Accessing the WAN Script : 1.5.1

EWAN Packet Tracer 1.5.1 Accessing the WAN Script

Here is the scripts for Accessing the WAN Packet Tracer 1.5.1.
You can donwload this PT Activity from here PT-1.5.1.

ISP:

ip route 10.1.1.0 255.255.255.252 s0/0/1
ip route 172.17.1.0 255.255.255.0 s0/0/1
ip route 172.17.10.0 255.255.255.0 s0/0/1
ip route 172.17.20.0 255.255.255.0 s0/0/1
ip route 172.17.30.0 255.255.255.0 s0/0/1
ip route 172.17.99.0 255.255.255.0 s0/0/1
!

CENTRAL:

ip route 0.0.0.0 0.0.0.0 s0/0/1
router ospf 1
network 10.1.1.0 0.0.0.3 area 0
default-information originate
passive-interface s0/0/1
!

BRANCH:

hostname BRANCH
int s0/0/0
ip address 10.1.1.1 255.255.255.252
clock rate 64000
no shutdown
exit
no ip domain-lookup
line con 0
password cisco
login
logging synchronous
line vty 0 4
password cisco
login
logging synchronous
int fa0/0
no shutdown
int fa0/0.1
encapsulation dot1q 1
ip address 172.17.1.1 255.255.255.0
int fa0/0.10
encapsulation dot1q 10
ip address 172.17.10.1 255.255.255.0
int fa0/0.20
encapsulation dot1q 20
ip address 172.17.20.1 255.255.255.0
int fa0/0.30
encapsulation dot1q 30
ip address 172.17.30.1 255.255.255.0
int fa0/0.99
encapsulation dot1q 99 native
ip addres 172.17.99.1 255.255.255.0
exit
router ospf 1
network 10.1.1.0 0.0.0.3 area 0
network 172.17.1.0 0.0.0.255 area 0
network 172.17.10.0 0.0.0.255 area 0
network 172.17.20.0 0.0.0.255 area 0
network 172.17.30.0 0.0.0.255 area 0
network 172.17.99.0 0.0.0.255 area 0
passive-interface fa0/0.1
passive-interface fa0/0.10
passive-interface fa0/0.20
passive-interface fa0/0.30
passive-interface fa0/0.99
!

S1:

hostname S1
int vlan99
ip address 172.17.99.11 255.255.255.0
no shutdown
exit
ip default-gateway 172.17.99.1
spanning-tree vlan 1,10,20,30,99 priority 4096
vtp mode server
vtp domain CCNA
vtp password cisco
int range fa0/1-5
switchport mode trunk
switchport trunk native vlan 99
exit
vlan 10
name Faculty/Staff
vlan 20
name Students
vlan 30
name Guest(Default)
vlan 99
name Management&Native
!

S2:

hostname S2
vtp mode client
vtp domain CCNA
vtp password cisco
int range fa0/1-5
switchport mode trunk
switchport trunk native vlan 99
int fa0/11
switchport mode access
switchport access vlan 10
int fa0/18
switchport mode access
switchport access vlan 20
int fa0/6
switchport mode access
switchport access vlan 30
int vlan99
ip address 172.17.99.12 255.255.255.0
no shutdown
exit
ip default-gateway 172.17.99.1
!

S3:

hostname S3
int range fa0/1-5
switchport mode trunk
switchport trunk native vlan 99
int vlan99
ip address 172.17.99.13 255.255.255.0
no shutdown
exit
ip default-gateway 172.17.99.1
vtp mode client
vtp domain CCNA
vtp password cisco
!

Single DHCP for multiple VLANs

I recenlty came across a requirement for a client who wanted me to run a single DHCP Server for a multiple VLANs that I created for him. Apparently the last time I did that I was about to complete my Switiching module & honestly did not even think of anything that complicated. But to my surprise, it isn't all that hard to do so. A single command will let you do the magic & impress your client.

 

This tutorial will show you how to configure dynamic IP address assignment on multiple VLAN with a unique DHCP server appliance on the network.

