Cisco 642-832: Practice Exam In this network. STP has been implemented. the network administrator decides to split users on the network into VLAN 2 and VLAN 10. Switch SW1 will change its spanning tree priority to become root for VLAN 2 only. consisting of the switch priority and the switch MAC address. When this command is entered. B. A bridge ID.co m .com 102 Ac tua lTe sts . switches with Cisco PVST and PVST+ maintain a separate spanning-tree instance for each active VLAN configured on it. D. the switch with the lowest bridge ID becomes the root switch for that VLAN.

The possible values range between 0 and 65. Disabling the Spanning Tree Protocol would improve network performance. The Bridge ID (BID) is the first parameter used by the spanningtree algorithm. are explored here.www. The Bridge ID (BID) parameter is an 8-byte field consisting of an ordered pair of numbers.Cisco 642-832: Practice Exam Refer to the exhibit.) Answer: B. Changing the bridge priority of S1 to 4096 would improve network performance. Path Cost and Port ID. will be covered in the following two topics. Algorithms rely on a set of rules. including the Bridge ID. The spanning-tree algorithm is defined in the IEEE 802. "Pass Any Exam. known as the Root Bridge . B. Changing the bridge priority of S2 to 36864 would improve network performance. Based on the exhibit. The spanning-tree algorithm characterizes STP.768.com 103 Ac tua A.D Explanation: An algorithm is a formula or set of steps for solving a particular problem.535. Front Line users have been complaining that they experience slower network performance when accessing the server farm than the Reception office experiences.actualtests. All network links are FastEthernet. The first is a 2-byte decimal number called the Bridge Priority. Changing the bridge priority of S1 to 36864 would improve network performance. They have a clear beginning and end. Any Time. F. E. The remaining parameters. The spanning-tree Algorithm relies on a set of parameters to make decisions. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance. Changing the bridge priority of S3 to 4096 would improve network performance.1D standard. which two statements are true? (Choose two. D. Although there is complete connectivity throughout the network. The parameters used by the algorithm." .co m . The Bridge Priority is a decimal number used to measure the preference of a bridge in the spanning-tree Algorithm. and the second is a 6-byte (hexadecimal) MAC address. The Bridge ID (BID) is used by STP to determine the center of the bridged network. The spanning-tree algorithm is no exception. The default setting is 32. C. lTe sts .

VLAN 1 and 2 traffic will be blocked on Switch SWA port 0/1. The trunk port with the lower priority (higher values) for the same VLAN remains in a Blocking state for that VLAN. VLAN 2 traffic will be blocked on Switch SWA port 0/2. VLAN 1 traffic will be blocked on Switch SWB port 1/1. the STP port priority setting determines which port is enabled and which port is in a blocking state. D. what effect will the following command have when entered on port 0/2 on switch SWA? 104 . B. C.com Ac tua Answer: A lTe A.www. Any Time." . Each switch has a pool of MAC addresses. used as BIDs for the VLAN spanning-tree instances (one per VLAN). QUESTION NO: 107 Exhibit spanning-tree vlan 1 port-priority 16 Explanation: Load Sharing Using STP Port Priorities When two ports on the same switch form a loop.actualtests.co m Assuming that VLAN 1 and VLAN 2 traffic is enabled on the above network. For example. VLAN 1 and 2 traffic will be blocked on Switch SWA port 0/2. sts .Cisco 642-832: Practice Exam The MAC address in the BID is one of the MAC addresses of the switch. The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN. "Pass Any Exam. The priorities on a parallel trunk port can be set so that the port carries all the traffic for a given VLAN. Catalyst 6000 switches each have a pool of 1024 MAC addresses assigned to the supervisor module or backplane for this purpose. VLAN 2 traffic will be blocked on Switch SWB port 1/1. one for each instance of STP. One trunk port sends or receives all traffic for the VLAN. E.

Use with caution. Switch is now the root switch for active VLAN 1.Cisco 642-832: Practice Exam QUESTION NO: 108 CORRECT TEXT Refer to the output shown on switch SW1 below: VLAN 1 bridge priority set to 8192. Connecting hubs. bridges. Spantree ports 4/1-24 fast start enabled. concentrators. VLAN 1 bridge max aging time set to 20.com 105 Ac What command would you enter to reproduce this output? (Type in answer below) tua lTe sts . Answer: set spantree root 1 QUESTION NO: 109 CORRECT TEXT Refer to the output shown on switch SW1 below: Warning: Spantree port fast start should only be enabled on ports connected to a single host. etc.www.actualtests. VLAN 1 bridge hello time set to 2. Any Time. switches.co m ." . VLAN 1 bridge forward delay set to 15. What command could you enter to reproduce this output? (Type in answer below) "Pass Any Exam. to a fast start port can cause temporary spanning tree loops.

www. In this case. F. This makes DSW11 the root bridge. Any Time. assuming all other parameters are left as default. P3/2 will be elected the nondesignated port. B.) Explanation: The root bridge should be placed as close to the core as possible and should be the most centrally located. P3/1 will be elected the nondesignated port.com 106 Ac tua Answer: A. DSW11will be elected the root bridge.Cisco 642-832: Practice Exam Answer: set spantree portfast 4/1-24 enable QUESTION NO: 110 Given the above diagram and assuming that STP is enabled on all switch devices. all ports directly connected to the root bridge will become designated ports. By default. since they are closest to the root bridge. sts . P2/2 will be elected the nondesignated port. QUESTION NO: 111 If the root bridge fails. the switch with the lowest bridge ID will become the root bridge. port F3/2 will become the non-designated port. hello timer B. D." .D lTe A. C. which two statements are true? (Choose two.actualtests. Also. BPDU timer "Pass Any Exam. Which STP timer will have to expire before the other switches can actively restore connectivity with topology change procedure of STP? A. E. DSW12 will be elected the root bridge. ASW13 will be elected the root bridge. configuration BPDUs will no longer be sent.co m .

This is the value that max age needs to take into account the total BPDU propagation delay and the message age overestimate. Wait timer Answer: D Explanation: Once a stable network topology has been established. Max_age timer E. the formula for max age is as follows: Max_age = End-to-end_BPDU_propa_delay + Message_age_overestimate = 14 + 6 = 20 sec This explains how IEEE reaches the default recommended value for max age. If a bridge does not get a Hello BPDU after a predefined interval (Max Age).Cisco 642-832: Practice Exam C.com/support/supportnote/ves1012/app/stp. As such. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology.zyxel.actualtests.com 107 Ac tua QUESTION NO: 112 lTe sts . Reference: http://www.htm Exhibit SW1#show spanning-tree vlan 200 VLAN200 Spanning tree enabled protocol ieee Root ID Priority 32968 Address 000c. Any Time.ce29. if the root is still alive). Dead timer F. all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. the bridge assumes that the link to the root bridge is down.4180 Hello Time 2 sec Max Age 20 Sec Forward Delay 15 sec Interface Role Sts Cost PrioNbr Type "Pass Any Exam.co m .www.ef00 Cost 19 Port 2 (FastEthernet0/2) Hello time 10 Sec Max Age 20 sec Forward Delay 30 sec Bridge ID Priority 32968 (priority 32768 sys-id-ext 200) Address 000c. Forward_delay timer D.ce2a. Max age takes into account that the switch at the periphery of the network should not time out the root information under stable condition (that is." .

B.www. F. The maximum length of time that the BPDU information will be saved is 30 seconds. So.3 P2p Based on the show spanning-tree vlan 200 output shown in the exhibit. D. sts . B. in case you would lose the root. It will consider the value of the timers contained in the BPDU that it is receiving. None of the choices. E.co m . An IEEE bridge is not concerned about its local configuration of the timers value. Set forward delay and max-age timers to the maximum possible values. Obviously. the new root would start to impose its local timer value to the entire network." . Combine all the VLAN spanning trees into a single spanning tree. that means only a timer configured on the root bridge of the STP is important. E. and max age) are included in each BPDU. Change the router VTP server mode. Any Time. This is equal to two seconds by default.actualtests. Disable the root bridge Answer: B Explanation: There are several STP timers. it is at least mandatory to configure any timer changes on the root bridge and on the backup root bridge. as listed below: hello: the hello time is the time between each Bridge Protocol Data Unit (BPDU) that is sent on a port. Answer: B. forward delay. BPDUs will be sent out every 10 seconds.com 108 Ac tua lTe Explanation: Changing the Spanning Tree Protocol Timers T he STP timers (hello. This switch is the root bridge for VLAN 200. The time spent in the listening state will be 30 seconds C. which two statements about the STP process for VLAN 200 are true? (Choose two) A. BDPUs will be sent out every two seconds. The time spent in the learning state will be 15 seconds D.F QUESTION NO: 113 What should you do to reduce spanning-tree protocol BPDU traffic during extended periods of instability in your VLANs? A.Cisco 642-832: Practice Exam --------------------------------------------------------------------------------------Fa0/2 Root FWD 19 128. Effectively. "Pass Any Exam. C. even if it is not required to configure the same timer value in the entire network.2 P2p Fa0/3 Altn BLK 19 128.

co m 109 . In order to reduce the number of BPDU's in the spanning tree topology. max age : the max age timer controls the maximum length of time a bridge port saves its configuration BPDU information. that means only a timer configured on the root bridge of the STP is important. forward delay: the forward delay is the time spent in the listening and learning state. but it will also increase the convergence time during a topology change. This will reduce the BPDU traffic. An IEEE bridge is not concerned about its local configuration of the timers value. Obviously. in case you would lose the root.com Ac tua lTe sts . but can be tuned to be between four and 30 seconds. It will consider the value of the timers contained in the BPDU that it is receiving.www.1q trunking 5 "Pass Any Exam. and max age) are included in each BPDU. the new root would start to impose its local timer value to the entire network. This is 20 seconds by default and can be tuned to be between six and 40 seconds. even if it is not required to configure the same timer value in the entire network. Effectively. This is by default equal to 15 seconds.Cisco 642-832: Practice Exam but can be tuned to be between one and ten seconds. the forward delay and max-age timers should be increased. Any Time. The STP timers (hello. forward delay. it is at least mandatory to configure any timer changes on the root bridge and on the backup root bridge. So. QUESTION NO: 114 The network is displayed in the diagram below: You use the following information for switch SWA: Port Mode Encapsulation Status Native VLAN fa0/1 desirable n-802." .actualtests.

D. D: By default. QUESTION NO: 115 Which of the following commands would you enter if you wanted to display spanning tree statistical information? A. 102-1005 Port VLANs is owned and active in management domain fa0/1 1-6. VLAN 107 is not configured on the trunk. VLAN 7.com 110 Ac tua lTe sts . 1002-1005 SW users in VLAN 107 complain that they are unable to gain access to the resources through the SW1 router. 1002-1005 Port VLANs in spanning tree forwarding state and not pruned fa0/1 1-6.Cisco 642-832: Practice Exam Port VLANs is allowed on trunk fa0/ 1 1-100. 102-115. Only VLAN 101 has been configured to not pass along this trunk. VLAN 107 should be able to once again gain access to the network resources. Therefore. 101. None of the other alternatives apply Answer: C Explanation: In this example. and 107 are being pruned.actualtests. VLAN 107 does not exist on switch SWA. 102-105.www. 106. C. Spanning tree is not enabled on VLAN 107. What is the cause of this problem? A. B: Based on the output shown above. it must have been configured and the VLAN is indeed allowed to traverse the trunk. E. Incorrect Answers: A: Based on the output shown above. Only VLAN 101 has been configured to not pass along this trunk. 8-100. 8-100. 108-999. B. Any Time. By disabling VTP pruning. 197-999. VLAN 107 is being pruned incorrectly in this case. show spantree backbonefast B. VLAN 107 is known and active within the management domain. VLAN 107 is known and active within the management domain. STP is enabled on all VLANs." . VTP is pruning VLAN 107. Therefore. it must have been configured and the VLAN is indeed allowed to traverse the trunk. show spantree statistics "Pass Any Exam.co m .

show spantree blockedports E. A.Cisco 642-832: Practice Exam C.co m . show spantree portvlancost Answer: B Explanation: The command 'show spantree statistics' is the correct IOS command to show spanning tree statistical information and is obviously the correct answer choice.com 111 Ac QUESTION NO: 116 tua lTe sts . False Answer: C Explanation: The show spanning-tree command only displays information for ports with an active link (green light is on). show spantree summary . show spantree statistics .Determines the current spanning tree state of a Token Ring port within a spanning tree. show spantree portvlancost . show spantree backbonefast .Displays whether the spanning tree Backbone Fast Convergence feature is enabled.Shows spanning tree statistical information.Shows the current state of the spanning tree for the "vlan_id" entered from the perspective of the switch on which it is entered. show spantree portstate F. The following list various commands to use for troubleshooting Catalyst switches: show spantree vlan_id .html Is the following statement True or False? The "show spanning-tree" command only shows information about ports with their red or amber lights on.actualtests.cisco.x/command/reference/sh_sp_ te. you can issue a show running-configuration command "Pass Any Exam. show spantree blockedports .Provides a summary of connected spanning tree ports by VLAN. show spantree uplinkfast D." . Any Time.Shows the path cost for the VLANs on a port.com/en/US/docs/switches/lan/catalyst6500/catos/8. Reference: http://www. show spantree portstate .Displays only the blocked ports.www. show spantree uplinkfast . There is not enough information to determine C.Shows the uplinkfast settings. True B. If these conditions are not met.

actualtests. Which two statements are true about this interface? (Choose two. E. D.www. Any Time. B.Cisco 642-832: Practice Exam to confirm the configuration. This interface is configured for access mode. Section 12: Troubleshoot Access Ports for the VLAN based solution (6 Questions) QUESTION NO: 117 Refer to the show interface Gi0/1 switchport command output shown in the exhibit. This interface is a member of a voice VLAN.co m 112 . C. "Pass Any Exam.com Ac tua lTe sts ." . This interface is a dot1q trunk passing all configured VLANs. This interface is a member of VLAN1. This interface is a member of VLAN7.) A.

show vlan: This commands shows the vlan.Cisco 642-832: Practice Exam Answer: C. that interfaces Fa0/13 and Fa0/14 are in VLAN 1 B. The corresponding switch port at the other end of the trunk should be similarly configured because negotiation is not allowed. Any Time. which two statements are true? (Choose two.D Explanation: In Exhibit.com Ac Answer: C tua A.www. You should also manually configure the encapsulation mode. On the basis of the output generated by the show commands. that interfaces Fa0/13 and Fa0/14 are down C.actualtests.) "Pass Any Exam. ports belonging to VLAN means that port on access mode. that interfaces Fa0/13 and Fa0/14 have a duplex mismatch with another switch lTe sts . that interfaces Fa0/13 and Fa0/14 have a domain mismatch with another switch E. what can we conclude about interfaces Fa0/13 and Fa0/14? Explanation: trunk -This setting places the port in permanent trunking mode. that interfaces Fa0/13 and Fa0/14 are trunk interfaces D. QUESTION NO: 118 Refer to the exhibit.co m 113 . Operation mode is in static access and Access mode VLAN is 7 so it means this port is operating on access mode as a member of VLAN 7." . Based upon the output of show vlan on switch CAT2. QUESTION NO: 119 Refer to the exhibit. It doesn't shows the port on trunk mode.

E. There are no native VLANs configured on the trunk. D. VLAN 1 will not be encapsulated with an 802. and protocols and algorithms used to provide VLAN services. "Pass Any Exam. interface gigabitethernet 0/1 does not appear in the show vlan output. C.www.1Q protocol can also carry VLAN associations over trunk links. F. allowing VLAN trunks to exist and operate between equipment from multiple vendors. All interfaces on the switch have been configured as access ports. Any Time. B.1q header.co m .1q header. Because it is configured as a trunk interface.com 114 Ac tua lTe sts . However. Answer: C. the IEEE 802. interface gigabitethernet 0/1 does not appear in the show vlan output." .actualtests. VLAN 2 will not be encapsulated with an 802. In particular.E Explanation: The IEEE 802. services provided with VLANs. Because it has not been assigned to any VLAN. this frame identification method is standardized.Cisco 642-832: Practice Exam A.1Q standard defines an architecture for VLAN use.

MTU and type Answer: A. 802. QUESTION NO: 120 The administrator has issue the "show vlan id 5" command. A new workstation has consistently been unable to obtain an IP address from the DHCP server when the workstation boots. ports belonging to VLAN means that port on access mode. BackboneFast on the switch port connected to the server C. and the new workstation obtains an address when manually forced to renew its address.1Q embeds its tagging information within the Layer 2 frame.1Q can be used for VLAN identification with Ethernet trunks.E Explanation: #show vlan id 5 : Shows all ports belonging to VLAN 5 and MTU of ports and type. IEEE 802. PortFast on the switch port connected to the workstation D. What will this command display? (Select two) A. Older workstations function normally. show vlan: This commands shows the vlan." . Filters E. while giving normal access stations some inherent connectivity over the trunk. Any Time. VLAN information on port 0/5 D.1Q trunk link. the end station can receive and understand only the native VLAN frames.co m 115 .www. QUESTION NO: 121 You work as a network Technician. What should be configured on the switch to allow the workstation to obtain an IP address at boot? A. This method is referred to as single-tagging or internal tagging .Cisco 642-832: Practice Exam Like Cisco ISL. It doesn't show the port on trunk mode. In the event that an end station is connected to an 802. 802.com Ac tua lTe sts . Utilization C. Frames belonging to this VLAN are not encapsulated with any tagging information.1Q also introduces the concept of a native VLAN on a trunk. This provides a simple way to offer full trunk encapsulation to the devices that can understand it. Ports in VLAN 5 B.actualtests. Instead of encapsulating each frame with a VLAN ID header and trailer. trunking on the switch "Pass Any Exam. UplinkFast on the switch port connected to the server B.

bypassing the Listening and Learning states. The user who is connected to interface FastEthernet 0/1 is on VLAN 10 and cannot access network resources. Any Time. which command sequence would correct the problem? m QUESTION NO: 122 .co Refer to the exhibit. A. On the basis of the information in the exhibit." .actualtests.www. When the Forward Delay timer expires. When the Forward Delay timer expires a second time. the port enters the Learning state. As soon as the switch detects the link. SW1(config)# interface fastethernet 0/1 SW1(config-if)# no shut "Pass Any Exam. the port is transitioned to the Forwarding state (less than 2 seconds after the cable is plugged in). the port normally enters the spanning tree Listening state. the port is transitioned to the Forwarding or Blocking state. the port is immediately transitioned to the Forwarding state. When PortFast is enabled on a switch or trunk port. IOSbased switches only use PortFast on access ports connected to end stations.Cisco 642-832: Practice Exam Answer: C Explanation: Spanning tree PortFast is a Catalyst feature that causes a switch or trunk port to enter the spanning tree Forwarding state immediately. When a device is connected to a port.com 116 Ac tua lTe sts .

co m 117 .com Ac tua lTe QUESTION NO: 123 sts Section 13: Troubleshoot private VLANS (1 Question) .actualtests. the port is in promiscuous mode. Any Time.Cisco 642-832: Practice Exam B.www. Promiscuous F. Primary D. in which the rules of private VLANs are ignored. firewall. With that type of PVLAN port should the default gateway be configured? A. Just bring into up state using no shutdown command Switch SW1 has been configured with Private VLANs. None of the other alternatives apply Answer: E Explanation: Promiscuous: The switch port connects to a router. Community E. "Pass Any Exam. SW1(config)# vlan 10 SW1(config-vlan)# state active D. or other common gateway device. This port can communicate with anything else connected to the primary or any secondary VLAN. SW1(config)# interface fastethernet 0/1 SW1(config-if)# switchport mode access E. In other words. SW1(config)# interface fastethernet 0/1 SW1(config-if)# switchport mode access SW1(config-if)# switchport access vlan 10 C. it means interface is in down state. Trunk B." . Isolated C. SW1(config)# vlan 10 SW1(config-vlan)# no shut Answer: A Explanation: In Exhibit Operation Mode is down.

co m . F. E. When the number of secure MAC addresses reaches 10. the interface will immediately shut down. B. C." .actualtests. The "show port-security interface fa0/1" command was issued on switch SW1. Given the output that was generated. which security statement is true? tua lTe sts . Any Time.Cisco 642-832: Practice Exam Section 14: Troubleshoot port security (4 Questions) QUESTION NO: 124 A PC host is connected to a switch in the network shown below: Configuration exhibit: A. When the number of secure IP addresses reaches 10. Interface FastEthernet 0/1 was configured with the switchport port-security violation restrict command. None of the other alternatives apply. Interface FastEthernet 0/1 was configured with the switchport port-security aging command. the interface will immediately shut down and an SNMP trap notification will be sent. Those addresses can be learned dynamically or "Pass Any Exam.com 118 Ac Study the exhibits carefully. Answer: D. D.E Explanation: Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or number of MAC addresses.www. Interface FastEthernet 0/1 was configured with the switchport port-security protect command.

and port access will be limited to those four dynamically learned addresses.actualtests. Port Security Implementation: When Switch port security rules violate different action can be applied: 1. however. 3. Any Time.com Ac tua lTe sts . a log message is created. the interface is errdisabled. and manual intervention or errdisable recovery must be used to make the interface usable. and a Simple Network Management Protocol (SNMP) trap is sent. because it is in protect mode -. 2. the number of addresses is limited to four but no specific MAC addresses are configured. The port will then provide access to frames from only those addresses. QUESTION NO: 125 The following show command was issued on switch SW1: "Pass Any Exam." .co m 119 .www. Protect: Frames from the nonallowed address are dropped.Cisco 642-832: Practice Exam configured statically. an SNMP trap is sent. The port will not be shutdown. Shutdown: If any frames are seen from a nonallowed address. a log entry is made.not shutdown. but there is no log of the violation. the port will allow any four MAC addresses to be learned dynamically. If. Restrict: Frames from the nonallowed address are dropped.

what will happen when one additional user is connected to interface FastEthernet 5/1? A. Any Time. the port will allow any four MAC addresses to be learned dynamically. All secure addresses will age out and be removed from the secure address list.com Ac tua lTe sts . however. E.www. The port will then provide access to frames from only those addresses. The packets with the new source addresses will be dropped until a sufficient number of secure MAC addresses are removed from the secure address list. and an SNMP trap notification will be sent. This will cause the security violation counter to increment. B. Port Security Implementation: "Pass Any Exam. Those addresses can be learned dynamically or configured statically. the number of addresses is limited to four but no specific MAC addresses are configured.actualtests." . D. C.Cisco 642-832: Practice Exam Based on the output shown. None of the other alternatives apply Answer: A Explanation: Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or number of MAC addresses. If.co m 120 . and port access will be limited to those four dynamically learned addresses. The interface will be placed into the error-disabled state immediately. The first address learned on the port will be removed from the secure address list and be replaced with the new address.

2. the interface is errdisabled. a log message is created.www. Restrict: Frames from the nonallowed address are dropped. but there is no log of the violation. . Any Time. 3.co m 121 . and a Simple Network Management Protocol (SNMP) trap is sent. an SNMP trap is sent. Shutdown: If any frames are seen from a nonallowed address. and manual intervention or errdisable recovery must be used to make the interface usable.Cisco 642-832: Practice Exam Exhibit: "Pass Any Exam." . Protect: Frames from the nonallowed address are dropped.actualtests.com Ac QUESTION NO: 126 tua Section 15: Troubleshoot general switch security (3 Questions) lTe sts When Switch port security rules violate different action can be applied: 1. a log entry is made.

