Vous êtes sur la page 1sur 45

What are two motivations for measuring network performance? (Choose two.

)
capacity planning
controlling traffic flow
diagnosing performance problems
increasing network security
monitoring user activity
troubleshooting logging activity

When should high-impact network changes be made on a production network?


immediately
during regular business hours
during peak network traffic times
during scheduled maintenance windows

Which two network maintenance tasks should be performed as part of a network maintenance plan?
(Choose two.)
network monitoring
IP address administration
service-level agreement compliance
command line device management
accommodating adds, moves, and changes

Which two network procedures should all network maintenance plans include? (Choose two).
replacing failed devices
determining business hours
accommodating adds, moves, and changes
establishing a list of non-essential applications
responding to all external queries

What are two benefits of scheduling maintenance as part of the network maintenance planning effort?
(Choose two.)
reduced network downtime
more promotion of the use of a common calendar
less need for network monitoring
predictable lead time for change requests
immediate solutions to noncritical issues
easier for budget planning purposes

What are two benefits to a scheduled maintenance? (Choose two.)


reduces network downtime
allows failed devices to be corrected immediately
allows the engineers to make the corrections during peak utilization times
ensures software patches and backups are completed

Why is it important to have a disaster recovery plan for a network?


to reduce network costs
to reduce downtime when a device fails
to increase network capacity during peak times
to increase network throughput during peak times

What must be considered when creating configuration backups to be used during disaster recovery?
a clear versioning and naming system
service contract information
exact hardware serial numbers
location of single points of failure
An administrator has a written procedure of the steps to follow if a device fails. Which two items should
the administrator have in order to reduce the amount of downtime the failed device could cause? (Choose
two.)
existing IOS
SNMP logs
Cisco Feature Navigator
copy of current configuration

An administrator needs to ensure a server is created to store all network device backups. Which service
should be enabled on the server to allow it to receive backups?
Telnet
CCP
NTP
FTP

Which two statements are true about NTP servers in an enterprise network? (Choose two.)
There can only be one NTP server on an enterprise network.
All NTP servers synchronize directly to a stratum 1 time source.
NTP servers at stratum 1 are directly connected to an authoritative time source.
NTP servers ensure an accurate time stamp on logging and debugging information.
NTP servers control the mean time between failures (MTBF) for key network devices.

Which Cisco web-based resource provides a complete bill-of-materials based on selected hardware and
software configurations?
Cisco Power Calculator
Cisco Feature Navigator
Embedded Event Manager
Dynamic Configuration Tool
CiscoWorks Resource Manager Essentials

What are two ways to simplify access to network maintenance documentation? (Choose two.)
a wiki
an issue tracking system
SNMP Object Navigator
Cisco Feature Navigator
Cisco Dynamic Configuration Tool

A network technician receives a report from a user about a connectivity issue to a branch office resource.
The details of the issue are documented and assigned a priority. Another team member reviews the issue
and researches how similar issues were resolved in the past. The issue is escalated to another team for
resolution. What type of maintenance tool matches the process described?
Management Information Base (MIB)
Dynamic Configuration Tool
issue tracking system
syslog server logging system

Which two actions are considered part of network monitoring and performance measurement? (Choose
two.)
measurement of network delay, jitter, or packet loss
monitoring of interface status, interface load, CPU load, and memory usage
monitoring the procedures used to install software, configurations, and licenses
monitoring the performance of the tools required to transfer the software and configuration to the device
ensuring the availability of documentation of the exact hardware part, serial, and service contract numbers
for the devices
Which network performance statistics should be measured in order to verify SLA compliance?
NAT translation statistics
device CPU and memory utilization
packet round-trip time (RTT), jitter, and packet loss
number of error messages that are logged on the syslog server

Refer to the exhibit. Based on the information presented, why would a syslog server not receive debugging
information?
Debugging information cannot be sent to a syslog server.
The logging trap 7 global configuration command still needs to be issued.
The logging buffer is too small to store debugging information and must be increased.
The logging console debugging global configuration command still needs to be issued.
The logging monitor debugging global configuration command still needs to be issued.

Successful disaster recovery is dependent on the existence of which two items? (Choose two.)
network management personnel on-site 24/7
up-to-date server patches
software provisioning tools
up-to-date hardware inventory
well-defined trust boundaries

Refer to the exhibit. A network administrator is tasked with creating a backup of the startup configuration
for router R1 to a server with IP address 10.1.15.1. Which option will provide the most secure way to
transfer the file?
R1# copy startup-config ftp://10.1.15.1/R1-test.cfg
R1# copy startup-config ftp://RED:san-fran@10.1.15.1/R1-test.cfg
R1# copy startup-config http://10.1.15.1/R1-test.cfg
R1# copy startup-config https://10.1.15.1/R1-test.cfg
Refer to the exhibit. A network administrator is tasked with creating a configuration archive for the
configuration of R1. What would be the outcome of the displayed configuration?
The current running configuration file will be archived after 10080 minutes on the remote server.
The current running configuration file will be archived every 10080 minutes in the local flash memory.
The current running configuration file will be archived any time running configuration is copied to
NVRAM.
The current running configuration file will be archived every 10080 minutes in the local flash memory and
remote location.

The help desk receives several calls on Monday morning stating that users cannot connect to a local print
server that was working on Friday. Which statement about the problem would be correct?
The inability to connect to the print server is a symptom of a problem.
The inability to connect to the print server is the problem.
The connectivity problem occurred Monday morning.
The inability to connect to the print server caused the problem.

What is a symptom of an incorrectly applied network command when issued under the routing process?
a down status on an interface
a timeout message when attempting to ping a device on another network
a routing protocol that is not running
a user who is unable to connect to machines that are located on the same subnet

After a network change that occurred during a scheduled maintenance window, users were complaining
about not being able to access a local file server. Upon investigation, the administrator determined that the
problem was with the recently entered routing configurations. Because of company policy, the
administrator is not allowed to correct the routing configuration outside of a scheduled maintenance
window. Instead, the administrator moved the file server to an accessible subnet. Which statement
describes what the administrator did?
The administrator determined a solution to the problem.
The administrator determined a workaround for the problem.
The administrator applied the "move the problem" troubleshooting approach.
The administrator applied the "spot the difference" troubleshooting approach.

What are two limitations of an ad hoc troubleshooting approach? (Choose two.)


inefficient use of time and resources
only applicable to physical layer problems
difficult to transfer the job to someone else
can only be used after a structured approach has failed
requires more technical knowledge than a structured approach

What is an important element of troubleshooting, regardless of the method used?


using a single troubleshooting process
executing the steps in the same order every time
following a structured and systematic process
spending a significant amount of time analyzing the information

A network engineer initially uses the ping command to help troubleshoot a connection problem. Which
troubleshooting approach best describes this scenario?
bottom-up approach
divide-and-conquer approach
follow-the-path approach
move-the-problem approach
spot-the-difference approach
top-down approach

A user creates a trouble ticket indicating that the Internet is inaccessible. The network administrator
receives the ticket and determines that this user is the only one having problems. A ping command issued
from the administrative PC to the user PC is successful. What should the administrator do next?
Escalate the issue to the desktop support group.
Contact the ISP to determine if there is an issue on the ISP side.
View the route table on the core router to determine if there is a routing issue.
Swap out the patch cable between the user PC and the switch to determine if that solves the problem.
What is a situation where escalation of an issue is inadvisable?
Management has not been consulted.
Escalation will slow the procedure.
The problem is actually a set of problems.
The problem has an impact on the performance of the entire network.
Solving the problem would showcase the skills and knowledge of the troubleshooter.

After a proposed solution has been implemented, the network administrator realizes that new problems
have been introduced by the changes. What is the next step in the troubleshooting process?
Propose a hypothesis.
Execute the rollback plan.
Determine an appropriate workaround.
Escalate the problem to another department.