Two VLANs are configured on Switch0 with Router0 as default gateway :

• VLAN 10 - Nework  : 10.0.0.0/24 - Gateway : 10.0.0.1 (FA 0/0.10)
• VLAN 20 - Network : 20.0.0.0/24 - Gateway : 20.0.0.1 (FA 0/0.20)

The unique DHCP server is with IP 192.168.1.1.

DHCP configuration

 

 

 



Configure router0 for DHCP forwarding

Router(config)# interface FastEthernet0/0.10
Router(config-subif)# encapsulation dot1Q 10
Router(config-subif)# ip address 10.0.0.1 255.0.0.0
Router(config-subif)# ip helper-address 192.168.1.2

Router(config)# interface FastEthernet0/0.20
Router(config-subif)# encapsulation dot1Q 20
Router(config-subif)# ip address 20.0.0.1 255.0.0.0
Router(config-subif)# ip helper-address 192.168.1.2

I know this was a quick tutorial, but i am sure by now not all but many of you will know how to create Vlans on the switch & subInterfaces on the router.
 

CCNA 4 Final Exam (August 2011)

1. A network administrator is asked to design a system to allow simultaneous access to the Internet for 250 users. The ISP for this network can only supply five public IPs. What can be used to accomplish this task?
• routable translation
• dynamic translation
• static translation
• port address translation

2. The LAN attached to the Ethernet interface of the Raleigh router shown in the graphic is addressed with private IP addresses. If one public IP is assigned to the company, which commands could be used in a configuration that allows all devices with private IPs in this network to access the Internet? (Choose two.)
• ip nat inside source list 1 interface serial0 overload
• ip nat outside source list 1 interface serial0 overload
• ip nat inside serial0
• ip nat inside source list 1 pool Raleigh overload
• ip nat inside Raleigh overload
• ip inside nat source list 1 interface serial0 Raleigh

3. The command output shown in the graphic was taken from a Cisco 806 broadband router. Which kind of address translation is in effect on this router?
• static
• dynamic
• overload• private
• public

4. Which of the following IP addresses are defined by RFC 1918 as private addresses? (Choose three.)
• 192.168.146.0/22
• 172.10.25.0/16
• 172.31.0.0/16
• 20.0.0.0/8
• 10.172.92.8/29

5. How will data be transmitted from the router to the ISP if the router has the two links shown in the graphic?
• Both links will transmit data at the same rate.
• 1544 bits can be transmitted simultaneously from the router over the T1 line.
• Both links will transmit bits one by one.
• The 56K link will transmit a maximum of 53 bits at the same time.

6. Which statements about DHCP are true? (Choose three.)
• DHCP uses TCP.
• DHCP uses UDP.
• DHCP sends messages to the server on port 67.
• DHCP sends messages to the server on port 68.• DHCP sends messages to the client on port 67.
• DHCP sends messages to the client on port 68.

7. Which command would be used to exclude the IP address 192.168.24.5 from the DHCP address pool on a router?
• Router(dhcp-config)# ip dhcp excluded-address 192.168.24.5
• Router# ip dhcp excluded-address 192.168.24.5
• Router(config-excluded)# ip dhcp excluded-address 192.168.24.5
• Router(config)# ip dhcp excluded-address 192.168.24.5
• Router(config)# excluded-address 192.168.24.5
• Router(dhcp-config)# excluded-address 192.168.24.5

8. The WAN connection for a nationwide company with 250 offices must support constant connections to core layer services for file sharing, and occasional Internet access. Which combination of WAN technologies will meet these needs with minimum expense?
• Frame Relay PVC for Internet access and ATM for file server access
• Frame Relay PVC for Internet access and ISDN for file server access
• ISDN for Internet access and X.25 for file server access
• ISDN for Internet access and Frame Relay PVC for file server access

9. Which command would produce the output shown in the graphic?
• show ip dhcp server statistics
• show ip dhcp binding
• debug ip dhcp server events• debug ip dhcp binding

10. Which of the following devices is used to establish the communications link between the customer equipment and the local loop for digital lines?
• terminal adapter
• modem
• CSU/DSU
• PBX switch
• ISDN switch
• Frame Relay Switch

11. Which of the following statements are true about Frame Relay? (Choose three.)
• Frame Relay operation is defined by a series of ISO standards.
• Frame Relay is a packet switched, connection-oriented, wide area network service.
• Frame Relay only supports point-to-point connections.
• A router can be considered as data terminal equipment (DTE) in a frame relay system.
• Frame Relay is a cell switched, connection-oriented, wide area network service.
• Frame Relay networks use a subset of the HDLC protocol to carry information.