Christopher Paggen . MAC flooding attack G. Snooping attack B. A switch can use the DHCP snooping bindings to prevent IP and MAC address spoofing attacks.CCIE No. Chapter 5. Cisco Press. you can display its status with the following command: lTe A.com Ac Switch#show ip dhcp snooping [binding] tua Explanation: When DHCP snooping is configured. 2659. 2659.co m You issue the "show ip dhcp snooping" command on SW3 as shown in the exhibit.Cisco 642-832: Practice Exam Answer: E You can use the binding keyword to display all the known DHCP bindings that have been overheard. VLAN attack E. STP attack D. IP spoofing attacks are exactly like MAC spoofing attacks.actualtests. "Pass Any Exam. Any Time. MAC spoofing attacks consist of malicious clients generating traffic by using MAC addresses that do not belong to them.www. What type of attack is being defended against? 122 . except that the client uses an IP address that isn't his. The switch maintains these in its own database. Rogue device attack C." . Reference: LAN Switch Security: What Hackers Know About Your Switches. Spoofing attack F. by Eric Vyncke CCIE No. None of the other alternatives apply sts .

Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one "Pass Any Exam. B. Also enter the match command to specify an IP packet or a non-IP packet (with only a known MAC address). What will happen to traffic within VLAN 14 with a source address of 172. Only traffic matching the 'permit' condition in an access-list will be passed to the access-map for further processing.Cisco 642-832: Practice Exam QUESTION NO: 127 The following "show" command was issued on SW1: Answer: A To create a VLAN map and apply it to one or more VLANs. In access map configuration mode. VLAN maps are not defined by direction (input or output). Unlike router ACLs. perform these steps: Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. The traffic will be forwarded without further processing.16. D. Enter the vlan access-map access-map-name [ sequence ] global configuration command to create a VLAN ACL map entry.actualtests. The traffic will be dropped. Each access-map can have multiple entries. Any Time. The traffic will be forwarded to the TCAM for further processing. E. also known as VLAN ACLs or VACLs." . or are bridged within a VLAN. accessmap entries are added with sequence numbers in increments of 10. tua lTe sts A. This access-list will select the traffic that will be either forwarded or dropped by the access-map. VLAN maps are used strictly for security packet filtering.10.www. The order of these entries is determined by the sequence .5? . and to match the packet against one or more ACLs (standard or extended). optionally enter an action forward or action drop . None of the other alternatives apply . The default is to forward traffic. C. The traffic will be forwarded to the router processor for further processing.co m Study the exhibit carefully. If no sequence number is entered. VLAN maps can be configured on the switch to filter all packets that are routed into or out of a VLAN.com 123 Ac Explanation: VLAN maps. can filter all traffic traversing a switch.

To filter both bridged and routed traffic. This port can communicate with anything else connected to the primary or any secondary VLAN. With that type of PVLAN port should the default gateway be configured? A. VLAN maps can be applied to a VLAN interface Answer: A. Trunk B. sts .co m . Isolated C. which filter both bridged and routed packets. Promiscuous F. also called VLAN maps. VLAN ACLs. Section 16: Troubleshoot VACL and PACL (3 Questions) QUESTION NO: 128 What is true about access control on bridged and routed VLAN traffic? (Select three) A.www. None of the other alternatives apply Answer: E Explanation: Promiscuous: The switch port connects to a router. Router ACLs can be applied to the input and output directions of a VLAN interface. firewall.Cisco 642-832: Practice Exam or more VLANs. or other common gateway device.B.actualtests. Community E. Any Time. B. VLAN maps can be used by themselves or in conjunction with router ACLs. D. "Pass Any Exam.D QUESTION NO: 129 Switch SW1 has been configured with Private VLANs. VLAN maps can be used to filter packets exchanged between devices in the same VLAN. VLAN maps and router ACLs can be used in combination. Bridged ACLs can be applied to the input and output directions of a VLAN interface. Primary D. C. A single access-map can be used on multiple VLANs. E. Only router ACLs can be applied to a VLAN interface.com 124 Ac tua lTe Explanation: Router ACLs are applied on interfaces as either inbound or outbound." .

the port is in promiscuous mode. Multiple SVIs can be associated with a VLAN. B. dynamic ARP inspection E. QUESTION NO: 130 In the event that two devices need access to a common server. which security feature should be configured to mitigate attacks between these devices? A.actualtests. Which two statements are true about a switched virtual interface (SVI)? (Select two) A. * Community VLANs-Ports within a community VLAN can communicate with each other but cannot communicate with ports in other communities at the Layer 2 level. D.com Ac tua There are two types of secondary VLANs: * Isolated VLANs-Ports within an isolated VLAN cannot communicate with each other at the Layer 2 level. SVI is another name for a routed port. DHCP snooping Section 17: Troubleshoot switch virtual interfaces (SVIs) (1 Question) QUESTION NO: 131 An SVI has been configured on a device. An SVI is created by entering the no switchport command in interface configuration mode. A subdomain is represented by a primary VLAN and a secondary VLAN. Any Time. lTe sts Explanation: Private VLANs partition a regular VLAN domain into subdomains and can have multiple VLAN pairs. one for each subdomain.co m Answer: A 125 .www. C. port security C. BPDU guard D. "Pass Any Exam. ." . private VLANs B. but they cannot communicate with each other. in which the rules of private VLANs are ignored. All secondary (private vlan) share the same primary VLANs.Cisco 642-832: Practice Exam In other words. An SVI is normally created for the default VLAN (VLAN1) to permit remote switch administration.

maintained on the active supervisor engine. which shortens the switchover time if the active supervisor engine fails. An SVI provides a default gateway for a VLAN. the redundant supervisor engine is fully initialized and configured. B.co m . Which three statements are true about the RPR + operations when the redundant supervisor engine switched over the failed primary supervisor engine? (Choose three) A. With route processor redundancy (RPR+).com 126 Ac tua QUESTION NO: 132 lTe Section 18: Troubleshoot switch supervisor redundancy (3 Questions) sts . E. Answer: A. is synchronized to the redundant supervisor engine and is transferred during the switchover.actualtests. and routing is needed in and out of that VLAN. Information about dynamic routing states. Make sure the new VLAN interface is also enabled with the no shutdown interface configuration command Company has a Catalyst 6500 and you need to configure redundancy between the supervisor modules. Static IP routes are maintained across a switchover because they are configured from entries in the configuration file. C. Static IP routes are cleared across a switchover and recreated from entries in the configuration file on the redundant supervisor engine. as if the VLAN itself is a physical interface. it uses the much more intuitive interface name vlan vlan-id . The logical Layer 3 interface is known as an SVI . Information about dynamic routing states. This is useful when the switch has many ports assigned to a common VLAN." . routed traffic is interrupted until route tables reconverge. The Forwarding Information Base (FIB) tables are cleared on a switchover. Any Time. define or identify the VLAN interface. you can also enable Layer 3 functionality for an entire VLAN on the switch.www. "Pass Any Exam.Cisco 642-832: Practice Exam E. As a result. is not synchronized to the redundant supervisor engine and is lost on switchover. However. First. when it is configured. maintained on the active supervisor engine. and then assign any Layer 3 functionality to it with the following configuration commands: Switch(config)# interface vlan vlan-id Switch(config-if)# ip address ip-address mask [secondary] The VLAN must be defined and active on the switch before the SVI can be used. D.E Explanation: On a multilayer switch. This allows a network address to be assigned to a logical interface-that of the VLAN itself.

Only one supervisor engine is active.Cisco 642-832: Practice Exam F. The Forwarding Information Base (FIB) tables are maintained during the switchover. Use global configuration mode with RPR+ redundancy.C. both supervisor engines must run the same version of Cisco IOS software." . Network services are disrupted until the redundant supervisor engine takes over and the switch recovers. Supervisor engine redundancy does not provide supervisor engine mirroring or supervisor engine load balancing. routed traffic is interrupted until route tables reconverge. Static IP routes are maintained across a switchover because they are configured from entries in the configuration file.cisco. Reference: http://www. Enter a " copy running-config startup-config " command to synchronize the configuration on the redundant supervisor engine.1E/native/configuration/guide/r edund. Configuration changes made through SNMP are not synchronized to the redundant supervisor engine.actualtests. Any Time.com Ac tua lTe With RPR+. As a result.html QUESTION NO: 133 "Pass Any Exam.com/en/US/docs/switches/lan/catalyst6500/ios/12.D Explanation: The following guidelines and restrictions apply to RPR+: RPR+ redundancy does not support configuration entered in VLAN database mode. If the supervisor engines are not running the same version of Cisco IOS software. the redundant supervisor engine comes online in RPR mode. Information about dynamic states maintained on the active supervisor engine is not synchronized to the redundant supervisor engine and is lost on switchover. sts . The Forwarding Information Base (FIB) tables are cleared on a switchover.co m 127 . As a result. routed traffic continues without any interruption when the failover occurs.www. Answer: A.

QUESTION NO: 134 Which statement best describes Cisco supervisor engine redundancy using Stateful Switchover? A.Cisco 642-832: Practice Exam Which two characteristics apply to Cisco Catalyst 6500 Series Switch supervisor redundancy using NSF? (Choose two.co m 128 . Answer: D Explanation: Section 19: Troubleshoot switch support of advanced services (i.. and EIGRP D. Switchover ensures that Layer 2 through Layer 4 traffic is not interrupted. Switchover can be caused by clock synchronization failure between supervisors. NSF combined with SSO enables supervisor engine load balancing C. So it prevents the route flapping and it depends on FIB (Forwarding Information Base) table. dependent on FIB tables Answer: E. B. C." . Redundancy requires BGP.www.actualtests. VOIP and Video) (8 Questions) QUESTION NO: 135 Exhibit: "Pass Any Exam.com Ac tua lTe sts . IS-IS.F Explanation: The purpose of NSF is to enable the Layer 3 switch to continue forwarding packets from an NSFcapable neighboring router when the primary route processor (RP) is failing and the backup RP is taking over.) A. EIGRP. Wireless. Any Time. supported by RIPv2. Redundancy provides fast supervisor switchover for all Cisco Catalyst 6500 series switches. OSPF. OSPF. prevents route flapping F. D. independent of SSO B. or IS-IS.e. supports IPv4 and IPv6 multicast E.

Answer: C Explanation: This procedure for a LAP to register with a WLC is: The LAP issues a DHCP request to a DHCP server in order to get an IP address. The lightweight access point will send Layer 2 and Layer 3 Lightweight Access Point (LWAPP) mode discovery request messages at the same time. Please study the exhibit carefully.Cisco 642-832: Practice Exam You work as a network technician. the LAP attempts a Layer 3 LWAPP WLC discovery. the LAP resets and returns to step 1. the LAP broadcasts an LWAPP discovery message in a Layer 2 LWAPP frame. If Layer 2 LWAPP mode is supported on the LAP.com 129 Ac tua lTe sts . If step 1 fails.co m ." . the LAP will try Layer 3 LWAPP WLC discovery. Any WLC that is connected to the network and that is configured for Layer 2 LWAPP mode responds with a Layer 2 discovery response. If the attempt fails. If the LAP does not support Layer 2 mode.cisco. In this wireless network. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery request messages. Reference: http://www. the LAP proceeds to step 3. or if the LAP or the WLC does not support Layer 2 LWAPP mode. C.actualtests. B. If step 3 fails. D. the LAP (lightweight access point) attempts to register to a WLC (Wireless LAN Controller). unless an assignment was made previously with a static IP address. or if the WLC or the LAP fails to receive an LWAPP discovery response to the Layer 2 LWAPP discovery message broadcast. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery request messages only.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml QUESTION NO: 136 Exhibit: "Pass Any Exam. The lightweight access point will send Layer 3 Lightweight Access Point (LWAPP) mode discovery request messages only. Any Time. What kind of message is transmitted? A.www.

D.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008019f646. Which of the following statements is true? A. which provides better performance in multipath environments. Answer: B Explanation: In order to understand diversity using dual antenna's. there are multiple wavefronts that reach the receiver.shtml "Pass Any Exam. None of the other alternatives apply. When a radio frequency (RF) signal is transmitted towards the receiver. When an RF signal is reflected off an object. You can move the antenna to get it out of the null point and provide a way to receive the signal correctly. If signal 2 is close to 360 degrees out of phase with signal 1. resulting in multipath interference at the client end (ClientA). Dual antennas typically ensure that if one antenna is in an RF null then the other is not. F. The antennas used to provide a diversity solution can be in the same physical housing or must be two separate but equal antennas in the same location." . On its way.actualtests. The transmitted signal from the AP arrives at the client at slightly different times resulting in phase shifting. B. you must understand multipath distortion. diffract or interfere with the signal.com Ac tua lTe sts . Diversity provides relief to a wireless network in a multipath scenario. Multipath interference can be solved by using dual antennas. the result is essentially zero signal or a dead spot in the WLAN. refract.co m 130 . As a result of these new duplicate wavefronts. multiple wavefronts are created. If signal 1 is in phase with signal 2. the RF signal encounters objects that reflect. to ensure that one encounters less multipath propagation effects than the other. E. Multipath interference is less of an issue when using a DSSS technology because multipath is frequency selective.cisco. the result is essentially zero signal or a dead spot in the WLAN. Any Time.www. Diversity is the use of two antennas for each radio. Diversity antennas are physically separated from the radio and each other. to increase the odds that you receive a better signal on either of the antennas. C. the general behavior of the RF signal is to grow wider as it is transmitted further. Reference: http://www.Cisco 642-832: Practice Exam In this scenario the signal transmitted from the AP is reflected off a wall.

The client evaluates the AP responses and selects the best AP. The client sends an authentication request to the AP. association request/response. Reference: http://www. association request/response. authentication request/response. probe request/response. probe request/response. authentication request/response.sht ml QUESTION NO: 138 Network topology exhibit: "Pass Any Exam. The client then sends an association request to the AP. association request/response. probe request/response.com Ac tua lTe sts . authentication request/response B. The AP confirms the association and registers the client. The APs send back probe responses. The AP confirms authentication and registers the client. authentication request/response E.actualtests. Any Time.co m 131 . A client is searching for an access point (AP).www.cisco.Cisco 642-832: Practice Exam QUESTION NO: 137 On the wireless LAN. probe request/response C." . association request/response D.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297. What is the correct process order that this client and access point goes through in order to create a connection? A. None of the other alternatives apply Answer: C Explanation: From the Cisco FAQ on Cisco Aironet Wireless Security: What steps does Open Authentication involve for a client to associate with the AP? The client sends a probe request to the APs.

. Figure: Sequence of Events for L2 Roam "Pass Any Exam.www. The client station is responsible for detecting.E Explanation: This question shows an example of layer 2 roaming. C. Figure 3 Sequence of Events for L2 Roam illustrates a L2 roam...com Ac A. with identical SSIDs. . If the client moves to a new access point on a different IP subnet. D.. evaluating.. Roaming is always a client station decision. B.C. Any Time..Cisco 642-832: Practice Exam Answer: B.actualtests. ...co m 132 . E. and roaming to an alternative access point. sts In this WLAN segment.. A L2 roam occurs when a WLAN client moves from one access point to another within the same subnet.with a unique IP subnet range.only with the native VLAN. .." . . . F.. what are three requirements for configuring these Aironet access points (APs) that will allow for all wireless clients to work without service interruption while roaming from access point to access point? (Select three) . .with the same guest mode SSID. tua lTe All access points should be configured..within the same IP subnet. L3 roaming occurs after the L2 roam has completed..with the native VLAN...

11 channels for alternative access points.1X authentication. 4. on the client's virtual local area network (VLAN). After associating to the new access point B. Access point B sends a null media access control (MAC) multicast. The probe responses and beacons received from access points are discarded unless they have matching Service Set Identifier (SSID) and encryption settings. on the native VLAN . In this case.com Ac tua lTe sts . a roaming event (for example. A client moves from access point A coverage area into access point B coverage area ( with both access points in the same subnet ). When a roaming event occurs.html QUESTION NO: 139 "Pass Any Exam. Access point A receives this multicast and removes the client MAC address from its association table. telling access point A that access point B now has the client associated to it.Cisco 642-832: Practice Exam The arrows in the figure indicate the following events: 1. if it is configured for 802.www. access point B sends a MAC multicast. Reference: http://www. 2 On each channel the client station sends a probe. 2. The client scans all IEEE 802. maximum retries) is triggered.co m 133 . Any Time. This updates the content addressable memory ( CAM ) tables of the upstream switch and directs further LAN traffic for the client to access point B and not access point A. As the client moves out of the range of access point A. and waits for a probe responses or beacons from access points on that channel.actualtests. using the source address of the client. 3.1X." . Using its own source address.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801c 5223.11 channel. the client discovers access point B and reauthenticates and reassociates to it. the client begins IEEE 802. the client station scans each 802.cisco.

the term "gain" is often repeated but misunderstood.htm http://www. B.C Explanation: DBi is a unit measuring the gain of an antenna.B. Gain is a measure of increase in power. Power over Ethernet (PoE) is only available when a WLAN controller is integrated into the network. References: http://wireless-network. An omnidirectional antenna. Its goals are to: Reduce the amount of processing within access points. Gain is the amount of increase in energy that an antenna adds to a radio frequency (RF) signal.www. Direction is the shape of the transmission pattern. In electronics. The WLAN solution Engine (WLSE) is used to control lightweight access points. freeing up their computing resources to focus exclusively on wireless access instead offiltering and policy enforcement Enable centralized traffic handling. authentication. E. An antenna gives the wireless system three fundamental properties: gain. encryption .wireless-computer-networking. Antenna power is a relative value reference to dBi. Polarization is the physical orientation of the element on the antenna that actually emits the RF energy. C.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00807f34d3. and policy enforcement for an entire WLAN system Provide a generic encapsulation and transport mechanism for multivendor access point interoperability. F. LWAPP is a draft Internet Engineering Task Force (IETF) standard. authored by Cisco Systems. using either a Layer 2 infrastructure oranIP-routed network When a Cisco LWAPP-enabled access point boots up. and routers. D. and polarization. the LWAPP-enabled access point sends out encrypted "neighbor" messages. This antenna exists as a mathematical concept used only as a known reference to measure antenna gain per dBi." . LWAPP allows encrypted communications between lightweight access points and WLAN controllers. The reference level or dBi is the strength of the signal that would be transmitted by a non-directional isotropic antenna i.com 134 Ac tua lTe sts . that standardizes the communications protocol between lightweight access points and WLAN systems such as controllers.shtml "Pass Any Exam. Characteristics of antennas are directionality. switches.co m . Any Time. it immediately looks for a wireless LAN controller within the network. direction and polarization.Cisco 642-832: Practice Exam Which three statements are true about implementing wireless LANs in the network using Cisco devices? (Select three) A. is usually a vertical polarized antenna.radiates equally in all directions. Answer: A. gain. After it finds a wireless LAN controller.com/dBi. Gain implies increase e.actualtests. for example. One of the advantages of the lightweight WLAN solution is that the devices act indepently.e.cisco.g 20 dBi but without respect to where the increase originated.

A PC connected to a switch port via an IP phone must support a trunking encapsulation. A PC connected to a switch port via an IP phone is unaware of the presence of the phone. The new auxiliary VLAN is used to represent other types of devices collectively. The traffic on the voice VLAN must be tagged with 802. in the future. The voice VLAN must be configured as a native VLAN on the switch. how to manage the traffic? "Pass Any Exam. data devices reside in a data VLAN.com 135 Ac tua lTe sts A. To improve the quality of the voice traffic. When the IP phone powers up. other types of non-data devices will also be part of the auxiliary VLAN. Meanwhile." . Just as data devices come up and reside in the native VLAN (default VLAN). if one has been configured on the switch. IP phones come up and reside in the auxiliary VLAN.co m Based on the diagram shown above.actualtests. C. Today those devices are IP phones (hence the notion of a voice VLAN). E. which statement is true about the voice traffic coming to the switch access port that is connected to the IP phone? . data devices continue to reside in the native VLAN (or default VLAN) of the switch. no other devices should be attached to the IP phone. . D.1p encapsulation in order to coexist on the same LAN segment with a PC. also known as the voice VLAN ID or VVID. it communicates with the switch using CDP.Cisco 642-832: Practice Exam QUESTION NO: 140 An IP phone connects a user to a switch as shown below: Answer: A Explanation: The new voice VLAN is called an auxiliary VLAN in the Catalyst software command-line interface (CLI). QUESTION NO: 141 Look at the graphic below. the connectivity between Cisco IP phone access port and the workstation CK-PC has been established. In the traditional switched world. A data device VLAN (data subnet) is referred to as a port VLAN ID or PVID.www. B. The switch then provides the phone with its configured VLAN ID (voice subnet). Any Time. but.

they should be overwritten to a value of 0. use the following interface configuration command: Switch(config-if)# switchport priority extend {cos value | trust} Normally. B.www. "Pass Any Exam. The IP phone access port will override the priority of the frames received from the CK-PC. The switch port FaO/4 would trust the priority for the frames received from the CK-PC. however. should normally be untrusted and have all inbound CoS values set to 0.co A.com 136 Ac Example: interface fastethernet 0/1 switchport voice vlan 200 switchport priority extend cos 0 tua lTe Explanation: The CK-PC connected to the phone.Cisco 642-832: Practice Exam A switch instructs an attached IP Phone through CDP messages as to how it should extend QoS trust to its own user data switch port. This is because the PC's applications might try to spoof CoS or Differentiated Services Code Point (DSCP) settings to gain premium network service. The switch port FaO/4 would neglect the priority of the frames received from the CK-PC. Any Time. To configure the trust extension. In this case.actualtests. the QoS information from a PC connected to an IP Phone should not be trusted. The IP phone access port would trust the priority of the frames received from the CK-PC." . C. m . If CoS values from the PC cannot be trusted. D. sts Answer: A . This is mentioned here to show how trust boundaries also exist at any connected IP Phones. use the cos keyword so that the CoS bits are overwritten to value by the IP Phone as packets are forwarded to the switch.

mls qos trust [ cos ] : Configure the port trust state. Use the following interface configuration command to select the voice VLAN mode that will be used: Switch(config-if)# switchport voice vlan { vlan-id | dot1p | untagged | none} 2.actualtests. To configure the IP Phone uplink.Cisco 642-832: Practice Exam QUESTION NO: 142 You need to configure a new Cisco router to be installed in the VOIP network. which Catalyst switch interface command should be issued in order for the switch to instruct the phone to override the incoming CoS from the CK-PC before sending the packet to the switch? "Pass Any Exam. mls qos trust override cos Section 20: Troubleshoot a VoIP support solution (7 Questions) QUESTION NO: 143 Based on the graphic below.www. The switch instructs the phone to follow the mode that is selected. All traffic is sent through one egress queue. Any Time. mls qos trust device cisco-phone : Configure the Cisco IP Phone as a trusted device on the interface. mls qos trust cos E. switchport priority extend cos_value D. just configure the switch port where it connects. mls qos trust device cisco-phone C. Use the cos keyword to classify ingress packets with the packet CoS values.com Ac Explanation: 1.B." . The egress queue assigned to the packet is based on the packet CoS value 3. If an 802. tua lTe sts .co m Answer: A.1Q trunk is needed. Which three interface commands will configure the switch port to support a connected Cisco phone and to trust the CoS values received on the port if CDP discovers that a Cisco phone is attached? (Select three) A.D 137 . a special-case trunk is negotiated by Dynamic Trunking Protocol (DTP) and CDP. the switch port does not need any special trunking configuration commands if a trunk is wanted. the port is not trusted. By default. switchport voice vlan vlan-id B. In addition.