To correct an issue that was discovered a few days earlier, an administrator makes a change during a
regularly scheduled maintenance window. After making the change, the administrator discovers that a new
problem has occurred. What should the administrator do next?
Rollback the change and resume the troubleshooting process.
Continue making changes until the symptoms disappear.
Leave the change in place and troubleshoot the new problems at a later time.
Gather information about the new problem and form a new hypothesis.

What is a benefit of change control during the processes of regular network maintenance?
simplification of the process for creating a network baseline
reduction in the frequency and duration of unplanned outages
elimination of the need to troubleshoot planned outages
elimination of the need to perform a regular network backup

Which two components are normally considered part of change control? (Choose two.)
the cost of network changes
the time when changes can be made
the technology that is used to implement changes
the authorization that is required to make changes
the staff changes that are required to carry out repairs

In which structured troubleshooting process phase would a network engineer ask questions such as "When
did it last work?" or "Has it ever worked?"
analyze information phase
define the problem phase
eliminate possibilities phase
gather facts phase
propose a hypothesis phase
solve the problem phase

Which three types of data are useful for creating a baseline? (Choose three.)
number of infrastructure routers and switches
Remote Monitoring (RMON), Network Based Application Recognition (NBAR), and NetFlow statistics
DHCP and NAT translation statistics
network performance characteristics
switch interface statistics of all access ports
basic performance statistics like the interface load for critical network links and the CPU load and memory
usage of routers and switches
What are two facts regarding the information that is collected for baseline creation? (Choose two.)
The information is the same for all networks.
It can be used for capacity planning.
It should be limited to only a few key performance statistics.
It can be collected using tools such as NBAR, NetFlow, and SNMP.
It should be collected only once and then archived for future reference.

A network administrator executes the show processes cpu command on a production router and notices
that the average CPU load over the past 5 seconds was 97% and over the last one minute was around 39%.
What should the administrator do next?
Nothing. This is normal behavior for an ISR router.
Contact the service provider because the contract is not being fulfilled as specified in the SLA.
Compare the result to the baseline for an accurate assessment.
Replace the router as soon as possible because it has reached capacity.

What type of information can be gathered by using SNMP during the process of collecting baseline
information?
basic performance statistics via the use of show commands
basic performance statistics for Layer 2 and Layer 3 protocols
basic performance statistics about the interface load for critical network links
basic performance statistics to profile different types of traffic on the network

Which two procedures can be implemented to ensure that current backups of all device configurations are
maintained? (Choose two.)
Log all configuration change events to a syslog server.
Password protect all devices to prevent configuration changes.
Implement a system to create automatic configuration backups.
Update configuration backups only after major network outages.
Create configuration backups as soon as an issue is reported with network performance.

Which three IOS features can be used to keep the network documentation accurate? (Choose three.)
rollback feature
policy compliance
configuration archive
performance monitoring
basic performance statistics
Embedded Event Manager

--------------------------------------------------------------------------------
-- Chapter 3º -----------------------------------------------------------------
--------------------------------------------------------------------------------

3º Exam (+ solutions):
(Pictures posted on the comment secction)

1
[Picture 5]
Refer to the exhibit. A network administrator used an extended ping to verify connectivity to
a remote location. The ping indicated a 50 percent packet loss. What could be the cause of
the problem?
NAT is filtering the echo reply packets.
The packet size is exceeding the MTU.
An ACL is blocking the echo reply packets.
An ACL is blocking the echo request packets.
x Load balancing is occurring with packet loss on one path.

2
Which two symptoms would the show processes cpu command be helpful in
troubleshooting? (Choose two.)
no link lights
x failed Telnet sessions to router
output queue drops
x input queue drops
excessive collisions

3
The administrator would like to see the commands that are associated with the serial1/0
interface. The administrator enters the command show running-config | section interface
serial1/0 but does not receive a response. What could be the problem?
The interface is down.
The interface does not have any commands associated with it.
x The interface serial1/0 keyword looks for an exact match and should specify interface
Serial1/0.
The administrator should have entered the command show run | i interface serial1/0.

4
[Picture 4]
Refer to the exhibit. What information does this output provide?
The router has a connected default route.
The router is installing five routes in its routing table.
x The router received routing updates from 10.89.64.28.
The router is advertising its routes to the router with the address 10.89.94.31.
5
What statistical information is gathered using NetFlow?
interface error statistics
x IP traffic statistics
router CPU usage statistics
switch memory usage statistics

6
[Picture 6]
Refer to the exhibit. The RSPAN configuration for each switch is shown. The network
administrator has configured RSPAN to allow the monitoring of traffic to a corporate server.
Unfortunately, the administrator is unable to sniff any traffic from the link. Why is the
administrator unable to sniff traffic?
Only VLAN 1 can be used as the RSPAN VLAN.
The session numbers on the two switches do not match.
The remote interface on SW1 should be identified as fa0/3.
The source and destination interfaces are reversed on SW2.
x VLAN 100 has not been properly configured as an RSPAN VLAN.

7
Which SNMP version offers enhanced security through encryption and authentication?
SNMP version 2
SNMP version 2c
x SNMP version 3
SNMP version 3c
SNMP version 5
SNMP version 9

8
[Picture 7]
Refer to the exhibit. A network administrator is testing connectivity to a remote application
server. On the basis of the output that is exhibited, what conclusion can be made?
A problem exists with Layer 3 connectivity.
A connection can be established to all TCP ports on the server.
x The Open response on R1 indicates that the port (application) is active.
A Telnet connection to the HTTP port on a server is unsuccessful.

9
[Picture 3]
Refer to the exhibit. From the debug ip packet command output, which statement is
correct?
All packets are the same length.
x All packets are being process switched.
All packets originated within the router.
All packets are forwarded out interface FastEthernet0/0.
10
Embedded Event Manager events can be triggered based on which three Cisco IOS
subsystems? (Choose three.)
changes in the CEF table
changes in the routing table
x counter changes
execution of a Tcl script
x SNMP MIB object changes
x syslog messages

11
What does the command show ip interface brief | exclude unassigned display?
x all interfaces that have an IP address assigned
all interfaces that are assigned an access control list
the first instance of the unassigned keyword and all lines afterwards
only the first section of output that contains the unassigned keyword

12
What should be considered when using the debug command?
It may result in outdated output.
x It may render the system unusable.
It can be executed from user EXEC.
It needs to be used only when the network has heavy traffic.

13
[Picture 2]
Refer to the the exhibit. Given the partial NetFlow configuration, which command sequence
is required to forward the traffic statistics of interfaces Fa0/0 and Fa0/1 to the NetFlow
traffic collector?
R1(config)# interface FastEthernet1/0
R1(config-if)# ip flow egress
R1(config-if)# exit
R1(config)# interface FastEthernet1/0
R1(config-if)# ip flow ingress
R1(config-if)# exit
R1(config)# ip flow-control source Fa0/0
R1(config)# ip flow-control source Fa0/1
R1(config)# exit
R1(config)# ip flow-control source Fa1/0
R1(config)# exit
x R1(config)# interface FastEthernet0/0
R1(config-if)# ip flow ingress
R1(config-if)# exit
R1(config)# interface FastEthernet0/1
R1(config-if)# ip flow ingress
R1(config-if)# exit

14
A router is currently running both OSPF and BGP. The administrator issues the command
show ip route | exclude ^B. What routes will be displayed?
only OSPF routes
only BGP routes
both BGP and OSPF routes
x both OSPF and directly connected routes
both BGP and directly connected routes

15
What is the effect of the snmp-server ifindex persist command?
All SNMP messages will remain in memory until the next interface reset.
The SNMP community string index will be encrypted and stored in NVRAM.
The SNMP interfaces for all devices in the community will be synchronized in NVRAM.
x The SNMP interface index for each interface will stay the same, even if the device is
rebooted.

16
By default, Cisco routers send which type of SNMP traps?
x SNMP version 1
SNMP version 2c
SNMP version 3
SNMP versions 1 and 2c
SNMP versions 1, 2c, and 3

17
What will occur when the no debug all command is issued?
Options for debugging will be displayed.
All debugging output will immediately stop.
x No further debugging information will be generated.
General debugging on the router will be disabled, but specific debugging will continue.

