CCNA 4 Final Exam Answers 2011

1. Which Frame Relay flow control mechanism is used to signal routers that they should reduce the flow rate of frames?

DE

BE

CIR

FECN

CBIR

 

2. An administrator is configuring a dual stack router with IPv6 and IPv4 using RIPng. The administrator receives an error message when trying to enter the IPv4 routes into RIPng. What is the cause of the problem?

When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are over-written in favor of the newer technology.

Incorrect IPv4 addresses are entered on the router interfaces.

RIPng is incompatible with dual-stack technology.

IPv4 is incompatible with RIPng.

 

3. Which data link layer encapsulation protocol is used by default for serial connections between two Cisco routers?

ATM

Frame Relay

HDLC

PPP

SDLC

 

4. An administrator issues the command confreg 0x2142 at the rommon 1> prompt. What is the effect when this router is rebooted?

Contents in RAM will be erased.

Contents in RAM will be ignored.

Contents in NVRAM will be erased.

Contents in NVRAM will be ignored.

 

5. Which type of network attack exploits vulnerabilities in the compromised system with the intent of propagating itself across a network?

virus

worm

Trojan horse

man-in-the-middle

 

6. Which important piece of troubleshooting information can be discovered about a serial interface using the show controllers command?

queuing strategy

serial cable type

interface IP address

encapsulation method

 

7.

CCNA 4 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. Which statement is true about the Frame Relay connection?

The Frame Relay connection is in the process of negotiation.

A congestion control mechanism is enabled on the Frame Relay connection.

The “ACTIVE” status of the Frame Relay connection indicates that the network is experiencing congestion.

Only control FECN and BECN bits are sent over the Frame Relay connection. No data traffic traverses the link.

 

8.

CCNA 4 Final thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. Computers on the internal network need access to all servers in the external network. The only traffic that is permitted from the external network must be responses to requests that are initiated on the internal network. Which security measure would satisfy this requirement?

a numbered extended ACL

a named standard ACL

a reflexive ACL

a dynamic ACL

 

9. A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. How can the administrator determine how this change has affected performance and availability on the company intranet?

Conduct a performance test and compare with the baseline that was established previously.

Determine performance on the intranet by monitoring load times of company web pages from remote sites.

Interview departmental administrative assistants and determine if they think load time for web pages has improved.

Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.

 

10. Which option correctly defines the capacity through the local loop guaranteed to a customer by the service provider?

BE

DE

CIR

CBIR

 

11.

CCNA 4 Final Exam V4.0 Answers 2011 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. A network administrator is attempting to configure a Frame Relay network. The administrator enters the commands as shown in the exhibit on R2, but the Frame Relay PVCs are inactive. What is the problem?

The incorrect DLCI numbers are being configured on R2.

The S0/0/0 interface on R2 needs to be point-to-point.

The frame-relay map commands are missing the cisco keyword at the end.

A single router interface cannot connect to more than one Frame Relay peer at a time.

 

12. A DHCP server is configured with a block of excluded addresses. What two devices would be assigned static addresses from the excluded address range? (Choose two.)

a protocol analyzer

DNS server for the network

network printer that is used by many different users

a laptop that will get a different address each time it boots up

 

13.

CCNA 4 Practice Final Exam Answers thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. WestSW is supposed to send VLAN information to EastSW, but that did not occur. What will force WestSW to send a VLAN update to EastSW?

Change EastSW to be a VTP server.

Reload both WestSW and EastSW at the same time.

Erase the VLAN database on EastSW and reload the switch.

Reset the configuration revision number on EastSW to zero.

Reload EastSW.

 

14.

CCNA 2011 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. The corporate network that is shown has been assigned network 172.16.128.0/19 for use at branch office LANs. If VLSM is used, what mask should be used for addressing hosts at Branch4 with minimal waste from unused addresses?

/19

/20

/21

/22

/23

/24

 

15. Which configuration on the vty lines provides the best security measure for network administrators to remotely access the core routers at headquarters?

CCNA Answers 2011 thumb CCNA 4 Final Exam Answers 2011

CCNA Exam 2011 thumb CCNA 4 Final Exam Answers 2011

CCNA Final thumb CCNA 4 Final Exam Answers 2011

CCNA Final 2011 thumb CCNA 4 Final Exam Answers 2011

 

16.

Cisco CCNA 4 Final Exam Answers thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. In the partial router configuration that is shown, what is the purpose of access list BLOCK_XYZ?

to prevent source IP address spoofing by hosts on the Fa0/0 LAN

to block access by Fa0/0 LAN hosts to all network services beyond the router

to prevent users on the Fa0/0 LAN from opening Telnet sessions on the router

to secure Fa0/0 hosts by allowing only locally sourced traffic into the Fa0/0 LAN

 

17.