C. E. Beginning in privileged EXEC mode. The switch will no longer tag incoming voice packets and will extend the trust boundary to the distribution layer switch. RTP will be used to negotiate aCoS value based upon bandwidth utilization on the link. The computer is now establishing theCoS value and has effectively become the trust boundary.cisco. switchport priority extend cos 11 B. switchport priority extend cos 2 C. B.Cisco 642-832: Practice Exam A.com Ac tua QUESTION NO: 144 lTe sts . the trust boundary has been moved to the PC attached to the IP phone.actualtests.1_14_ea1/config uration/guide/swvoip. You can configure the switch to override the priority of frames arriving on the IP phone port from connected devices.com/en/US/docs/switches/lan/catalyst2950/software/release/12. The IP phone is enabled to override with aCoS value of 3 the existing CoS marking of the PC attached to the IP phone.co m 138 ." . mis qos cos 2 override Answer: B Explanation: Overriding the CoS Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco7960 IP Phone port. Any Time.www.html Refer to the exhibit. What is the effect when the switchport priority extend cos 3 command is configured on the switch port interface connected to the IP phone? A. D. mis qos cos 2 D. The PC can generate packets with an assigned CoS value. follow these steps to override the CoS priority received from the nonvoice port on the Cisco7960 IP Phone: Reference: http://www. "Pass Any Exam. Effectively.

or packets being "black-holed. Packet loss due to congestion E. E: Broadcast storms indicate a problem on a LAN segment. too many hosts.1_14_ea1/config uration/guide/swvoip. etc.Cisco 642-832: Practice Exam Answer: C Explanation: The "switchport priority extend cos <priority>" is used to set the IP phone access port to override the priority received from the PC or the attached device.actualtests. and delay are the three reasons for implementing QoS features on modern networks. F: If only FTP sessions were having issues.html QUESTION NO: 145 VOIP is being implemented in the network and you need to assess the need for QoS." QoS would not help in this situation. jitter. What causes network jitter? "Pass Any Exam. and delay is when a packet takes too long to get somewhere. Reference: http://www. QUESTION NO: 146 Jitter is causing problems with the VOIP application in the network.D Explanation: Loss.cisco. Excess jitter C.com/en/US/docs/switches/lan/catalyst2950/software/release/12. FTP sessions are not delay sensitive due to the re-transmission nature of TCP and do not require QoS." . Any Time. In this case. Delay of critical traffic D. The default is 0.www. Jitter is a timing mismatch between two way traffic. QoS would not help in this situation. The CoS value is a number from 0 to 7. such as a babbling host. it has been set to mark all traffic with a class of service value of 3. Incorrect Answers: A: This would indicate a routing problem. then the FTP application or FTP server should be corrected. FTP connections unsuccessful Answer: B. Seven is the highest priority. Data link layer broadcast storms F. a bad application. Normally.com Ac tua lTe sts . a segment that is too large. Which of the following network problems would indicate a need to implement QoS features? (Select three) A.C. Loss is when a packet disappears on a network. Mis-routed packets B.co m 139 .

Variable queue delays B.com Ac tua lTe According to the information presented in the following exhibit. Packet drops C. but there are instantaneous and total limits on buffering ability. Compression Answer: A Explanation: Delay variation or jitter is the difference in the delay times of consecutive packets.www. Note: Jitter in Packet Voice Networks : Jitter is defined as a variation in the delay of received packets. "Pass Any Exam.actualtests. this steady stream can become lumpy. can you tell me the reason that the trust state of interface FastEthernet 0/3 displays "not trusted"? sts QUESTION NO: 147 . or the delay between each packet can vary instead of remaining constant. Due to network congestion. A jitter buffer is often used to smooth out arrival times. At the sending side. Any type of buffering used to reduce jitter directly increases total network delay. traffic requiring low latency also requires a minimum variation in latency. Transmitting too many small packets D. Any Time." .Cisco 642-832: Practice Exam A.co m 140 . or configuration errors. packets are sent in a continuous stream with the packets being spaced evenly apart. In general. improper queuing.

co m 141 . Any Time.com Ac tua lTe sts ." .Cisco 642-832: Practice Exam "Pass Any Exam.www.actualtests.

CDP runs on all media that support Subnetwork Access Protocol ( SNAP).actualtests. There is no CDP neighbor and trusted state also no trusted. Because CDP runs over the data-link layer only.www. transparent protocols. C. This feature enables applications to send SNMP queries to neighboring devices. network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer.com Ac tua Answer: D lTe A. With CDP.co m 142 . "Pass Any Exam.Cisco 642-832: Practice Exam Explanation: CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Ciscomanufactured devices (routers." . two systems that support different network-layer protocols can learn about each other. DSCP map needs to be configured for VOIP. bridges. ToS has not been configured. D. There is not a Cisco Phone attached to the interface. The command mis qos needs to be turned on in global configuration mode. sts . Any Time. Communication between Switch and IP Phone is performed by CDP protocol. and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. access servers. B.

WRED (Weighted Random Early Detection) could be configured to prevent congestion. The use of WRED. QUESTION NO: 149 Which QoS mechanisms can you use on a converged network to improve VoIP quality? (Select three) A. Any Time. By providing a strict queue for VOIP traffic. B. E." . but the bandwidth they do is very delicate. If anything happens with the connection or the integrity of the data transfer in either direction the conversation won't seam natural.E Explanation: In order to optimize the quality of VOIP calls.www. IP phones can only receive IP addresses through DHCP if they are in separate VLAN. In order to properly provide for QoS across the network. instead of dropping the voice packets when links become busy. C. IP phones require inline power and must be in separate VLAN to receive inline power. This will ensure that the traffic is prioritized end to end. Answer: A. The use of 802.Cisco 642-832: Practice Exam QUESTION NO: 148 You are a network administrator of a large investor relations company that uses a switched network to carry both data and IP telephony services. C. Answer: B Explanation: Voice conversations don't take up a lot of bandwidth.co m .C. QoS should be implemented to ensure that VOIP traffic is prioritized over other traffic types.com 143 Ac tua lTe sts . The use of RTP header compression for the VoIP traffic. you will ensure that voice calls take precedence over the other traffic types. WRED can be used to selectively drop less important traffic types. the voice traffic should be marked to give priority as close to the source as possible. Finally. The proper classification and marking of the traffic as close to the source as possible. Why should you carry voice traffic on a separate VLAN? A. To ensure the highest degree of integrity you should put voice traffic on its own separate VLAN and give that VLAN the highest priority. "Pass Any Exam. D. The use of a queuing method that will give VoIP traffic strict priority over other traffic.actualtests.1QinQ trunking for VoIP traffic. IP telephony applications require prioritization over other traffic as they are more delay sensitive. D. B. The CDP frames from the IP phone can only be recognized by the switch if the phone is in an auxiliary vlan.

Intelligent platforms C. Guaranteed rate service. Cisco AVVID Network Infrastructure addresses five primary concerns of network deployment: High availability Quality of service (QoS) Security Mobility and Scalability Reference: http://www. High availability Answer: A. D: The trunking method used will have no bearing on the VOIP quality. QoS classified at layer 3 using IP precedence or DSCP. Implemented using FIFO queues.html lTe sts .) A. All traffic has an equal chance of being dropped. B.com 144 Ac tua Explanation: By creating a robust foundation of basic connectivity and protocol implementation.E QUESTION NO: 151 Which of the characteristics below is associated with the (QoS) Integrated Services Model? A.D.com/en/US/netsol/netwarch/ns19/ns24/networking_solutions_audience_business _benefit09186a008009d678. Answer: B Explanation: Cisco IOS QoS includes the following features that provide controlled load service. In general.www. which is a kind of integrated service: "Pass Any Exam. D. but it will not help with improving the voice quality.Section 21: Troubleshoot a video support solution(3 Questions) QUESTION NO: 150 The Company is rolling out Cisco's Architecture for Voice. C. Quality of Service (QoS) B.actualtests. Security E." . Any Time.co m .Cisco 642-832: Practice Exam Incorrect Answers: B: Compression can be used to lower the bandwidth required to transmit VOIP calls. Mobility and scalability D. Which of the following choices represent the fundamental intelligent network services in Cisco's AVVID? (Select all that apply. compression of any kind lowers the quality of VOIP.cisco. Video and Integrated Data (AVVID).C.

or is "trusted" that it is entering the network with the appropriate tag. adaptive real-time applications such as playback of a recorded conference can use this kind of service.Cisco 642-832: Practice Exam Resource Reservation Protocol (RSVP) can be used by applications to signal their QoS requirements to the router.cisco. The distribution layer inspects a frame to see if it has exceeded a predefined rate of traffic within a certain time frame.html#1000946 145 . Reference: http://www. QoS group. Multiprotocol Label Switching (MPLS). For example. Cisco IOS QoS uses weighted fair queuing (WFQ) with RSVP to provide this kind of service. Any Time. C. and ingress interface are Layer 2 characteristics that are set by the access layer as it passes traffic to the distribution layer. which is typically a fixed number internal to the switch.com Ac tua lTe You work as a network technician." . Layer 2/3 QoS tags are trusted from distribution layer switches and used to prioritize and queue the traffic as it traverses the core. strips these off. DSCP. which allows applications to have low delay and high throughput even during times of congestion. What can be said of application of this technology in this type of network? (Select three) sts . IP address. F. If a frame is determined to be in excess of the predefined rate limit. IP precedence. No traffic marking occurs at the core layer.co m Ø Guaranteed Rate Service. which allows applications to reserve bandwidth to meet their requirements.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter0 9186a008007ff07. Traffic inbound from the access layer to the distribution layer can be trusted or reset depending upon the ability of the access layer switches. MAC address. Your boss is interested in the QoS technology in the context of video traffic. "Pass Any Exam. B. Ø Controlled Load Service. The access layer is the initial point at which traffic enters the network. Priority access into the core is provided based on Layer 3 QoS tags. Cisco IOS QoS uses RSVP with Weighted Random Early Detection (WRED) to provide this kind of service.actualtests. the Frame Relay discard eligible (DE) bit. and ingress interface are established by the voice submodule (distribution layer) as traffic passes to the core layer. D. The distribution layer. a Voice over IP (VoIP) application can reserve 32 Mbps end to end using this kind of service. the ATM cell loss priority (CLP) bit. Intelligent queuing mechanisms can be used with RSVP to provide the following kinds of services: QUESTION NO: 152 A. E.www. For example. once it has made a switching decision to the core layer. the CoS value can be marked up in a way that results in the packet being dropped. Traffic is marked (or remarked) at Layers 2 and 3 by the access switch as it enters the network.

These switches also perform the necessary functions to map the layer 2 COS values to a layer 3 TOS or DSCP value when sending traffic into the cloud. Section 22: Troubleshoot Layer 3 Security (4 Questions) QUESTION NO: 153 "Pass Any Exam. needs to be provisioned at all Campus Layers (Access. The rest of the 3550 configuration is the default configuration. on the other hand. 10. Distribution and edge switches can be configured to trust the COS markings of incoming traffic.10. Distribution. marking.actualtests. Host A is able to ping its default gateway. Given the output displayed in the exhibit.10. Core) due to oversubscription ratios. and policing should be performed as close to the traffic-sources as possible. which statement is true? lTe sts . but is unable to ping Host B.1. specifically at the Campus Access-Edge.Cisco 642-832: Practice Exam Answer: A.com Ac tua Refer to the exhibit. or reset the COS value to a different value.C Explanation: Three main types of QoS policies are required within the Campus: 1)Classification and Marking 2)Policing and Markdown 3)Queuing Classification.co m 146 .www. Any Time." .B. Host A and Host B are connected to the Catalyst 3550 switch and have been assigned to their respective VLANs. rest the COS value to 0. Queuing.

Multilayer switches can perform both Layer 2 switching and interVLAN routing.Cisco 642-832: Practice Exam Answer: D Explanation: To transport packets between VLANs. Switch(config)# ip routing command enables the routing on Layer 3 Swtich "Pass Any Exam. C. Interface VLAN 10 must be configured on the SW1 switch. VTP must be configured to support interVLAN routing. Traditionally. as long as the interface can have a Layer 3 address assigned to it. HSRP must be configured on SW1. lTe sts . Layer 2 switching occurs between interfaces that are assigned to Layer 2 VLANs or Layer 2 trunks. as appropriate. you must use a Layer 3 device. F. D. The router must have a physical or logical connection to each VLAN so that it can forward packets between them. A separate router is required to support interVLAN routing. Layer 3 switching can occur between any type of interface.www.co m 147 . The global config command ip routing must be configured on the SW1 switch. this has been a router's function. VLANs 10 and 15 must be created in the VLAN database mode.actualtests. Any Time. This is known as interVLAN routing . B. E.com Ac tua A." .

2.255.255. B. Configure a default route that points toward network 200.10.www.10.1 255.1.0).1.1. Inter-VLAN routing would most likely be achieved through the use of a virtual interface. servers are on VLAN 3 (10. which configuration solution could rectify the problem? Answer: C Explanation: Although a routed port is configured for connectivity with an external router.0. VLAN2. Any Time.2.Cisco 642-832: Practice Exam QUESTION NO: 154 Refer to the exhibit.com Ac tua A. Example: To route between VLANs 10 and 20 which have been configured on the multilayer switch use the following configuration: RouteSwitch(config)# interface vlan 10 RouteSwitch(config-if)# ip address 10.0/24. VLAN3. and VLAN10 are configured on the switch D-SW1.255.1.1 on each host. and the management VLAN is on VLAN10 (10.1. lTe sts .1. Configure default gateways to IP address 10. D. Enable IP routing on the switch D-SW1. Configure default gateways to IP address 200.0).1. F. C.1 255. Hosts are able to ping each other but are unable to reach the servers.255.0. E.co m 148 .1 on each host.10.3." . Host computers are on VLAN 2 (10. Configure default gateways to IP address 10.0 "Pass Any Exam.1.0 RouteSwitch(config)# interface vlan 20 RouteSwitch(config-if)# ip address 10.actualtests.20.1.0).3. On the basis of the exhibited output.2 on each host. Assign an IP address of 10.1.1/24 to VLAN3.

actualtests. Although interVLAN routing is enabled. B. InterVLAN routing has been configured properly. E. and the workstations have connectivity to each other. the workstations will not have connectivity to each other. Answer: C Explanation: "Pass Any Exam. None of the other alternatives apply. C." . Although interVLAN routing is not enabled.www.co m . both workstations will have connectivity to each other. which of these statements is true? tua lTe sts . D.com 149 Ac Based on the network diagram and routing table output in the exhibit. InterVLAN routing will not occur since no routing protocol has been configured. Any Time.Cisco 642-832: Practice Exam QUESTION NO: 155 The network is displayed in the following network topology exhibit: Router configuration exhibit: A.

" .255. which belong to different VLANs. InterVLAN routing can be performed by an external router that connects to each of the VLANs on a switch.1 255. which description is correct when trying to ping from host to host? lTe sts .168.0 Router(config)# interface fa 0/0.255.20 Router(config-subif)# description Engineering VLAN 20 Router(config-subif)# encapsulation dot1q 20 Router(config-subif)# ip address 192.0 Router(config)# interface fa 0/0. are in the same subnet.168.actualtests. According to the information displayed.91. You need to configure like: Switch(config)# interface fa 0/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk encapsulation dot1q In Router you need to configure like: Router(config)# interface fa 0/0 Router(config-if)# description VLAN 1 Router(config-if)# ip address 192.co m 150 . Separate physical connections can be used.10.10 Router(config-subif)# description Management VLAN 10 Router(config-subif)# encapsulation dot1q 10 Router(config-subif)# ip address 192.com Ac tua Study the following graphic carefully Host1 and Host2.255.1 255. The router must have a physical or logical connection to each VLAN so that it can forward packets between them.Cisco 642-832: Practice Exam A Layer 2 network can also exist as a VLAN inside one or more switches.255.255. you must use a Layer 3 device.www. The Switch Port which is connected with Router should be trunk link.255.168.20.0 QUESTION NO: 156 A. Any Time. To transport packets between VLANs. this has been a router's function. or the router can access each of the VLANs through a single trunk link. Traditionally.1 255. "Pass Any Exam. This is known as interVLAN routing . A trunk port should be configured on the link between CK-SW1 and CK-SW2 to ping successfully. VLANs are essentially isolated from each other so that packets in one VLAN cannot cross into another VLAN.

Devices that are in different VLANs can ping each other as long as they are in the same subnet when the VLAN information is untagged. D. C. The traffic will be forwarded to the router processor for further processing.co m Section 23: Troubleshoot issues related to ACLs used to secure access to Cisco routers (2 Questions) 151 . The ping command will be successful without any further configuration changes.16.com Ac tua lTe sts .Cisco 642-832: Practice Exam B. None of the other alternatives apply Answer: A "Pass Any Exam.5? A. Answer: D Explanation: Normally. The traffic will be forwarded to the TCAM for further processing. you must use a Layer 3 device.actualtests. to transport packets between VLANs. The traffic will be forwarded without further processing. A Layer 3 device is a must in order for the ping command to be successful. The traffic will be dropped. QUESTION NO: 157 The following "show" command was issued on R1: Study the exhibit carefully. C. Any Time.www. What will happen to traffic within VLAN 14 with a source address of 172. The two hosts should be in the same VLAN in order to ping successfully. E. D. in this case the "switchport mode access" command has been used for these ports so the VLAN information will be sent along untagged." . However. B.10.

lTe QUESTION NO: 158 sts . Enter the vlan access-map access-map-name [ sequence ] global configuration command to create a VLAN ACL map entry. Which would be the first logical step to take? Select the best response. Check the routing table for 212.185. To create a VLAN map and apply it to one or more VLANs.actualtests." . Unlike router ACLs. Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one or more VLANs. Each access-map can have multiple entries. Check the access list for log hits. Only traffic matching the 'permit' condition in an access-list will be passed to the access-map for further processing.Cisco 642-832: Practice Exam Explanation: VLAN maps. Also enter the match command to specify an IP packet or a non-IP packet (with only a known MAC address). Based upon the configuration. VLAN maps are used strictly for security packet filtering. B.com Ac tua Refer to the exhibit. you need to understand why the policy routing match counts are not increasing. C. The default is to forward traffic.www. perform these steps: Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN.) Answer: B "Pass Any Exam. (Multiple set clause entries will cause PBR to use the routing table. Any Time.126. A. A single access-map can be used on multiple VLANs. D.co m 152 . VLAN maps can be configured on the switch to filter all packets that are routed into or out of a VLAN. also known as VLAN ACLs or VACLs. The order of these entries is determined by the sequence . accessmap entries are added with sequence numbers in increments of 10. This access-list will select the traffic that will be either forwarded or dropped by the access-map. Remove any two of the set clauses. In access map configuration mode. or are bridged within a VLAN.50. can filter all traffic traversing a switch. If no sequence number is entered. and to match the packet against one or more ACLs (standard or extended). Confirm if there are other problematic route-map statements that precede divert. VLAN maps are not defined by direction (input or output). optionally enter an action forward or action drop .

www. Any Time.actualtests. You study the exhibit carefully.com Ac tua lTe sts .Cisco 642-832: Practice Exam Explanation: Section 24: Troubleshoot configuration issues related to accessing the AAA server for authentication purposes (1 Questions) QUESTION NO: 159 Exhibit: You work as a network administrator.co m 153 . mitigates the risk of rogue devices gaining unauthorized access to the network B. sets the port state to authorized C." . sets the port state to unauthorized E. What is the function of this configuration? A. configures a guest VLAN on this interface Answer: A "Pass Any Exam. sets the maximum number of retries to supplicant for EAP-request frames of types other than EAP-Request/Identify D.

Place unused ports in a common unrouted VLAN D. Reference: VLAN Security White Paper. What two steps can be taken to help prevent this? (Select two) A. Hackers used 802. Enable BPD guard B. Therefore. Prevent automatic trunk configuration E.finger. By not granting connectivity or by placing a device into a VLAN not in use. RCP etc.D Explanation: To prevent VLAN hoping you should disable unused ports and put them in an unused VLAN. If the authentication is successful.com/en/US/products/hw/switches/ps708/products_white_paper09186a00801315 9f. which is known as dot1x authentication. Any Time. Implement port security Answer: C.shtml "Pass Any Exam.Cisco 642-832: Practice Exam Explanation: Cisco switches supports port-based authentication with combination of AAA. When it is enabled. which are malicious schemes that allow a user on a VLAN to get unauthorized access to another VLAN. FTP. Another method used to prevent VLAN hopping is to prevent automatic trunk configuration. the user can use the port normally. or a separate unrouted VLAN. NTP. it might become a trunk port and it might start accepting traffic destined for any VLAN. Disable CDP on ports where it is not necessary C. Cisco Systems http://www.1Q and ISL tagging attacks. For example. Section 25: Troubleshoot security issues related to IOS services (i." . if a switch port were configured as DTP auto and were to receive a fake DTP packet. HTTP.com Ac tua lTe sts .actualtests.www. unauthorized access can be thwarted through fundamental physical and logical barriers.e.cisco.) (4 Questions) QUESTION NO: 160 You want to enhance the security within the LAN and prevent VLAN hopping. a malicious user could start communicating with other VLANs through that compromised port..co m 154 . a switch port will not pass any traffic until a user has authenticated with the switch.

In reality.ru/cisco/ch05lev1sec2. Any Time. when the switch receives a legitimate frame for which it does not know which port to forward the frame to. How does this action benefit the attacker? "Pass Any Exam. thinking that these MAC addresses actually exist on the port on which it is receiving them. the switch learns that the MAC address associated with that machine sits on the port on which it has received the response frame. MAC address flooding D. DHCP flooding E.co m .Cisco 642-832: Practice Exam QUESTION NO: 161 The network is being flooded with invalid Layer 2 addresses. MAC spoofing B. causing switch CAM tables to be filled and forcing unicast traffic to be transmitted out all switch ports. when a machine receiving a frame responds to it.www. In these attacks.soundonair.com 155 Ac tua lTe sts ." . At this point. an attacker tries to fill up a switch's CAM tables by sending a large number of frames to it with source MAC addresses that the switch is unaware of at that time. in a situation where the CAM table is filled up. this port is under the attacker's control and a machine connected to this port is being used to send frames with spoofed MAC addresses to the switch. Reference: http://book. Which type of Layer 2 attack is being used here? A.actualtests. The switch learns about these MAC addresses and puts them in its CAM table. the switch floods all the connected ports belonging to the VLAN on which it has received the frame. allowing it to send any future frames destined for this MAC address directly to this port rather than flood all the ports on the VLAN.html QUESTION NO: 162 A MAC address flood attack is occurring on the LAN. The switch continues to flood the frames with destination addresses that do not have an entry in the CAM tables to all the ports on the VLAN associated with the port it is receiving the frame on. During this attack. and the switch continues to learn of them. VLAN hopping C. However. eventually the switch's CAM table becomes filled with entries for these bogus MAC addresses mapped to the compromised port. Session hijacking Answer: C Explanation: Port security is especially useful in the face of MAC address flooding attacks. the switch is unable to create this CAM entry. numerous frames are forwarded to a switch which causes the CAM table to fill to capacity. It puts this mapping in its CAM table. If the attacker keeps sending these frames in a large-enough quantity. Under normal operations.