18
A newly established branch office is reporting connectivity issues with the server farm that is
located at the head office. The network administrator suggests that the problem could be
with the path MTU. How could the network administrator verify that this is the problem?
Escalate the problem to the ISP.
Consult the network documentation to determine the MTU.
Use the traceroute command to determine where packets are being lost.
Send different types of traffic to the destination address to determine which makes it
through.
x Use the extended ping option to send packets of increasing size to the destination to
determine the path MTU.

19
A network administrator has received complaints about slow network performance on one
segment of a Layer 2 switched network. To determine what types of traffic are on the
segment, the administrator decides to configure SPAN to allow the installation of a packet
sniffer. Which two items must be configured to allow SPAN to function? (Choose two.)
x a monitored port or VLAN
the threshold value of monitored traffic
x the port that connects to the packet sniffer
the sampling rate of the monitored port or VLAN
the dot1q encapsulation on the monitored port

20
[Picture 1]
Refer to the exhibit. On the basis of the exhibited output, what could be the reason for the
failure of the second ping to host 172.16.1.5?
The destination network became unreachable after two seconds.
The router cannot handle two consecutive extended ping commands.
Packets with the DF bit set cannot be transported over a Frame Relay network.
x An interface of the device along the path to the destination cannot accommodate the large
packets.
-- Chapter 4º -----------------------------------------------------------------
--------------------------------------------------------------------------------

4º Exam (+ solutions):

1
Refer to the exhibit. Which two conclusions can be made based on the output of the show
mac address-table command. (Choose two.)
x Port Fa0/6 is configured as a trunk.
x Port Fa0/2 will not have the MAC address expire.
Port Fa0/5 is configured for VLAN 30.
VLAN 100 is connected to a hub.
VLAN 20 was learned via a neighboring switch.

2
Refer to the exhibit. Based on the information in the exhibit, which two statements are true?
(Choose two.)
The Gateway Load Balancing Protocol (GLBP) is configured on router R1.
Router R1 is the standby router.
The output was generated by the show glbp brief command.
The output was generated by the show standby brief command.
x The output was generated by the show vrrp brief command.
x The Virtual Router Redundancy Protocol (VRRP) is configured on router R1.

3
Refer to the exhibit. A forwarding loop has been created between switches A, B, and D.
Given the output generated by the show spanning-tree vlan command on switches B and D,
what could be the cause of the problem?
Switches B and D are running different versions of STP.
x Switches B and D have not agreed on the STP root for VLAN 10.
Switches A and B are not configured as a trunk link.
Switches A and B are not configured as an EtherChannel.

4
What is one of the first indications that spanning tree has failed and a broadcast storm may
be underway?
Access ports move into blocking state.
All 802.1Q trunks shut down unexpectedly.
MAC address tables rapidly fill and prevent data frame forwarding.
x Routers or Layer 3 switches run at a very high CPU utilization load.

5
The command show ip cef displays the contents of which table?
Address Resolution Protocol (ARP)
IP routing
x Forwarding Information Base (FIB)
adjacency
Routing Information Base (RIB)

6
A network administrator created an EtherChannel that consists of four physical links. Upon
examination of the log files, the administrator observed the following message.
Nov 30 15:05:45: %EC-5-CANNOT_BUNDLE2: Gi1/1 is not compatible with Gi1/2 and will be
suspended
What is the cause of this error message?
The switch was not able to create the EtherChannel link.
Only one switch is properly configured for EtherChannel.
x The switch has suspended a physical link because of incompatibilities.
There is an uneven distribution of traffic on the EtherChannel bundle members.
The Link Aggregation Control Protocol (LACP) is incompatible with the version of the IOS that
is running on the switch.

7
What is true of a switched virtual interface (SVI) on a Layer 3 switch?
It carries traffic for multiple VLANs.
It is a physical interface in a single VLAN.
It is created when the associated VLAN is created.
x It provides a default gateway for hosts in a VLAN.

8
What is the purpose of the no switchport command?
to disable the interface
x to make the interface a routed port
to initiate spanning tree on the interface
to change the interface to a trunk port

9
The show mls cef command is available on which platform?
3560
3750
4500
x 6500
2960

10
Which IETF solution should be used to provide first hop redundancy in a multivendor
network environment?
Cisco Express Forwarding (CEF)
Forwarding Information Base (FIB)
Gateway Load Balancing Protocol (GLBP)
Hot Standby Router Protocol (HSRP)
switch virtual interface (SVI)
x Virtual Router Redundancy Protocol (VRRP)

11
About which process can detailed information be found from the output of the show
platform forward command on the Catalyst 3560, 3750, and 4500 platforms?
errors
x forwarding
counters
buffering
queuing

12
Which three types of ports or interfaces can be affected by the Spanning Tree Protocol?
(Choose three.)
routed
x access
x trunk
loopback
null
x Switch Virtual Interface (SVI)

13
A network administrator received several complaints from end users that they are unable to
access any resources on the Layer 2 switched network. The administrator unplugs one of the
redundant links that is running to the affected area of the network, and the users report that
the problem disappears. When the cable is reconnected, the problem reappears. What is the
most likely cause of the problem?
The network cable is faulty.
The immediately upstream switch is faulty.
x Spanning tree has failed or has been disabled.
The link cable is connected to an incorrect VLAN.
The switch port is improperly configured as an access port.

14
Refer to the exhibit. A network administrator decided to include R3, a new router, as part of
the already converged HSRP group. On the basis of the configuration that is provided, which
router will assume the active role and which router will become standby for the HSRP group
1 when R3 becomes operational?
Router R2 will become active only if router R1 fails.
Routers R1 and R2 will keep the active and the standby roles.
x Router R1 will keep the active role, and R3 will assume the standby role.
Router R3 will become active, and router R1 will assume the standby role.
15
Refer to the exhibit. Router R1 was recently included in HSRP group 1. On the basis of the
debug standby terse output that is provided, which statement is true?
R2 will keep the active role, and R1 will become a standby router.
x R1 has promoted itself to the role of active router and R2 has assumed the role of standby
router.
R2 promoted itself to the active role when its hold-down timer expired before it saw a better
candidate for the role of active router.
R1 and R2 will alternate between the active and the standby role because of a conflict in the
HSRP priority that is configured on the routers.

16
Refer to the exhibit. A network administrator is troubleshooting an HSRP related problem
and confirms that router R1 is the active HSRP router. Which command could be issued on a
Windows host to verify the virtual IP and MAC address are the same as configured on R1?
x C:\> arp -a
C:\> ipconfig /renew
C:\> netstat
C:\> pingvirtual-ip
C:\> tracertvirtual-ip

17
A network administrator is troubleshooting a connectivity issue in a Layer 2 switched
network. After issuing the show mac-address-table command on the access switch, the
administrator observes that there is no entry for the host that is experiencing the problems.
The host machine is powered on and appears to be functioning normally. What can be
deduced from this?
ARP does not function on the host machine.
The host machine is connected to the wrong port on the local switch.
x The host machine does not have a physical connection to the switched network.
The show mac-address-table command only displays the MAC address of devices that are
connected to the native VLAN.
The show mac-address-table command only displays the destination MAC address, so there
should not be an entry for the host machine until data is sent to it.

18
A switch console displays the message %SPANTREE-2-CHNL_MISCFG. What does this mean?
x The ports that are configured for EtherChannel have been disabled because of an
inconsistency in the configuration.
The root bridge for the Spanning Tree Protocol cannot be found.
The spanning-tree timers on the port do not match the timers on the port of the neighboring
switch.
The PortFast feature has been enabled, but a switch has been detected on that port.

19
Refer to the exhibit. Based on the information that is presented in the exhibit, which
statement is true?
The Gateway Load Balancing Protocol (GLBP) has been configured.
x The reachable IP address of the standby router is 10.1.1.2.
Router R1 is currently the standby router.
Router R1 is using the default priority value.
The IP address 10.1.1.254 is a loopback address on router R1.
The Virtual Router Redundancy Protocol (VRRP) has been configured.