12. ITU-T Q.921 specifies the use of which protocol for sending control and signaling messages between the router and the ISDN switch?
• HDLC
• IPCP
• LAPB
• LAPD
• NCP
• SS7

13. A company needs a WAN connection that is capable of transferring voice, video, and data at a minimum data rate of 155 Mbps. Which WAN connection is the best choice?
• X.25
• DSL
• ATM
• ISDN BRI
• ISDN PRI

14. Which statement explains why basic DSL is an unpopular WAN connectivity choice for enterprise computer departments that support home users?
• DSL offers insufficient bandwidth to home users.
• DSL requires the installation of new cables, which is not always possible for home users.
• DSL dialup connection time is too slow for business use.
• DSL has limited geographical availability.

15. When planning simple WAN connections for a small company, which feature of the three layer hierarchical model makes it a good choice for the WAN topology.
• It provides for redundancy.
• It allows for easy WAN expansion in case of company growth.
• It is less expensive.
• It provides faster connection time.
• It provides less latency and jitter.

16. Which of the following terms describes a device that will put data on the local loop?
• DLCI
• CO
• DCE
• DTE
• PRI
• BRI

17. Which of the following are supported by a BRI interface on a router? (Choose two.)
• Two independent channels that can carry analog data with a bandwidth of 64 KHz.
• A single 128 Kbps digital bearer channel.
• Two multiplexed channels carrying digital data.
• A single 64 Kbps signaling channel.
• A multiplexed data channel that can only handle SS7 information.
• A 16 Kbps delta channel used for signaling purposes.

18. A network administrator has been asked to provide the network in the United States with an ISDN WAN link. The router available to provide the WAN connection is a non-modular Cisco router with two serial connections. What must be done to adapt one of the serial interfaces of this router for the ISDN connection?
• Nothing. The router is already suitable.
• Purchase a BRI WAN interface card to install in the router.
• Purchase a U interface to install in the router.
• Purchase a TA/NT1 device to install on the router.

19 (NEED ANSWERS!!!)Which of the following is a function of a DCE device?
• determines the next-hop address for a packet
• multiplexes signals from several sources
• adapts information for use on a service provider’s network
• used to directly connect two DTEs to simulate a WAN network

20. Why would data frames be discarded in a Frame Relay network? (Choose two.)
• The frame contains an incorrect IP address.
• An error has been detected in computing the frame check sequence.
• There is not enough bandwidth dedicated for the data contained in the frame.
• Data is transmitted at a rate greater than the access speed.
• The frame contains an incorrect DLCI.

21. Which of the following are commonly used as Data Communications Equipment? (Choose two.)
• modem
• router
• CSU/DSU
• ISDN Switch
• Frame Relay Switch

22. Which of the following LCP options can be configured for PPP? (Choose three.)
• CHAP
• Stacker
• IPCP
• CDPCP
• Multilink

23. Which command will provide for CHAP authentication if the hostname on a challenging router is tampa with a password of florida?
• username tampa password florida
• username tampa florida
• hostname tampa password florida
• hostname tampa florida

24. Which of the following describes the PAP protocol? (Choose two.)
• sends unencrypted authentication passwords
• performs a three-way handshake
• allows repeated login attempts
• uses the remote router hostname to verify identity
• sends a random challenge throughout the session

25. Why was NAT created? (Choose two.)
• to create firewalls on routers
• to conserve IP addresses
• to translate domain names into IP addresses
• to map network addresses to the corresponding data link address
• to hide internal addresses from external devices

26. An ISDN router is configured for DDR as shown in the graphic to provide Internet connectivity for the company. Immediately after a user in the company attempts opens a web browser to connect to the Internet, another user in the company tries to download a file using FTP. What will happen? (Choose two.)
• The user that opened the browser will connect to the Internet because the DDR link will consider this traffic interesting.
• The Internet user will be disconnected because the FTP data will cause the DDR link to shut down.
• The DDR link will allow the FTP traffic because it is interesting.
• The DDR link will not allow the FTP traffic because it is not interesting.
• The FTP connection will fail because the DDR link is already in use for the Internet connection.
• The FTP connection will succeed because the web user already opened the DDR link.