RADIUS D. Simple Network Management Protocol "Pass Any Exam. the switch will broadcast openly onto a LAN. A BPDU Guard port should only be configured on ports with PortFast enabled. None of the other alternatives apply Answer: D Explanation: MAC flooding basically involves bombarding the switch with spoofed ARP requests in the hope of making the switch "fail open". All traffic is tagged with a specific VLAN ID from the VLAN of the attacker and is now viewable. E. where it sends packets to all ports. Serial connection B. B.www. Any Time.E QUESTION NO: 164 Which of the following are valid modes of accessing the data plane? (Choose all that apply. in essence. BPDU Guard can be enabled on any switch port.actualtests.governmentsecurity." . E.co m 156 . BPDU Guard and PortFast should not be enabled on the same port.Cisco 642-832: Practice Exam A. The goal is to flood the switches CAM (content addressable memory) table. F. makes the switch display the characteristics of a hub.) A. allowing the attacker to start sniffing.html QUESTION NO: 163 Which of the following characteristics describe the BPDU Guard feature? (Choose all that apply.) A. A BPDU Guard port receiving a BPDU will be disabled. D. All traffic is flooded out all ports and an attacker is able to capture all data.org/archive/t2605. but it's actually the attacker spoofing the MAC address of thousands of non-existent hosts. The success of this attack is almost completely dependant on the model and manufacturer of the switch. Secure Shell C. B. Clients will forward packets to the attacking device. A BPDU Guard port receiving a BPDU will go into err-disable state. BPDU Guard is used to ensure that superior BPDUs are not received on a switch port. and once flooded. This. which will in turn send them to the desired destination but not before recording the traffic patterns. C. D.com Ac tua lTe sts . All traffic is redirected to the VLAN that the attacker used to flood the CAM table. Answer: A. Reference: http://www. or port/MAC table with these bogus requests. A MAC flooding attack looks like traffic from thousands or computers moving into one port. C.

D. HTTP F. E. A QoS policy must not be currently attached to the interface. Bottom-up "Pass Any Exam. B. Hub-and-spoke VPN topology D." .B. Following the traffic path B. An IP address must be configured on the interface if its speed is equal to or less than 768 kbps. AutoQoS must be enabled globally before it can be enabled on the interface.E. F. Extranet VPN B. Any Time.www. Answer: A. Full mesh VPN topology F.Cisco 642-832: Practice Exam E. Telnet Answer: A. CEF must be enabled.) A.actualtests.) A.com 157 Ac A.F QUESTION NO: 165 Which of the following is not an essential prerequisite for AutoQoS to be correctly applied to an interface? (Choose all that apply. Remote-access VPN topology tua lTe Which of the following topology situations would be a qood candidate for configuring DMVPN? sts . Comparing configurations D. Central-site VPN topology E. Managed overlay VPN topology C. The interface must be configured as a Multilink PPP interface.E QUESTION NO: 166 Answer: E QUESTION NO: 167 Which of the following is not considered a common approach to narrow the field of potential problem causes? (Choose the best answer.co m . The correct bandwidth should be configured on the interface. Top-down C. C. D.

168. it is a NetFlov/ command that v/ill export 1500-byte packets to IP address 192. RP Discovery Protocol (RDP) E.www.1. it is not a valid NetFlow command.Cisco 642-832: Practice Exam E.50 for packets up to an MTU of 1500.co m . Any Time.1. RPARP(RARP) Answer: A.C QUESTION NO: 170 Which of the following are shared distribution tree characteristics? (Choose all that apply.168. Auto-RP D. it is a NetFlov/ command that allows IP address 192.50. RP Helios F.1. Memory requirements are higher for shared distribution tree than for source distribution tree. B.50 to send traffic to port 1500.168.) A. QUESTION NO: 169 A." .B. Examine SLAs Answer: F QUESTION NO: 168 Which of the following best describes the following command: ip flow-export destination 192. It is a NetFlov/ command that v/ill specify that the NetFlov/ collector's IP address is 192.1. C.50.168.50 over UDP port 1500. Statically defined RP B. Divide and conquer F. "Pass Any Exam. E.168. Creates a tree from a central RP to all last-hop routers.com 158 Ac tua Which of the following are valid methods of providing a router with information concerning the location of the RP? (Choose all that apply. It is an SNMP command that exports flows to destination address 1Q2.actualtests.1.1.50 1500? A.168. Bootstrap Router C. it is an SNMP command that exports 1500-byte packets to IP address 192. D.) lTe sts Answer: E . F. B.

5.G) entry in a router's multicast routing to table. Place (S.Cisco 642-832: Practice Exam C. 01-00-5e-41-05-0a E." .1. The configuration on the FTP server is copied to NVRAM.com 159 Ac tua Which of the following is an accurate description of the command copy startup-config ftp://kevin:cisco@192. F.co m .168. Any Time.74? lTe sts . D.actualtests. 00-00-0c-cl-05-0a C.) A. Uses a rendezvous point. Place (*. B. The configuration on the FTP server is copied to RAM. 00-00-0c-c0-05-0a B.F QUESTION NO: 171 Given the multicast IP address of 224.www. The configuration file in RAM is copied to an FTP server. show ip bgp neighbors "Pass Any Exam. Answer: D QUESTION NO: 173 Which of the following commands can be used to gather information about the AS-PATH of a BGP route? (Choose all that apply.193. Answer: C. E. 01-00-5e-00-00-0c D. what would the corresponding multicast MAC address be? A.10. C. D. The configuration will be copied from NVRAM to an FTP server with a filename of Kevin. 00-00-0c-01-00-5e F. An optimal path is created between each source router and each last-hop router. E. The command is not valid on a Cisco router. 01-00-5e-cl-05-0a Answer: D QUESTION NO: 172 A.G) entry in each router's multicast routing table. F. The configuration file in NVRAM is copied to an FTP server.

20 seconds F. The new router has preempt configured and a higher priority F.E QUESTION NO: 174 How long will a port remain in the listening state by default? A. show ip bgp E. The new router can become active only when the existing active router and the existing standby router become unavailable. Any Time. Depends on the pott speed QUESTION NO: 175 A. show ip route bgp D.Cisco 642-832: Practice Exam B. The new router will become active immediately because it's the newest router introduced into the group. The new router has a higher priority value." . The new router has a lower priority value. D. C.actualtests. Until the root directs it to start forwarding E. Under what circumstance will the new router become the active router? lTe sts Answer: C .www. show ip bgp summary F. debug ip bgp updates C. One of the existing routers is in an active state. sh ip bgp database Answer: B. The new router will never become active unless the existing active router becomes unavailable.com 160 Ac tua A new router is added to an existing HSRP standby group.D. 50 seconds C. Depends on the number of switches in the spanning tree domain B. Answer: E QUESTION NO: 176 Which of the following is not a valid reason for a packet to be punted? "Pass Any Exam. E. 15 seconds D.co m . the other is in a standby state. B.

C.co m 161 . OSPF LSA type 5 triggers an LSA type 7 at an A5BR but only in N5SAs. OSPF LSA type 3 triggers an LSA type 4 at an ABR. OSPF LSA type 5 triggers an LSA type 7 at an ABR between an NSSA and the backbone area.D. Top down D.) "Pass Any Exam. Shoot from the hip E.C QUESTION NO: 177 Which of the following are not true OSPF LSA rules? A. Component swapping C.Cisco 642-832: Practice Exam A. Any Time.www. OSPF LSA type 1 triggers an LSA type 3 at an ABR. B. A packet belonging to a GRE tunnel Answer: B. A Telnet packet from a session being initiated with the switch E. A packet being discarded due to a security violation D. Answer: A. Bottom up B. Follow the traffic path Answer: E QUESTION NO: 179 Which of the following are not BGRP data structures? (Choose all that apply. OSFP LSA type 2 triggers an LSA type 3 at an ABR.actualtests. The TCAM has reached capacity B. F.com Ac tua Several troubleshooters are about to work on the same problem. D. Which of the following troubleshooting methods would be most appropriate to make the best use of the troubleshooters1 time? lTe sts . OSPF LSA type 7 triggers an LSA type 5 at an ABR between an NSSA and the backbone area. E. An unknown destination MAC address C. Divide and conquer F." . Routing protocols sending broadcast traffic F.E QUESTION NO: 178 A.

com Ac tua You examine the port statistics on a Cisco Catalyst switch and notice an excessive number of frames are being dropped.D QUESTION NO: 180 Which of the following is a valid host IPv6 address? (Choose all that apply. EIGRP CEF table C. ff02:a:b:c::l/64 B.F QUESTION NO: 182 Which of the following would be considered reasonable network maintenance tasks? (Choose all that apply. EIGRP neighbor table D. Unknown destination MAC address B. EIGRP interface table F. 2001:aaaa: 1234:456c: 1/64 C. EIGRP adjacency table E.) "Pass Any Exam. 2fff:f:f:f::f/64 E. 2001:bad:2345:a:b::cef/128 Answer: B.actualtests. MAC forwarding table is full D. Network congestion Answer: B.) A. Bad cabling C. Port configured for full duplex F.D. EIGRP topology table Answer: A.F QUESTION NO: 181 A.co m 162 .Cisco 642-832: Practice Exam A. 2001:000a:lb2c::/64 D. Any Time. ff02:33ab:l:32::2/128 F.B. EIGRP database table B." . Port configured for half duplex E. Which of the following are possible reasons for the drops? lTe sts .www.

F QUESTION NO: 183 Which of the following options represents the correct sequence of DHCP messages after a client initially boots? A. DHCPREQUE5T.C. DHCPDISCOVER D. DHCPACK F. DHCPDISCOVER. DHCPDISCOVER. DHCPREQUEST. DHCPOFFER. DHCPREQUEST. DHCPOFFER. DHCPACK C.com 163 Ac tua lTe sts .B. B. Troubleshooting problem reports C. Giving presentations to management F. DHCPACK B. Any Time. Use the Cisco Rollback feature." . F. Use the Cisco Auto Configuration tool.1. DHCPACK E. DHCPREQUEST.1 port 23? (Choose all that apply.www. DHCPREQUEST.1. DHCPOFER.co m . DHCPOFFER. DHCPREQUEST. Ensuring compliance with legal regulations and corporate policies B. DHCPDISCOVER.Cisco 642-832: Practice Exam A. Providing support to sales and marketing E. C. E. DHCPOFFER Answer: B QUESTION NO: 184 Which of the following statements regarding documentation would not be considered a helpful step in the troubleshooting process? A.actualtests. DHCPDISCOVER. Schedule documentation checks. Use the Cisco Configuration Archive tool. DHCPACK. Automate documentation. Planning for network expansion D. DHCPDISCOVER. Monitoring and tuning network performance Answer: A. Answer: A QUESTION NO: 185 Which of the following statements are true concerning the command ip sla monitor responder type tcpconnect ipaddress 10. DHCPACK. D.) "Pass Any Exam. DHCPOFFER. Require documentation prior to a ticket being closed out.

The command will allow only source address 10. Only if the DHCP sever issues a DHCPNAK to the initial request E.1. F. B. Only when the client is on the same subnet as the server F. Any Time.1.Cisco 642-832: Practice Exam A.D QUESTION NO: 186 In what situation would the command ip helper-address be required? (Choose the best answer. copy archive running config D.com Ac tua lTe sts .1 to source probes. The command is used on the IP SLA responder and the IP SLA source. D.1. The command will initiate a probe with a source port of 23. Answer: A. The command will initiate a probe with a destination Telnet port. Only when there is a duplicate IP address caused by a combination of static and dynamic IP address allocations B.) A. Only when the DHCP pool is out of IP addresses Answer: C QUESTION NO: 187 Which of the following commands will restore a previously archived configuration by replacing the running configuration with the archived configuration? A. C. The command will initiate a probe with a destination IP address of 10.actualtests.co m 164 . On each router that exists between the client and the server C. E. configure archive running-config B. configure tftp running-config Answer: B QUESTION NO: 188 Which of the following is not a characteristic of fast switching? "Pass Any Exam.1. copy startup-config running-config E.www." . Only when a router separates the client from the server D.1. The command is used to make the router a responder. configure replace C. copy tftp running-config F.

F. use the information in the fast cache. Cable type connected to interface E. Fast switching reduces a routers CPU utilization.actualtests. except for the first packet. show crypto engine connections active D.E. Layer 2 status F. It can be enabled with the interface command ip route-cache. Any Time. Answer: D QUESTION NO: 189 Which of the following commands will display a router's crypto map IPsec security association settings? A.B. Output queue drops C.Cisco 642-832: Practice Exam A. Interface CPU utilization D.com 165 Ac Which of the following pieces of information will the command show interface provide? (Choose all that apply. Fast switching uses a fast cache maintained in a router's control plane.) tua lTe sts .www. show crypto map C. D. Input queue drops Answer: A. show ipsec crypto map E. B. Even though the fast switching is enabled. Layer 1 status B." . compared to process switching. All packets of a flow. C.F QUESTION NO: 191 Which of the following statements concerning IGMP are correct? (Choose all that apply. the first packet of a flow is still process switched. E. The fast cache contains information about how traffic from different data flows should be forwarded. show crypto map sa F.) "Pass Any Exam.co m . show crypto map ipsec sa B. show ipsec crypto map sa Answer: A QUESTION NO: 190 A.

E QUESTION NO: 192 Which of the following are byproducts of a structured maintenance plan? (Choose all that apply. Increased downtime E. E. F. queries are sent to a specific group." .) A. Hosts issuing IGMPvl requests will be correctly interpreted by IGMPv2 hosts due to backward compatibility. D. Economies of scale C. C. Consumption of fewer resources Answer: A.D QUESTION NO: 194 Which of the following commands will remove all dynamic entries for a router's NAT table? A. EIGRP uses "cost" to determine best path. a leave message is supported. Predictable security vulnerabilities B.com 166 Ac tua lTe sts . With IGMFV2. Answer: A. Improved expenditure forecasts D. An IGMPv2 host will send an IGMFVl report on an IGMFVl router. B.F QUESTION NO: 193 Which of the following are correct statements? A. Answer: C. clear nat translations "Pass Any Exam.C. Predictable equipment obsolescence F.B. EIGRP allows unequal cost load balancing.C. B. OSPF requires neighbor adjacencies before updates are sent. EIGRP advertises the best routes to its neighbor. An IGMPv2 router can only allow IGMPv2 hosts to execute a join request. EIGRP advertises all routes to its neighbor. C.www.actualtests. An IGMPv2 router will ignore IGMPv2 leave messages when IGMFVl hosts are present.Cisco 642-832: Practice Exam A.D.E.co m . With IGMPvl. F. OSPF allows unequal cost load balancing. Any Time. D. E.

User authentication ID and password "Pass Any Exam. Cisco proprietary B. VPN client software F.F .C. clear ip nat translations all Answer: B QUESTION NO: 195 Which of the following are TACACS+ characteristics? (Choose all that apply. MTU size E.Cisco 642-832: Practice Exam B.) A.co m .www. Uses UDP for a transport layer F. Any Time. Provides separate services for authentication. clear ip nat statistics D. GRE or IPsec configuration D. Authentication server configured ly Answer: B. User authentication B. authorization.) lTe sts Answer: A.actualtests. and accounting D. clear ip nat transactions * E. Encrypts the entire packet QUESTION NO: 196 A. Standards-based protocol C. clear ip nat translations F.) A." . Encrypts only the password E. clear ip nat translations* C.C.D QUESTION NO: 197 Which of the following would provide good baseline documentation to have on hand when analyzing potential problems? (Choose all that apply.com 167 Ac tua Which of the following are common issues that should be considered when establishing or troubleshooting site-to-site VPNs? (Choose all that apply. Overlapping IP address space C.

sh ip route <ip_addres$> E. A Root Guard port receiving inferior BPDU goes into a root-inconsistent state. Output of show interface E. Any Time.D QUESTION NO: 199 A. Answer: B. sh ip adjacency </p_address> F. User profile C. Output of show process cpu Answer: C. A Root Guard port receiving superior BPDU goes into a root-inconsistent state. Result of ping F. While the port is in a root-inconsistent state no user data is sent across that port. sh adjacency <ip_address> D.www. sh ip route B.com Ac tua Which of the following commands provides data plane information required to forward a packet to a specific ip address? lTe sts . Output of debug D. C. B.F QUESTION NO: 198 Which of the following characteristics describe the Root Guard feature? (Choose all that apply. sh ip cef <ip_address> C. It should be applied to all switch ports. sh ip cef <mac_addrQss> <ip_address> Answer: B QUESTION NO: 200 Which of the following management types can be used to deploy appropriate quality-of-service solutions to make the most efficient use of bandwidth? "Pass Any Exam.co m 168 . The port must be put into forwarding state manually after root-inconsistent state has been corrected.D.E. D.) A.actualtests. F." .Cisco 642-832: Practice Exam B. E. The port returns to a forwarding state if inferior BPDUs stop.

" .D QUESTION NO: 203 Which of the following is not a characteristic of Cisco Express Forwarding? A. "Pass Any Exam. Optimized switching E.actualtests. The adjacency table is populated from a router's ARP cache. Process switching F. The trunking encapsulation type is inconsistent on the two ends of the link Answer: A. Cisco Express Fonvarding B. The VLAN is excluded from the trunk D.) A. Operations management D.www. Security management F. Performance management E. Accounting management C. FIB switching C.co m .F QUESTION NO: 202 Which of the following is an unlikely reason for the ARP process to fail? A. Cache switching D. Fast switching Answer: A. A faulty cable from host to switch or between switches F. Configuration management Answer: D QUESTION NO: 201 Whichof the following are valid modes of packet switching on most routers? (Choose all that apply. CEF switching is disabled on the switch B. The host is connected to the switch through an IP phone E. Fault management B.com 169 Ac tua lTe sts .E.Cisco 642-832: Practice Exam A. Any Time. The source device and destination device are in different VLANs C.

" . C.0c70.0d22.F QUESTION NO: 205 A. Any Time.cala F.) A.ac07 Answer: C QUESTION NO: 206 Which of the following procedures are involved in the recommended three-step troubleshooting flow? (Choose the best three answers.ac22 E. Document causes D.com 170 Ac tua Which of the following virtual MAC addresses is correct for the HSRP group 22? lTe sts . 0000. The FIB is populated from a router's IP routing table. Eliminate potential causes B. 0000.www. 0000. Verif/ hypothesis F.Cisco 642-832: Practice Exam B. D. On most router platforms CEF is enabled by default.E.D. F. 0000.) A. Hypothesize underlying causes E.co m . Answer: D QUESTION NO: 204 Which of the following are considered subcomponents of the problem diagnosis step of the troubleshooting flow? (Choose all that apply. Problem report "Pass Any Exam. Examine collected information Answer: A. CEF maintains the Forward Information Base and the adjacency table. E. Collect information C. 0000. 0000. CEF does not require the first packet of a data flow to be process switched. CEF can be enabled with the interface command ip cef.B.0c07.0c07.ac22 B.0c70.0c07.actualtests.22ac C.acl6 D.

1. Problem resolution E. Probiem authentication Answer: A.1 Data Pattern M. OSPF route 10. Ping 10.0/24 Answer: B. OSPF interface table C. Problem documentation F.0.1. OSPF route 10.M. OSPF topology table B.M A. OSPF link-state database E.E QUESTION NO: 209 Which of the following commands would result in the following output: M.1.) lTe sts .C.2. Problem collaboration C.0. Any Time.1 timeout 0 "Pass Any Exam." . B.0/16 F.D. RIP route 10.1. OSPF adjacency table F. OSPF routing information base D. OSPF neighbor table Answer: B.0/16 D.2. Ping 10. RIP route 10.F QUESTION NO: 208 A. EIGRP route 10. RIP route 10.2.1.1.actualtests.www.com 171 Ac tua A router simultaneously receives all the following routes in various routing updates. Which of the following routes would end up in the routing table? (Choose all that apply.0.1.0/24 B.0/24 C.1.C. Problem diagnosis D.0.0/16 E.D QUESTION NO: 207 Which of the following data structures exist on a router for the OSPF routing protocol? A.1.co m .Cisco 642-832: Practice Exam B.D.

0. FF02::5 Answer: F QUESTION NO: 212 Which of the following commands shows all routes learned via EIGRP? (Choose all that apply.1. Rl(config-router)#ipv6 rip route . Any Time.www. FF02::10 E.1 size 1500 F.255.1. Rl(config-router)#ipv6 rip <process-name> default-information only C.1 source loopback 0 E. 224." .) A.1. Ping 10. show ip eigrp adjacency C.1.255 B.10 F. Rl(config-router)#aggregate-address ::/0 summarize-routes QUESTION NO: 211 The 0SPFv3 process will send hello packets to which of the follov/ing well-known addresses? A. show ip eigrp routes "Pass Any Exam.0.1.actualtests.6 C. show ip eigrp topology B. Ping 10. Rl(config-if)#ipv6 default-information originate B.255. Rl(config-if)#ipv6 rip <process-name> default-information only E.Cisco 642-832: Practice Exam C. Rl(config)#ipv6 route ::/0 null 0 D.1.co m .:/0 originate F.1 size 1500 Strict Answer: C QUESTION NO: 210 Which of the following commands will cause RIPng to originate a default route advertisement while suppressing all other routes? A.0. Ping 10. 255.1. 224.0.1 size 1500 df-bit D. FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFF:FFF D.1. Ping 10.com 172 Ac tua lTe sts Answer: D .

D.) A.com 173 Ac tua lTe sts . The metric parameter in the redistribute command D.actualtests. show ip eigrp database E." . The default-metric command E.F QUESTION NO: 215 Which of the following characteristics are common to both RIPv2 and RIPng? (Choose all that apply. Switch port D. A route-map containing a seed command F. The default-metric command configured under the appropriate interface B. Interface can be added to RIP routing process in either interface configuration mode or in router configuration mode "Pass Any Exam. show ip route eigrp F.co m . Any Time. Nonswitch port C. Root port Answer: A.) A.E.F QUESTION NO: 214 Which of the following is a valid method for defining a seed metric? (Choose all that apply.) A.www.Cisco 642-832: Practice Exam D. Link-local address used for next-hop addresses B. The metric parameter in the network command of a routing process C. A route map containing a metric command Answer: C. Nondesignated port F. Nonroot port E. Designated port B. show ip eigrp forwarding Answer: A QUESTION NO: 213 Which of the following three port types are valid Spanning Tree port types? (Choose the best three answers.

Quality of Service "Pass Any Exam. and use static routes to point the IPv4 address to those interfaces. Any Time.1/route.168.D. E. and use either static routes or a routing process to direct IPv6 packets through those interfaces." .Cisco 642-832: Practice Exam C. Distance-vector routing protocol F.168. Create IPv4 interfaces on both ends of the network. show ip route ft include tJtp://19Z168.1/route.txt C show ip route | include tftp://192.1.1. Use hop count as a metric E.E.com 174 Ac tua lTe sts .1/route. Uses a multicast to send routing updates D. Answer: F QUESTION NO: 218 Which of the following is not a typical wireless troubleshooting target? A.1/route. Create an IPv4 tunnel and assign the tunnel IPv6 addresses.1. F. Use an IPv6 routing protocol like OSPFv3 and assign IPv4 packets to that process.1.F QUESTION NO: 216 Which of the following commands will enable you to see the contents of the IP routing table and send the output to a TFTP server at the same time? A.168. show ip route | redirect tftp://192.1. Create IFV6 interfaces on both ends of the network.1/route. Create an IPv4 tunnel and use the tunnel mode ipv6ip command. show ip route | to tftp://192.txt E.www.actualtests. B. IPv6 packets cannot be encapsulated with IPv4 headers because the addresses are not compatible. Maximum hop count is 15 with 16 being "unreachable" Answer: C.co m .txt Answer: B QUESTION NO: 217 Which of the following solutions will encapsulate IPv6 packets with IPv4 headers? A.txt B.txt D. show ip route | tee tftp://192. D. C.168.

