CCNA Questions - Basic

Started by certforumz, June 17, 2010, 01:01:38 AM

Previous topic - Next topic

certforumz

Question 1:

Which of the following is Class C IP address?

      A. 10.10.14.118
      B. 135.23.112.57
      C. 191.200.199.199
      D. 204.67.118.54

Explanation:

IP addresses are written using decimal numbers separated by decimal points. This is called dotted decimal notation of expressing IP addresses. The different classes of IP addresses as per IP v4 specification is as below:

Class  Format    Leading Bits  Network address    Max. nets    Max hosts
                                                                                                                   
A      N.H.H.H          0          0 - 126              127              16,777,214
B      N.N.H.H          10      128 - 191          16,384                    65,534
C      N.N.N.H          110    192 - 223        2,097,152                      254
D    Not Applicable 1110    Address range:  224.0.0.0 to 239.255.255.255  Class D multicast address space is 2^28  or 268,435,456 multicast groups.
E    Not Applicable 1111    Address range: 240.0.0.0      255.255.255.255

Network address of all zeros means "This network or segment".
Network address of all 1s means " all networks", same as hexadecimal of all Fs.
Network number 127 is reserved for loopback tests.
Host (Node) address of all zeros mean "This Host (Node)".
Host (Node) address of all 1s mean "all Hosts (Nodes) " on the specified network.
Class D is a special multicast address and cannot be used for networks. The 4 high-order bits are always 1110, and the remaining 28 bits allow for more than 268 million possible addresses. There is no concept of network and host address ranges in Class D
Class E is reserved for experimental purposes. The first four bits in the address are always 1111.

CCNA Exam Simulator:
http://www.certexams.com/cisco/ccna/exam-details.htm

CCNA Netsim with Exam Simulator:
https://www.certexams.com/cisco/ccna/netsim-exam-details.htm
Question 2:

You have an IP of 156.233.42.56 with 7 bits reserved for subnetting. How many hosts and subnets are possible?

                A. 126 hosts and 510 subnets
                B. 128 subnets and 512 hosts
                C. 510 hosts and 128 subnets
                D. 512 subnets and 128 hosts

Correct Answer: C

Class B network has the form N.N.H.H, the default subnet mask is 16 bits long.
(N represents network portion, and H represents host portion of the IP address)

There are an additional 7 bits to the default subnet mask. The total number of bits in the subnet mask are 16+7 = 23.

This leaves us with 32-23 =9 bits for assigning to hosts.

7 bit subnet bits correspond to (2^7)=128 subnets.

Note that earlier, Cisco used to deduct all zeros and all ones subnets from the total number of available networks. However, this practice was discontinued because all zeros and all ones subnets can also used now-a-days.

9 bits belonging to host addresses correspond to (2^9-2)=512-2 = 510 hosts.
Note that all zeros and all ones host addresses cannot be used. All zeros host correspond to this network, and all one ones correspond to broadcast address to all hosts.

In other words, the Network Address is the address in which all binary bits in the host portion of the IP address are set to zero. Network Address is used to specify a network, so it cannot be assigned to any individual host.

CCNA Exam Simulator:
http://www.certexams.com/cisco/ccna/exam-details.htm

CCNA Exam Simulator with Netsim:
https://www.certexams.com/cisco/ccna/netsim-exam-details.htm

certforumz

#1
Q. Which of the following are true about a collision domain and a broadcast domain in a switch network? (Choose 2 best answers)

  a. Both collision domain and broadcast domain are one and the same.
  b. A collision domain is one where collisions may occur due to simultaneous transmission of packets by two or more devices
  c. Assuming no VLANs are present, a switch acts as a single broadcast domain.
  d. A layer 2 switch forms a single collision domain.
  e. A switch with 2 or more VLANs forms only one broadcast domain.

ans: b, c

Explation:
A collision domain is one where collisions can occur between transmitting devices. For example, a network hub with several work stations (PCs) attached to it forms a single collision domain. In otherwords, if you have two or more transmitting devices sharing a common medium (cable, air, etc) there can be collisions. Switches are different from Hubs. In a switch, a port is not shared with any other ports on the switch, and therefore forms a single collision domain. Therefore, an individual workstation connected to a switch port has no one to collide with. On the other hand, an individual workstation connected to a port on a Hub shares the medium with all other ports on the Hub, and therefore all Hub ports form a single collision domain.