27. Which command configures the SPID on the first B channel of an ISDN interface?
• Router(config)# isdn spid0 spid-number [ldn]
• Router(config)# isdn spid1 spid-number [ldn]
• Router(config-if)# isdn spid0 spid-number [ldn]
• Router(config-if)# isdn spid1 spid-number [ldn]

28. What does the command debug isdn q921 display?
• exchange of call setup and teardown messages
• PAP and CHAP authentication traffic
• Layer 2 messages on the D channel
• protocol errors and statistics
• Layer 2 messages on the B channel

29. When PPP authentication is enabled, which of the following may be checked before establishing a PPP link between two devices? (Choose two.)
• the enable password on the remote device
• the ip host configuration on the remote device
• the security server database for the username and password of the remote device
• the hostname and enable password on the local device
• the local database for the username and password of the remote device

30. How many separate B channel circuits can be provisioned on a PRI interface that uses a T1 line for connectivity?
• 2
• 16
• 23
• 24
• 30
• 128

31. Which operating systems support multiuser capability? (Choose three.)
• Linux
• Windows 98
• Windows ME• Windows XP
• Windows 2000

32. What is placed in the address field of a frame that will travel from the DC office of ABC company to the Orlando office?
• MAC address of the Orlando router
• MAC address of the DC router
• 192.168.1.25
• 192.168.1.26
• DLCI 100
• DLCI 200

33. What does a DLCI of 0 indicate about a frame? (Choose two.)
• This is the first data frame sent by the router.
• This is a management frame.
• The encapsulation type is Cisco.
• The encapsulation type is IETF.
• The LMI type is Ansi or q933a.
• The LMI type is Cisco.

34. Which of the following protocols can be used to encapsulate data traffic sent from a router BRI interface? (Choose two.)
• Link Access Protocol – Data
• High-Level Data Link Control
• Logical Link Control
• Serial Data Link Control
• Point to Point protocol
• Binary Synchronous Control protocol

35. An administrator consoled into the Jelly router needs to telnet to the Butter router. What DLCI will the Jelly router place in the frame to perform this operation?
• 110
• 115
• 220
• 225

36. Which commands can be used to identify which DLCIs are active? (Choose two.)
• show frame-relay map
• show frame-relay lmi
• show frame-relay pvc
• show frame-relay interface
• show interfaces
• show ip route

37. A technician is testing the functionality of a recently installed router. The technician is unable to ping the serial interface of a remote router. The technician executes the show interface serial0/0 command on the local router and sees the following line in the output:
Serial0/0 is up, line protocol is down
What are possible causes for this command output? (Choose three.)
• remote CSU/DSU failure
• serial cable missing
• interface shutdown• keepalives not being sent
• clocking signal missing

38. A router needs to forward a message received from a host. How does the router identify the correct VC to forward the message? (Choose two.)
• The router forwards the frame to all ports in the network and learns the address from the reply frame.
• The destination host IP address is embedded in the DLCI.
• The router searches Inverse ARP tables for maps of DLCIs to IP addresses.
• A table of static mappings can be searched.
• The router broadcasts a request for the required IP address.

39. Which of the following statements regarding point-to-point subinterfaces are true? (Choose two.)
• A point-to-point subinterface on one router must be connected to a similar subinterface on a remote router.
• Each point-to-point subinterface connection is configured with its own subnet.
• The DLCIs configured on the remote and local routers must be the same for the PVC.
• LMI frames are not transmitted through a subinterface.
• Routing updates in point-to-point networks are not subject to the split-horizon rule.

40. Which of the following can be concluded from the router output displayed in the graphic? (Choose two.)
• The local DLCI number of this PVC is 100.
• The interface has been configured for subinterfaces and this map is for subinterface 0.
• Inverse ARP has determined the remote ip address as 10.140.1.1.
• The LMI type is ANSI (0×64).
• There is currently no congestion on the link.