Exam 2011 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. A network administrator notices that three VLANs created on SW1 do not show in SW3. Based on output from the show vtp status and show running-config commands, what is the cause of the problem in the SW3 configuration?

VTP version 2 is disabled.

The VTP mode is misconfigured.

The configure revision number for VTP does not match.

Trunk mode is not configured on FastEthernet 0/1 and 0/2.

 

18.

Final Exam thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. What statement is true about the core router devices?

They use multiport internetworking devices to switch traffic such as Frame Relay, ATM, or X.25 over the WAN.

They provide internetworking and WAN access interface ports that are used to connect to the service provider network.

They provide termination for the digital signal and ensure connection integrity through error correction and line monitoring.

They support multiple telecommunications interfaces of the highest speed and are able to forward IP packets at full speed on all of those interfaces.

 

19. When would the multipoint keyword be used in Frame Relay PVCs configuration?

when global DLCIs are in use

when using physical interfaces

when multicasts must be supported

when participating routers are in the same subnet

 

20. A light manufacturing company wishes to replace its DSL service with a non-line-of-sight broadband wireless solution that offers comparable speeds. Which solution should the customer choose?

Wi-Fi

satellite

WiMAX

Metro Ethernet

 

21.

Network Fundamentals Final Exam Answers thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. Which configuration command would result in the output in the exhibit?

ip nat inside source static 10.1.200.254 172.16.76.3

ip nat inside source static 10.1.200.254 192.168.0.10

ip nat inside source static 172.16.76.3 10.1.200.254

ip nat inside source static 172.16.76.3 192.168.0.10

ip nat inside source static 192.168.0.10 172.16.76.3

ip nat inside source static 192.168.0.10 10.1.200.254

 

22. A recently patched application server is experiencing response time problems. The network on which the application server is located has been experiencing occasional outages that the network team believes may be related to recent routing changes. Network and application teams have been notified to work on their respective issues. Which statement applies to this situation?

Only results from the software package should be tested as the network is designed to accommodate the proposed software platform.

Scheduling will be easy if the network and software teams work independently.

It will be difficult to isolate the problem if two teams are implementing changes independently.

Results from changes will be easier to reconcile and document if each team works in isolation.

 

23. A network technician wants to implement SSH as the means by which a router may be managed remotely. What are two procedures that the technician should use to successfully complete this task? (Choose two.)

Configure the login banner.

Configure authentication.

Define the asymmetrical keys.

Configure the console password.

Enter the service password-encryption command.

 

24. What are the symptoms when the s0/0/0 interface on a router is attached to an operational CSU/DSU that is generating a clock signal, but the far end router on the point-to-point link has not been activated?

show controllers indicates cable type DCE V.35. show interfaces s0/0/0 indicates serial down, line protocol down.

show controllers indicates cable type DCE V.35. show interfaces s0/0/0 indicates serial up, line protocol down.

show controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial up, line protocol down.

show controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial down, line protocol down.

 

25. Which statement is true about PAP in the authentication of a PPP session?

PAP uses a two-way handshake.

The password is unique and random.

PAP conducts periodic password challenges.

PAP uses MD5 hashing to keep the password secure.

 

26. Which characteristic of VPN technology prevents the contents of data communications from being read by unauthorized parties?

QoS

latency

reliability

confidentiality

 

27. Which address provides an example of an IPv6 link-local address?

FE80::1324:ABCD

2001:2345:AB12:1935::FEFF

2001:1234:0000:9CA::0876/64

1234:ABCD:5678:EF00:9234:AA22:5527:FC35

 

28. What major benefit does Cisco HDLC provide that ISO standard HDLC lacks?

flow control

error control

multiprotocol support

cyclic redundancy checks

 

29. What will be the result of adding the command ip dhcp excluded-address 192.168.24.1 192.168.24.5 to the configuration of a local router that has been configured as a DHCP server?

Traffic that is destined for 192.168.24.1 and 192.168.24.5 will be dropped by the router.

Traffic will not be routed from clients with addresses between 192.168.24.1 and 192.168.24.5.

The DHCP server will not issue the addresses ranging from 192.168.24.1 to 192.168.24.5.

The router will ignore all traffic that comes from the DHCP servers with addresses 192.168.24.1 and 192.168.24.5.

 

30. What is the result when the command permit tcp 10.25.132.0 0.0.0.255 any eq smtp is added to a named access control list and applied on the inbound interface of a router?

TCP traffic with a destination to the 10.25.132.0/24 is permitted.