20
Refer to the exhibit. A network administrator configured routers R1 and R2 as part of HSRP
group 1. After the routers have been reloaded, a user on Host1 complained of lack of
connectivity to the Internet The network administrator issued the show standby brief
command on both routers to verify the HSRP operations. In addition, the administrator
observed the ARP table on Host1. Which entry should be seen in the ARP table on Host1 in
order to gain connectivity to the Internet?
the IP address and the MAC address of R1
x the virtual IP address and the virtual MAC address for the HSRP group 1
the virtual IP address of the HSRP group 1 and the MAC address of R1
the virtual IP address of the HSRP group 1 and the MAC address of R2
5º Exam (+ solutions):
(Pictures posted on the comment secction)

1
Refer to the exhibit. A network administrator wants to load-balance the traffic that is coming
from the LAN that is attached to router R1 and going to the 10.10.10.0/24 network. The
output from the routing table on R1 reveals that the traffic is flowing through router R3 only.
What is the reason for this traffic behavior?
x RIP redistribution into the EIGRP routing process is not performed on R4.
EIGRP does not load-balance automatically over equal-cost paths.
A variance command is missing under the EIGRP configuration on R3 and R4.
The seed metrics should be configured with the default metrics command under the EIGRP
process on R3.
The passive-interface default command on R4 is blocking the RIP updates that are being
propagated into the EIGRP routing domain.

2
Refer to the exhibit. A network administrator first issued the show ip route command and
then decided to filter the output of the routing table via the show ip route 128.0.0.0
128.0.0.0 longer-prefixes command. Which prefixes will be displayed in the output?
all IP prefixes
IP prefixes 10.10.1.0 and 10.134.2.0
x IP prefixes 172.16.30.0 and 172.30.40.0
IP prefixes 10.10.1.0, 10.129.30.0, 10.134.2.0, and 10.230.40.0

3
What occurs immediately following the encapsulation of data into IP packets during the
transmission of data between source and destination hosts?
The source host sends the packet to the default gateway address.
An ARP request is made to determine the MAC address of the destination host.
x The source host determines if the destination network is the same or different from its
own local subnet.
The sending host encapsulates the data into a frame addressed to the MAC address of the
destination host.
The routing table is consulted to determine which interface to forward the packet through
based on the longest prefix match.

4
[Picture 8º]
Refer to the exhibit. A network administrator uses the output of the show ip cef exact-route
command to verify the routing operations. Which statement represents the information that
the network administrator will gather from the output?
Traffic that is sourced from 172.17.249.252 will use 192.168.49.252 as a next hop.
The destination 172.17.249.252 can be reached via the next hop address 10.10.10.1.
The destination 10.10.10.1 can be reached via the next hop address 172.17.249.252.
x Traffic that is sourced from 10.10.10.1 and destined to 172.17.249.252 will go out the
FastEthernet1/0 interface.

5
Which data structure does an EIGRP enabled router use to track devices from which it
receives EIGRP hello packets?
Forwarding Information Base
interface table
x neighbor table
routing table
topology table

6
[Picture 9º]
Refer to the exhibit. A network administrator is troubleshooting a routing related problem.
Which two facts can be concluded based on the generated output of the show logging
command? (Choose two.)
Interface Serial 0/1 has been incorrectly configured with IP address 192.168.2.2.
x Interface Serial 0/1 is flapping.
Router R1 has established a stable IBGP peering relationship with the neighbor at IP address
192.168.2.2.
Router R1 has established a stable EBGP peering relationship with the neighbor at IP address
192.168.2.2.
x Router R1 is unable to establish a stable BGP peering relationship with the neighbor at IP
address 192.168.2.2.
The BGP-5-ADJCHANGE message indicates an error with the subnet mask for the specified
prefix.

7
Which two data structures are used by Cisco Express Forwarding to improve the
performance of IP packet switching processes on routers? (Choose two.)
x adjacency table
x Forwarding Information Base
interface table
neighbor table
routing table
topology table

8
[Picture 5º]
Refer to the exhibit. Mutual redistribution has been configured on router R7 between the
OSPF and EIGRP routing processes. What could be the reason that EIGRP routes are not
being properly redistributed into the OSPF process?
The OSPF metric configuration is missing for the EIGRP routes that are redistributed into
OSPF.
x The subnets keyword configuration is missing for the EIGRP routes that are redistributed
into OSPF.
There is an incorrect EIGRP metric configuration for the OSPF routes that are redistributed
into EIGRP
There is an incorrect external route type configuration for the EIGRP routes that are
redistributed into OSPF.

9
[Picture 11º]
Refer to the exhibit. In the show ip route output, what is the source of the 72.163.4.0 /24
route?
It comes from a stub area router.
It comes from a normal area router.
x It comes from an area border router (ABR).
It comes from an autonomous system border router (ASBR).

10
Which three pieces of information are found in the BGP neighbor table? (Choose three.)
x the BGP router ID of any peer
the routes that are redistributed into BGP
the peer synchronization configuration
x the number of exchanged prefixes with a neighbor
x the AS number of the peer
the IGP that is configured on the BGP peer

11
When route redistribution is being configured from another routing protocol into EIGRP,
what value is used when no seed metric is configured?
a value equal to the minimum possible value
x a value equal to the maximum possible value
a value equal to the cost of a directly connected segment
a value equal to the redistributing protocol

12
[Picture 1º]
Refer to the exhibit. Router RTA and router RTB have been configured to exchange routing
information using OSPF. However, both routers never transition beyond 2WAY state. What is
the cause of this problem?
An access list on one side is blocking OSPF Hellos.
Authentication is enabled on only one side.
There is a switch problem and multicast capabilities are broken.
x A priority of 0 has been configured on RTA and RTB interfaces.
There is a misconfigured neighbor statement on RTA or RTB.
13
[Picture 3º]
Refer to the exhibit. A network administrator is unable to have two BGP peers exchange
routing information. Which solution would correct this problem?
Router R1 should be configured with the neighbor 2.2.2.2 ebgp-multihop 1 command and R2
with the neighbor 1.1.1.1 ebgp-multihop 1 command.
Router R1 should be configured with the neighbor 2.2.2.2 ebgp-multihop 3 command and R2
with the neighbor 1.1.1.1 ebgp-multihop 3 command.
x Router R1 should be configured with the neighbor 2.2.2.2 remote-as 300 command.
The loopback interfaces on each router should be removed.

14
A network administrator is adding a new router into an existing OSPF network and notices
that the router is stuck in the INIT state. What is a possible cause of this problem?
There is a mismatched interface MTU.
x An access list is blocking OSPF hellos.
Duplicate Router IDs are configured on the new router.
Layer 2 switches between the two routers are not multicast aware.

15
A network administrator issued the show ip cef command to verify the routing operations on
the device. Which table entries will be present in the output?
the topology table entries
the routing table entries
the Routing Information Base (RIB) entries
x the Forwarding Information Base (FIB) entries

16
[Picture 2º]
Refer to the exhibit. Based on the shown output, what is the resulting effect on the routing
table?
A route to the network 172.16.0.0 /30 will not be added to the routing table.
A route to the network 172.16.0.0 /30 will be added to the routing table and have a metric
of 1310720.
A route to the network 172.16.0.0 /30 will be added to the routing table and have an
administrative distance of 90.
x A route to the network 172.16.0.0 /30 will be added to the routing table with an outbound
interface of FastEthernet0/0.

17
[Picture 6º]
Refer to the exhibit. What can be determined about the origin of the route to the 172.16.0.0
network?
The route is manually entered.
The route is directly connected to RouterHQ2.
x The route is learned via redistribution into EIGRP.
The route is summarized by EIGRP at the advertising router.

18
[Picture 4º]
Refer to the exhibit. What is a possible reason that Router2 is not receiving OSPF routing
updates on interface FastEthernet0/1?
Interface FastEthernet0/1 is configured as passive for OSPF.
The OSPF priority of interface FastEthernet0/1 is set to zero.
OSPF is not enabled on the neighboring router that is connected to FastEthernet0/1.
There is no OSPF network statement for the network to which interface FastEthernet0/1
belongs.

