|Exam Name||:||Cisco Certified Network Associate (CCNA)|
|Questions and Answers||:||1526 Q & A|
|Updated On||:||Click to Check Update|
|PDF Download Mirror||:||200-125 Brain Dump|
|Get Full Version||:||Pass4sure 200-125 Full Version|
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.
The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host. All passwords have been temporarily set to "cisco".
The Core connection uses an IP address .18.247.65
The computers in the Hosts LAN have been assigned addresses .168.240.1 - 192.168.240.254
? host A 192.168.240.1
? host B 192.168.240.2
? host C 192.168.240.3
Answer: Corp1#conf t
Corp1(config)# access-list 128 permit tcp host 192.168.240.1 host 172.22.141.26 eq www Corp1(config)# access-list 128 deny tcp any host 172.22.141.26 eq www
Corp1(config)# access-list 128 permit ip any any Corp1(config)#int fa0/1
Corp1(config-if)#ip access-group 128 out Corp1(config-if)#end
Corp1#copy run startup-config
Refer to the topology. Your company has decided to connect the main office with three other remote branch offices using point-to-point serial links.
You are required to troubleshoot and resolve OSPF neighbor adjacency issues between the main office and the routers located in the remote branch offices.
An OSPF neighbor adjacency is not formed between R3 in the main office and R6 in the Branch3 office. What is causing the problem?
There is an area ID mismatch.
There is a PPP authentication issue; the username is not configured on R3 and R6.
There is an OSPF hello and dead interval mismatch.
The R3 router ID is configured on R6.
Answer: D Explanation:
Using the show running-config command we see that R6 has been incorrectly configured with the same router ID as R3 under the router OSPF process.
CCNA.com has a small network that is using EIGRP as its IGP. All routers should be running an EIGRP AS number . Router MGT is also running static routing to the ISP.
CCNA.com has recently added the ENG router. Currently, the ENG router does not have connectivity to the ISP router. All over interconnectivity and Internet access for the existing locations of the company are working properly.
The taskis to identify the fault(s) and correct the router configuration(s) to provide full connectivity between the routers. Access to the router CLI can be gained by clicking on the appropriate host.
All passwords on all routers arecisco.
IP addresses are listed in the chart below. MGT
Fa0/0 – 192.168.77.33
S1/0 – 184.108.40.206
S0/0 – 192.168.27.9
S0/1 – 192.168.50.21 ENG
Fa0/0 – 192.168.77.34
Fa1/0 – 192.168.12.17
Fa0/1 – 192.168.12.1
Fa0/0 – 192.168.12.33
Fa0/1 – 192.168.12.49
S0/0 – 192.168.27.10
Fa0/0 – 192.168.12.65
Fa0/1 – 192.168.12.81
S0/1 – 192.168.50.22
Answer: On the MGT Router: Config t
Router eigrp 12
A user is unable to connect to the Internet. Based on the layered approach to troubleshooting and beginning with the lowest layer, drag each procedure on the left to its proper category on the right.
The question asks us to “begin with the lowest layer” so we have to begin with Layer 1: verify physical connection; in this case an Ethernet cable connection. For your information, “verify Ethernet cable connection” means that we check if the type of connection
(crossover, straight-through, rollover…) is correct, the RJ45 headers are plugged in, the signal on the cable is acceptable…
Next we “verify NIC operation”. We do this by simply making a ping to the loopback interface 127.0.0.1. If it works then the NIC card (layer 1, 2) and TCP/IP stack (layer 3) are
Verify IP configuration belongs to layer 3. For example, checking if the IP can be assignable for host, the PC’s IP is in the same network with the gateway…
Verifying the URL by typing in your browser some popular websites like google.com, microsoft.com to assure that the far end server is not down (it sometimes make we think we can’t access to the Internet). We are using a URL so this step belongs to layer 7 of the OSI model.
Refer to the exhibit.
The two connected ports on the switch are not turning orange or green. What would be the most effective steps to troubleshoot this physical layer problem? (Choose three.)
Ensure that the Ethernet encapsulations match on the interconnected router and switch ports.
Ensure that cables A and B are straight-through cables.
Ensure cable A is plugged into a trunk port.
Ensure the switch has power.
Reboot all of the devices.
Reseat all cables.
Answer: B,D,F Explanation:
The ports on the switch are not up indicating it is a layer 1 (physical) problem so we should check cable type, power and how they are plugged in.
What are the benefits of using Netflow? (Choose three.)
Network,Application & User Monitoring
Answer: A,C,D Explanation:
NetFlow traditionally enables several key customer applications including:
+ Network Monitoring – NetFlow data enables extensive near real time network monitoring capabilities. Flow-based analysis techniques may be utilized to visualize traffic patterns associated with individual routers and switches as well as on a network-wide basis
(providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.
+ Application Monitoring and Profiling – NetFlow data enables network managers to gain a detailed, time-based, view of application usage over the network. This information is used to plan, understand new services, and allocate network and application resources (e.g.
Web server sizing and VoIP deployment) to responsively meet customer demands.
+ User Monitoring and Profiling – NetFlow data enables network engineers to gain detailed understanding of customer/user utilization of network and application resources. This
information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.