Only Telnet traffic is permitted to the 10.24.132.0/24 network

Ttraffic from 10.25.132.0/24 is permitted to anywhere on using any port.

Traffic using port 25 from the 10.25.132.0/24 is permitted to all destinations.

 

31.

CCNA 4 Final Exam V4.0 Answers 2012 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. A network administrator has issued the commands that are shown on Router1 and Router2. A later review of the routing tables reveals that neither router is learning the LAN network of the neighbor router. What is most likely the problem with the RIPng configuration?

The serial interfaces are in different subnets.

The RIPng process is not enabled on interfaces.

The RIPng network command is not configured.

The RIPng processes do not match between Router1 and Router2.

 

32.

CCNA 2012 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. Results of the show vlan and show vtp status commands for switches S1 and S2 are displayed in the exhibit. VLAN 11 was created on S1. Why is VLAN 11 missing from S2?

There is a Layer 2 loop.

The VTP domain names do not match.

Only one switch can be in server mode.

S2 has a higher spanning-tree priority for VLAN 11 than S1 does.

 

33. At what physical location does the responsibilty for a WAN connection change from the user to the service provider?

demilitarized zone (DMZ)

demarcation point

local loop

cloud

 

34. Which IP address and wildcard mask would be used in an ACL to block traffic from all hosts on the same subnet as host 192.168.16.43/28?

access-list 10 deny 192.168.16.0 0.0.0.31

access-list 10 deny 192.168.16.16 0.0.0.31

access-list 10 deny 192.168.16.32 0.0.0.16

access-list 10 deny 192.168.16.32 0.0.0.15

access-list 10 deny 192.168.16.43 0.0.0.16

 

35. Which statement is true about wildcard masks?

Inverting the subnet mask will always create the wildcard mask.

The wildcard mask performs the same function as a subnet mask.

A network or subnet bit is identified by a "1" in the wildcard mask.

IP address bits that must be checked are identified by a "0" in the wildcard mask.

 

36. A company has its headquarters office in Dallas and five branch offices located in New York, Chicago, Los Angeles, Seattle, and Atlanta. WAN links are used for communications among offices in six sites. In planning the WAN links, the network designer is given two requirements: (1) minimize cost and (2) provide a certain level of WAN link reliability with redundant links. Which topology should the network designer recommend?

star

full mesh

hierarchical

partial mesh

 

37.

CCNA Answers 2012 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. Partial results of the show access-lists and show ip interface FastEthernet 0/1 commands for router Router1 are shown. There are no other ACLs in effect. Host A is unable to telnet to host B. Which action will correct the problem but still restrict other traffic between the two networks?

Apply the ACL in the inbound direction.

Apply the ACL on the FastEthernet 0/0 interface.

Reverse the order of the TCP protocol statements in the ACL.

Modify the second entry in the list to permit tcp host 172.16.10.10 any eq telnet.

 

38. A company is looking for a WAN solution to connect its headquarters site to four remote sites. What are two advantages that dedicated leased lines provide compared to a shared Frame Relay solution? (Choose two.)

reduced jitter

reduced costs

reduced latency

the ability to burst above guaranteed bandwidth

the ability to borrow unused bandwidth from the leased lines of other customers

 

39. Which combination of Layer 2 protocol and authentication should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router?

PPP with PAP

PPP with CHAP

HDLC with PAP

HDLC with CHAP

 

40. An administrator is unable to receive e-mail. While troubleshooting the problem, the administrator is able to ping the local mail server IP address successfully from a remote network and can successfully resolve the mail server name to an IP address via the use of the nslookup command. At what OSI layer is the problem most likely to be found?

physical layer

data link layer

network layer

application layer

 

41. What are two main components of data confidentiality? (Choose two.)

checksum

digital certificates

encapsulation

encryption

hashing

 

42.

CCNA Exam 2012 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. A network administrator is trying to backup the IOS software on R1 to the TFTP server. He receives the error message that is shown in the exhibit, and cannot ping the TFTP server from R1. What is an action that can help to isolate this problem?

Use correct source file name in the command.

Verify that the TFTP server software is running.

Make sure that there is enough room on the TFTP server for the backup.

Check that R1 has a route to the network where the TFTP server resides.

 

43. When NAT is in use, what is used to determine the addresses that can be translated on a Cisco router?

access control list

routing protocol

inbound interface

ARP cache

 

44.

CCNA Final 2012 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. All devices are configured as shown in the exhibit. PC1 is unable to ping the default gateway. What is the cause of the problem?

The default gateway is in the wrong subnet.

STP has blocked the port that PC1 is connected to.

Port Fa0/2 on S2 is assigned to the wrong VLAN.