In a switch, broadcasts are sent out every port, and therefore switches are defined as a single broadcast domain. Every workstation connected to a switch receives every broadcast generated by any other device connected to that switch. When there are several nodes connected to a switch, broadcasts may slow down the speed of the network significantly. VLANs may be used to divide the switch in to two or more broadcast domains. VLANS do not allow broadcasts to propagate to other VLANs on the switch network. For example, traffic generated in VLAN1 can only be forwarded into devices connected to VLAN1. InterVLAN connectivity can be achieved by using routers to route traffic between VLANs, in the same way as routing traffic between two networks (or subnets). VLANS are configured with layer 3 addressing (IP and subnet mask) scheme. The router acts as a border that broadcasts (by default) do not cross. When traffic is generated in one VLAN and needs to go into another VLAN the router simply sees it as subnet to subnet traffic and routes it as configured.

CCNA Exam Simulator:
http://www.certexams.com/cisco/ccna/exam-details.htm

CCNA Exam Simulator with Netsim:
https://www.certexams.com/cisco/ccna/netsim-exam-details.htm

certforumz

#2
Q3. Match the following:

        A. Repeater   1. Data Link Layer device

        B. Bridge       2. Network Layer device

        C. Router      3. Physical Layer device

Select best answer:

                    A.  A -->2,  B---->3, C---->1                           
                    B.  A--->3,  B---->1, C---->2
                    C.  A--->3,  B---->2, C---->1
                    D.  A--->1,  B---->2, C---->3

Answer: B

Explanation:

The most frequently used network devices may be categorized as repeaters, hubs, switches, and routers. These devices let you connect computers, printers, and other devices to communicate with each other. The medium that is used for communication is usually cable (optical or copper) and air (Wifi, bluetooth, etc.).

A repeater is a basic device that simply amplifies the input signals and retransmits. It is used to extend the range of a network segment. For example, the range of a 10BaseT network segment is 100meters by default. If the end devices are at a distance more than 100 meters, you will require a repeater so that the transmitted signals are received at the destination device without losing any information.

Repeaters work at the physical layer of OSI model.

A hub is typically the simplest device to use. Its job is very simple: anything that comes in one port is sent out to all other ports on the hub. Every computer connected to the hub "sees" the same information on the network that every other computer on the hub sees. For years, simple hubs have been quick and easy ways to connect computers in small and home networks. All devices connected to a hub will be in the same collision domain as well as broadcast domain.

A switch is more intelligent than a hub, though it does essentially the same things as that of a hub. A switch learns the physical addresses of sending devices by reading the MAC address and mapping it to the port number through which the frame had arrived. This way, it will quickly learn which MAC address belongs to which switch port, and stores the information in a table (called MAC table). Then onwards, it will send a frame only to the port that connects to the destination device (as specified in the frame). Note that both hub and switch are layer-2 devices together.

A hub or a switch is used to connect two or more network segments.

A router is used to route packets, and most complicated among the three.  They work at layer-3 of the OSI model. They route packets based on the IP addresses where as a switch forwards packets based on the MAC addresses. A router needs to disseminate an incoming packet down to its IP address and route it to destination based on information available in its routing table. Again, note that switches maintain a MAC table where as routers maintain a routing table. When a switch sends a packet (usually called a frame when sent by a switch) it is called forwarding. Thus a switch forwards an incoming frame based on its destination MAC address. A router reads the destination IP address of the incoming packet, finds out which interface it needs to go to reach desired destination (which may be several hops away) and routes the packet appropriately.

A router is used to connect two or more networks together.

CCNA Exam Simulator:
http://www.certexams.com/cisco/ccna/exam-details.htm

CCENT Exam Simulator:
http://www.certexams.com/cisco/ccent/exam-details.htm

certforumz

#3
Q5. Two sub layers of OSI Data Link layer are which of the following? [Select 2].

        A. Logical Link Control
        B. Data Link Control
        C. Media Access Control
        D. Physical Layer Control

Ans:A,C

Explanation:
The OSI model was designed to facilitate open specification for connecting to systems conforming to OSI model. These systems are designed to be open for communication with almost any other system. OSI model breaks down each functional layer so that overall design complexity could be lessened. OSI model primarily consists of seven layers for the flow of information. This is shown in the figure below.

The Data Link Layer corresponds to layer 2 of OSI reference model. This layer is further divided into two sub-layers:

1. Logical Link Control (LLC) sub-layer, and
2. Media Access Control (MAC) sub-layer.

The LLC sub-layer handles error control, flow control, framing, and MAC sub-layer addressing.

The MAC sub-layer is the lower of the two sub-layers of the Data Link layer.
MAC sub-layer handles access to shared media, such a Token passing or Ethernet.




certforumz

#4
Q 6. What does the CTRL-SHIFT-6 command accomplish?