User profiles F.F QUESTION NO: 221 You are using NBAR to get a statistical baseline for the applications running on your network but discover that some applications are not being recognized.) lTe sts .co m . 2001::abc:0:0:000a:000b D. 2001::abc:0:0:a:b Answer: F QUESTION NO: 220 A. Trunk configuration C. Overiapping IP address space D.B. DHCP configuration Answer: D QUESTION NO: 219 Which of the following is a valid representation of the following IPv6 address: 2001:0000:0000:0abc:0000:0000:000a:000b? Choose the answer with the least number of digits.actualtests.com 175 Ac tua Which of the following are troubleshooting targets common to both site-to-site and remote-access VPNs? (Choose all that apply. 2001:0000:0000:abc::a:b F. DMVPN E. Any Time. Misconfiguration of VPN end points C. Routing protocol configuration E.Cisco 642-832: Practice Exam B. 2001::0abc:0000:0000:a:b E. Power over Ethernet F. Which of the following are possible solutions? (Choose all that apply. 2001::abc::a:b C. MTU Answer: A.) "Pass Any Exam. A. Routing loops B." .www. 2001:0000:0:abc:0000:0000:a:b B. Access lists D.

A large number of BGP sessions.co m 176 . May have Ethernet as well as non-Ethernet interfaces B.C QUESTION NO: 222 Which of the following statements are true for routers but not true for Layer 3 Ethernet switches? (Choose all that apply. A router is configured with the following command: ip route 0.B. Use the ip nbar port-map command to allow NBAR to recognize certain applications with anev/ port number. D. D.0. A large BGP table.0. C. E.com Ac tua lTe sts . Answer: A.0.0. Use the ip nbar pdlm command to allow NBAR to reference a new PDLM in flash memory. E. B.D QUESTION NO: 223 Which of the following events would not explain excessive CPU utilization? A.actualtests. If NBAR doesn't recognize certain applications you must contact Cisco and ask them to email you a new PDLM for that application. A flapping interface. The applications not being recognized can be rerouted to an NBAR collector. Use the copy nbar flash: command to download a new PDLM file to flash. Uses subinterfaces to define trunks E. Use the ip nbar pdlm command to download a new NBAR reference file from the Cisco website. Answer: B QUESTION NO: 224 "Pass Any Exam.Cisco 642-832: Practice Exam A. Makes use of TCAMs D.www. B.) A. All interface buffers are continually in use. Any Time. The router sends a large number of ARP requests. F. F.0 0." . Can use both Layer 2 and Layer 3 to make forwarding decisions F. C.0 fa 0/1. Traditionally used as a standalone device for inter-VLAN communication C. Allows the definition of Switched Virtual Interfaces (SVI) Answer: A. which has a more complete list of applications.

whereas an ARP reply uses a address. unicast D. multicast. 2851 D. unicast E. Updating software D." Which "Pass Any Exam. "Please update the network documentation to record why the ip routing table was cleared. broadcast. unicast. broadcast. Monitoring network performance E. multicast B." . Providing technical customer support B.co m Which of the following is not a typical maintenance task within a network maintenance model? . 2801 C. Changing configurations C.www. 2811 B.Cisco 642-832: Practice Exam Which of the following correctly fills in the missing words of this sentence: An ARP request uses a address. 1841 F. 3825 Answer: A. broadcast C. 2821 E. Any Time. broadcast. broadcast F. multicast Answer: C QUESTION NO: 225 Answer: A QUESTION NO: 226 A. A. Scheduling backups . Replacing hardware F.B. unicast.com 177 Ac Which of the following router models will support 1000 tunnels? tua lTe sts A.F QUESTION NO: 227 A network administrator enters the command clear ip route * and as a result he sees the message.actualtests.D.C.

NetFlow B.Cisco 642-832: Practice Exam router feature was used in this case? A.actualtests. Attacker sends gratuitous ARP replies.www. Debug D.co m 178 . CEF Answer: E QUESTION NO: 228 Which of the following types of attacks does DHCP snooping prevent? (Choose all that apply. Attacker connects rogue server replying to DHCP requests D. C. thereby jamming the DHCP server F.C sts . SysLog E. F. Run BGP on a different platform that already has more memory. Any Time. EEM F. D. Increase the BGP update timer.com Ac You issue the command show process memory | include BGP and notice that BGP is consuming a large percentage of the router's memory.) tua QUESTION NO: 229 lTe Answer: A. thereby jamming the DHCP server A.F QUESTION NO: 230 "Pass Any Exam. Compress the BGP table. Use a default route instead of maintaining a full BGP table. Attacker sends unsolicited DHCP replies. Attacker connects rogue server initiating DHCP requests C. E. Answer: A. Upgrade the router memory. Filter unneeded BGP routes. SNMP C.C. B. Attacker sends DHCP jam signal causing DHCP server to crash E. Attacker sends multiple DHCP requests flooding DHCP server B.) A. Which of the following steps would result in lowering the amount of memory being consumed by BGP? (Choose all that apply." .

EIGRP will only advertise routes that are within three hops of the current router. Which of the following statements is true? A.co m 179 . Can support multiple subnets on a single link E. and so will any route with a metric at most three times greater than the value of the successor's metric. A route's feasible successor is calculated as the successor plus the feasible distance. C. B. An error will result because a router cannot be configured with an EIGRP variance of 3 because the maximum variance number is 2. C. A route's successor route is the feasible distance plus the advertised distance. and so will any route with a metric at least one third the value of the successor's metric. plus the advertised distance. A route's feasible distance is the sum of the advertised distance and the successor distance. Has the same packet types D. Any Time. B. "Pass Any Exam.com Ac tua lTe sts ." . The successor route will be any route with three times the value of the advertised distance. Requires direct connectivity from the backbone area to all other areas C. F. plus the advertised distance. The best three routes with equal cost paths will end up in the routing table. D. Answer: B QUESTION NO: 232 Which of the following statements is correct? A.actualtests. The successor route will end up in the routing table. The successor route will end up in the routing table.www. F. A route's feasible successor is the sum of the router's metric to reach the neighbor. E. A route's feasible distance is calculated as the advertised distance plus the feasible successor's distance. D. Adjacencies formed with neighbors Answer: D QUESTION NO: 231 A router has been configured with an EIGRP variance of 3. Uses a hierarchical structure divided into areas F.Cisco 642-832: Practice Exam Which of the following characteristics applies only to OSPFv3 and not to OSPFv2? A. A route's feasible distance is the sum of the router's metric to reach the neighbor. E. Several processes can exist simultaneously B.

"Pass Any Exam. B. Any Time. Inventory of network equipment QUESTION NO: 234 Answer: A.E. IGP community elements C.co m Answer: C.) A.www. EtherChannel F. C. Cabling C. The interface you configured for AutoQoS is set to half-duplex.actualtests.C. Spanning Tree Protocol B.Cisco 642-832: Practice Exam Answer: A QUESTION NO: 233 Which of the following are considered common elements found in a set of network documents? (Choose all that apply. Packet forwarding E. D. AutoQoS was configured on only one end of the link. CEF is not enabled on the interface. Building schematic B. The interface's bandwidth is not correctly configured.com 180 Ac tua A. The interface you configured for AutoQoS has no IP address. Listing of interconnections D. Which of the following are possible reasons for AutoQoS not functioning correctly? (Choose all that apply.F . E. Routing protocols lTe sts Which of the following troubleshooting targets is considered to be a Layer 2 issue? (Choose all that apply. Physical topology diagram E.) . Logical topology diagram F. Frame forwarding D.) A.D.E QUESTION NO: 235 You are using AutoQoS Enterprise and realize that the results are not what you expected." .

F. Answer: A.D QUESTION NO: 237 Answer: B.actualtests. C. D. To create a trunk. B.D. A routed port is considered to be in a down state if it is not operational at both Layer 1 and Layer 2.C. F. tua lTe Which of the following characteristics are true assuming you are troubleshooting a network currently enabled for VRRP? (Choose all that apply. D. NAT caching "Pass Any Exam. an SVI can be logically divided into subinterfaces. It is a Cisco Proprietary protocol. The network is load balancing among different members of the VRRP group. Answer: B. An SVI port does not run 5TP or DTP. You enabled AutoQoS on the interface but forgot to enable globally first. NAT mapping B.B.co m .Cisco 642-832: Practice Exam F." .) A. C.) sts .E QUESTION NO: 236 Which of the following statements are true regarding Layer 3 switches? (Choose all that apply. The interface IP address is being used as the virtual IP address. E. An SVI is considered to be in a down state if it is not operational at both Layer 1 and Layer 2.C QUESTION NO: 238 Which of the following types of NAT allows multiple private internal IP addresses to use a single public external IP address? A. An SVI is considered to be in a down state only when none of the ports in the corresponding VLAN are active. Any Time. B. E.www. The default hello timers are 3 seconds. The default hello timers are 1 second. There are several routers in the group simultaneously forwarding traffic for the group.com 181 Ac A. A routed port does not run STP or DTP. NAT overloading C.

Dynamic NAT F.D.Cisco 642-832: Practice Exam D. clock EST-5 E.actualtests. which is five hours behind GMT? sts . Mismatched trunk mode E.F QUESTION NO: 240 Answer: F Explanation: Topi 4: More Questions (50 Questions) QUESTION NO: 241 "Pass Any Exam. dock GMT -5 D. Any Time.www.co m 182 . NTP timezone EST -5 F. Static NAT E. clock timezone GMT -5 C. Mismatched EtherChannel distribution algorithm D.E." . Mismatched EtherChannel port selection C.com Ac A. Mismatched EtherChannel protocol B. timezone EST -5 B. dock timezone EST -5 tua lTe Which of the following NTP command specifies that a router is in the Eastern time zone. Mismatched link speed Answer: A. Mismatched native VLAN F. Overlapping NAT Answer: B QUESTION NO: 239 Which of the following scenarios are likely reasons for an EtherChannel to fail? A.

B.co m . Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Below are the questions of this lab-sim. Before going to the questions of this sim. we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers. not of the opposite tunnel. The IP address on the E0/0 interface for the Branch4 router has the wrong IP mask.1. Any Time.255. sts .com 183 Ac tua lTe You are working as a network technician. "Pass Any Exam. study the exhibit carefully." . notice that the "tunnel destination" must be the IP address of the interface.www.255.actualtests.168. It should be 255.252.150 network from appearing in the HQ router's routing table? A. The default route is missing from the Branch4 router. What is preventing the 192.Cisco 642-832: Practice Exam Notice: The tunnel source on one router must be specified as the tunnel destination on the other router.

It should be network 192. When running EIGRP over GRE tunnels.1.0. E.255." . It should be 192. you will need to use the show running-config command on Branch4 router From the "Pass Any Exam.255.0.168. The network statement under router EIGRP on the Branch4 router is incorrect.co m 184 .actualtests.255.www.1.com Ac tua lTe sts .0 0. D.252. Answer: C Explanation: As you can guess.12 255.Cisco 642-832: Practice Exam C.168. you must manually configure the neighbor address using the eigrp neighbor ipaddress command. The IP address on the tunnel interface on P4S-Branch4 is incorrect. Any Time.

Any Time. we learn that the EIGRP network was wrongly configured on this router. By configuring "network 192. study the exhibit carefully.actualtests.co m 185 .com Ac tua lTe sts .0" the Branch4 will only advertise host 192.14 to HQ so HQ router will not know about the existence of 192. You are required to troubleshoot these problems.168.1. "Pass Any Exam.www.1.150 network.1.0. Before going to the questions of this sim.168." . QUESTION NO: 242 You are working as a network technician. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol.Cisco 642-832: Practice Exam From the show running-config output of Branch4.14 0. not of the opposite tunnel.0. we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers. notice that the "tunnel destination" must be the IP address of the interface.168.

It should be 192. D. Answer: B Explanation: Section: (none) QUESTION NO: 243 "Pass Any Exam.2. . The tunnel destination address for tunnel 5 is incorrect on the HQ router.255. It should be 10. E.252.co m 186 . C.www.16 255. Any Time. It should be serial 2/0. The tunnel numbers for tunnel between the HQ router and the Branch5 router do not match.Cisco 642-832: Practice Exam Notice: The tunnel source on one router must be specified as the tunnel destination on the other router.5.actualtests. The tunnel source for tunnel 5 is incorrect on the HQ router. Below are the questions of this lab-sim.1 to match the interface address of the Branch5 router. The IP address on the tunnel interface on Branch5 is incorrect. What is the reason that tunnel 5 on the HQ router is down when its companion tunnel on the Branch5 router is up? A. B.1. we learn that the tunnel source configured on HQ is Serial1/0 but HQ router connects to the Internet via Serial2/0 interface -> the tunnel source configured on HQ router was incorrect.com Ac tua lTe sts Use the show running-config command on HQ router. The tunnel interface for tunnel 5 on the HQ router is in the administrative down state." .168.255.

you must manually configure the neighbor address using the eigrp neighbor ipaddress command. not of the opposite tunnel. we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers. sts . "Pass Any Exam. notice that the "tunnel destination" must be the IP address of the interface. What is preventing the HQ router and the Branch1 router from building up an EIGRP neighbor relationship? A. You are required to troubleshoot these problems.www.co m ." . When running EIGRP over GRE tunnels. Below are the questions of this lab-sim.com 187 Ac tua lTe You are working as a network technician. Before going to the questions of this sim. Any Time.actualtests. study the exhibit carefully.Cisco 642-832: Practice Exam Notice: The tunnel source on one router must be specified as the tunnel destination on the other router. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol.

com Ac tua lTe sts . Any Time. D.1 to match the interface address of the Branch1 router.Cisco 642-832: Practice Exam B. It should be serial 2/0. The tunnel source is incorrect on the Branch1 router.1. "Pass Any Exam. The tunnel interface numbers for the tunnel between the HQ router and Branch1 router do not match. The tunnel destination address is incorrect on the HQ router.www. It should be 10. Answer: B Explanation: Use the show running-config command on HQ and Branch1 routers and we will see the tunnel destination address was wrongly configured on HQ router.actualtests. The default route is missing from the Branch1 router.2." .co m 188 . C. E.

co m 189 .actualtests.Cisco 642-832: Practice Exam QUESTION NO: 244 "Pass Any Exam." .com Ac tua lTe sts .www. Any Time.

com 190 Ac tua lTe You are working as a network technician. You are required to troubleshoot these problems.10 interface on the Branch3 router? A. study the exhibit carefully. sts . Before going to the questions of this sim. notice that the "tunnel destination" must be the IP address of the interface." .168. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. The tunnel interface numbers for the tunnel between the HQ router and the Branch3 router do not match "Pass Any Exam. Any Time. what is preventing a successful ping between the HQ router and the 192. Below are the questions of this lab-sim.actualtests. we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers.co m .1. For the following statements. not of the opposite tunnel. B. The default route is missing from the Branch3 router.www.Cisco 642-832: Practice Exam Notice: The tunnel source on one router must be specified as the tunnel destination on the other router.

Cisco 642-832: Practice Exam C. The tunnel source is incorrect on the Branch3 router. It should be serial 2/0. D. The IP address on the tunnel interface for the Branch3 router has wrong IP mask. It should be 255.255.255.252 E. The network statement under router EIGRP on the Branch3 router is incorrect. It should be network 192.168.2.0.0.0.0.255. Answer: A Explanation:

The Branch3 router is missing the default route to HQ router's interface (Serial2/0) so the ping command will not work.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

191

Cisco 642-832: Practice Exam QUESTION NO: 245

You are working as a network technician, study the exhibit carefully. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Before going to the questions of this sim, we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers, notice that the "Pass Any Exam. Any Time." - www.actualtests.com 192

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam "tunnel destination" must be the IP address of the interface, not of the opposite tunnel.

Answer: E

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: First we should check the configuration of both HQ and Branch 2 routers by using the show running-config command On HQ router:

tua

lTe

A. The default route is missing from the Branch2 router. B. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ip address command. C. The tunnel numbers for the tunnel between the HQ router and the Branch2 router do not match. D. The tunnel source is incorrect on the Branch2 router. It should be serial 2/0. E. The AS number for the EIGRP process on Branch2 should be 1 and not 11.

sts

.co

m

Notice: The tunnel source on one router must be specified as the tunnel destination on the other router. Below are the questions of this lab-sim. What is the reason for the ping between the HQ router and the 192.168.1.193 interface on the Branch2 router failing?

193

Cisco 642-832: Practice Exam

On Branch2 router

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

194

Cisco 642-832: Practice Exam

From the outputs we learn that the AS numbers in two routers are not the same. They therefore do not become EIGRP neighbors and the ping between two routers should fail.

QUESTION NO: 246 This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDK click on the button to left side of the screen that "Pass Any Exam. Any Time." - www.actualtests.com 195

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam corresponds to the section you wish to access. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.

Answer: B,D Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Digital Certificate B. Pre-Shared Key C. Transport Mode D. Tunnel Mode E. GRE/IPSEC Transport Mode F. GRE/IPSEC Tunnel Mode

sts

.co

Which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two)

m

196

To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access. In order to complete the questions.Cisco 642-832: Practice Exam QUESTION NO: 247 Which algorithm as defined by the transform set is used for providing data confidentiality when connected to Tyre? "Pass Any Exam. Changing questions can be accomplished by clicking the numbers to the left of each question.actualtests.www." . you will need to refer to the SDM and the topology. lTe sts . Any Time. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left. neither of which is currently visible. You can view these questions by clicking on the Questions button to the left.co m 197 .com Ac tua This item contains several questions that you must answer.

ESP-3DES-SHA B. QUESTION NO: 248 This item contains several questions that you must answer.actualtests. ESP-3DES E. "The transform set is a group of attributes that are exchanged together.com 198 Ac tua lTe sts .ESP-3DES. Any Time." .co m . You can view these questions by clicking on the Questions button to the left. ESP-3DES-SHA1 C.www. which eliminates the need to coordinate and negotiate individual parameters". In the picture above. we should review the concept: "Data confidentiality is the use of encryption to scramble data as it travels across an insecure media".Cisco 642-832: Practice Exam A. ESP-SHA-HMAC Answer: D Explanation: In the site-to-site VPN branch we see something like this so the answer should be ESP-3DES-SHA2 or ESP-3DES? To answer this question. ESP-3DES-SHA2 D. therefore the answer should be D . Data confidentiality therefore means encryption. we can see 3 parts of the transform-set ESP-3DES-SHA2: IPsec protocol: ESP IPsec encryption type: 3DES IPsec authentication: SHA2 The question wants to ask which algorithm is used for providing data confidentiality (encryption). Changing questions can be accomplished by clicking "Pass Any Exam.

com Ac tua lTe sts . subnet 10.89.www. subnet 10.159 B.168.0/24 E.195. you will need to refer to the SDM and the topology.168. neither of which is currently visible.168.4.192 C.0/24 F.38. subnet 10.23 D." . Any Time. In order to complete the questions.15. peer address 192.0/24 Answer: A.D Explanation: "Pass Any Exam. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left. peer address 192.actualtests. Which defined peer IP address an local subnet belong to Crete? (Choose two) A.5.Cisco 642-832: Practice Exam the numbers to the left of each question.55.co m 199 .7.23. peer address 192. To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access.

When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left. neither of which is currently visible. you will need to refer to the SDM and the topology." .www. lTe sts .actualtests.com 200 Ac tua This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left.Cisco 642-832: Practice Exam QUESTION NO: 249 Which IPSec rule is used for the Olympia branch and what does it define? (Choose two) A. Changing questions can be accomplished by clicking the numbers to the left of each question. Any Time. 102 "Pass Any Exam. In order to complete the questions.co m . To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access.

You will see a "permit" rule for traffic from 10.10." .com Ac tua lTe From the output above.0/24 destined to 10.0/24 will use the VPN E. Next click on "IPSec Rules" and select the Name/Number of 116 to view the rule applied to it.10.10.8.8.10. Any Time. Answer: B.E Explanation: "Pass Any Exam.actualtests.10.0/24 (notice that the picture shown the wildcard which are inverse subnet masks) sts . F.0/24 will use the VPN.0/24 to 10. IP traffic sourced from 10.5.Cisco 642-832: Practice Exam B.0/24 destined to 10. 116 C.28.33.co m 201 .15.10.5.0/24 destined to 10. IP traffic sourced from 10.10.28. we learn that the IPSec Rule is 116.0/24 will use the VPN. 127 D.www. IP traffic sourced from 10.10.

12 B.133. Any Time.com Ac tua Off Shore Industries is a large worldwide sailing charter. The packet has a source address of 172. "Pass Any Exam. As a recent addition to the network engineering team.Cisco 642-832: Practice Exam QUESTION NO: 250 This item contains several questions that you must answer.www. You can view these questions by clicking on the Questions button to the left. you can return to your questions by clicking on the Questions button to the left.actualtests.144 Answer: C. The application is not specified within the inspection rule SDM_LOW E. To gain access to either the topology or the SDM.29 C.E Explanation: The "incoming TCP packet on an untrusted interface" refers to the traffic sent from the outside to the outer interface of the router." . click on the button to left side of the screen that corresponds to the section you wish to access.16. The packet has a source address of 10. A.61. The session originated from a trusted interface D. you will need to refer to the SDM and the topology.29. neither of which is currently visible.94. The company has recently upgraded its Internet connectivity. answer the following questions: Which two options would be correct for a permissible incoming TCP packet on an untrusted interface in this configuration? (Choose two) lTe sts . Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions. you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab. When you have finished viewing the topology the SDM.219.co m 202 . The packet has a source address of 198.

144 is not in the "deny" lists so it satisfies the "permit any" line.29. there may be more filter rules than the ones shown above) The access list denies traffic from 172.actualtests. Changing questions can be accomplished by clicking the numbers to the left of each question. When you have finished viewing the topology the SDM.219. you can return to your questions by clicking on the Questions button to the left.133. You can view these questions by clicking on the Questions button to the left." . D is obviously incorrect because the SDM_LOW did specify the filter rule. neither of which is currently visible. The access list 101 only filter packets from "returning traffic" and it does not proceed traffic originated from a trusted (inside) interface so C is correct. Any Time.Cisco 642-832: Practice Exam "Pass Any Exam.16.www. E is correct because the IP address of 198.co (Notice: In the real exam. In order to complete the questions. tua lTe QUESTION NO: 251 sts . click on the button to left side of the screen that corresponds to the section you wish to access. To gain access to either the topology or the SDM.12/30 and 10.0. m 203 .0/8 networks so A and B are not correct.0.com Ac This item contains several questions that you must answer. you will need to refer to the SDM and the topology.