41. Which of the following are functions of the Local Management Interface used in Frame Relay networks? (Choose three.)
• exchange information about the status of virtual circuits
• map DLCIs to network addresses
• provide flow control
• provide error notification
• provide congestion notification
• send keepalive packets to verify operation of the PVC

42. Which of the following describe functions of the Point-to-Point protocol with regards to the OSI model? (Choose three.)
• PPP uses Layer 3 of the OSI model to establish and maintain a session between devices.
• PPP operates at all layers of the OSI model.
• PPP uses the data link layer to configure such options as error detection and compression.
• PPP provides a mechanism to multiplex several network layer protocols.
• PPP uses Network Control Protocols (NCP) to test and maintain connectivity between devices.
• PPP can be configured on both synchronous and asynchronous serial interfaces.

43. Which of the following describes the CHAP protocol? (Choose three.)
• exchanges a random challenge number during the session to verfiy identity
• sends authentication password to verify identity
• prevents transmission of login information in plain text
• disconnects the PPP session if authentication fails
• initiates a two-way handshake

44. Which of the following switching types will allow the communication devices in the provider’s network to be shared and only allocated to an individual subscriber during data transfer?
• circuit-switched
• packet-switched
• frame-switched
• dedicated-switched lines
• lease-switched

45. How does Frame Relay technology process frames that contain errors? (Choose two.)
• Frame Relay services depend on the upper layer protocols to handle error recovery.
• It requires the receiving device to request that the sender retransmit erroneous frames.
• FECN, BECN, and DE bits are set in the frames to minimize errors.
• The receiving device drops any frames that contain errors without notifying the sender.
• The frame relay switch notifies the sender that errors were detected.

46. Which of the following describes the WAN devices and cabling shown in the graphic? (Choose two.)
• A null-modem cable is used between RouterD and DeviceC for connectivity.
• A DB-25 or DB-9 serial cable is connected to interface S0/0 of RouterA.
• DeviceB and DeviceC are DCE devices.
• The same encoding scheme must be used by DeviceB and DeviceC.
• A synchronous serial connection exists between DeviceB and DeviceC.

CCNA 4 Chapter 1 V4.0 Answers

1. Which statement is true about the differences between a WAN and a LAN?
WANs generally support higher bandwidth than LANs support.
A WAN link typically traverses shorter geographic distances than a LAN link traverses.
A WAN often relies on the services of carriers, such as telephone or cable companies, but a LAN does not.
All WAN implementations generally use the same Layer 2 protocol but there are many accepted LAN Layer 2 protocols in use.

2. A U.S. company requires a WAN connection used only to transfer sales data from individual stores to the home office. All transfers will occur after business hours. The required bandwidth for this connection is estimated to be less than 38 kbps. Which type of connection requires the least investment for this company?
ATM
ISDN
analog dialup
T1 Leased Line

3. What are two advantages of an analog PSTN WAN connection? (Choose two.)
low cost
availability
traffic encryption
available bandwidth
support for voice and video

4. Which WAN technology uses a fixed payload of 48 bytes and is transported across both switched and permanent virtual circuits?
ATM
ISDN
Frame Relay
metro Ethernet

5. Which three WAN devices can be found in the cloud? (Choose three.)
ATM switches
core routers
CSU/DSU
Ethernet switches
Frame Relay switches
repeaters

6. Which term describes a device that will put data on the local loop?
DLCI
DTE
DCE
BRI
PRI

7. What is an advantage of packet-switched technology over circuit-switched technology?
Packet-switched networks are less susceptible to jitter than circuit-switched networks are.
Packet-switched networks can efficiently use multiple routes inside a service provider network.
Packet-switched networks do not require an expensive permanent connection to each endpoint.
Packet-switched networks usually experience lower latency than circuit-switched networks experience.

8. Which statement is true about data connectivity between a customer and a service provider?
Normally the CSU/DSU is the designated demarcation point for the service provider but not the customer.
The segment between the demarcation point and the central office is known as the "last mile."
The local loop is the segment between the CSU/DSU and the serial port on a router.
Putting data on the local loop is the responsibility of the DTE.