It is used to break out of a command that is running on a router or switch. An Example might be breaking out a trace command or other output. Another use for this command sequence might be when you are in a Reverse Telnet Session or multiple Telnet Session and need to break the session and return to the original session. This command is quite useful and serves a variety of purposes.

Q 7. A network administrator can ping the NewYork router, but gets a 'Password Required but None Set' message when trying to connect remotely via Telnet. Which command sequence must be applied to the Denver router to allow remote access?

A.
Router(config)# line console 0
Router(config-line)# login
Router(config-line)# password cisco

B.
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password cisco

C.
Router(config)# line virtual terminal
Router(config-line)# enable login
Router(config-line)# password cisco

D.
Router(config)# line vty 0 4
Router(config-line)# enable secret
Router(config-line)# password cisco

Correct Answer:
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password cisco


certforumz

#5
Refer to the exhibit. Which statement describes DLCI 17?


A: DLCI 17 describes the ISDN circuit between R2 and R3.

B: DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1.

C: DLCI 17 is the Layer 2 address used by R2 to describe a PVCto R3.

D: DLCI 17 describes the dial-up circuit from R2 and R3 to theservice provider.

Answer: C

Explanation:

Virtual circuits (VC)s are identified by DLCIs. DLCI values typically are assigned by the Frame Relay service provider. Frame Relay DLCIs have local significance.  A DLCI identifies a VC to the equipment at an endpoint. A DLCI has no significance beyond the single link. Two devices connected by a VC may use a different DLCI value to refer to the same connection.

certforumz

#6
Refer to the exhibit. After adding R3 router on the network, no routing updates are being exchanged between R3 and the new location. All other interconnectivity and Internet access for the existing locations of the company are working properly.
The task is to identify the fault(s) and correct the router configuration to provide full connectivity between the routers.

Access to the router CLI can be gained by clicking on the appropriate host. All passwords on all routers are Cisco.

IP addresses are listed in the chart below.



Answer and Explanation:

Its advised that you should read the question properly so as to understand what you are asked to do. Firstly, in this case;  verify the configuration of the newly added router since it does not function properly. Use the show running-config command from the command line interface of R3 router, (it's also recommended to use this command on other routers on the network)



From the output above, we can verify that the Eigrp autonomous number (AS) of 22 configuration on router 3 is wrong. On other routers it is 212. If the AS numbers on routers in a network are mismatched, this will hinder the routers on that network from forming adjacency.

To resolve this problem, you re-configure router R3 using the following command:


R3>enable (remember to enter cisco as the password here)
R3#configure terminal
R3(config)#no router eigrp 22  (this will erase the initial configuration)
R3(config)#router eigrp 212
R3(config-router)#network 192.168.60.0
R3(config-router)#network 192.168.77.0
R3(config-router)#no auto-summary
R3(config-router)#end
R3#copy running-configstartup-config (remember to use this command after every configuration)

Verify the configuration on R1 router with the show running-config command:



You will notice that R3 network  is missing in the configuration . R3 network address need to be added for it to be linkable. Use the following command:

R1>enable (remember to enter cisco as password here)
R1#configure terminal
R1(config)#router eigrp 212
R1(config-router)#network 192.168.77.0
R1(config-router)#end
R1#copy running-config startup-config
After configuration, use the ping command from R3 to verify connectivity.

Source; http://www.orbitco-ccna-pastquestions.com/

certforumz

#7
More Questions:

Question 1

Which three are the components of SNMP? (Choose three)

A. MIB
B. SNMP Manager
C. SysLog Server
D. SNMP Agent



Answer: A, B, D

Explanation

SNMP is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network.
The SNMP framework has three parts:

+ An SNMP manager
+ An SNMP agent
+ A Management Information Base (MIB)

The SNMP manager is the system used to control and monitor the activities of network hosts using SNMP. The most common managing system is called a Network Management System (NMS). The term NMS can be applied to either a dedicated device used for network management, or the applications used on such a device. A variety of network management applications are available for use with SNMP. These features range from simple command-line applications to feature-rich graphical user interfaces (such as the CiscoWorks2000 line of products).

The SNMP agent is the software component within the managed device that maintains the data for the device and reports these data, as needed, to managing systems. The agent and MIB reside on the routing device (router, access server, or switch). To enable the SNMP agent on a Cisco routing device, you must define the relationship between the manager and the agent.

The Management Information Base (MIB) is a virtual information storage area for network management information, which consists of collections of managed objects

(Reference: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf014.html#wp1017597)

Question 2

What are the popular destinations for Syslog messages to be saved?