S2 has the wrong IP address assigned to the VLAN30 interface.

 

45. Which option represents a best practice for applying ACLs?

Named ACLs are less efficient than numbered ACLs.

Standard ACLs should be applied inside the core layer.

ACLs applied to outbound interfaces use fewer router resources.

Extended ACLs should be applied closest to the source that is specified by the ACL.

 

46.

Exam 2012 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. A network administrator is tasked with completing the Frame Relay topology that interconnects two remote sites. How should the point-to-point subinterfaces be configured on HQ to complete the topology?

frame-relay interface-dlci 103 on Serial 0/0/0.1
frame-relay interface-dlci 203 on Serial 0/0/0.2

frame-relay interface-dlci 301 on Serial 0/0/0.1
frame-relay interface-dlci 302 on Serial 0/0/0.2

frame-relay map ip 192.168.1.1 103 broadcast on Serial 0/0/0.1
frame-relay map ip 192.168.2.2 203 broadcast on Serial 0/0/0.2

frame-relay map ip 192.168.1.1 301 broadcast on Serial 0/0/0.1
frame-relay map ip 192.168.2.2 302 broadcast on Serial 0/0/0.2

 

47.

CCNA Exam Answers 2012 thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. How is the TCP/IP configuration information specified by the default-router and dns-server commands made available?

The TCP/IP information is forwarded to a 10.0.1.3 to be supplied to DHCP clients.

The TCP/IP information is used by DNS clients to forward all data to the default gateway on R1 of 10.0.1.3.

The TCP/IP information is supplied to any DHCP client on the network connected to the FastEthernet 0/0 interface of R1.

The TCP/IP information is applied to each packet that enters R1 through the FastEthernet 0/0 interface that are hosts on the 10.0.1.0 /24 network except packets from addresses 10.0.1.2, 10.0.1.16, and 10.0.1.254.

 

48.

Exam for CCNA thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. Based on the output as shown, which two statements correctly define how the router will treat Telnet traffic that comes into interface FastEthernet 0/1? (Choose two).

Telnet to 172.16.10.0/24 is denied.

Telnet to 172.16.20.0/24 is denied.

Telnet to 172.16.0.0/24 is permitted.

Telnet to 172.16.10.0/24 is permitted.

Telnet to 172.16.20.0/24 is permitted.

 

49. While troubleshooting a PPP link that uses PAP authentication, a network administrator notices an incorrectly configured password in the running configuration. The administrator corrects the error by entering the command ppp pap sent-username ROUTER_NAME password NEW_PASSWORD, but the link still does not come up.
Assuming that the rest of the configuration is correct and that the link has no physical layer problems, what should the administrator do?

Save the configuration to NVRAM.

Shut down the interface then re-enable it.

Generate traffic by pinging the remote router.

Use CHAP to ensure compatibility with the remote router.

 

50. A network administrator determines that falsified routing information is propagating through the network. What action can be used to address this threat?

Update the IOS images.

Change console passwords.

Employ end-user authentication.

Configure routing protocol authentication.

 

51. What is tunneling?

using digital certificates to ensure that data endpoints are authentic

creating a hash to ensure the integrity of data as it traverses a network

using alternate paths to avoid access control lists and bypass security measures

encapsulating an entire packet within another packet for transmission over a network

 

52.

Cisco Exam thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit. A network administrator has been asked to configure PPP with CHAP authentication over the serial link between routers R1 and R2. What additional configuration should be included on both routers to complete the task?

Cisco Exam 2011 thumb CCNA 4 Final Exam Answers 2011

Cisco Exam 2012 thumb CCNA 4 Final Exam Answers 2011

Cisco Exam Answers thumb CCNA 4 Final Exam Answers 2011

CCNA Exam October thumb CCNA 4 Final Exam Answers 2011

Refer to the exhibit A network administrator has issued the commands that are shown on Router1 and Router2 A later review of the routing tables reveals that neither router is learning the LAN network of the neighbor router What is most likely the problem , What is the result when the command permit tcp 10 25 132 0 0 0 0 255 any eq smtp is added to a named access control list and applied on the inbound interface of a router?, A network administrator determines that falsified routing information is propagating through the network What action can be used to address this threat?, What major benefit does Cisco HDLC provide that ISO standard HDLC lacks?, While troubleshooting a PPP link that uses PAP authentication a network administrator notices an incorrectly configured password in the running configuration The administrator corrects the error by entering the command ppp pap sent-username ROUTER_NAME pa, Which important piece of troubleshooting information can be discovered about a serial interface using the show controllers command?, An administrator issues the command confreg 0x2142 at the rommon 1> prompt What is the effect when this router is rebooted?, Refer to the exhibit Computers on the internal network need access to all servers in the external network The only traffic that is permitted from the external network must be responses to requests that are initiated on the internal network Which security , ccna 4 final exam 2012, A network administrator has moved the company intranet web server from a switch port to a dedicated router interface How can the administrator determine how this change has affected performance and availability on the company intranet?