19
[Picture 10º]
Refer to the exhibit. A network administrator is replacing an existing router and configuring
EIGRP authentication on the Serial 0/0/0 port. When viewing the routing table, the
administrator notices that the entries for the remote networks are not listed. The
administrator enters the debug eigrp packet command and notices this output:
R1# *Nov 17 01:26:31.935: EIGRP: Serial0/0/0: ignored packet from 172.20.1.2, opcode = 5
(authentication off or key-chain missing)
Based on the information in the running configuration and the output from the debug
command, what is a possible reason for the missing routes?
Automatic summarization must be disabled.
EIGRP is not enabled on the correct interface.
An incorrect keychain name has been entered under the serial interface.
x The EIGRP autonomous system does not match the interface authentication autonomous
system.

20
What is the result of issuing the ip route profile command on a router?
The router will log each route redistribution entry to the configured syslog server.
x The router will track the number of routing table changes that occur over 5 second
sampling intervals.
The router will send console messages each time a route is installed or removed from the
routing table.
Until the buffer is full, the router will archive a copy of the routing table each time the
topology changes.
--------------------------------------------------------------------------------
-- Chapter 6º -----------------------------------------------------------------
--------------------------------------------------------------------------------

6º Exam (+/- solutions):


(Pictures posted on the comment secction)

1
Which statement is true about 6to4 tunneling and OSPF?
The neighbor command must be specified within OSPF router configuration mode to establish
the tunnel.
The neighbor address must be specified on the tunnel interface.
OSPF will automatically send out its link state database to the destination of the tunnel.
x OSPF cannot be used when establishing a 6to4 tunnel.

2
[Picture X]
Refer to the exhibit. Users on the LAN complained that they cannot access the resources on
the network. A network administrator issued the debug ip udp command on R2 to verify the
DHCP server operation. On the basis of the provided output, what could be the possible
cause of the problem?
x The ip dhcp pool command is missing from the R2 configuration.
The ip helper-address command is missing from the R2 configuration.
The ip dhcp excluded-addresses command is missing from the R2 configuration.
The domain-name command is missing from the R3 configuration.

3
Which three UDP ports are associated with messages that are forwarded by default by a
DHCP relay agent? (Choose three.)
x 37
51
x 53
59
x 69
80

4
[Picture X]
Refer to the exhibit. R2 is a branch router and accesses all nonlocal networks via R1. The
network administrator is troubleshooting why router R2 cannot access any external networks.
Based on the output of the commands, what is the likely issue?
The default router for R1 is invalid.
The IPv6 address configured for R1 is invalid.
IPv6 unicast routing has not been enabled on R1.
R2 has not been configured for autoconfiguration.

5
The network administrator changed the DHCP address pool from 10.10.0.0/16 to
10.20.0.0/16 and is now receiving complaints from users that they are unable to connect to
the Internet. The administrator issues the command show ip nat translations on the border
router and observes that there are no active translations present. The administrator then
verifies that connectivity to the Internet from the border router is present. What should the
administrator do next?
Increase the size of the existing NAT pool.
Create a new NAT pool using the 10.20.0.0/16 address space.
Change from dynamic to static NAT for all outbound connections.
x Verify that the ACL is selecting the correct addresses for translation.

6
[Picture X]
Refer to the exhibit. A network administrator has configured a static NAT entry on router R1
for the internal web server. However, external users still cannot connect to the web server.
Which procedure would resolve this problem?
Delete the current static entry and issue the ip nat outside source static 10.0.0.10
209.165.200.226 command.
x Delete the current static entry and issue the ip nat inside source static 10.1.1.10
209.165.200.226 command.
For security reasons, an outside address cannot be mapped to an internal private address
and therefore the web server should be configured with a valid public address.
Remove the overload keyword from the ip nat inside source list command.

7
[Picture X]
Refer to the exhibit. A network administrator created a static NAT translation. The purpose of
the translation is to allow outside users to use the IP address 209.165.201.1 to connect to a
server that is located on the internal network at IP address 172.16.6.3. However, users are
unable to connect to the server by using the supplied address. What is the most probable
cause of the problem?
There is no outside global address specified.
The 172.16.0.0/16 network has not been advertised to the outside world.
Dynamic NAT must be used to allow an outside user to connect to the server.
x The network administrator reversed the addresses in the mapping command.
No access list has been configured to select the traffic that is allowed to connect to the
server.

8
Which statement correctly describes the problem when NAT and IPsec implementation
coexist in the network?
NAT changes the encryption keys that are used by IPsec during the key negotiation
processes.
x NAT changes the IP header fields, and those changes can conflict with the integrity of IPsec
protocols.
NAT changes the source and destination IP addresses that are encapsulated inside the IPsec
packets.
NAT changes the TCP and UDP transport protocols that are embedded in the payload of the
IPsec packets.

9
[Picture X]
Refer to the exhibit. Users on LAN_1 complained that they cannot communicate with the
other users on the network. A network administrator issued show ip dhcp conflict command
to verify the DHCP server operation on the router. Based on the provided outputs, what could
be done to remedy the problem?
Configure the DHCP pool for a larger scope of IP addresses.
Issue the dhcp services command on router R2.
Issue the ip helper-address command under the Fa0/1 interface.
Configure the IP addresses that must be excluded from the DHCP pool.

10
[Picture X]
Refer to the exhibit. Routers R1 and R2 cannot get DHCP addresses from router R3, which is
configured as a DHCP server. After issuing the show ip socket command and troubleshooting
the problem, a network administrator verifies that the R1 and R2 interfaces are up and
operational. Based on the provided output, what could be the possible cause of the problem?
x The DHCP services are disabled on R3.
The IP helper address is missing from the R3 configuration.
The IP addresses from the DHCP pool have been exhausted.
Illegal addresses have been assigned to the interfaces of routers R1 and R2.

11
[Picture X]
Refer to the exhibit. Which two statements are true about DHCP snooping on Switch2?
(Choose two.)
DHCP snooping is enabled for interface FastEthernet0/13 and interface FastEthernet0/14.
x DHCP snooping is not enabled for interface FastEthernet0/15 and interface
FastEthernet0/16.
x DHCP snooping is configured for VLAN 10.
DHCP snooping is configured for VLAN 2.
Any interface assigned to VLAN 10 could host a DHCP server.

12
[Picture X]
Refer to the exhibit. A network administrator has configured NAT on router R1. However, R1
does not translate addresses when hosts from the 10.0.0.0 /24 LAN attempt to access the
Internet. Which configuration change would correct this situation?
Append the overload keyword to the ip nat inside source list 1 pool NATPOOL command.
Change the NAT pool to be in the same subnet as the IP address of s0/0/0.
Change the netmask of the NATPOOL to 255.255.255.224.
Enter the no ip nat inside source static 10.0.0.10 209.165.200.226 command.
x Make interface Fa0/0 the inside NAT interface and S0/0/0 the outside NAT interface.

13
[Picture X]
Refer to the exhibit. Which statement accurately describes the IPv6 routing configuration?
The command ipv6 route 5432::/48 null0 was entered on the router.
The network 4000::2/128 was learned via a routing protocol.
The command ipv6 route 5000::/64 null0 was entered on the router.
The network 4001::1/128 is unreachable.
14
[Picture X]
Refer to the exhibit. A network administrator configured an OSPF neighbor to correct a
reachability issue in a network that is using OSPF over a 6to4 tunnel. The configuration did
not solve the issue, and an error message was displayed. What should the administrator do
to correct the problem?
Change the version of OSPF to version 3.
Add the ipv6 ospf network broadcast command to tunnel interface 0.
Configure an OSPF neighbor on R2 that points to the tunnel endpoint of R1.
x Configure static routes on both R1 and R2 to the IPv6 address of the tunnel endpoint of the
neighbor.