0/8) tua lTe sts . The packet has a source address of 172. The packet has a source address of 10.81. you will need to refer to the SDM and the topology. answer the following questions: Which two statements would specify a permissible incoming TCP packet on a trusted interface in this configuration? (Choose two) A.C Explanation: The "incoming TCP packet on a trusted packet" refers to the packet originates from the inside (trusted) interface.40 D. neither of which is currently visible.co m 204 . Changing questions can be accomplished by clicking the numbers to the left of each question.www. Using the SDM output from Firewall and ACL Tasks under the Configure tab.108 while allow other packets to go through (except 255.0. As a recent addition to the network engineering team.219. In order to complete the questions.com Ac The configured access list denies packets in the 172. The destination address is not specified within the inspection rule SDM_LOW. The company has recently upgraded its Internet connectivity.Cisco 642-832: Practice Exam Off Shore Industries is a large worldwide sailing charter.16.81. The packet has a source address of 198. you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility.255 and 127.81.233.133.108/30 subnetwork so it will only drop packets that have a source address of 172. When you have finished viewing the topology the SDM.255. To gain access to either the topology or the SDM. click on the button to left side of the screen that corresponds to the section you wish to access.16. you can return to your questions by clicking on the Questions button to the left. Any Time.79.108 C." .255. "Pass Any Exam.16. You can view these questions by clicking on the Questions button to the left.0. QUESTION NO: 252 This item contains several questions that you must answer. Answer: A.107 B.actualtests.

www. Moreover. The company has recently upgraded its Internet connectivity. answer the following questions: Which statement is true? m 205 . "Pass Any Exam. As a recent addition to the network engineering team. Both FastEthernet 0/0 and Serial 0/0/0 are trusted interface. FastEthernet 0/0 is a trusted interface and Serial 0/0/0 is an untrusted interface D.co Off Shore Industries is a large worldwide sailing charter. Using the SDM output from Firewall and ACL Tasks under the Configure tab.Cisco 642-832: Practice Exam Answer: C Explanation: The trusted interface is the inside interface and the untrusted interface is the outside interface. you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. B. sts . So Fa0/0 is the inside interface and S0/0/0 is the outside interface." . Any Time. from the above picture we see that the "Originating traffic" starts from FastEthernet0/0 to Serial0/0/0.actualtests.com Ac tua lTe A. Both FastEthernet 0/0 and Serial 0/0/0 are untrusted interfaces. C. FastEthernet 0/0 is an untrusted interface and Serial 0/0/0 is a trusted interface.

Cisco 642-832: Practice Exam QUESTION NO: 253 Which three statements accurately describe IOS Firewall configurations? (Choose three) A. Access-list 101 was configured for the trusted interface. Any Time. The IP inspection rule can be applied in the inbound direction on the secured interface. The IP inspection rule can be applied in the outbound direction on the unsecured interface.co m . the access-list for the returning traffic must be a standard ACL.C QUESTION NO: 254 Study this exhibit carefully. For temporary openings to be created dynamically by Cisco IOS Firewall. D. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.B." . What information can be derived from the SDM firewall configuration displayed? A. B. and access-list 100 was configured for the untrusted interface "Pass Any Exam.www. C.actualtests. Answer: A.com 206 Ac tua lTe sts .

Which two encapsulation methods require that an 827 ADSL router be configured with a PPP username and CHAP password? (Choose two) A. RFC 1483 Bridged with the 827 configured as the PPPoE client E.co m . Traffic originating from the router is considered trusted. we need a username and password to match with those configured at the Internet Service Provider (ISP). and access-list 101 was configured for the outbound direction on the trusted interface. so it is not inspected. and access-list 101 was configured for the outbound direction on the untrusted interface. and access-list 101 was configured for the untrusted interface. It can be used to block bulk encryption attacks.actualtests. It can be used to protect against denial of service attacks C. D. C. RFC 1482 Bridged with the 827 configured as a bridge Answer: B. PPPoE with the 827 configured as a bridge B.com 207 Ac QUESTION NO: 256 tua Answer: B. PPPoA D. Access-list 100 was configured for the inbound direction.E lTe sts . PPPoE with the 827 configured as the PPPoE client C. an ACL entry is statically created and added to the existing ACL permanently. Any Time.Cisco 642-832: Practice Exam B.www. Temporary ACL entries that allow selected traffic to pass are created and persist for the duration of the communication session.C Explanation: When configuring PPPoE (as the PPPoE client) and PPPoA. B." . "Pass Any Exam. Access-list 100 was configured for the inbound direction. Answer: B Explanation: The last line of access-list 100 is used to "permit" all the traffic so it is the inside (trusted) interface. D. Access-list 100 was configured for the trusted interface. Based upon the custom firewall rules. QUESTION NO: 255 Which two statements are true about the Cisco Classic (CBAC) IOS Firewall set? (Choose two) A. The last line of access-list 101 is used to "deny" all traffic so it is the outside (untrusted) interface. E.

Any Time. Which action would correct this problem? "Pass Any Exam. Router Net is unable to establish an ADSL connection with its provider.actualtests.Cisco 642-832: Practice Exam QUESTION NO: 257 Router NetworkTut is configured as shown below: Given the above configuration. which statement is true? A.co m 208 . This device is configured an an aggregation router Answer: B Explanation: Notice that the command "encapsulation aaa15mux ppp dialer" is configured under interface ATM0/0.com Ac tua lTe sts ." . This device is configured as RFC 1483/2684 bridge D. QUESTION NO: 258 As a network engineer. study the exhibit carefully. This configuration is used for PPPoA client.www. This device is configured as a PPPoE client B. This device is configured as a PPPoA client C.

sts . On the Dialer0 interface. On the ATM0/0 interface.Cisco 642-832: Practice Exam Answer: C QUESTION NO: 259 Which statement about PPPoA configuration is correct? A. B. The ip mtu 1496 command must be applied on the dialer interface C. On the Dialer0 Interface. add the dialer pool-member 1 command D. add the pppoe enable command B.www. add the ip mtu 1496 command C. The encapsulation ppp command is required D.com Ac tua lTe A. Any Time." .actualtests. The dsl operating-mode auto command is required if the default mode has been changed.co m 209 . add the dialer pool-member 0 command. On the ATM0/0 interface. The ip mtu 1492 command must be applied on the dialer interface Answer: A QUESTION NO: 260 "Pass Any Exam.

0.1. the configuration is incorrect. B.com.1.255".1. F. If the last statement is "access-list 112 permit icmp any 10.1." . Answer: C Explanation: The network 10.255".2. which configuration option would correctly configure router NET? .255". ACL 112 should have been applied to interface Fa0/0 in an inbound direction. study the exhibit carefully.0. D. C.com 210 Ac tua lTe sts Configuration Exhibit: NET(config)# access-list 112 deny icmp any any echo log NET(config)# access-list 112 deny imp any any redirect log NET(config)# access-list 112 deny icmp any any mask-request log NET(config)# access-list 112 permit icmp any 10.0 is the internal LAN network.1.255 NET(config)# interface Fa0/1 NET(config-if)# ip access-group 112 in You work as a network administrator at networkTut.0 0. The last statement of ACL 112 should have been "access-list 112 permit icmp any 10.0.0.www. On the basis of the information in the exhibit.co m .2.1. The last statement of ACL 112 should have been "access-list 112 deny icmp any 10.actualtests.0. The last statement of ACL 112 should have been "access-list 112 deny icmp any 10. The configuration has been applied to router NET to mitigate the threat of certain types of ICMPbased attacks while allowing some ICMP traffic to the corporate LAN to work.Cisco 642-832: Practice Exam Network Topology Exhibit: A.0.2.0. The first three statements of ACL 112 should have permitted the ICMP traffic and the last statement should deny the identified traffic. E. it will allow ICMP traffic sent from the Internet to work and thus makes the router vulnerable to ICMP-based attacks QUESTION NO: 261 "Pass Any Exam. None of the above.255".1.0 0.0 0.0. Any Time. ACL 112 should have been applied to interface Fa0/1 in an outbound direction G.1.0.0 0.0.1. However.0 0.

" . Any Time.actualtests. to extract relevant SNMP information D. to pull event logs from the router C. Use SSH or SSL C.www. Refer to the exhibit.co m 211 . "Pass Any Exam. The LIST1 list will disable authentication on the console port.Cisco 642-832: Practice Exam As a network technician.com Ac tua Authentication is the process of determining if a user or identity is who they claim to be. to perform application-level accounting Answer: B QUESTION NO: 263 A. do you know for what purpose SDM uses Security Device Event Exchange (SDEE)? A. Enable trust levels D. do you know what is a recommended practice for secure configuration management? A. to provide a keepalive mechanism B. Disable post scan B. Deny echo replies on all edge routers Answer: B QUESTION NO: 262 As a network engineer. Which statement about the authentication process is correct? lTe sts .

C.www. If a TACACS+ server is not available. If the group database is unavailable. Answer: A Explanation: The command "aaa authentication login LIST1 none" tells the router not to use any authentication method for the LIST1. The command login authentication group will associate the AM authentication to a specified interface. Which two statements about the AAA configuration are true? (Choose two) tua lTe sts A. All login requests will be authenticated using the group tacacs+ method C. the LIST1 list will not authenticate anyone on the console port. AAA stands for authentication. Any Time.com Ac Refer to the exhibit.Cisco 642-832: Practice Exam B. The default login authentication will automatically be applied to all login connections D.F "Pass Any Exam. the radius server will be used. D. The command "login authentication LIST1" under console mode applies the LIST1 for the logging using console port. then the user Bob could be able to enter privileged mode as long as the proper enable password is entered. B. Because no method list is specified. authorization and accounting. Which option about the AAA authentication enable default group radius enable command is correct? 212 . F." . then a user connecting via the console port would not be able to gain access since no other authentication method has been defined. C.actualtests. Two authentication options are prescribed by the displayed aaa authentication command Answer: D.co m In computer security. If the radius server returns a 'failed' message. the enable password will be used. QUESTION NO: 264 Answer: A QUESTION NO: 265 A. the enable password will be used. If the radius server returns an error. If a TACACS+ server is not available. group radius should be used instead of group tacacs+. E. A good security practice is to have the none parameter configured as the final method used to ensure that no other authentication method will be used. The aaa new-model command forces the router to override every other authentication method previously configured for the router lines. D. . To increase security. B.

Step 3: ESP negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. D. The crypto ACL number B. Each Hot Standby Routing Protocol (HSRP) standby group has two well-known MAC addresses and a virtual IP address. Two authentication options are prescribed by the above command.com Ac tua lTe sts . The MTU size of the GRE tunnel interface Answer: C. The GRE tunnel source interface or IP address. The GRE tunnel interface IP address D. Step 2: ESP authenticates IPsec peers and negotiates IKE SAs. Step 4: Data is securely transferred between IPsec peers. What are the four steps to setup an IPsec VPN? A. Step 1: Interesting traffic initiates the IPsec process. "Pass Any Exam. They are tacacs+ and none QUESTION NO: 266 You need to configure a GRE tunnel on a IPSec router. The IPSEC mode (tunnel or transport) C. The cypto isakmp keepalive command is used to configure the Stateful Switchover (SSO) protocol.co m 213 . which two parameters are required when defining the tunnel interface information? (Select two) A. B. and tunnel destination IP address E.D QUESTION NO: 267 Which statement correctly describes IPsec VPN backup technology? A. The cypto isakmp keepalive command is used to configure stateless failover Answer: D QUESTION NO: 268 IPSec VPN is a widely-acknowledged solution for enterprise network. Any Time." . When you are using the SDM to configure a GRE tunnel over IPsec.actualtests.www.Cisco 642-832: Practice Exam Explanation: The aaa new-model command will override previously configured authentication method -> D is correct. Reverse Route Injection (RRI) is configured on at the remote site to inject the central site networks C.

Step 1: Interesting traffic initiates the IPsec process. The Cisco IOS IPsec High Availability (IPsec HA) Enhancements feature provides an infrastructure for reliable and secure networks to provide transparent availability of the VPN gateways . Dual Router Mode (DRM) IPsec C. Step 3: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers.that is. Step 1: Interesting traffic initiates the IPsec process. Step 3: IKE authenticates IPsec peers and negotiates IKE SAs. Step 4: Data is securely transferred between IPsec peers.Cisco 642-832: Practice Exam B." .actualtests.com 214 Ac tua lTe sts Study the exhibit carefully. Cisco IOS Software-based routers. Step 4: Data is securely transferred between IPsec peers. Step 1: Interesting traffic initiates the IPsec process.co QUESTION NO: 269 m . Step 3: AH negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. D. What are the two options that are used to provide High Availability IPsec? (Choose two) . HSRP B. Answer: C A. C. Step 2: AH authenticates IPsec peers and negotiates IKE SAs. IPsec Backup Peerings D.D "Pass Any Exam. Step 4: Data is securely transferred between IPsec peers.www. RRI Answer: A. Step 2: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Any Time. Step 2: IKE authenticates IPsec peers and negotiates IKE SAs.

crypto map {map-name} {seq-name} ipsec-isakmp (creates or modifies a crypto map entry and enters crypto map configuration mode) 3.0.www. IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers. Any Time." . we perform the following steps: 1. configure terminal 2. D.168.D QUESTION NO: 271 A new router was configured with the following commands: "Pass Any Exam. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH) protocol for exchanging keys. Which three IPsec VPN statements are true? (Choose three) m QUESTION NO: 270 215 . To establish IKE SA. reverse-route [static | tag tag-id [static] | remote-peer [static] | remote-peer ip-address [static]] (creates source proxy information for a crypto map entry) Answer: A. To configure RRI under a static crypto map. The "crypto map" and "reverse-route" lines specify Reverse Route Injection (RRI) is being used. C. sts . IKE keepalives are unidirectional and sent every ten seconds B.Cisco 642-832: Practice Exam Explanation: The "standby ip" command specifies HSRP is being used (and it establishes 192.co IPSec VPN is a widely-acknowledged solution for enterprise network.com Ac tua lTe A.actualtests.C. main mode utilizes six packets while aggressive mode utilizes only three packets. Reverse Route Injection (RRI) is the process of injecting a static route into the Interior Gateway Protocol (IGP) routing table.3 as the IP of the virtual router).

Before MPLS is enabled. Before MPLS is enabled. the ip cef command is only requited on routers 1 and 4. E. Answer: E Explanation: "Pass Any Exam.www.co m 216 . Routers A and B are customer routers. By doing this. After MPLS is enabled. Routers 1. To prevent customers from running LDP with the ISP routers C.Cisco 642-832: Practice Exam The configuration above was found on an Internet Service Provider's (ISP) Multiprotocol Label Switching (MPLS) network. B. To use CBAC to shut down Distributed Denial of Service attacks F. the ip cef command is only required on the Ethernet 0 interfaces of routers 1 and 4. After MPLS is enabled. the ip cef command is only required on the Ethernet 0 interfaces of routers 1 and 4. 3 and 4 are provider routers. the ip cef command is only required on routers 1 and 4. the TDP neighbor session between the customer and ISP routers will not be formed. The routers are operating with various IOS versions. D.actualtests.com Ac tua lTe sts . the ip cef command must be applied to all provider routers. To prevent other ISPs from running LDP with the ISP routers D. Before MPLS is enabled. QUESTION NO: 272 Study the exhibit carefully. To prevent customers from running TDP with the ISP routers B. To use IPS to protect against session-replay attacks G. None of the above Answer: A Explanation: The 711 port is used for Tag Distribution Protocol (TDP) and the administrator usually wants to block this type of traffic between the ISP and customer routers due to security reason. What is its purpose? A. C. 2. To prevent man-in-the-middle attacks E. Any Time. Which frame mode MPLS configuration statement is true? A." .

QUESTION NO: 273 DRAG DROP Drag each type of attack on the left to the description on the left. Answer: Explanation: 1) Trojan horse: Programs that appear desirable but actually contain something harmful. 4) Worm: Executes arbitrary code and installs copies of itself in the memory of the Infected computer "Pass Any Exam.Cisco 642-832: Practice Exam CEF is the fundamental requirement of the MPLS architecture and must be enabled globally on all routers that want to use MPLS.com Ac tua lTe sts ." . Any Time.co m 217 .actualtests.www. 3) Port redirection: Compromised system that is used as a jump-off point for attacks against other targets. 2) Virus: Malicious software attached to other programs and which execute a particular unwanted function on a user workstation.

Cisco 642-832: Practice Exam QUESTION NO: 274 DRAG DROP Drag and drop question.actualtests.co m . The upper gives the MPLS functions. the bottom describes the planes. Drag the above items to the proper location at the below Answer: Control Plane: Exchange routing updates between neighboring devices Exchanges labels between peer devices Compiles a list of all labels advertised and received Data Plane: Performs label swapping "Pass Any Exam.www. Any Time.com 218 Ac tua lTe Explanation: sts ." .

" .Cisco 642-832: Practice Exam Performs packet forwarding Builds a mapping of destination networks to active labels QUESTION NO: 275 DRAG DROP Drag the protocols that are used to distribute MPLS labels from the above to the target area on the below.(Not all options will be used) Answer: Explanation: "Pass Any Exam. Any Time.www.actualtests.com Ac tua lTe sts .co m 219 .

co 1) LDP 2) RSVP 3) BGPv4 m 220 .com Ac tua lTe Drag each element of the Cisco IOS Firewall Feature Set from the above and drop onto its description on the below.actualtests.Cisco 642-832: Practice Exam Answer: "Pass Any Exam." .www. Any Time. sts QUESTION NO: 276 DRAG DROP .

com Ac tua lTe sts . "Pass Any Exam.actualtests. Any Time.Cisco 642-832: Practice Exam Explanation: QUESTION NO: 277 DRAG DROP Match the xDSL type on the above to the most appropriate implementation on the below.co m 221 ." .www.

" .Cisco 642-832: Practice Exam Answer: "Pass Any Exam. Any Time.actualtests.www.co m 222 .com Ac Explanation: tua lTe sts .

actualtests.com Ac tua lTe sts .Cisco 642-832: Practice Exam QUESTION NO: 278 DRAG DROP Drag and drop the xDSL type on the above to the appropriate xDSL description on the below. Any Time.www. Answer: "Pass Any Exam." .co m 223 .

" .actualtests.co m 224 .Cisco 642-832: Practice Exam Explanation: QUESTION NO: 279 DRAG DROP Identify the recommended steps for worm attack mitigation by dragging and dropping them into the target area in the correct order. Any Time.www. "Pass Any Exam.com Ac tua lTe sts .

Any Time." .co m 225 .www.com Ac tua lTe sts .actualtests.Cisco 642-832: Practice Exam Answer: "Pass Any Exam.

" .www. Any Time.com Ac tua lTe sts .actualtests.co m 226 .Cisco 642-832: Practice Exam Explanation: "Pass Any Exam.

actualtests.0." .1. "Pass Any Exam. Any Time.30 network on interface serial 0/0 to the correct target area on the right.Cisco 642-832: Practice Exam 1) Containment .1.stop the spread of the worm inside your network and within your network 2) Inoculation .co m 227 .clean and patch each infected system QUESTION NO: 280 DRAG DROP Drag the IOS commands from the left that would be used to implement a GRE tunnel using the 10.track down each infected machine inside your network 4) Treatment .www.com Ac tua lTe sts .upgrade all systems to the lastest operating system code version 3) Quarantine .

Cisco 642-832: Practice Exam Explanation: "Pass Any Exam. Any Time.co m 228 .actualtests.www.com Ac tua lTe sts Answer: ." .

1 255.actualtests.co m 229 .1. Any Time.252 2) tunnel source serial 0/0 3) tunnel destination 10.1.255.com Ac tua Global-level commands: 1) interface tunnel 0 Interface-level commands: 1) ip address 10.Cisco 642-832: Practice Exam QUESTION NO: 281 DRAG DROP Drag the DSL local loop topic on the left to the correct descriptions on the right. "Pass Any Exam.1.255.www.2 4) tunnel mode gre ip lTe sts ." .1.

"Pass Any Exam.com Ac tua lTe sts ." . Any Time.actualtests.www.co m 230 .Cisco 642-832: Practice Exam Answer: QUESTION NO: 282 DRAG DROP Drag the DSL technologies on the left to their maximum(down/up) data rate values on the below.

Cisco 642-832: Practice Exam Answer: Explanation: "Pass Any Exam.actualtests." . Any Time.com Ac tua lTe sts .www.co m 231 .

"Pass Any Exam.www.Cisco 642-832: Practice Exam Drag and drop each function on the above to the hybrid fiber-coaxial architecture component that it describes on the below.actualtests.co m 232 . Any Time.com Ac tua lTe QUESTION NO: 283 DRAG DROP sts ." .

" .Cisco 642-832: Practice Exam Answer: "Pass Any Exam. Any Time.actualtests.co m 233 .www.com Ac tua lTe sts Explanation: .

Answer: "Pass Any Exam.Cisco 642-832: Practice Exam QUESTION NO: 284 DRAG DROP Drag and drop each management protocol on the above to the correct category on the below.co m 234 ." . Any Time.actualtests.www.com Ac tua lTe sts .

www." .co m 235 .com Ac tua lTe sts .Cisco 642-832: Practice Exam Explanation: "Pass Any Exam. Any Time.actualtests.

www.actualtests.com 236 Ac tua lTe sts ." .co m .(Not all descriptions will be used) "Pass Any Exam. Any Time.Cisco 642-832: Practice Exam Secure: 1) SSH 2) SSL 3) IPSec 4) SNMPv3 Unsecure: 1) NTP 2) Telnet 3) Syslog 4) SNMPv2 QUESTION NO: 285 DRAG DROP Drag the IPsec protocol description from the above to the correct protocol type on the below.

Cisco 642-832: Practice Exam Drag and Drop question, drag each item to its proper location.

Answer:

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

237

Cisco 642-832: Practice Exam 1) AH: Provides a framework for authenticating and securing data. 2) ESP: Provides a framework for encrypting, authenticating and securing data. 3) IKE: Provides a framework for the negotiation on security parameters and establishes authenticated keys.

QUESTION NO: 286 DRAG DROP Drag and drop the steps in the process for provisioning a cable modem to connect to a headend on the above to the below in the order defined by the DOCSIS standard.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

238

Cisco 642-832: Practice Exam

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

239

Cisco 642-832: Practice Exam

1) Scan and lock the downstream frequency: At power-on, the cable modem scans and locks the downstream path for the allocated RF data channel in order for physical and data link layers to be established. 2) Obtain upstream parameters: The cable modem listens to the management messages arriving via the downstream path. These include information regarding how and when to communicate in the upstream path. These are used to establish the upstream physical and data link layers. 3) Establish Layer 1 and 2 communications: Connection established from Cable modem (CM) to Cable modem termination system (CMTS) to build physical and data link layers. 4) Acquire IP configuration parameters via DHCP: After Layer 1 and 2 are established, Layer 3 can be allocated as well. This is done by the DHCP server. 5) Register and ensure QoS settings with the CMTS: The CM negotiates traffic types and QoS settings with the CMTS. 6) IP network initialization: Once Layers 1, 2, and 3 are established and the configuration file is pulled from the TFTP server, the CM provides routing services for hosts on the subscriber side of "Pass Any Exam. Any Time." - www.actualtests.com 240

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam the CM. It also performs some Network Address Translation (NAT) functions so that multiple hosts might be represented by a single public IP address.