9. A company needs a WAN connection that is capable of transferring voice, video, and data at a minimum data rate of 155 Mbps. Which WAN connection is the best choice?
X.25
DSL
ATM
ISDN BRI
ISDN PRI

10. Which statement is true of the functionality of the layers in the hierarchical network model?
The purpose of the access layer is to provide very high bandwidth communications between network devices.
Most security screening to prevent unauthorized entry to the network happens at the core layer.
Untrusted external connections are segmented from the rest of the network at all three levels.
The distribution layer aggregates WAN connections at the edge of the campus.

11. Why is the call setup time of a circuit-switched WAN implementation considered a drawback?
Routing protocols are incompatible with this function.
It restricts the communication sent to voice traffic only.
A telephone must be used to initially start transferring data.
Data cannot be transferred until a circuit has been established.

12. For digital lines, which device is used to establish the communications link between the customer equipment and the local loop?
CSU/DSU
Frame Relay switch
ISDN switch
modem
PBX switch

13. Which packet-switched WAN technology offers high-bandwidth connectivity capable of managing data, voice, and video all on the same infrastructure?
Time Division Multiplexing (TDM)
metro Ethernet
Integrated Services Digital Network (ISDN)
Public Switched Telephone Network (PSTN)

14. Which networking device is typically used to concentrate the dial-in and dial-out traffic of multiple users to and from a network?
core router
access server
Frame Relay switch
ATM switch

15. Which two devices are commonly used as data communications equipment? (Choose two.)
modem
router
CSU/DSU
ISDN switch
Ethernet switch

16. Which two features are identified with Frame Relay connections? (Choose two.)
53-byte cells
DLCI
DSLAM
PVC
SPID

17. Which statement about WAN protocols is correct?
ATM differs from other WAN protocols in that it uses variably sized packets.
Most WAN protocols use HDLC or a variant of HDLC as a framing mechanism.
The frame header consists of the frame check sequence and cyclic redundancy check.
ISDN differs from Frame Relay, HDLC, and ATM in that it is packet-switched rather than circuit-switched technology.

18. Which switching type will allow the communication devices in the provider network to be shared and only allocated to an individual subscriber during data transfer?
circuit-switched
dedicated switched lines
frame-switched
packet-switched

19. What can cause a reduction in available bandwidth on a cable broadband connection?
smaller cells
number of subscribers
committed information rate
distance from the central office of the provider

20. What three terms are associated with ISDN PRI? (Choose three.)
cell
DLCI
circuit switching
packet switching
data bearer channels
time-division multiplexing

21. At which two layers of the OSI model does a WAN operate? (Choose two.)
Physical Layer
Data Link Layer
Network Layer
Transport Layer
Presentation Layer
Application Layer

22. What type of connectivity is established when VPNs are used from the remote site to the private network?
PVCs
DLCIs
tunnels
dedicated Layer 2 links

CCNA 4 Chapter 2 V4.0 Answers

1.

Refer to the exhibit. Router R1, the DCE device, has just been configured for PPP encapsulation with authentication. What series of commands will allow another router, the DTE device, to communicate over its serial 0/0/0 interface to router R1?
Router(config)# hostname R3
R3(config)# username R1 password Cisco
R3(config)# interface Serial 0/0/0
R3(config-if)# encapsulation ppp
R3(config-if)# ip address 172.16.3.3 255.255.255.0
R3(config-if)# ppp authentication chap
Router(config)# hostname R3
R3(config)# username R3 password Cisco
R3(config)# interface Serial 0/0/0
R3(config-if)# encapsulation ppp
R3(config-if)# ip address 172.16.3.3 255.255.255.0
R3(config-if)# ppp authentication chap
Router (config)# username Router password Cisco
Router (config)# interface Serial 0/0/0
Router (config-if)# clockrate 64000
Router (config-if)# encapsulation ppp
Router (config-if)# ip address 172.16.3.1 255.255.255.0
Router config-if)# ppp authentication chap
Router (config)# username R1 password Cisco
Router config)# interface Serial 0/0/0
Router (config-if)# clockrate 64000
Router config-if)# encapsulation ppp
Router (config-if)# ip address 172.16.3.1 255.255.255.0
Router (config-if)# ppp authentication chap