30 Responses - Add Yours+

  1. anti says:

    I think that

    34. is the 4th one:
    access-list deny 192.168.16.32 0.0.0.15 (cause subnet is 192.168.16.32/28)

    and
    35. is the last one.
    IP address bits that must be checked are identified by a “0” in the wildcard mask.

    • Mario says:

      Q34 access-list 10 deny 192.168.16.43 0.0.0.16

      Q35 Inverting the subnet mask will always create the wildcard mask.

      • Colm says:

        Q34 access-list 10 deny 192.168.16.43 0.0.0.15 is correct

        /28 is subnet mask 255.255.255.240 with 16 block size

        255-240=15

        The wildcard mask is always 1 less than the block size which in this case is 16 making the wildcard mask 0.0.0.15

        • Mat says:

          How is 192.168.16.43 correct it’s not even a subnet adresse…

          • ghol says:

            Q34: there is no option to choose “access-list 10 deny 192.168.16.43 0.0.0.15″ it would otherwise be correct too.

            The correct answer is the first option.

            With wild cards you dont have to specify the subnet wildcard mask calculates it anyway, so can you manualy.

          • ghol says:

            Im sorry i meant the 4 option is correct, which is: 192.168.16.32 0.0.0.15

  2. Mario says:

    Q15 HQ(config)# line vty 0 4
    HQ(config-line)# no transport input
    HQ(config-line)# transport input ssh
    HQ(config-line)# exec/timeout 5
    HQ(config-line)# exit
    HQ(config)# service tcp-leepalives-in

  3. Mario says:

    Q35 Inverting the subnet mask will always create the wildcard mask.

    • Warren says:

      Q35 inverting the subnet mask will create a wildcard mask. But there can be many other wildcard masks that can be applied. Such as picking out all the odd ip numbers of a net.

    • Dario says:

      IP address bits that must be checked are identified by a “0” in the wildcard mask.

  4. Warren says:

    Q17 I am a bit confused on this one. I am pretty sure since SW3 is in transparent mode it won’t pickup any changes on SW1. It would just pawss them on through.

    But then the running-config doesn’t show any trunk setup for SW3.

    • AGT says:

      By default all ports have dynamic auto mode configured. With the other side explicit on trunk, it should establish the trunk. So the correct answer is “The VTP mode is misconfigured.”

  5. Warren says:

    Q23 I am wondering on this one if the last answer is correct versus the second answer. The last answer just puts a simple reversable encryption on some of the passwords like line and vty. Authentication is usually a more secure method of verifying credentials which I would associate with SSH

  6. Warren says:

    Q30 third answer has Ttraffic spelling error.

  7. Warren says:

    Q34 should be .15 to ignore the last 4 bits .16 only ignores that bit

  8. anon says:

    Q17. The answer should be “VTP mode is misconfigured”. SW3 is in transparent mode and it will not synchronize it’s VLAN database to other switches in the same vtp domain.

  9. anon says:

    Q23. Service password encryption has nothing to do with SSH. The other correct answer is “Configure authentication” with username and password global with login local

  10. anon says:

    Q34. The right answer is “access-list 10 deny 192.168.16.32 0.0.0.15″ (correct wildcard mask)

  11. anon says:

    Q49. The most sensible thing to do is see the output of debug ppp authentication and check if both routers agree with the authentication type. If the other router only supports chap, then use chap instead of pap.

    • Dre says:

      In the question it says “PPP link that uses PAP” – meaning the entire link uses PAP. So both ends of that link use PAP and not CHAP. This is a given in the question and it is not necessary to check that the same authentication type is used by both routers.

  12. anon says:

    Q7. The right answer is “A congestion control mechanism is enabled on the Frame Relay connection” because FECN and BECN counters are set

  13. gene says:

    1.

    The first question is wrong

    FECN (Forward Error Congestion Notification)

    BECN (Backward Error Congestion Notification)

    it should be BECN

  14. Patis says:

    BECN isn’t an option on Q1!

  15. Mrtvi says:

    Q46. The answer should be:
    frame-relay map ip 192.168.1.1 301 broadcast on Serial 0/0/0.1
    frame-relay map ip 192.168.2.2 302 broadcast on Serial 0/0/0.2
    Static mapping is configured with no frame-relay inverse-arp

Leave a Reply