A. Flash
B. The logging buffer RAM
C. The console terminal
D. Other terminals
E. Syslog server



Answer: B C E

Explanation

By default, switches send the output from system messages and debug privileged EXEC commands to a logging process. The logging process controls the distribution of logging messages to various destinations, such as the logging buffer (on RAM), terminal lines (console terminal), or a UNIX syslog server, depending on your configuration. The process also sends messages to the console.


Note: Syslog messages can be be written to a file in Flash memory. We can configure this feature with (logging file flash:filename)

Question 3

Syslog was configured with a level 3 trap. Which 3 types of logs would be generated (choose three)

A. Emergencies
B. Alerts
C. Critical
D. Errors
E. Warnings
F. Notification



Answer: A B C D (?)

Explanation

The Message Logging is divided into 8 levels as listed below:
Level    Keyword    Description
0    emergencies    System is unusable
1    alerts    Immediate action is needed
2    critical    Critical conditions exist
3    errors    Error conditions exist
4    warnings    Warning conditions exist
5    notification    Normal, but significant, conditions exist
6    informational    Informational messages
7    debugging    Debugging messages

The highest level is level 0 (emergencies). The lowest level is level 7. If you specify a level with the "logging console level" command, that level and all the higher levels will be displayed. For example, by using the "logging console warnings" command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed.

In this question level 3 trap is configured so Emergencies, Alerts, critical and Errors messages are displayed. Although this question only requires to choose 3 correct answers but maybe something is missing here.

Question 4

What are the benefit of using Netflow? (Choose three)

A. Network, Application & User Monitoring
B. Network Planning
C. Security Analysis
D. Accounting/Billing



Answer: A C D

Explanation

NetFlow traditionally enables several key customer applications including:

+ Network Monitoring – NetFlow data enables extensive near real time network monitoring capabilities. Flow-based analysis techniques may be utilized to visualize traffic patterns associated with individual routers and switches as well as on a network-wide basis (providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.

+ Application Monitoring and Profiling – NetFlow data enables network managers to gain a detailed, time-based, view of application usage over the network. This information is used to plan, understand new services, and allocate network and application resources (e.g. Web server sizing and VoIP deployment) to responsively meet customer demands.

+ User Monitoring and Profiling – NetFlow data enables network engineers to gain detailed understanding of customer/user utilization of network and application resources. This information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.

+ Network Planning – NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including peering, backbone upgrade planning, and routing policy planning. NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications. NetFlow will give you valuable information to reduce the cost of operating your network.

+ Security Analysis – NetFlow identifies and classifies DDOS attacks, viruses and worms in real-time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents.

+ Accounting/Billing – NetFlow data provides fine-grained metering (e.g. flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.) for highly flexible and detailed resource utilization accounting. Service providers may utilize the information for billing based on time-of-day, bandwidth usage, application usage, quality of service, etc. Enterprise customers may utilize the information for departmental charge-back or cost allocation for resource utilization.

(Reference: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1030045)

Question 5

Which protocol can cause overload on a CPU of a managed device?

A. Netflow
B. WCCP
C. IP SLA
D. SNMP



Answer: D

Explanation

Sometimes, messages like this might appear in the router console:

%SNMP-3-CPUHOG: Processing [chars] of [chars]

They mean that the SNMP agent on the device has taken too much time to process a request.

You can determine the cause of high CPU use in a router by using the output of the show process cpu command.

Note: A managed device is a part of the network that requires some form of monitoring and management (routers, switches, servers, workstations, printers...).

(Reference: http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800948e6.shtml)

Question 6

Which one of these is a valid HSRP Virtual Mac Address?

A. 0000.0C07.AC01
B. 0000.5E00.0110
C. 0007.B400.1203
D. 0000.C007.0201



Answer: A

Explanation

With HSRP, two or more devices support a virtual router with a fictitious MAC address and unique IP address. There are two version of HSRP.

+ With HSRP version 1, the virtual router's MAC address is 0000.0c07.ACxx , in which xx is the HSRP group.
+ With HSRP version 2, the virtual MAC address if 0000.0C9F.Fxxx, in which xxx is the HSRP group.

Note: Another case is HSRP for IPv6, in which the MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF.

-> A is correct.

(Good resource for HSRP: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html)

Question 7

What are the three things that the Netflow uses to consider the traffic to be in a same flow?

A. IP address
B. Interface name
C. Port numbers
D. L3 protocol type
E. MAC address



Answer: A C D

Question 8

What is the alert message generated by SNMP agents called (choose two) ?