2. Which serial communications DTE/DCE interface standard is used to provide high-speed connectivity of up to 52 Mbps between LANs and is found on many high-end Cisco routers?
EIA/TIA 232 (RS-232)
EIA/TIA 422 (RS-422)
EIA/TIA 423 (RS-423)
EIA/TIA-612/613 (HSSI)
ITU V.35
 

CCNA 4 Chapter 3 V4.0 Answers

1. Which three actions might a Frame Relay switch perform when it detects an excessive build-up of frames in its queue? (Choose three.)
puts a hold on accepting frames in excess of the CIR
drops frames from the queue that have the DE bit set
reduces the number of frames it sends over the link
re-negotiates flow control with the connected device
sets the FECN bit on all frames it receives on the congested link
sets the BECN bit on all frames it places on the congested link

2. Which best describes the benefit of using Frame Relay as opposed to a leased line or ISDN service?
Customers can define their virtual circuit needs in far greater combinations, with increments as small as 64 kbps.
Customers pay for an end-to-end connection that includes the local loop and the network link.
Customers only pay for the local loop and the bandwidth they purchase from the network provider.
Connecting new sites requires new lower cost circuit installations when compared to ISDN dialup costs or adding additional hardware for leased service.
 

CCNA 4 Chapter 4 V4.0 Answers

1. Which two statements are true regarding network security? (Choose two.)
Securing a network against internal threats is a lower priority because company employees represent a low security risk.
Both experienced hackers who are capable of writing their own exploit code and inexperienced individuals who download exploits from the Internet pose a serious threat to network security.
Assuming a company locates its web server outside the firewall and has adequate backups of the web server, no further security measures are needed to protect the web server because no harm can come from it being hacked.
Established network operating systems like UNIX and network protocols like TCP/IP can be used with their default settings because they have no inherent security weaknesses.
Protecting network devices from physical damage caused by water or electricity is a necessary part of the security policy.

2. Which two statements are true about network attacks? (Choose two.)
Strong network passwords mitigate most DoS attacks.
Worms require human interaction to spread, viruses do not.
Reconnaissance attacks are always electronic in nature, such as ping sweeps or port scans.
A brute-force attack searches to try every possible password from a combination of characters.
Devices in the DMZ should not be fully trusted by internal devices, and communication between the DMZ and internal devices should be authenticated to prevent attacks such as port redirection.

3. Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?
reconnaissance
access
DoS
worm
virus
Trojan horse

4.

Refer to the exhibit. What is the purpose of the "ip ospf message-digest-key 1 md5 cisco" statement in the configuration?
to specify a key that is used to authenticate routing updates
to save bandwidth by compressing the traffic
to enable SSH encryption of traffic
to create an IPsec tunnel

5. What are three characteristics of a good security policy? (Choose three.)
It defines acceptable and unacceptable use of network resources.
It communicates consensus and defines roles.
It is developed by end users.
It is developed after all security devices have been fully tested.
It defines how to handle security incidents.
It should be encrypted as it contains backups of all important passwords and keys.

6. Intrusion detection occurs at which stage of the Security Wheel?
securing
monitoring
testing
improvement
reconnaissance

7. Which two objectives must a security policy accomplish? (Choose two.)
provide a checklist for the installation of secure servers
describe how the firewall must be configured
document the resources to be protected
identify the security objectives of the organization
identify the specific tasks involved in hardening a router

8. Which two statements define the security risk when DNS services are enabled on the network? (Choose two.)
By default, name queries are sent to the broadcast address 255.255.255.255.
DNS name queries require the ip directed-broadcast command to be enabled on the Ethernet interfaces of all routers.
Using the global configuration command ip name-server on one router enables the DNS services on all routers in the network.
The basic DNS protocol does not provide authentication or integrity assurance.
The router configuration does not provide an option to set up main and backup DNS servers.

9.

Refer to the exhibit. Security Device Manager (SDM) has been used to configure a required level of security on the router. What would be accomplished when the SDM applies the next step on the security problems that are identified on the router?
SDM will automatically invoke the AutoSecure command.
SDM will generate a report that will outline the proper configuration actions to alleviate the security issues.
SDM will create a configuration file that can be copy and pasted into the router to reconfigure the services.
SDM will reconfigure the services that are marked in the exhibit as “fix it” to apply the suggested security changes.