QUESTION NO: 287 DRAG DROP Drag the correct statements about MPLS-based VPN on the left to the boxes on the right .(Not all statements will be used)

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

241

Cisco 642-832: Practice Exam

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

242

Cisco 642-832: Practice Exam QUESTION NO: 288 DRAG DROP cisco ios command to interface dialer 0 "Pass Any Exam.co m 243 .actualtests.www." .com Ac 1) The VPN routers are contained in the IPv4 routing tables of the PE routers 2) RT are attributes attached to VPNv4 BGP routes to indicate their VPN memberships 3) RD are attributes attached to VPNv4 BGP routes to allow overlapping VPN address spaces tua lTe sts . Any Time.

Cisco 642-832: Practice Exam Answer: Explanation: "Pass Any Exam.actualtests. Any Time." .com Ac tua lTe sts .www.co m 244 .

the dialer pool to use. sts .Cisco 642-832: Practice Exam QUESTION NO: 289 "Pass Any Exam.www. default routing information.actualtests. Notice that we have to use the "ip nat outside". the encapsulation protocol." . not "ip nat inside" because the dialer 0 interface is the logical interface connecting to the Internet.co m 245 . Any Time.com Ac tua lTe The dialer interface indicates how to handle traffic from the clients. For example.

Any Time. NetworkTut has decided to connect to the internet by a broadband cable ISP. Explanation: Enter the outbound e0/0 interface to enable PPPoE and bind the dialer profile 1 to this interface: R3(config)#interface e0/0 R3(config-if)#pppoe enable R3(config-if)#pppoe-client dial-pool-number 1 (interface E0/0 is bound to the logical dialer 1 interface) R3(config-if)#no shutdown R3(config-if)#exit Create and configure the dialer interface of the router R3 for PPPoE with a maximum transmission unit (MTU) size of 1492 bytes and a negotiated IP address (dynamically assigned) R3(config)#interface dialer 1 (define a dialer rotary group and enters interface configuration mode) R3(config-if)#ip address negotiated R3(config-if)#ip mtu 1492 "Pass Any Exam.actualtests.16.Cisco 642-832: Practice Exam NetworkTut is a small export company ." .co m .This firm has an existing enterprise network that is made up exclusively of routers that are using EIGRP as the IGP.1. Its network is up and operating normally.www.com 246 Ac tua Connection Encapsulation: PPP Connection Type: PPPoE client Connection Authentication: None Connection MTU: 1492 bytes Address: Dynamically assigned by the ISP Outbound Interface: E0/0 You will know that the connection has been successfully enabled when you can ping the simulated Internet address of 172. Your task is to enable this connection by use of the information below.1 Note: Routing to the ISP: Manually configured default route lTe sts . As part of its network expansion.

The router was successfully installed and is passing traffic.1.0 0. an IT training firm.16. Save the configuration R3#copy running-config startup-config QUESTION NO: 290 You are a network support specialist for NetworkTut. Manually configured a default route on router R3 R3(config)#ip route 0. Any Time. # User vty access should be protected via a password that is validated using only the corporate Tacacs server.www.254 and uses a shared key of Training. For this router installation: # The corporate Tacacs server has an IP address of 10.com Ac tua lTe sts . # The enable password for R1 is New1 You have successfully completed your task when you have verified that you can login into: # R1's console using the local user's ID of Net1 with a password of Sel # R2's console using the username of Net2 with a password of Loc and establish a SSH session from R2 to R1 using the test Tacacs user's ID of cisco with a password ofcisco123 "Pass Any Exam. # User aux port access should be authenticated using the default authentication scheme.0.0.0." .6. # User console access should be authenticated using the default authentication scheme. The portion of NetworkTut's security policy related to router access states: # The default user access authentication scheme requires that the user be authenticated using the router's local database. The "dialer pool 1" command associates the dialer back to the "pppoe-client dialpool-number 1" on the Ethernet interface.actualtests.1 The ping should work well and you will receive replies from the simulated Internet address.0 dialer 1 R3(config)#exit Try pinging the simulated Internet address R3#ping 172. However.Cisco 642-832: Practice Exam R3(config-if)#encapsulation ppp R3(config-if)#dialer pool 1 R3(config-if)#exit The "ip address negotiated" command instructs the client to use an IP address provided by the PPPoE server (using DHCP).0. your manager is concerned about security and has tasked you with implementing access security for the new router R1.6. They have just installed a new router (R1) into their network.co m 247 . Notice that the pool numbers must match on the Ethernet interface and the dialer interface for the configuration to operate.

6. Define the MY_VTY_LIST (or another name) group to use the corporate Tacacs server for the authentication R1(config)#aaa authentication login MY_VTY_LIST group tacacs+ Configure user console access using the default authentication scheme R1(config)#line console 0 R1(config-line)#login authentication default R1(config-line)#exit Configure user aux port access using the default authentication scheme R1(config)#line aux 0 R1(config-line)#login authentication default R1(config-line)#exit Configure vty access using TACACS server by applying MY_VTY_LIST to the vty lines "Pass Any Exam.com Ac tua lTe sts .254 key Training (notice that the key is case sensitive) The default user access authentication scheme requires that the user be authenticated using the router's local database R1(config)#aaa authentication login default local (verify login authentication using the local user database.6. login authentication is automatically applied for all login connections. Because we used the list "default".actualtests. console and aux).co m 248 ." . such as tty. vty.Cisco 642-832: Practice Exam Explanation: R1>enable password: New1 R1#configure terminal R1(config)#aaa new-model (enable the AAA security services) R1(config)#tacacs-server host 10.www. Any Time. The "aaa authentication login" specifies the authentication will take place at login.

1 Router(configuration)#exit Router#debug ip packet 199 What will the debug output on the console show? A.1.1 Answer: D QUESTION NO: 292 What level of logging is enabled on a Router where the following logs are seen? "Pass Any Exam. Login to R1 using SSH from R2 R2>enable username: Net2 password: Loc R2#ssh 10.1 host 172.2.16.16.1 to 172.www.1.1 is the IP address of R1 shown in the picture) You will be asked for the user ID(cisco) and password (cisco123).1. Any Time.16.1 D. use the password New1).2.1. All IP packets from 10." .1 C.1. (Press Enter here) Username: Net1 Password: Sel R1> (Now you see you are in User Mode. Only IP packets with the source address of 10.1.1.1.1.co m 249 .1.1 host 10.1. QUESTION NO: 291 The following commands are issued on a Cisco Router: Router(configuration)#access-list 199 permit tcp host 10.1. All IP Packets between 10. that means you configured the console password correctly! If you wish to continue entering privileged EXEC mode again.actualtests.1 (10.1 Router(configuration)#access-list 199 permit tcp host 172.1.16.Cisco 642-832: Practice Exam R1(config)#line vty 0 15 R1(config-line)#login authentication MY_VTY_LIST R1(config-line)#end R1#copy running-config startup-config Logout R1 to test the console password of R1 R1#exit Press RETURN to get started.1.1.1.com Ac tua lTe sts .1 and 172. All IP packets passing through the router B.

ntp server 10. critical C.1.1.com Ac tua lTe sts .1 ntp server 10.1 ntp server 10.2 primary C.1. You want to configurationure a Cisco router to use 10. alerts B. ip http server username admin F.2 as its NTP server before falling back to 10.1.1 ntp server 10. changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1.1.1.actualtests.D QUESTION NO: 294 You have 2 NTP servers in your network .1. ip http server password backup Answer: B.2 prefer "Pass Any Exam.1.1.1.1.2. ntp server 10.1.1 and 10. ip http client username admin C. ip http client password backup E.1.1.1. errors D. notifications Answer: D QUESTION NO: 293 You have the followings commands on your Cisco Router: You have been asked to switch from FTP to HTTP. Which two commands will you use to replace the existing commands? A. ip http password backup D.1. Any Time.2 B. ntp server 10. changed state to up A.10. ip http username admin B.co m ip ftp username admin ip ftp password backup 250 .1.1.1. Which commands will you use to configurationure the router? A.1." .1.Cisco 642-832: Practice Exam %LINK-3-UPDOWN: Interface FastEthernet0/1.www.

co m . critical. alerts Answers: C warnings.actualtests.Cisco 642-832: Practice Exam D. critical. Foundational Answers: B. warnings. critical. errors. Firefighting C. warnings. errors.1. ntp server 10. Interrupt-driven D. critical." . errors. warnings. warnings. alerts Answers: C B. errors.1. Warnings only B. emergencies D. alerts Answers: C QUESTION NO: 296 Which two of the following options are categories of Network Maintenance tasks? A. Policy-based E.1.2 Answer: C QUESTION NO: 295 The following command is issued on a Cisco Router: Router(configuration)#logging console warnings Which alerts will be seen on the console? A. critical. informational. warnings C. notifications. Structured F.com 251 Ac tua lTe sts . errors. notifications. errors E.1 fallback ntp server 10.1. Any Time. alerts.www. debugging. alerts Answers: C warnings. D Foundational "Pass Any Exam.

Data-Link F. Security Management Answer: A." . Action Management C. D B.com Ac tua QUESTION NO: 298 lTe sts . Session D. Protocol Management E.E QUESTION NO: 299 DRAG DROP FCAPS is a network maintenance model defined by ISO. It stands for which of the following ? A.actualtests. Foundational Answers: B. Application E. D Foundational Answers: B.www.Cisco 642-832: Practice Exam Answers: B. Any Time. The Line and Protocol status for the interfaces on both routers show as UP but the routers do not see each other a CDP neighbors.C. Network Answer: D FCAPS is a network maintenance model defined by ISO. FCAPS stands for: "Pass Any Exam. Which layer of the OSI model does the problem most likely exist? A.co m 252 . Configurationuration Management D. D QUESTION NO: 297 You enabled CDP on two Cisco Routers which are connected to each other. Physical C. Fault Management B.

co m 253 . Any Time. Match the model names on the left to the options on the right: lTe sts Explanation: F-> Fault Management C-> Configurationuration Management A -> Accounting Management .com Ac tua There are many Network Maintenance models.www.Cisco 642-832: Practice Exam Answer: QUESTION NO: 300 DRAG DROP Answer: "Pass Any Exam." .actualtests.

Cisco 642-832: Practice Exam QUESTION NO: 301 DRAG DROP Answer: Explanation: EEM -> CLI based Management and Monitoring SDM -> Provides a GUI for Administration FTP -> Used for Backup and Restore "Pass Any Exam. Performance and Security (ISO) ITIL -> A collection of best practice recommendations Cisco Lifecycle -> Often referred to as the PPDIOO model TMN -> Telecommunications Management Network 254 ." .actualtests. Accounting. Configurationuration.co m Explanation: FCAPS -> Fault. Any Time.www.com Ac tua lTe sts Match the items on the left to their purpose on the right .

" .co m 255 .www.com Ac tua lTe Figure 1 sts .Cisco 642-832: Practice Exam QUESTION NO: 302 Following ticket consists of a problem description and existing configuration on the device. Any Time.actualtests. Figure 2 "Pass Any Exam.

3 area 12 ! interface Serial0/0/0/0. Any Time.1.12 point-to-point ip address 10.1.0. R2 C.1.com Ac tua lTe sts .1.0.2 but not 10.0 0.255.1.actualtests.1.1.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT Configuration on R2: router ospf 1 log-adjacency-changes network 10.2 255.255.1. Initial troubleshooting shows that R1 does not have any OSPF neighbors or any OSPF routes Configuration on R1: router ospf 1 log-adjacency-changes network 10.1. Client1 Answer: A QUESTION NO: 303 "Pass Any Exam.1.Cisco 642-832: Practice Exam Trouble Ticket Statement: Client 1 is able to ping 10.1.255.0.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 TSHOOT On which device is the fault condition located? A.0 0.12 point-to-point ip address 10.255. R1 B.co m 256 .www. DSW1 D.3 area 12 default-information originate always ! interface Serial0/0/0/0." .0.1.1 255.1.

Any Time.actualtests.www.com Ac tua lTe sts Figure 1 .Cisco 642-832: Practice Exam Following ticket consists of a problem description and existing configuration on the device.co m 257 . Figure 2 Trouble Ticket Statement: "Pass Any Exam." .

1.1. Static Routing D.3 area 12 ! interface Serial0/0/0/0.1.Cisco 642-832: Practice Exam Client 1 is able to ping 10.1.3 area 12 default-information originate always ! interface Serial0/0/0/0.12 point-to-point ip address 10.1.1.com Ac tua lTe sts .0.0 0.1.2 but not 10.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT Configuration on R2: router ospf 1 log-adjacency-changes network 10.0.1. OSPF C.0.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 TSHOOT Fault Condition is related to which technology? A.0.www.actualtests.1. Initial troubleshooting shows that R1 does not have any OSPF neighbors or any OSPF routes Configuration on R1: router ospf 1 log-adjacency-changes network 10.255.255. Any Time.255. NAT B. "Pass Any Exam.2 255.12 point-to-point ip address 10.1.1 255.1.0 0. Switch to Switch Connectivity Answer: B QUESTION NO: 304 Following ticket consists of a problem description and existing configuration on the device.co m 258 .1.1." .255.

co m .2 but not 10.1.1.1.com 259 Ac tua lTe sts .Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement: Client 1 is able to ping 10.actualtests." .1. Initial troubleshooting shows that R1 does not have any OSPF neighbors or any OSPF routes "Pass Any Exam.www. Any Time.1.

0.Cisco 642-832: Practice Exam Configuration on R1: router ospf 1 log-adjacency-changes network 10.255." .2 255.3 area 12 ! interface Serial0/0/0/0.1.12 B.actualtests.12 point-to-point ip address 10.1.0 0.com Ac A.www.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 TSHOOT What is the solution of the fault condition? Answer: A QUESTION NO: 305 Following ticket consists of a problem description and existing configuration on the device.12 tua lTe sts . ip nat outside must be added on S0/0/0/0.0 0. "Pass Any Exam.1.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT Configuration on R2: router ospf 1 log-adjacency-changes network 10.1. ip ospf authentication message-digest command has to be added under the OSPF routing process C.co m 260 .12 point-to-point ip address 10.255.4 must be added on R1 D.0.3 area 12 default-information originate always ! interface Serial0/0/0/0.1 255.0. A static route to 10. Any Time.1.1. ip ospf authentication message-digest command has to be added on S0/0/0/0.255.1.0.1.1.1.

co m .www. Any Time." .com 261 Ac tua lTe sts . DSW1 is configurationured to be active router but it never becomes active even though the HSRP communication between DSW1 "Pass Any Exam.actualtests.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement HSRP has been configurationured between DSW1 and DSW2.

www.255. R3 Answer: C QUESTION NO: 306 Following ticket consists of a problem description and existing configuration on the device.21. R4 B.255.Cisco 642-832: Practice Exam and DSW2 is working.255.com Ac tua lTe sts . DSW2 C.21.0.actualtests.128 255.0 On which device is the fault condition located? A.0 metric threshold threshold metric up 63 down 64 ! interface Vlan10 ip address 10.128 255.254 standby 10 priority 200 standby 10 preempt standby 10 track 1 decrement 60 Configuration on R4 interface loopback0 ip address 10.1.255. DSW1 D. Configuration on DSW1 track 1 ip route 10.1.128 255.2." . "Pass Any Exam.2.0 standby 10 ip 10.1. Any Time.255.0 metric threshold threshold metric up 1 down 2 ! track 10 ip route 10.2.2.255.co m 262 .21.255.1 255.

actualtests.com 263 Ac tua lTe sts . Any Time." . DSW1 is configurationured to be active router but it never becomes active even though the HSRP communication between DSW1 "Pass Any Exam.www.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement HSRP has been configurationured between DSW1 and DSW2.co m .

0 metric threshold threshold metric up 63 down 64 ! interface Vlan10 ip address 10. GLBP B.1.Cisco 642-832: Practice Exam and DSW2 is working.255." .2.21. Switch to Switch Connectivity Answer: B QUESTION NO: 307 Following ticket consists of a problem description and existing configuration on the device.1 255. OSPF D.www.actualtests.1.0 metric threshold threshold metric up 1 down 2 ! track 10 ip route 10.255.255.2.1.0 standby 10 ip 10.21.128 255. "Pass Any Exam.2.co m 264 .255.com Ac tua lTe sts .0 Fault Condition is related to which technology? A.21.2.0.255. Configuration on DSW1 track 1 ip route 10.254 standby 10 priority 200 standby 10 preempt standby 10 track 1 decrement 60 Configuration on R4 interface loopback0 ip address 10.255. HSRP C.255. Any Time.128 255.128 255.

" .actualtests. DSW1 is configurationured to be active router but it never becomes active even though the HSRP communication between DSW1 "Pass Any Exam. Any Time.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement HSRP has been configurationured between DSW1 and DSW2.com 265 Ac tua lTe sts .co m .www.

128 255.21.255.21.2.www.com Ac A.2.255.0 standby 10 ip 10.2.2.0 metric threshold threshold metric up 63 down 64 ! interface Vlan10 ip address 10.128 255.254 standby 10 priority 200 standby 10 preempt standby 10 track 1 decrement 60 Configuration on R4 interface loopback0 ip address 10. Change standby 10 track 1 decrement 60 to standby 10 track 10 decrement 60 D.255." . Change standby 10 track 1 decrement 60 to standby 10 track 1 decrement 100 tua lTe sts .255. "Pass Any Exam.1.1.1 255.255.0 metric threshold threshold metric up 1 down 2 ! track 10 ip route 10. Change standby priority to 140 B. Any Time.1.0 What is the solution of fault condition? Answer: C QUESTION NO: 308 Following ticket consists of a problem description and existing configuration on the device.co m 266 .actualtests. Configuration on DSW1 track 1 ip route 10.21.128 255.0.255.Cisco 642-832: Practice Exam and DSW2 is working.255. Change standby priority to 260 C.

Any Time.200.actualtests.226 but not the Web Server at 209. Initial troubleshooting shows and R1 does not have any BGP routes.co m .Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement Client 1 is able to ping 209.200.com 267 Ac tua lTe sts .65. R1 also does not show any active "Pass Any Exam.www.241." .65.

Any Time.200.Cisco 642-832: Practice Exam BGP neighbor Configuration on R1 router bgp 65001 no synchronization bgp log-neighbor-changes network 209.www.255.252 neighbor 209.co m 268 . DSW1 C.226 remote-as 65002 no auto-summary On which device is the fault condition located? A.65.200.255.56. R4 D.224 mask 255." . R1 B.com Ac tua lTe sts . R2 Answer: A QUESTION NO: 309 Following ticket consists of a problem description and existing configuration on the device. "Pass Any Exam.actualtests.

Cisco 642-832: Practice Exam Figure 1 router bgp 65001 no synchronization bgp log-neighbor-changes network 209.200. BGP "Pass Any Exam. EIGRP B.226 but not the Web Server at 209." .co m 269 .255.com Ac Configuration on R1 tua Client 1 is able to ping 209.56.226 remote-as 65002 no auto-summary The Fault Condition is related to which technology? A.224 mask 255. R1 also does not show any active BGP neighbor lTe Trouble Ticket Statement sts Figure 2 .65.241. Initial troubleshooting shows and R1 does not have any BGP routes.255.65. Any Time.200.actualtests.200.252 neighbor 209.65. HSRP C.www.200.

Cisco 642-832: Practice Exam D.www.co m 270 .actualtests. Figure 1 "Pass Any Exam." .com Ac tua lTe sts . OSPF Answer: C Explanation: : QUESTION NO: 310 Following ticket consists of a problem description and existing configuration on the device. Any Time.

226 remote-as 65002 "Pass Any Exam.255.65.200." . Enable BGP synchronization B.200.56.241.56.226 remote-as 65002 statement to neighbor 209.226 remote-as 65001 C.224 mask 255.www.200.65.200.226 remote-as 65002 no auto-summary What is the solution of the fault condition? A.co m .200.200.255.226 remote-as 65002 statement to neighbor 209. R1 also does not show any active BGP neighbor sts .226 but not the Web Server at 209. Initial troubleshooting shows and R1 does not have any BGP routes.56.65.252 neighbor 209.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Configuration on R1 router bgp 65001 no synchronization bgp log-neighbor-changes network 209.200.56.actualtests.com 271 Ac tua lTe Client 1 is able to ping 209. Change neighbor 209. Any Time.200.65. Change neighbor 209.

Change neighbor 209.200." .226 remote-as 65002 statement to neighbor 209.Cisco 642-832: Practice Exam D. Any Time.226 remote-as 65001 Answer: C QUESTION NO: 311 Following ticket consists of a problem description and existing configuration on the device.200. Figure 1 "Pass Any Exam.56.actualtests.65.www.com Ac tua lTe sts .co m 272 .

224 255.www.200.0.0 ! interface Serial0/0/0/1 ip address 209.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement ip nat inside source list nat_pool interface Serial0/0/0/1 overload ! ip access-list standard nat_pool permit 10.255.actualtests.255.252 ip nat outside ! interface Serial0/0/0/0.com Ac tua Configuration on R1 lTe Client 1 and Client 2 are not able to reach the WebServer at 209.1.1.co m 273 ." .1.12 ip address 10.65.1 255.65. DSW2 and all the routers are able to reach the WebServer sts . Initial troubleshooting shows that DSW1.241.200. Any Time.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT ip ospd authentication message-digest On Which device is the fault condition located? "Pass Any Exam.255.255.

actualtests. DSW1 C. R4 D.com Ac tua lTe sts .co m 274 .Cisco 642-832: Practice Exam A." . Figure 1 "Pass Any Exam. R2 Answer: A QUESTION NO: 312 Following ticket consists of a problem description and existing configuration on the device. Any Time. R1 B.www.

200.65.1 255.1. Any Time.252 ip nat outside ! interface Serial0/0/0/0.www.0 ! interface Serial0/0/0/1 ip address 209.224 255.241." .255.255.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement ip nat inside source list nat_pool interface Serial0/0/0/1 overload ! ip access-list standard nat_pool permit 10.12 ip address 10.1. DSW2 and all the routers are able to reach the WebServer sts .200.65.com Ac tua Configuration on R1 lTe Client 1 and Client 2 are not able to reach the WebServer at 209.1.255.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT ip ospd authentication message-digest The Fault Condition is related to which technology? "Pass Any Exam. Initial troubleshooting shows that DSW1.0.actualtests.255.co m 275 .

" . HSRP C. Figure 1 "Pass Any Exam.com Ac tua lTe sts . EIGRP B.Cisco 642-832: Practice Exam A. BGP D.actualtests. NAT Answer: D QUESTION NO: 313 Following ticket consists of a problem description and existing configuration on the device.www.co m 276 . Any Time.

12 ip address 10.65.com Ac tua Configuration on R1 lTe Client 1 and Client 2 are not able to reach the WebServer at 209. Initial troubleshooting shows that DSW1.1.www. Any Time.actualtests.200.200.65.224 255.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement ip nat inside source list nat_pool interface Serial0/0/0/1 overload ! ip access-list standard nat_pool permit 10.252 ip nat outside ! interface Serial0/0/0/0.0.1.0 ! interface Serial0/0/0/1 ip address 209.co m 277 ." . DSW2 and all the routers are able to reach the WebServer sts .255.255.255.1.1 255.255.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT ip ospd authentication message-digest What is the solution of the fault condition? "Pass Any Exam.241.

