640-816 Exam


QUESTION 1

Which three options can a network administrator utilize by using PPP Layer 2 encapsulation?

(Choose three.)

A. authentication

B. VLAN support

C. compression

D. multilink support

Answer: A,C,D


QUESTION 2

A network administrator is troubleshooting the OSPF configuration of routers R1 and R2. The

routers cannot establish an adjacency relationship on their common Ethernet link. The graphic

shows the output of the show ip ospf interface e0 command for routers R1 and R2. Based on the

information in the graphic, what is the cause of this problem?


A. The hello and dead timers are not configured properly.

B. The OSPF process ID numbers must match.

C. A backup designated router needs to be added to the network

D. The cost on R1 should be set higher.

Answer: A

Explanation:

As can be seen above, the hello interval for R1 has been set to 5 seconds, while it is set to 10 for

R2. Also, the dead interval on R1 is set at 20 seconds while on router CKD2 it is set to 40 seconds.

In order for two routers to establish an OSPF neigh adjacency, the hello and dead timers must

match.

 

Best CCNA Training and CCNA Certification at Certkingdom.com

 


QUESTION 3

Refer to the exhibit. How should the FastEthernet0/1 ports on the 2950 model switches that are

shown in the exhibit be configured to allow connectivity between all devices?


A. The ports only need to be connected by a crossover cable.

B. SwitchX (config)# interface fastethernet 0/1

SwitchX (config-if)# switchport mode access

SwitchX (config-if)# switchport access vlan 1

C. SwitchX (config)# interface fastethernet 0/1

SwitchX (config-if)# switchport mode trunk

SwitchX (config-if)# switchport trunk vlan 1

SwitchX (config-if)# switchport trunk vlan 10

SwitchX (config-if)# switchport trunk vlan 20

D. SwitchX(config)# interface fastethernet 0/1

SwitchX(config-if)# switchport mode trunk

Answer: D


QUESTION 4

Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.

2950Switch(config-if)# switchport port-security

2950Switch(config-if)# switchport port-security mac-address sticky

2950Switch(config-if)# switchport port-security maximum 1

The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when

this frame is received by 2950Switch? (Choose two.)


A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.

B. This frame will be discarded when it is received by2950Switch.

C. Only host A will be allowed to transmit frames on fa0/1.

D. All frames arriving on2950Switch with a destination of 0000.00aa.aaaa will be forwarded out

fa0/1.

Answer: C,D

Explanation:

The configuration shown here is an example of port security, specifically port security using sticky

addresses. You can use port security with dynamically learned and static MAC addresses to

restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into

the port. When you assign secure MAC addresses to a secure port, the port does not forward

ingress traffic that has source addresses outside the group of defined addresses. If you limit the

number of secure MAC addresses to one and assign a single secure MAC address, the device

attached to that port has the full bandwidth of the port.

Port security with sticky MAC addresses provides many of the same benefits as port security with

static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with

sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.

If you enter a write memory or copy running- config startup- config command, then port security

with sticky MAC addresses saves dynamically learned MAC addresses in the startup- config file

and the port does not have to learn addresses from ingress traffic after bootup or a restart.

Since the maximum number of MAC addresses has been configured to 1, only host A will be able

to send frames on interface fa 0/1, making choice C correct.


QUESTION 5

A university has a small campus in which 25 faculty members are located. The faculty offices and

student computers are currently on the same network. The faculty are concerned about students

being able to capture packets going across the network and obtain sensitive material. In order to

protect faculty network traffic from student connections ,which action will you take?

A. Remove the student computers from the network and put them on a peer-to-peer network.

B. Put the faculty computers in a separate VLAN.

C. Power down the switches that connect to faculty computers when they are not in use.

D. Install anti-virus software on the student computers.

Answer: B


QUESTION 6

Running both IPv4 and IPv6 on a router simultaneously is known as dual-stack routing.

A. False

B. True

Answer: B


QUESTION 7

You are a network administrator. You configure a workgroup switch with all ports assigned to

VLAN 2. And you configure all ports as full-duplex FastEthernet. What is the effect of adding

switch ports to a new VLAN on this switch?