10. An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?
DoS
DDoS
virus
access
reconnaissance

11. What are two benefits of using Cisco AutoSecure? (Choose two.)
It gives the administrator detailed control over which services are enabled or disabled.
It offers the ability to instantly disable non-essential system processes and services.
It automatically configures the router to work with SDM.
It ensures the greatest compatibility with other devices in your network.
It allows the administrator to configure security policies without having to understand all of the Cisco IOS software features.

12. Which statement is true about Cisco Security Device Manager (SDM)?
SDM can run only on Cisco 7000 series routers.
SDM can be run from router memory or from a PC.
SDM should be used for complex router configurations.
SDM is supported by every version of the Cisco IOS software.

13. The Cisco IOS image naming convention allows identification of different versions and capabilities of the IOS. What information can be gained from the filename c2600-d-mz.121-4? (Choose two.)
The "mz" in the filename represents the special capabilities and features of the IOS.
The file is uncompressed and requires 2.6 MB of RAM to run.
The software is version 12.1, 4th revision.
The file is downloadable and 121.4MB in size.
The IOS is for the Cisco 2600 series hardware platform.

14.

Refer to the exhibit. The network administrator is trying to back up the Cisco IOS router software and receives the output shown. What are two possible reasons for this output? (Choose two.)
The Cisco IOS file has an invalid checksum.
The TFTP client on the router is corrupt.
The router cannot connect to the TFTP server.
The TFTP server software has not been started.
There is not enough room on the TFTP server for the software.

15. The password recovery process begins in which operating mode and using what type of connection? (Choose two.)
ROM monitor
boot ROM
Cisco IOS
direct connection through the console port
network connection through the Ethernet port
network connection through the serial port

16.

Refer to the exhibit. Security Device Manager (SDM) is installed on router R1. What is the result of opening a web browser on PC1 and entering the URL https://192.168.10.1?
The password is sent in plain text.
A Telnet session is established with R1.
The SDM page of R1 appears with a dialog box that requests a username and password.
The R1 home page is displayed and allows the user to download Cisco IOS images and configuration files.

17.

Refer to the exhibit. A network administrator is trying to configure a router to use SDM, but it is not functioning correctly. What could be the problem?
The privilege level of the user is not configured correctly.
The authentication method is not configured correctly.
The HTTP server is not configured correctly.
The HTTP timeout policy is not configured correctly.

18. Which step is required to recover a lost enable password for a router?
Set the configuration register to bypass the startup configuration.
Copy the running configuration to the startup configuration.
Reload the IOS from a TFTP server from ROMMON.
Reconfigure the router using setup mode.

19. What is the best defense for protecting a network from phishing exploits?
Schedule antivirus scans.
Schedule antispyware scans .
Schedule training for all users.
Schedule operating systems updates.

20. Which two conditions should the network administrator verify before attempting to upgrade a Cisco IOS image using a TFTP server? (Choose two.)
Verify the name of the TFTP server using the show hosts command.
Verify that the TFTP server is running using the tftpdnld command.
Verify that the checksum for the image is valid using the show version command.
Verify connectivity between the router and TFTP server using the ping command.
Verify that there is enough flash memory for the new Cisco IOS image using the show flash command.

21.

Refer to the exhibit. What is accomplished when both commands are configured on the router?
The commands filter UDP and TCP traffic coming to the router.
The commands disable any TCP or UDP request sent by the routing protocols.
The commands disable the services such as echo, discard, and chargen on the router to prevent security vulnerabilities.
The commands disable the BOOTP and TFTP server services to prevent security vulnerabilities.

22. Which two statements regarding preventing network attacks are true? (Choose two.)
The default security settings for modern server and PC operating systems can be trusted to have secure default security settings.
Intrusion prevention systems can log suspicious network activity, but there is no way to counter an attack in progress without user intervention.
Physical security threat mitigation consists of controlling access to device console ports, labeling critical cable runs, installing UPS systems, and providing climate control.
Phishing attacks are best prevented by firewall devices.
Changing default usernames and passwords and disabling or uninstalling unnecessary services are aspects of device hardening.