15
[Picture X]
Refer to the exhibit. Users on the LAN complained that they cannot access the Internet.
Based on the provided output, what could be the possible cause of the problem?
Too few addresses are assigned to the NAT pool.
The NAT pool is configured with the wrong netmask.
An incorrect ACL is referenced during the NAT translation process.
The configurations for the inside and outside interfaces are reversed.

16
[Picture X]
Refer to the exhibit. A network technician is having issues setting up router R4 in a IPv6
network. What problem is indicated from the router output?
x IPv6 routing needs to be enabled.
The interface also requires an IPv4 address.
A routing protocol for IPv6 must be enabled.
IPv4 routes should be redistributed into IPv6.

17
What are the three roles a router may assume with respect to DHCP? (Choose three.)
x server
forwarder
x client
remote agent
x relay agent
supplicant

18
What are two things to be taken into consideration when NAT is configured in the network?
(Choose two.)
x the protocols that are used in the network
x the port numbers that are used by the applications
the type of interface that is configured for NAT
the scope of the IP addresses that are configured in the NAT pool
the type of ACLs that are filtering the traffic from source to destination

19
[Picture X]
Refer to the exhibit. A network administrator has implemented Network Address Translation
(NAT) on router R1. However, hosts on the inside LAN cannot connect to addresses outside
of the corporate network. Which option correctly identifies the problem?
Interface Fa0/0 should be configured as the outside NAT interface and S0/0/0 as the inside
NAT interface.
NAT cannot use named access control lists.
x The ACL is referring to the wrong internal network.
The NAT-POOL should have included the S0/0/0 interface IP address.
The overload keyword has not been appended to the ip nat inside source command.
The static NAT entry IP address is not included in the NAT-POOL.

20
Which IPv6 address is used by OSPFv3 as a next hop?
x the link-local address of the neighbor
the loopback address of the neighbor
the global unicast address of the neighbor
the default gateway of the neighbor
--------------------------------------------------------------------------------
-- Chapter 7º -----------------------------------------------------------------
--------------------------------------------------------------------------------

7º Exam (+/- solutions):


(Pictures posted on the comment secction)

1
A network is experiencing performance degradation on an access switch where user traffic is
subject to granular QoS policy and security inspection. Which switch component or
components should be inspected by the network administrator to help determine the issue?
the ingress interfaces only
the egress interfaces only
the forwarding plane only
the control plane only
the forwarding plane and the control plane
the ingress and egress interfaces, the forwarding plane, and the control plane

2
A network administrator has configured a Cisco IOS device to provide server load balancing
(SLB) for the corporate web server. What is required on the client side to ensure proper load
balancing?
Clients should initiate connections to the virtual IP address (VIP).
Clients should initiate connections to the IP address of the predictor.
Port numbers should be added to each client request in order to get routed to the correct
server.
Clients must be readdressed so that they are equally distributed throughout the network
address space.

3
[Picture X]
Refer to the exhibit. A network administrator is investigating performance issues of the
access switch. On the basis of the provided outputs, what conclusion can be made about the
switch performance?
The ratio between the FCS errors and the number of received errors is normal and does not
require further investigation.
The ratio between the FCS errors and the number of giant frames that are received on the
switch is excessively high and requires further investigation.
The ratio between the FCS errors and the number of broadcast and multicast traffic frames
that are received on the switch is normal and does not require further investigation.
The ratio between the FCS errors and the number of unicast, broadcast, and multicast traffic
frames that are received on the switch is excessively high and requires further investigation.

4
What reported error counter describes frames that do not end with an integral number of
octets and have a bad cyclic redundancy check (CRC)?
FCS-Err
Xmit-Err
Align-Err
Rcv-Err
undersize
runt

5
What must a system administrator do to allow NBAR to recognize a new protocol without
having to upgrade the Cisco IOS image?
Enable the autodiscovery feature on the interface.
Upgrade the version of NBAR that is running on the device.
Because NBAR will automatically discover new applications, the administrator does not need
to do anything.
Load an appropriate Packet Description Language Module (PDLM).

6
What can cause a memory leak on a router?
an IOS bug
incorrect configuration registry code
buffer overflow
too many remote users logged into the router

7
[Picture X]
Refer to the exhibit. Users on the network are complaining that transferring large files to the
SRV1 server takes hours. A network administrator runs a few tests on both switches to
investigate the problem. On the basis of the provided outputs, what could be the possible
reason for problem?
High CPU utilization is causing excessive FCS errors on ASW_1.
A duplex mismatch is causing a high volume of late collisions on DSW_1.
Slow STP convergence is causing a high volume of single collisions on DSW_1.
An unsupported Auto-MDIX feature on both switches is causing a high volume of multi
collisions.

8
How can an administrator determine if a memory leak is present in a router?
The show interface command will show that the input queue has reached the maximum
capacity.
The show buffers command will show no free buffers.
The show memory allocating-process totals command will show low free space.
The show diagnostics command will show that the DRAM size has reached maximum
capacity.
9
Which three hardware components are common in the architectures of all Catalyst switch
families? (Choose three.)
route processors
modules
interfaces
forwarding hardware
control plane hardware
content-addressable memory

10
[Picture X]
Refer to the exhibit. A network administrator enables AutoQoS on a PPP link that is currently
active. Once AutoQoS is enabled the link goes down. What should the administrator do to
correct this problem?
Disable multilink on the PPP connection.
Decrease the multilink threshold value to allow AutoQoS to run.
Change the encapsulation to HDLC because AutoQoS does not support PPP.
Investigate the configured bandwidth on the PPP link to ensure it is sufficient, then remove
and reapply the AutoQoS configuration.

11
A network administrator keeps receiving "%SYS-2-MALLOCFAIL" console messages. Further
investigation reveals that the buffer pool continues to grow. The CCO knowledge base
identified the cause of the problem as a result of a buffer memory leak due to an IOS
software bug. What should the administrator do to rectify this problem?
Reload the router.
Reinstall older Cisco IOS software.
Upgrade the Cisco IOS software to a version that fixes the issue.
Power down the router and wait a few minutes before reloading it.
Change the configuration register settings to bypass the loading of the IOS.
Change the configuration register settings to bypass the loading of the startup configuration
file.

12
[Picture X]
Refer to the exhibit. A network administrator is troubleshooting the switching path on a
router. Based on the exhibited output, what can be concluded?
Cisco Express Forwarding (CEF) has been implemented.
x Fast switching has been enabled.
Process switching has been enabled.
Switching has been disabled.

13
A network administrator plans to implement QoS in the network by using the Cisco AutoQoS
tool. What should be done in the first phase of the automation process?
In order to apply QoS policies, each interface should be configured with the auto qos
command.
Cisco Express Forwarding should be disabled on each target interface by the use of the no ip
cef command.
The network device should be configured to capture network traffic statistics via the use of
the auto discovery qos interface configuration command.
Via the use of the ip nbar protocol-discovery command, each interface should be configured
to gather information about the applications that are known to NBAR.

14
[Picture X]
Refer to the exhibit. What can be determined about the operation of interface FastEthernet
0/2?
It is connected to a hub.
It is operating within acceptable limits.
It is carrying 802.1Q formatted frames.
It has a duplex mismatch with the connected device.

15
[Picture X]
Refer to the exhibit. What can be determined from the exhibited output?
There is a physical layer problem.
x The interface is performing normally.
The Frame Relay PVC is not established.
There is an unacceptable level of input errors.

16
What are three indicators of a cabling issue on a switch? (Choose three.)
alignment error
excessive collisions
giant frames
invalid frame size
late collisions
transmit error

17
[Picture X]
Refer to the exhibit. A network administrator has noticed that the IP SLA probe did not run
as expected. What should the administrator do to correct this problem?
Adjust the clock frequency on R1.
Configure the router as a stratum 1 time source.
Remove the forever keyword from the configuration.
Configure NTP on the router to point to a different time source.
18
[Picture X]
Refer to the exhibit. Based on the output of the show interfaces command, which two
statements are true? (Choose two.)
The interface is currently shutdown.
x The interface is displaying symptoms of a buffer leak.
x This is an example of a wedged interface.
The interface has been configured with the no ip route-cache command.
The serial interface is being subjected to a denial of service (DoS) attack.