A. TRAP
B. INFORM
C. GET
D. SET



Answer: A B

Explanation

A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). They're purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they're unacknowledged so you don't actually know if the remote application received your oh-so-important message to it. SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP.

Question 9

Which three features are added in SNMPv3 over SNMPv2?

A. Message Integrity
B. Compression
C. Authentication
D. Encryption
E. Error Detection



Answer: A C D

Explanation

Cisco IOS software supports the following versions of SNMP:

+ SNMPv1 – The Simple Network Management Protocol: A Full Internet Standard, defined in RFC 1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based on community strings.

+ SNMPv2c – The community-string based Administrative Framework for SNMPv2. SNMPv2c (the "c" stands for "community") is an Experimental Internet Protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic), and uses the community-based security model of SNMPv1.

+ SNMPv3 – Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs 2273 to 2275. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security features provided in SNMPv3 are as follows:

– Message integrity: Ensuring that a packet has not been tampered with in transit.
– Authentication: Determining that the message is from a valid source.
– Encryption: Scrambling the contents of a packet prevent it from being learned by an unauthorized source.

(Reference: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf014.html#wp1010901)

Question 10

What is SNMPv3 authentication protocol?

Answer: HMAC-MD5 or HMAC-SHA (Maybe either of them will appear in the exam)

Question 11

Which three statements about Syslog utilization are true? (Choose three)

A. Utilizing Syslog improves network performance.
B. The Syslog server automatically notifies the network administrator of network problems.
C. A Syslog server provides the storage space necessary to store log files without using router disk space.
D. There are more Syslog messages available within Cisco IOS than there are comparable SNMP trap messages.
E. Enabling Syslog on a router automatically enables NTP for accurate time stamping.
F. A Syslog server helps in aggregation of logs and alerts.



Answer: C D F

Question 12

What NetFlow component can be applied to an interface to track IPv4 traffic?

A. flow monitor
B. flow record
C. flow sampler
D. flow exporter


A. Flow monitor can be applied to an interface to track IPv4 traffic using NetFlow. A flow monitor is responsible for capturing and storing network traffic data from one or more interfaces on a router or switch. It can be configured to monitor specific types of traffic or all traffic passing through the interfaces. Once the data is captured, it can be exported to a collector or analyzer for analysis and reporting. A flow record defines the fields to be captured in the flow data, while a flow sampler is used to sample traffic data to reduce the amount of data that needs to be analyzed. A flow exporter is responsible for exporting the flow data from the router or switch to a collector or analyzer.

Question 13

What command visualizes the general NetFlow data on the command line?

A. show ip flow export
B. show ip flow top-talkers
C. show ip cache flow
D. show mls sampling
E. show mls netflow ip



Answer: C

Explanation

The "show ip cache flow" command displays a summary of the NetFlow accounting statistics.

certforumz

What is a VLAN?
a. A type of computer virus
b. A virtual network that allows computers to communicate as if they were on the same physical network
c. A type of firewall used to secure networks
d. A type of router used to connect multiple networks
Answer: b. A VLAN is a virtual network that allows computers to communicate as if they were on the same physical network, even if they are physically located on different network segments.

What is the purpose of a VLAN?
a. To segment a network and improve performance
b. To prevent unauthorized access to a network
c. To encrypt network traffic
d. To monitor network activity


Answer: a. The purpose of a VLAN is to segment a network and improve performance by reducing broadcast traffic and isolating network traffic.

How are VLANs typically configured?
a. Through hardware switches
b. Through software applications
c. Through operating systems
d. Through web browsers

Answer: a. VLANs are typically configured through hardware switches that support VLAN tagging.

What is VLAN tagging?
a. A security mechanism used to prevent unauthorized access to VLANs
b. A way to identify which VLAN a network packet belongs to
c. A way to encrypt network traffic within a VLAN
d. A way to monitor network activity within a VLAN

Answer: b. VLAN tagging is a way to identify which VLAN a network packet belongs to by adding a VLAN tag to the packet.

Can VLANs be used to connect different physical locations?
a. Yes, VLANs can be used to connect different physical locations
b. No, VLANs can only be used to connect devices on the same physical network
c. It depends on the type of VLAN configuration used
d. It depends on the type of network hardware used

Answer: a. VLANs can be used to connect different physical locations through the use of VLAN trunking, which allows multiple VLANs to be carried over a single physical network link.


What is a VLAN ID?
a. A unique identifier used to identify a virtual network
b. A type of encryption used to secure network traffic
c. A type of firewall used to filter network traffic
d. A type of routing protocol used to connect different networks

Answer: a. A VLAN ID (also known as a VLAN tag) is a unique identifier used to identify a virtual network. It is added to the network packet to ensure that the packet is sent to the correct VLAN.