+ Network Planning – NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including peering, backbone upgrade planning, and routing policy planning. NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications. NetFlow will give you valuable information to reduce the cost of operating your network.
+ Security Analysis – NetFlow identifies and classifies DDOS attacks, viruses and worms in real-time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents.
+ Accounting/Billing – NetFlow data provides fine-grained metering (e.g. flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.) for highly flexible and detailed resource utilization accounting. Service providers may utilize the information for billing based on time-of-day, bandwidth usage, application usage, quality of service, etc. Enterprise customers may utilize the information for departmental charge-back or cost allocation for resource utilization.
Refer to the topology. Your company has connected the routers R1, R2, and R3 with serial links. R2 and R3 are connected to the switches SW1 and SW2, respectively. SW1 and SW2 are also connected to the routers R4 and R5. The EIGRP routing protocol is configured.
You are required to troubleshoot and resolve the EIGRP issues between the various routers. Use the appropriate show commands to troubleshoot the issues.
The loopback interfaces on R4 with the IP addresses .4.4.4/32, 10.4.4.5/32, and 10.4.4.6/32 are not appearing in the routing table of R5. Why are the interfaces missing?
The interfaces are shutdown, so they are not being advertised.
R4 has been incorrectly configured to be in another AS, so it does not peer with R5.
Automatic summarization is enabled, so only the 10.0.0.0 network is displayed.
The loopback addresses haven't been advertised, and the network command is missing on R4.
Answer: B Explanation:
For an EIGRP neighbor to form, the following must match:
Neighbors must be in the same subnet
Authentication method and key strings
Here, we see that R4 is configured for EIGRP AS 2, when it should be AS 1.
The following have already been configured on the router:
? The basic router configuration
? The appropriate interfaces have been configured for NAT inside and NAT outside.
? The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required)
? All passwords have been temporarily set to “cisco”.
The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.
Configuration information: router name – Weaver
inside global addresses – 198.18.184.105 - 198.18.184.110/29 inside local addresses - 192.168.100.17 – 192.168.100.30/28 number of inside hosts – 14
A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses .18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range .168.100.17 – 192.168.100.30.
Answer: The company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)
Double click on the Weaver router to open it Router>enable
First you should change the router's name to Weaver Router(config)#hostname Weaver
Create a NAT pool of global addresses to be allocated with their netmask. Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to betranslated. Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Establish dynamic source translation, specifying the access list that was definedin the prior step. Weaver(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool
named mypool (the pool contains addresses from198.18.184.105 to 198.18.184.110).
Overloadkeyword allows to map multiple IP addresses to a single registered IPaddress (many-to-one) by using different ports.
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements. This is how to configure the NAT inside and NAT outside, just for yourunderstanding: Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside Weaver(config-if)#exit Weaver(config)#interface s0/0 Weaver(config-if)#ip nat outside Weaver(config-if)#end
Finally, we should save all your work with the following command: Weaver#copy running-config startup-config
Check your configuration by going to "Host for testing" and type: C :\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Refer to the exhibit.
An administrator pings the default gateway at 10.10.10.1 and sees the output as shown. At which OSI layer is the problem?
data link layer
Answer: E Explanation:
The command ping uses ICMP protocol, which is a network layer protocol used to propagate control message between host and router. The command ping is often used to verify the network connectivity, so it works at the network layer.
What are three values that must be the same within a sequence of packets for Netflow to consider them a network flow? (Choose three.)
source IP address
source MAC address
destination IP address
Answer: A,D,E Explanation:
Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets. Traditionally, an IP Flow is based on a set and up to 7 IP packet attributes.
IP Packet attributes used by NetFlow:
IP source address
IP destination address
Layer 3 protocol type
Class of Service
Router or switch interface
All packets with the same source/destination IP address, source/destination ports, protocol interface and class of service are grouped into a flow and then packets and bytes are tallied. This methodology of fingerprinting or determining a flow is scalable because a large
amount of network information is condensed into a database of NetFlow information called the NetFlow cache. Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios- netflow/prod_white_paper0900aecd80406232.html
Refer to the exhibit.
A problem with network connectivity has been observed. It is suspected that the cable connected to switch port Fa0/9 on Switch1 is disconnected. What would be an effect of this cable being disconnected?
Host B would not be able to access the server in VLAN9 until the cable is reconnected.
Communication between VLAN3 and the other VLANs would be disabled.
The transfer of files from Host B to the server in VLAN9 would be significantly slower.
For less than a minute, Host B would not be able to access the server in VLAN9. Then normal network function
Answer: D Explanation:
Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm to discover physical loops in a network and effect a logical loop-free topology. STP creates a loop-free tree structure consisting of leaves and branches that span the
entire Layer 2 network. The actual mechanics of how bridges communicate and how the STP algorithm works will be discussed at length in the following topics. Note that the terms bridge and switch are used interchangeably when discussing STP. In addition, unless otherwise indicated, connections between switches are assumed to be trunks.
Refer to the exhibit.
All devices attached to the network are shown. Which number of collision domains are present in this network?