19
A network administrator wishes to use debug commands to observe how a router processes
each individual packet on an interface. Which packet switching solution should be
implemented on the interface to accomplish this task?
Enable Cisco Express Forwarding (CEF) using the ip cef comand.
Enable Cisco Express Forwarding (CEF) using the no ip cef command.
Enable fast switching using the ip route-cache command.
Enable fast switching using the no ip route-cache command.
Enable process switching using the ip route-cache command.
Enable process switching using the no ip route-cache command.

20
Which three Cisco packet switching methods must a network administrator be familiar with
in order to troubleshoot a router performance issue that is related to the switching path?
(Choose three.)
autonomous switching
Cisco Express Forwarding (CEF)
fast switching
optimum switching
process switching
silicon switching
TSHOOT v6.0 Chapter 8

1
A network technician is adding a wireless access point to an existing network. However, the
wireless clients will not associate with the AP. What action can be taken to isolate the root
cause?
Enable encryption on the AP.
Remove the IP address from the AP.
x Temporarily disable ACLs on the AP.
Shut down the LAN interface on the AP.

2
Refer to the exhibit. An administrator is troubleshooting why host CL1 cannot communicate
with the other hosts in the network. What appears to be the problem?
Port Gi0/1 of ASw1 is disabled.
x VLAN 104 is not being permitted on the trunk.
The native VLAN on the trunk should be VLAN 1.
Port Gi0/2 of ASw1 should be configured as a trunk.

3
Which protocol does a Lightweight AP use to communicate with the Wireless LAN
Controller?
802.1Q
IPsec
x LWAPP
TCP

4
Refer to the exhibit. Wireless network users are complaining that they are not able to
register with the Wireless LAN Controller. Wireless clients use DHCP to obtain their IP
configuration information from R1. Based on the output that is shown, what is the reason
that the wireless clients are unable to register with the controller?
x The DHCP configuration is missing option 43.
The DCHP pool should be specified as 10.10.0.0/16 to include both VLANs.
The DHCP default-router command must specify the IP address of the WLC.
The DHCP configuration should specify the 10.10.20.0/24 pool, as this is where the WLC is
located.

5
How does a Cisco IP phone discover which VLAN to use for voice traffic?
x CDP
DHCP
TFTP
POST
6
Refer to the exhibit. A network administrator needs to connect an IP phone to FastEthernet
0/22, which is currently configured to support a workstation. What three configuration
commands are recommended to accommodate the addition of the phone? (Choose three.)
no cdp enable
x mls qos trust cos
ip dhcp client request
switchport port-security
x switchport voice vlan 10
x mls qos trust device cisco-phone
switchport port-security mac-address sticky

7
IP phones are unable to register with the router and download their firmware and
configuration files. A colleague advises that you should check to ensure that the protocols
required for this process are not blocked by the IOS firewall. What two lines should you look
for in the ACL? (Choose two.)
permit tcp any any eq 22
permit tcp any any eq 23
permit tcp any any eq ftp
x permit udp any any eq 69
permit tcp any any eq http
permit udp any any eq https
permit tcp any any eq www
x permit tcp any any eq 2000

8
What value does a Cisco IP phone receive in DHCP option 150?
x IP address of TFTP server
IP address of DHCP server
IP address of NTP server
PoE value setting
Voice VLAN setting
CDP neighbor list

9
Refer to the exhibit. A user has a PC that connects to a VoIP phone and the phone connects
to port Fa0/1 on the switch. The user is complaining about not being able to access the
network. The user cannot access any local print servers and cannot ping any neighboring
devices. The administrator attempts to ping the PC of the user but is unsuccessful. Based on
the output of the show port-security command, what could be the issue?
The switch port has not been able to detect any devices connected to it.
x The switch port detected more than one MAC address.
The switch port detected a bridging loop.
The switch port detected a MAC address that belongs to a different VLAN.

10
Refer to the exhibit. Which statement is true about the debug ephone register command?
x The router was able to successfully register the phone.
There is an IP address mismatch that is detected on the phone.
The IP address that is detected for the phone is 10.1.0.6.
The phone is in Voice VLAN 7.

11
Users complain that voice calls are choppy and of poor quality. A network administrator
verifies the settings on the interface and discovers that no QoS has been configured. Which
priority level should be applied to the voice traffic in order to improve the quality of voice
calls?
normal priority
x highest priority
medium priority
lowest priority

12
Refer to the exhibit. A user is not able to use a VoIP phone. Based on the output, what could
be the problem?
The phone is in the wrong VLAN.
The switchport mode is incorrect.
QoS is missing.
x CDP is disabled.

13
If an ACL is used on a port that connects to an Cisco IP phone, which two protocols must be
allowed in the ACL for the Cisco IP phone to work? (Choose two.)
x SCCP
SMTP
SNMP
Telnet
x TFTP
WWW

14
Refer to the exhibit. An administrator is troubleshooting a video multicast problem on router
R1. Users on the FastEthernet 0/1 are not receiving multicast traffic over the Serial 0/0/0
WAN link. Which statement correctly identifies the problem?
Router R1 has not been configured with the ip multicast-routing command.
The Fa0/1 interface has not been configured with the ip pim sparse-dense-mode command.
x The S0/0/0 interface has not been configured with the ip pim sparse-dense-mode
command.
The S0/0/0 interface should be configured with the ip pim version 1 command.
The S0/0/0 interface should be configured with the ip pim version 2 command.

15
A network administrator is troubleshooting an IP multicast problem. After the administrator
alters an IGMP configuration, which command should be used to verify the multicast routing
table entries?
show ip igmp interface
show ip igmp membership
x show ip mroute
show ip pim interface
show ip pim neighbor
show ip route

16
Refer to the exhibit. After a major network upgrade, network users complain about poor
video application performance. A network administrator verified that all trunk links are up
and operational and the EtherChannel configuration is correct. The output of the show
interfaces port-channel command reveals that there is a 0 packet output rate over the last 5
minutes on the Po2 uplink. What could be done to correct the issue?
Configure switch A_SW1 to be the root bridge for the network for all VLANs.
x Configure switch D_SW1 to be the STP root for VLANs 10 and 20, and D_SW2 to be the
root for VLANs 30 and 40.
Remove the EtherChannel trunk uplinks from the access switch A_SW1 to the distribution
switches.
Remove the EtherChannel trunk uplinks from the access switch A_SW1 to the distribution
switch D_SW2

17
Refer to the exhibit. Users who are connected to SW1 are part of the multicast group
224.1.1.1, and they are complaining that they do not receive a video stream from the
source. Based on the provided output, what could be done to remedy the problem?
Apply the ip pim sparse-dense-mode command to interface Fa0/1 on router R1.
x Apply the ip pim sparse-dense-mode command to interface S0/0/0 on router R2.
Apply the ip igmp join-group command to interface Fa0/0 on router R1.
Apply the ip igmp join-group command to interface Fa0/1 on router R2.

18
Refer to the exhibit. Users complained that they have experienced performance degradation
for all video applications that are coming from the video server. Based on the provided
outputs, what could be the possible cause of the problem?
STP is blocking the redundant links that are bundled in both channels, thus causing the video
traffic to be dropped.
STP is blocking the redundant links that are bundled in the Po2 channel, thus causing half of
the video traffic to be dropped.
STP is alternating between channels when forwarding video traffic over the redundant links,
thus causing a loss of video traffic.
x STP is blocking the redundant links that are bundled in the Po2 channel, thus causing the
video traffic to be forwarded over the Po1 channel only.