How can VLANs be used to improve network security?
a. By isolating sensitive data on a separate VLAN
b. By using VLAN tagging to encrypt network traffic
c. By using VLANs to block unauthorized access to the network
d. By using VLANs to monitor network activity

Answer: a. VLANs can be used to improve network security by isolating sensitive data on a separate VLAN. This helps to prevent unauthorized access to the data and reduces the risk of a security breach.

What is a VLAN trunk?
a. A device used to connect multiple VLANs
b. A type of firewall used to secure VLAN traffic
c. A type of router used to route traffic between VLANs
d. A physical connection used to carry multiple VLANs over a single network link

Answer: d. A VLAN trunk is a physical connection used to carry multiple VLANs over a single network link. This allows multiple VLANs to be carried over the same physical connection, which can help to reduce network complexity and improve performance.

What is the difference between a port-based VLAN and a tag-based VLAN?
a. A port-based VLAN assigns VLAN membership based on the physical network port, while a tag-based VLAN assigns VLAN membership based on a VLAN tag.
b. A port-based VLAN assigns VLAN membership based on a VLAN tag, while a tag-based VLAN assigns VLAN membership based on the physical network port.
c. A port-based VLAN is used for wireless networks, while a tag-based VLAN is used for wired networks.
d. A port-based VLAN is used for small networks, while a tag-based VLAN is used for large networks.

Answer: a. The main difference between a port-based VLAN and a tag-based VLAN is that a port-based VLAN assigns VLAN membership based on the physical network port, while a tag-based VLAN assigns VLAN membership based on a VLAN tag. In a port-based VLAN, all traffic on a port is assigned to a single VLAN, while in a tag-based VLAN, traffic is assigned to a VLAN based on the VLAN tag in the network packet.

What is VLAN hopping?
a. A security exploit that allows an attacker to gain access to traffic on a VLAN
b. A performance issue that can occur when too many VLANs are configured
c. A configuration error that can cause VLANs to overlap
d. A hardware failure that can cause VLANs to stop functioning

Answer: a. VLAN hopping is a security exploit that allows an attacker to gain access to traffic on a VLAN. It involves manipulating the network packet to cause it to be sent to a different VLAN than intended, which can allow an attacker to intercept or modify the traffic. VLAN hopping can be prevented by using VLAN tagging and ensuring that VLANs are configured correctly.


Check out sample questions at https://www.certexams.com/cisco/ccna/questions/ccna_q1.htm

certforumz

Multiple-choice questions on VTP (VLAN Trunking Protocol) along with answers and explanations:

What is VTP used for?
a. To manage VLANs in a network
b. To secure network traffic
c. To configure network hardware
d. To monitor network activity

Answer: a. VTP is used to manage VLANs in a network. It allows network administrators to configure and manage VLANs across multiple switches in the network.

How does VTP work?
a. By sending VLAN information to all switches in the network
b. By encrypting VLAN traffic to secure it from unauthorized access
c. By blocking unauthorized VLAN traffic on the network
d. By monitoring VLAN traffic to detect security breaches

Answer: a. VTP works by sending VLAN information to all switches in the network. This allows switches to synchronize their VLAN configurations and ensure that all switches have the same VLAN information.

What is the purpose of the VTP domain?
a. To identify the network administrator
b. To identify the VLANs in the network
c. To identify the type of network hardware in the network
d. To identify the VTP configuration in the network

Answer: d. The purpose of the VTP domain is to identify the VTP configuration in the network. It is used to group switches together and ensure that they have the same VTP configuration.

What is a VTP server?
a. A switch that sends VTP information to other switches in the network
b. A switch that receives VTP information from other switches in the network
c. A switch that blocks unauthorized VLAN traffic on the network
d. A switch that monitors VLAN traffic to detect security breaches

Answer: a. A VTP server is a switch that sends VTP information to other switches in the network. It is responsible for configuring and managing VLANs in the network.

What is the difference between VTP version 1 and VTP version 2?
a. VTP version 1 does not support VLAN pruning, while VTP version 2 does.
b. VTP version 1 encrypts VLAN traffic, while VTP version 2 does not.
c. VTP version 1 supports more VLANs than VTP version 2.
d. VTP version 1 is faster than VTP version 2.

Answer: a. The main difference between VTP version 1 and VTP version 2 is that VTP version 1 does not support VLAN pruning, while VTP version 2 does. VLAN pruning is a feature that allows unnecessary VLAN traffic to be removed from trunk links, which can improve network performance.