Any Time.0." .12 overload D. Add permit 10.com Ac tua lTe sts .1.Cisco 642-832: Practice Exam A. Remove permit 10.www.0 statement from nat_pool access-list C.2.0. Change ip nat outside statement under Serial0/0/0/1 configuration to ip nat inside Answer: A QUESTION NO: 314 Following ticket consists of a problem description and existing configuration on the device.0 statement in nat_pool access-list B.actualtests.co m 278 . Figure 1 "Pass Any Exam. Change ip nat inside source list nat_pool interface Serial0/0/0/1 overload to ip nat inside source list nat_pool interface Serial0/0/0/0.

0.actualtests.255. R1 also does not have any active BGP neighbor.200. Initial troubleshooting shows that R1 is also not able to reach the WebServer.200. Any Time.200.com Ac tua Config on R1 lTe Client 1 is not able to reach the WebServer at 209.252 ip nat outside ip access-group 30 in "Pass Any Exam.255.1.65.2.0 0.226 remote-as 65002 no auto-summary ! access-list 30 permit host 209.255.65.200.0.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement router bgp 65001 no synchronization bgp log-neighbor-changes network 209. sts .co m 279 .255.255.200.252 neighbor 209.255 ! interface Serial0/0/0/1 ip address 209.241.65.255.255 access-list 30 deny 10.224 mask 255.65.0 0.65.0.224 255.241 access-list 30 deny 10." .0.www.

DSW1 C.co m 280 .actualtests.com Ac tua lTe sts . R4 D. R1 B. Any Time. Figure 1 "Pass Any Exam.www.Cisco 642-832: Practice Exam On which device is the fault condition located? A. R2 Answer: A QUESTION NO: 315 Following ticket consists of a problem description and existing configuration on the device." .

0 0.252 neighbor 209.65. R1 also does not have any active BGP neighbor.0.com Ac tua Config on R1 lTe Client 1 is not able to reach the WebServer at 209.255.65. Any Time.241.2.255 access-list 30 deny 10.200.252 ip nat outside ip access-group 30 in "Pass Any Exam.255.255." .Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement router bgp 65001 no synchronization bgp log-neighbor-changes network 209.0.65.65.0.200.224 mask 255.241 access-list 30 deny 10.255 ! interface Serial0/0/0/1 ip address 209.65.co m 281 . Initial troubleshooting shows that R1 is also not able to reach the WebServer.actualtests.224 255.0 0.255.200.www.0. sts .200.255.200.1.255.226 remote-as 65002 no auto-summary ! access-list 30 permit host 209.

IP Access List Answer: D QUESTION NO: 316 Following ticket consists of a problem description and existing configuration on the device.Cisco 642-832: Practice Exam The Fault Condition is related to which technology? A.actualtests.com Ac tua lTe sts .www. BGP D." . Figure 1 "Pass Any Exam. IP NAT C.co m 282 . IP Access B. Any Time.

252 neighbor 209.255 access-list 30 deny 10.255.0.241.actualtests.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement router bgp 65001 no synchronization bgp log-neighbor-changes network 209." .65.65.0.65.0 0.200.226 remote-as 65002 no auto-summary ! access-list 30 permit host 209.241 access-list 30 deny 10.com Ac tua Config on R1 lTe Client 1 is not able to reach the WebServer at 209.0.255.1.255 ! interface Serial0/0/0/1 ip address 209.200.252 ip nat outside ip access-group 30 in "Pass Any Exam.www. sts .200.65.0.224 255.255.200.224 mask 255.65. Any Time.255.255.co m 283 .255. R1 also does not have any active BGP neighbor.0 0.2. Initial troubleshooting shows that R1 is also not able to reach the WebServer.200.

com Ac tua lTe sts . Figure 1 "Pass Any Exam.65.200.200. Any Time.actualtests. Remove Deny Statements from access-list 30 C.226 remote-as 65002 statement to neighbor 209.65.www. Add permit statement for 209.Cisco 642-832: Practice Exam What is the solution of the fault condition? A.200." .65. Use extended access-list instead of standard access-list Answer: A QUESTION NO: 317 Following ticket consists of a problem description and existing configuration on the device.224/30 network in access list 30 B.226 remote-as 65001 D.co m 284 . Change neighbor 209.

255.0.www.255. Any Time.com 285 Ac tua lTe sts .255.1 255.co m .0.0 0." .2.1.actualtests.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP Server Configuration on DSW1 vlan access-map test1 10 drop match ip address 10 ! vlan filter test1 vlan-list 10 ! ip access-list standard 10 permit 10.0 ! On which device is the fault condition located? "Pass Any Exam.255 ! Interface VLAN10 ip address 10.2.

www.co m 286 ." . DSW1 C.Cisco 642-832: Practice Exam A. Client 1 D. FTP Server Answer: B QUESTION NO: 318 Following ticket consists of a problem description and existing configuration on the device. Any Time. R4 B.com Ac tua lTe sts .actualtests. Figure 1 "Pass Any Exam.

Any Time." .0 0.actualtests.www.0.2.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP Server Configuration on DSW1 vlan access-map test1 10 drop match ip address 10 ! vlan filter test1 vlan-list 10 ! ip access-list standard 10 permit 10.1.255.255.com 287 Ac tua lTe sts .0 ! The Fault Condition is related to which technology? "Pass Any Exam.0.2.1 255.255 ! Interface VLAN10 ip address 10.co m .255.

Any Time.actualtests. Figure 1 "Pass Any Exam. DHCP D." . InterVLAN communication C.com Ac tua lTe sts . IP Access List Answer: A QUESTION NO: 319 Following ticket consists of a problem description and existing configuration on the device. VLAN Access Map B.Cisco 642-832: Practice Exam A.www.co m 288 .

255.co m 289 .actualtests. Any Time.1.www.0 0.1 255.0 ! "Pass Any Exam.2.2.0.0." .255.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP Server Configuration on DSW1 vlan access-map test1 10 drop match ip address 10 ! vlan filter test1 vlan-list 10 ! ip access-list standard 10 permit 10.255 ! Interface VLAN10 ip address 10.255.com Ac tua lTe sts .

Figure 1 "Pass Any Exam.co m 290 .Cisco 642-832: Practice Exam What is the solution of the fault condition? A.com Ac tua lTe sts ." . Change the IP Address of VLAN 10 on DSW1 C. Any Time. Configurationure Static IP Address on Client 1 B. Remove VLAN filter test1 from DSW1 Answer: D QUESTION NO: 320 Following ticket consists of a problem description and existing configuration on the device.actualtests.www. Add Permit any statement to access-list 10 D.

FTP Server Answer: B "Pass Any Exam.0001 tua Configuration on ASW1 lTe Client one is getting a 169. Client 1 D.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement On which device is the fault condition located? A." . DSW1 B. ASW1 C.x IP address and is not able to ping Client 2 or DSW1.x.actualtests. Inital troubleshooting shows that port Fa1/0/1 on ASW1 is in errdisable state.www. sts .0000.co m 291 . Any Time.com Ac Interface FastEthernet1/0/1 switchport mode access switchport port-security switchport port-security mac-address 0000.x.

com 292 Ac tua lTe sts . Any Time." .Cisco 642-832: Practice Exam QUESTION NO: 321 Following ticket consists of a problem description and existing configuration on the device.www.co m . Figure 1 Figure 2 Trouble Ticket Statement "Pass Any Exam.actualtests.

com Ac tua lTe QUESTION NO: 322 sts . "Pass Any Exam. Port Security Answer: D Following ticket consists of a problem description and existing configuration on the device. InterVLAN communication C.www. Any Time.actualtests. VLAN Access Map B.x IP address and is not able to ping Client 2 or DSW1.Cisco 642-832: Practice Exam Client one is getting a 169.co m 293 ." . Inital troubleshooting shows that port Fa1/0/1 on ASW1 is in errdisable state.x. Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport port-security switchport port-security mac-address 0000. DHCP D.x.0000.0001 The Fault Condition is related to which technology? A.

Change the IP Address of VLAN 10 on DSW1 C. Inital troubleshooting shows that port Fa1/0/1 on ASW1 is in errdisable state.0001 command followed by shutdown and no shutdown command on port fa1/0/1 on ASW1 E.0001 What is the solution of the fault condition? A.Cisco 642-832: Practice Exam Figure 1 Trouble Ticket Statement Client one is getting a 169.0000. Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport port-security switchport port-security mac-address 0000. Issue no switchport port-security mac-address 0000.co m 294 .x.x. Any Time. Issue shutdown command followed by no shutdown command on port fa1/0/1 on ASW1 D.www.0000.actualtests. Issue no switchport port-security mac-address 0000. Configurationure Static IP Address on Client 1 B.0001 command on port fa1/0/1 on ASW1 "Pass Any Exam.com Ac tua lTe sts Figure 2 .0000.x IP address and is not able to ping Client 2 or DSW1." .

actualtests.com Ac tua lTe sts .Cisco 642-832: Practice Exam Answer: D QUESTION NO: 323 Following ticket consists of a problem description and existing configuration on the device.co m 295 ." .www. Any Time. Figure 1 "Pass Any Exam.

" .x. Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport access vlan 1 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 1 On which device is the fault condition located? A. ASW1 C.x. "Pass Any Exam.actualtests.www.x IP address and are not able to ping DSW1 or the FTP Server.com Ac tua lTe sts . Any Time.co m 296 . DSW1 B. They are able to ping each other. Client 1 D. FTP Server Answer: B QUESTION NO: 324 Following ticket consists of a problem description and existing configuration on the device.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Client 1 and Client 2 are getting a 169.

They are able to ping each other.x.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement Client 1 and Client 2 are getting a 169. "Pass Any Exam.x IP address and are not able to ping DSW1 or the FTP Server. Any Time.co m ." .x.com 297 Ac tua lTe sts .actualtests.www.

"Pass Any Exam.Cisco 642-832: Practice Exam Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport access vlan 1 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 1 The Fault Condition is related to which technology? A. VLAN B.www. Port Security Answer: A QUESTION NO: 325 Following ticket consists of a problem description and existing configuration on the device. Any Time.actualtests." .co m 298 .com Ac tua lTe sts . InterVLAN communication C. DHCP D.

Given an IP address to VLAN 1 on DSW1 B. They are able to ping each other. Any Time. Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport access vlan 1 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 1 What is the solution of the fault condition? A.actualtests. Issue switchport access vlan 10 command on interfaces fa1/0/1 and fa1/0/2 on ASW1 D.co m 299 . Give static IP addresses to Client 1 and Client 2 "Pass Any Exam.x.com Ac tua lTe sts Figure 2 ." .www.x.x IP address and are not able to ping DSW1 or the FTP Server.Cisco 642-832: Practice Exam Figure 1 Trouble Ticket Statement Client 1 and Client 2 are getting a 169. Change the IP Address of VLAN 10 on DSW1 C.

" .Cisco 642-832: Practice Exam Answer: C QUESTION NO: 326 Following ticket consists of a problem description and existing configuration on the device. Figure 1 "Pass Any Exam.co m 300 .www.actualtests. Any Time.com Ac tua lTe sts .

x.co m 301 . Configuration on ASW1 Interface PortChannel13 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface PortChannel23 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface FastEthernet1/0/1 switchport mode access switchport access vlan 10 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 10 ! On Which device is the fault condition located? A. FTP Server Answer: A QUESTION NO: 327 Following ticket consists of a problem description and existing configuration on the device." .x IP address and are not able to ping DSW1 or the FTP Server.actualtests. DSW1 C. ASW1 B.x.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Client 1 and Client 2 are getting a 169. Any Time. "Pass Any Exam. They are able to ping each other.www.com Ac tua lTe sts . Client 1 D.

com 302 Ac tua lTe sts .x." . Any Time. "Pass Any Exam.www.co m .x IP address and are not able to ping DSW1 or the FTP Server.x.actualtests. They are able to ping each other.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement Client 1 and Client 2 are getting a 169.

co m 303 .www. Switch to Switch Connectivity Answer: D QUESTION NO: 328 Following ticket consists of a problem description and existing configuration on the device. VLAN B." .Cisco 642-832: Practice Exam Configuration on ASW1 Interface PortChannel13 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface PortChannel23 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface FastEthernet1/0/1 switchport mode access switchport access vlan 10 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 10 ! The Fault Condition is related to which technology? A.com Ac tua lTe sts . "Pass Any Exam. DHCP D. Any Time. InterVLAN communication C.actualtests.

x.x IP address and are not able to ping DSW1 or the FTP Server. "Pass Any Exam. Any Time.com 304 Ac tua lTe sts .Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement Client 1 and Client 2 are getting a 169. They are able to ping each other.x.www.co m ." .actualtests.

actualtests.www.com Ac Answer: C tua A. Change the IP Address of VLAN 10 on DSW1 C." .co m 305 . Issue switchport trunk allowed vlan none on interface portchannel13 and portchanngel23 on ASW1 lTe sts . Change the VLAN assignment on fa1/0/1 and fa1/0/2 on ASW1 to VLAN 1 B.Cisco 642-832: Practice Exam Configuration on ASW1 Interface PortChannel13 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface PortChannel23 switchport mode trunk switchport trunk allowed vlan 1-9 ! Interface FastEthernet1/0/1 switchport mode access switchport access vlan 10 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 10 ! What is the solution of the fault condition? QUESTION NO: 329 Following ticket consists of a problem description and existing configuration on the device. Any Time. "Pass Any Exam.200 on interface portchannel13 and portchannel23 on ASW1 D. Issue switchport trunk allowed vlan 10.

www.Cisco 642-832: Practice Exam Figure 1 Figure 2 Trouble Ticket Statement Client 1 is not able to reach the WebServer." .co m . Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0.34 interface.actualtests. Any Time. "Pass Any Exam.com 306 Ac tua lTe sts .

Cisco 642-832: Practice Exam Configuration on DSW1 router eigrp 10 network 10.1.4.4 0.0.0.0 network 10.2.1.1 0.0.0.0 network 10.2.4.13 0.0.0.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.1.4.8 0.0.0.0 network 10.2.2.1 0.0.0.0 network 10.2.4.14 0.0.0.0 no auto-summary Configuration on R4 router eigrp 1 network 10.1.4.5 0.0.0.0 no auto-summary redistribute ospf 1

On which device is the fault condition located? A. DSW1 B. DSW2 C. Client 1 D. R4 Answer: D

QUESTION NO: 330 Following ticket consists of a problem description and existing configuration on the device.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

307

Cisco 642-832: Practice Exam

Figure 1

Figure 2

Trouble Ticket Statement Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0.34 interface. "Pass Any Exam. Any Time." - www.actualtests.com 308

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam Configuration on DSW1 router eigrp 10 network 10.1.4.4 0.0.0.0 network 10.2.1.1 0.0.0.0 network 10.2.4.13 0.0.0.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.1.4.8 0.0.0.0 network 10.2.2.1 0.0.0.0 network 10.2.4.14 0.0.0.0 no auto-summary Configuration on R4 router eigrp 1 network 10.1.4.5 0.0.0.0 no auto-summary redistribute ospf 1

The Fault Condition is related to which technology? A. EIGRP B. InterVLAN communication C. OSPF D. Switch to Switch Connectivity Answer: A

QUESTION NO: 331 Following ticket consists of a problem description and existing configuration on the device.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

m

309

Cisco 642-832: Practice Exam

Figure 1

Figure 2

Trouble Ticket Statement Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0.34 interface. "Pass Any Exam. Any Time." - www.actualtests.com 310

Ac

tua

lTe

sts

.co

m

Cisco 642-832: Practice Exam Configuration on DSW1 router eigrp 10 network 10.1.4.4 0.0.0.0 network 10.2.1.1 0.0.0.0 network 10.2.4.13 0.0.0.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.1.4.8 0.0.0.0 network 10.2.2.1 0.0.0.0 network 10.2.4.14 0.0.0.0 no auto-summary Configuration on R4 router eigrp 1 network 10.1.4.5 0.0.0.0 no auto-summary redistribute ospf 1

What is the solution of the fault condition?

Answer: C

QUESTION NO: 332 Following ticket consists of a problem description and existing configuration on the device.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. Change the EIGRP AS to 1 on DSW1 B. Change the routing protocol on DSW1 and DSW2 to OSPF C. Change the EIGRP AS to 10 on R4 D. Advertise 10.1.1.8/30 network in EIGRP on R4

tua

lTe

sts

.co

m

311

Cisco 642-832: Practice Exam

Figure 1

Figure 2 Trouble Ticket Statement Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0.34 interface. "Pass Any Exam. Any Time." - www.actualtests.com 312

Ac

tua

lTe

sts

.co

m

IP Addressing Answer: B "Pass Any Exam.0.0.0.2.0 network 10.255.actualtests.1.Cisco 642-832: Practice Exam Configuration on DSW1 router eigrp 10 network 10.0.2.2.0 0.0.255 access-list 1 permit 209.com Ac tua lTe sts .0. OSPF D.0.0 no auto-summary redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF ! router ospf 1 network 10.0." .0.255.4.14 0.0.1.13 0.0.4.2.5 0.co m 313 .255.1.0.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.255 The Fault Condition is related to which technology? A. EIGRP B.4.1.0.4.0 network 10. Route Redistribution C.www.0.4.0.0 area 34 redistribute eigrp 10 subnets ! route-map EIGRP->OSPF match ip address 1 ! access-list 1 permit 10.2.1 0.0. Any Time.8 0.1 0.8 0.1.0.0.1.255.0 no auto-summary Configuration on R4 router eigrp 10 network 10.0 0.0 network 10.4 0.0.0 network 10.0.

Cisco 642-832: Practice Exam QUESTION NO: 333 Following ticket consists of a problem description and existing configuration on the device. Any Time." .www. Figure 1 Figure 2 Trouble Ticket Statement "Pass Any Exam.co m .actualtests.com 314 Ac tua lTe sts .

Configuration on DSW1 router eigrp 10 network 10.0 no auto-summary Configuration on R4 router eigrp 10 network 10.1." .0. Change the route-map name in the redistribute command under OSPF process to EIGRP>OSPF on R4 "Pass Any Exam.0.0 network 10.255.0.14 0.2.www.0.255 What is the solution of the fault condition? A.4.0 no auto-summary redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF ! router ospf 1 network 10.0.0.0.8 0.255.0.0 network 10.255 access-list 1 permit 209. Any Time.2.0.255.0 area 34 redistribute eigrp 10 subnets ! route-map EIGRP->OSPF match ip address 1 ! access-list 1 permit 10.0 0.0.13 0.0 network 10.0 network 10.4.0.com 315 Ac tua lTe sts .actualtests.34 interface.2.5 0.1 0.2.1.4.1.0.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.8 0.1 0.0.4. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0.1.0.1.0.2.0.4 0.0.0 0.255. Remove the redistribute command from OSPF process on R4 B.0.1.co m .Cisco 642-832: Practice Exam Client 1 is not able to reach the WebServer.4.0.0.

Cisco 642-832: Practice Exam C.1.com Ac tua lTe sts .1. Change EIGRP AS to 1 on R4 D.8/30 network in EIGRP on R4 Answer: B QUESTION NO: 334 Following ticket consists of a problem description and existing configuration on the device. Figure 1 "Pass Any Exam.www." . Advertise 10. Any Time.actualtests.co m 316 .

0.8 0.2.0. Initial troubleshooting shows that DSW1 can ping the Fa0/1 interface of R4 but not the s0/0/0/0. sts .0.actualtests.co m 317 .0 no auto-summary Configuration on R4 router eigrp 10 "Pass Any Exam.4.0.0 network 10.0.0 network 10.2.www.1 0.34 interface.0.0 network 10.com Ac tua lTe Client 1 is not able to reach the WebServer.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.14 0.0.0." .1 0.2.1.4.0. Any Time.0.0.4 0.13 0.1.Cisco 642-832: Practice Exam Figure 2 Trouble Ticket Statement Configuration on DSW1 router eigrp 10 network 10.4.2.2.1.0 network 10.4.0.

Any Time. Trouble Ticket Statement DSW1 and R4 cannot ping R2's loopback or R2's s0/0/0/0.255.0.0.12 IPv6 address.0.2.1.1.0 0.0. Configuration on R2 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 2.0.0.255.0.co m On Which device is the fault condition located? 318 .2 ! interface s0/0/0/0. DSW2 C.8 0.5 0. R4 .2.0.Cisco 642-832: Practice Exam network 10. Client 1 D.com Ac tua lTe sts A.255 Answer: D QUESTION NO: 335 The network setup for this trouble ticket is shown in Figure 3.0 0.255.4. DSW1 B.23 ipv6 address 2026::1:1/122 "Pass Any Exam.www. Initial troubleshooting shows and R2 is not an OSPFv3 neighbor on R3.actualtests.255 access-list 1 permit 209.0 area 34 redistribute eigrp 10 subnets ! route-map EIGRP->OSPF match ip address 1 ! access-list 1 permit 10.255." .1.0 no auto-summary redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF ! router ospf 1 network 10.

R3 Answer: C "Pass Any Exam. DSW1 B. DSW2 C.actualtests.www." .co m 319 . Any Time. R2 D.3.Cisco 642-832: Practice Exam Configuration R3 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 3.3.23 ipv6 address 2026::1:2/122 ipv6 ospf 6 area 0 Figure 3 On Which device is the fault condition located? A.3 ! interface s0/0/0/0.com Ac tua lTe sts .

co m 320 .www. Any Time. Initial troubleshooting shows and R2 is not an OSPFv3 neighbor on R3.23 ipv6 address 2026::1:1/122 Configuration R3 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 3.2." .actualtests.2 ! interface s0/0/0/0.12 IPv6 address.com Ac tua lTe sts . Configuration on R2 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 2.3 ! interface s0/0/0/0.23 ipv6 address 2026::1:2/122 ipv6 ospf 6 area 0 "Pass Any Exam.3.2. Trouble Ticket Statement DSW1 and R4 cannot ping R2's loopback or R2's s0/0/0/0.Cisco 642-832: Practice Exam QUESTION NO: 336 The network setup for this trouble ticket is shown in Figure 3.3.

IPv6 Addressing B.Cisco 642-832: Practice Exam Figure 3 The Fault Condition is related to which technology? A. Trouble Ticket Statement DSW1 and R4 cannot ping R2's loopback or R2's s0/0/0/0. Route Redistribution C.actualtests.co m 321 .com Ac tua lTe sts ." . Any Time. RIPng Answer: C QUESTION NO: 337 The network setup for this trouble ticket is shown in Figure 3. Initial troubleshooting shows and R2 is not an OSPFv3 neighbor on R3.www. OSPFv3 D. Configuration on R2 "Pass Any Exam.12 IPv6 address.

23 ipv6 address 2026::1:2/122 ipv6 ospf 6 area 0 Figure 3 What is the solution of the fault condition? "Pass Any Exam.com 322 Ac tua lTe sts .2 ! interface s0/0/0/0.2.co m .Cisco 642-832: Practice Exam ipv6 unicast-routing ! ipv6 router ospf 6 router-id 2.3. Any Time.www." .23 ipv6 address 2026::1:1/122 Configuration R3 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 3.actualtests.3.2.3 ! interface s0/0/0/0.

" .co m 323 .23 on R2 D.actualtests.com Ac tua lTe sts .Cisco 642-832: Practice Exam A. Remove IPv6 address from s0/0/0/0.23 on R2 Answer: A "Pass Any Exam. Add ipv6 ospf 6 area 6 under s0/0/0/0. Any Time. Add ipv6 ospf 6 area 0 under S0/0/0/0.23 on R2 C.23 on R2 B.www. Enable IPv6 routing on s0/0/0/0.