19
Refer to the exhibit. The network security auditing team has added access lists to the
network configurations in an attempt to improve network security. Users of the wireless
network are now complaining that they can no longer associate to the wireless LAN. Based
on the output shown, what must be added to the access list to restore connectivity?
permit tcp any any range 12222 12223
x permit udp host 10.10.10.4 host 10.10.20.5 range 12222 12223
permit udp host 10.10.20.5 host 10.10.10.4 range 12222 12223
permit tcp host 10.10.20.5 host 10.10.10.4 range 12222 12223

20
Which video application has the strictest latency requirement?
video collaboration
x video conferencing
video surveillance
video signaling
16 What is considered a control plane issue?
A wrong key is used by OSPF.
An ACL is blocking TCP traffic to a server.
SSH is not enabled on the VTY lines of a switch.
The network administrator account is disabled on the RADIUS
server.

17 Which three control plane protocols influence the data structures used by the data plane to forward unicast
packets in the core network? (Choose three.)
Dynamic Host Configuration Protocol (DHCP)
First Hop Redundancy Protocols (FHRP)
Address Resolution Protocol (ARP)
multicast routing protocols
unicast routing protocols
Spanning Tree Protocol (STP)

18 Which technology prevents CPU overloading of infrastructure


devices?
Simple Network Management Protocol
Cisco Express Forwarding
Control Plane Policing
Access Control Lists

19

Refer to the exhibit. A network technician has just configured router East to establish a tunnel to router West
After the configuration is applied, tunnel 1 is flapping. What needs to be done to stop this flapping?
Make tunnel 1 on router East an EIGRP passive interface.
Set the default gateway of Computer1 to 128.107.229.50.
Add a static route on router East out S0/0/0 to 198.133.219.25.
Change the configuration on router East such that the destination of tunnel 1 is 192.168.0.2.
20 Which two features should be enabled to secure DHCP and ARP? (Choose two.)
DHCP Snooping
BPDU Guard
Private VLANs
BPDU Filtering
IP Source Guard
Dynamic ARP Inspection

1 When audit trails are enabled with the ip inspect audit-trail command, which messages will appear in the
syslog?
all packets that enter the specified interface
all TCP packets
all stateful inspection sessions
all packets that match an ACL

Refer to the exhibit. An administrator has implemented a stateful IOS firewall configuration that allows inter
users access to Internet websites. However, users have reported that they cannot do so. Based on the
configuration in the exhibit, what change should be made to allow the firewall to function as planned?
R1(config)# interface Fa0/1
R1(config-if)# no ip access-group DENY out
R1(config-if)# ip access-group DENY in
R1(config)# no ip inspect name FWALL http
R1(config)# ip inspect name DENY http
R1(config)# interface Fa0/1
R1(config-if)# no ip inspect FWALL out
R1(config-if)# ip inspect FWALL in
R1(config)# no ip access-list extended DENY
R1(config)# ip access-list extended DENY
R1(config-ext-nacl)# permit ip any any

3 Which two security features could be implemented in the network control plane? (Choose
two.)
which devices will exchange routing updates
who can alter the configuration of a network device
which locations can alter the configuration of network devices
which device will become the root device in an STP selection process
who can access network device operational logs and interface statistics

Refer to the exhibit. Router R1 no longer receives routing updates from other EIGRP neighbors. Based on th
output in the exhibit, what could be the cause of this problem?
Interface FastEthernet 0/0 has been configured as a passive interface.
Interface FastEthernet 0/0 has not been configured to support authentication.
Interface FastEthernet 0/0 is administratively shut down.
The EIGRP peer has not been configured to support authentication.
There are no valid EIGRP neighbors connected to interface FastEthernet 0/0.

Refer to the exhibit. A legitimate user experienced a problem while attempting to gain access to the router
EXEC shell. To investigate the situation, a network administrator issued debug tacacs and debug aaa
authentication commands on the router. Based on the provided output, what could be the problem?
The user credentials are rejected by the TACACS+ server.
The user credentials stored in the local database do not match the credentials on the TACACS+ server.
The user fails the authentication because the TACAS+ server does not have a profile set up to authorize
CHAP.
The user fails the authentication because router R1 cannot connect to the TACACS+ server.

6
Refer to the exhibit. Which statement about the debug radius authentication output is correct?
The RADIUS server is unreachable.
The user raduser has been authenticated.
The IP address of the RADIUS server is 10.1.50.252.
The user raduser is on a device with the IP address of 10.1.50.1.

Refer to the exhibit. Based on the debug aaa authentication and debug tacacs outputs, which statement is
true?
The authentication process verifies the user credentials to the local database.
The first method defined by the default authentication method list is TACACS+.
The user with the IP address 172.31.60.15 has been authorized to use privileged EXEC mode.
The attempt of a remote user with the IP address 172.31.60.15 to log in to the router is unsuccessful.

8
Refer to the exhibit. The network administrator has decided to create an IPsec tunnel between the HQ and
BRANCH routers. What two changes must be made to the existing ACL in order to allow the formation of th
tunnel? (Choose two.)
ICMP must be denied.
UDP port 500 must be permitted.
TCP ports 50 and 51 must be permitted.
The ESP and AH protocols must be permitted.
IP must be permitted between the two ends of the tunnel.
The established keyword must be removed from statement 10.

9
Refer to the exhibit. A network administrator is attempting to connect a branch office to headquarters throug
VPN tunnel. The tunnel is reported as being active at both ends, but the 10.2.2.0/24 network is not appearing
the routing table at the branch end. The administrator has determined that the problem is with the branch offi
configuration. Based on the output as shown, why is the 10.2.2.0/24 network not appearing in the routing tab
The tunnel protocol is improperly set.
The tunnel key has been improperly configured.
The tunnel encapsulation is improperly configured.
The tunnel bandwidth is insufficient for EIGRP updates.
The tunnel destination end point has been improperly configured.

10 What is the first step in troubleshooting connectivity issues in a secured network environment?
Determine when the connectivity problem first appeared.
Determine if the connectivity problem is affecting all users.
Determine if disabling all security features on the network re-establishes connectivity.
Determine if any access lists were added or modified immediately prior to the reporting of the connectivit
problems.
Determine if the user should have connectivity based on the security policy of the organization and the typ
traffic being generated.

11
Refer to the exhibit. Based on the provided debug aaa authorization and debug tacacs command output,
which statement is true?
The authorization method used for user Admin was TACACS+.
The user Admin attempted to gain Telnet access to the device.
The AAA security server authorized the user Admin to perform the requested command.
The AAA security server has authorized the user Admin to use privilege level 15 EXEC commands.

12 A network administrator has received a report from a user about being unable to access the server that house
employee records. The server is on a restricted VLAN and the user workstation is not assigned to this VLAN
What step should the administrator take next?
Move the workstation to a port that is configured for the VLAN.
Add the port connected to the workstation to the VLAN and test connectivity.
Move the server to a trunk link so that multiple VLANs can access the records.
Review the security policy to determine if the user should have access to the VLAN.

13

Refer to the exhibit. What is the expected behavior of the configured firewall when internal hosts attempt to
access web sites on the Internet?
The rule FWALL will inspect all HTTP traffic for viruses before allowing the traffic through.
Hosts from the Internet will be allowed to initiate sessions with internal hosts that are using HTTP.
Because all IP traffic is blocked by the access-list DENY, internal hosts cannot reach Internet hosts.
HTTP sessions that are initiated from internal hosts to Internet hosts will be tracked and allowed, until clo
or when the idle timer expires.
14 What would be the outcome of the no service password-recovery command enabled on the router?
The secret password can be recovered but not the original configuration.
The original configuration of the device can be recovered but not the secret password.
The original configuration and passwords of the device can be recovered using the password recovery
procedure.
The original configuration and passwords of the device cannot be recovered using the password recovery
procedure.

15

Refer to the exhibit. A network administrator issued the show ip inspect sessions command on R1 to investi
the status of the firewall. What two facts can be determined from the output? (Choose two.)
The limit of one HTTP session has been reached.
The firewall has been configured to monitor SIS traffic.
The session will be blocked because of the NAT configuration on R1.
The firewall is tracking an HTTP session that was initiated by an internal trusted host.
Return traffic from the untrusted Internet host on port 80 will be permitted.