Check out certexams.com CCNA/CCNP practice tests.

certforumz

SDN questions for CCNA


What is the main advantage of SDN?
a. It simplifies network management
b. It increases network security
c. It improves network performance
d. It reduces network downtime

Answer: a. The main advantage of SDN is that it simplifies network management. SDN allows network administrators to manage network devices and traffic flows through a centralized software controller, rather than having to configure each device individually.

What is the role of the OpenFlow protocol in SDN?
a. It allows communication between the SDN controller and network devices
b. It encrypts network traffic to improve security
c. It optimizes network performance by prioritizing traffic
d. It provides virtualization of network resources

Answer: a. The role of the OpenFlow protocol in SDN is to allow communication between the SDN controller and network devices. OpenFlow is a standardized protocol that defines the messages and procedures used for communication between the controller and network devices.

What is a controller in SDN?
a. A device that controls network traffic
b. A software program that manages network devices
c. A virtualized network resource
d. A protocol that defines network traffic flows

Answer: b. A controller in SDN is a software program that manages network devices. The controller communicates with network devices using the OpenFlow protocol, and can be used to manage traffic flows, configure network devices, and monitor network performance.

What is the purpose of the data plane in SDN?
a. To process network traffic according to the rules defined by the controller
b. To manage network devices and traffic flows
c. To provide virtualized network resources
d. To define network traffic flows

Answer: a. The purpose of the data plane in SDN is to process network traffic according to the rules defined by the controller. The data plane is responsible for forwarding packets through the network, and applies the rules defined by the controller to determine how packets should be handled.

What is the difference between SDN and traditional networking?
a. SDN uses a centralized controller to manage network devices, while traditional networking requires configuration of individual devices
b. SDN provides better network security than traditional networking
c. SDN requires less network bandwidth than traditional networking
d. SDN does not require network devices to be compatible with OpenFlow

Answer: a. The main difference between SDN and traditional networking is that SDN uses a centralized controller to manage network devices, while traditional networking requires configuration of individual devices. In traditional networking, each device must be configured separately to define traffic flows and handle packets, which can be time-consuming and error-prone. With SDN, the controller can manage traffic flows across multiple devices from a centralized location, simplifying network management.


What is the main benefit of separating the control plane and data plane in SDN?
a. Increased network security
b. Simplified network management
c. Reduced network downtime
d. Improved network performance

Answer: b. The main benefit of separating the control plane and data plane in SDN is simplified network management. With the control plane separated from the data plane, network administrators can manage the network centrally using a software-defined controller, instead of configuring individual devices.

What is a virtual network in SDN?
a. A network created using software that emulates physical network devices
b. A network that uses encryption to secure data in transit
c. A network that is physically separated from the main network
d. A network that provides increased bandwidth by pooling resources from multiple physical networks

Answer: a. A virtual network in SDN is a network created using software that emulates physical network devices. Virtual networks can be created and managed dynamically by the SDN controller, and can be used to provide isolation between different network services and applications.

Which SDN architecture allows for more flexibility and innovation?
a. Centralized architecture
b. Distributed architecture
c. Hybrid architecture
d. Cloud-based architecture

Answer: b. Distributed architecture allows for more flexibility and innovation in SDN. In a distributed architecture, the control plane is distributed across multiple controllers, allowing for greater scalability and fault tolerance. This architecture also allows for more innovative solutions to network challenges.

What is an SDN application?
a. A software program that runs on an SDN controller
b. A network device that supports the OpenFlow protocol
c. A hardware component that separates the control plane from the data plane
d. A virtualized network resource that provides network services

Answer: a. An SDN application is a software program that runs on an SDN controller. SDN applications can be used to provide specific network services, such as load balancing, security, or quality of service (QoS).

What is the role of the Open Networking Foundation (ONF) in SDN?
a. To promote the adoption of SDN technology
b. To develop SDN standards and protocols
c. To manage network devices using SDN technology
d. To provide virtualized network resources for SDN deployments

Answer: b. The Open Networking Foundation (ONF) is a nonprofit organization that develops SDN standards and protocols. The ONF works with industry partners to promote the adoption of SDN technology and ensure interoperability between different vendors' products.

Check out CCNA Notes
and CCNA practice tests

certforumz

#11
CCNA: QoS and Queuing

Queuing is an important aspect of network management and refers to the process of managing network traffic by prioritizing certain types of data over others. It is used to prevent network congestion and ensure that network traffic is managed efficiently.

In Cisco networking, queuing is implemented through a technology called Quality of Service (QoS), which is used to prioritize traffic based on its type, source, and destination. There are different types of queuing mechanisms that can be used to manage traffic flow, including:

First-In-First-Out (FIFO) queuing: This is the simplest type of queuing mechanism, where packets are served in the order they are received. It does not prioritize any type of traffic over others.

Weighted Fair Queuing (WFQ): This queuing mechanism assigns weights to different types of traffic and allocates bandwidth based on these weights. This ensures that higher priority traffic gets more bandwidth than lower priority traffic.

Class-Based Queuing (CBQ): This queuing mechanism classifies traffic based on its type, and then assigns priorities to each class. It then allocates bandwidth based on these priorities.

Low Latency Queuing (LLQ): This queuing mechanism is used for real-time traffic such as voice and video. It ensures that high-priority traffic is always serviced first and is not delayed by lower-priority traffic.

In CCNA, it is important to understand the different queuing mechanisms and their implementation in Cisco devices to manage network traffic effectively and ensure optimal performance.

Question: Which queuing mechanism assigns weights to different types of traffic and allocates bandwidth based on these weights?

A) First-In-First-Out (FIFO) queuing
B) Weighted Fair Queuing (WFQ)
C) Class-Based Queuing (CBQ)
D) Low Latency Queuing (LLQ)

Answer: B) Weighted Fair Queuing (WFQ)

Explanation: Weighted Fair Queuing is a queuing mechanism that assigns weights to different types of traffic and allocates bandwidth based on these weights. This mechanism ensures that higher priority traffic gets more bandwidth than lower priority traffic. FIFO queuing, on the other hand, is the simplest type of queuing mechanism where packets are served in the order they are received, without any prioritization. Class-Based Queuing (CBQ) classifies traffic based on its type and assigns priorities to each class, then allocates bandwidth based on these priorities. Low Latency Queuing (LLQ) is a queuing mechanism used for real-time traffic such as voice and video, which ensures that high-priority traffic is always serviced first and is not delayed by lower-priority traffic.

Question: Which queuing mechanism is used for real-time traffic such as voice and video to ensure that high-priority traffic is not delayed by lower-priority traffic?

A) First-In-First-Out (FIFO) queuing
B) Weighted Fair Queuing (WFQ)
C) Class-Based Queuing (CBQ)
D) Low Latency Queuing (LLQ)

Answer: D) Low Latency Queuing (LLQ)

Explanation: Low Latency Queuing is a queuing mechanism used for real-time traffic such as voice and video to ensure that high-priority traffic is not delayed by lower-priority traffic. LLQ assigns high-priority traffic to a priority queue, while other traffic is sent to a regular queue. LLQ ensures that high-priority traffic is always serviced first, and is not delayed by lower-priority traffic. FIFO queuing is the simplest type of queuing mechanism where packets are served in the order they are received, without any prioritization. WFQ assigns weights to different types of traffic and allocates bandwidth based on these weights. CBQ classifies traffic based on its type and assigns priorities to each class, then allocates bandwidth based on these priorities. LLQ is the preferred queuing mechanism for real-time traffic because it ensures that high-priority traffic is not delayed, resulting in better quality of service for the end-user.

CCNA Netsim
CCNA Exam Sim

certforumz

What is the primary difference between standard and extended ACLs in Cisco IOS?
A. Standard ACLs filter traffic based on a wider range of attributes than extended ACLs.
B. Extended ACLs filter traffic based on a wider range of attributes than standard ACLs.
C. Standard ACLs can be applied globally to all traffic passing through a device, while extended ACLs can only be applied to specific interfaces.
D. Extended ACLs can be applied globally to all traffic passing through a device, while standard ACLs can only be applied to specific interfaces.


Answer: B. Extended ACLs can filter traffic based on a wider range of attributes than standard ACLs.

What type of traffic can be filtered using an extended ACL?
A. Traffic based on source IP address only
B. Traffic based on destination IP address only
C. Traffic based on both source and destination IP address, as well as protocol type, port number, and other attributes
D. Traffic based on protocol type and port number only


Answer: C. Extended ACLs can filter traffic based on both source and destination IP address, as well as protocol type, port number, and other attributes.

Which of the following commands can be used to create an extended ACL that allows traffic from a specific source IP address to a specific destination IP address?

A. access-list 101 permit ip 192.168.1.1 192.168.2.1
B. access-list 101 permit ip host 192.168.1.1 host 192.168.2.1
C. access-list 101 permit ip any any
D. access-list 101 permit ip 192.168.1.1 0.0.0.0 192.168.2.1 0.0.0.0


Answer: B. The "host" keyword is used to specify a specific IP address, and is necessary to filter traffic based on both source and destination IP address.