A. The additions will create more collisions domains.

B. IP address utilization will be more efficient.

C. The possibility that switching loops will occur will increase dramatically.

D. An additional broadcast domain will be created.

Answer: D

Explanation:

A VLAN is a group of hosts with a common set of requirements that communicate as if they were

attached to the same wire, regardless of their physical location. A VLAN has the same attributes

as a physical LAN, but it allows for end stations to be grouped together even if they are not located

on the same LAN segment.

Networks that use the campus-wide or end-to-end VLANs logically segment a switched network

based on the functions of an organization, project teams, or applications rather than on a physical

or geographical basis. For example, all workstations and servers used by a particular workgroup

can be connected to the same VLAN, regardless of their physical network connections or

interaction with other workgroups. Network reconfiguration can be done through software instead

of physically relocating devices.

Cisco recommends the use of local or geographic VLANs that segment the network based on IP

subnets. Each wiring closet switch is on its own VLAN or subnet and traffic between each switch is

routed by the router. The reasons for the Distribution Layer 3 switch and examples of a larger

network using both the campus-wide and local VLAN models will be discussed later.

A VLAN can be thought of as a broadcast domain that exists within a defined set of switches.

Ports on a switch can be grouped into VLANs in order to limit unicast , multicast, and broadcast

traffic flooding. Flooded traffic originating from a particular VLAN is only flooded out ports

belonging to that VLAN, including trunk ports, so a switch that connects to another switch will

normally introduce an additional broadcast domain.


QUESTION 8

Which technology helps prevent frames from looping continuously through this switched network?


A. EIGRP

B. VTP

C. STP

D. ARP

Answer: C


QUESTION 9

What ports on Sw-AC3 are operating as trunks?(Choose three)


Sw-AC3#show int trunk


A. Fa0/1

B. Fa0/9

C. Fa0/12

D. Fa0/3

Answer: B,C,D


QUESTION 10

You are a network administrator. You want to add a line to an access list that will block only Telnet

access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. To accomplish this

task, what command should be used?

A. access-list 101 denyip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23

access-list 101 permit ip any any

B. access-list 1 denytcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23

access-list 1 permit ip any any

C. access-list 1 denytcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21

access-list 1 permit ip any any

D. access-list 101 denytcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23

access-list 101 permit ip any any

Answer: D

Explanation:

Only choice specifies the correct TCT port and wildcard mask, and uses a valid access list
number.

Incorrect Answers:

A: IP is specified as the protocol, when it should be TCP.

B: Access list 1 is used for these choices, which is a standard access list. In this example, an

extended access list is required. Choice C also specifies port 21, which is used by FTP not Telnet.

C: Access list 1 is used for these choices, which is a standard access list. In this example, an

extended access list is required. Choice C also specifies port 21, which is used by FTP not Telnet.


QUESTION 11

Refer to the exhibit. What will be the result of issuing the following commands?

Switch1(config)# interface fastethernet 0/5

Switch1(config-if)# switchport mode access

Switch1(config-if)# switchport access vlan 30


A. The VLAN will not be added to the database, but the VLAN 30 information will be passed on as

a VLAN to theSwitch2 VLAN database.

B. The VLAN will not be added to the database, nor will the VLAN 30 information be passed on as

a VLAN to theSwitch2 VLAN database.

C. The VLAN will be added to the database and VLAN 30 will be passed on as a VLAN to add to

theSwitch2 VLAN database.

D. The VLAN will be added to the database, but the VLAN information will not be passed on to

theSwitch2 VLAN database.

Answer: D

Explanation:

The three VTP modes are described below:

Server: This is the default for all Catalyst switches. You need at least one server in your VTP

domain to propagate VLAN information throughout the domain. The switch must be in server

mode to be able to create, add, or delete VLANs in a VTP domain. You must also change VTP

information in server mode, and any change you make to a switch in server mode will be

advertised to the entire VTP domain.

Client: In client mode, switches receive information from VTP servers; they also send and receive

updates, but they can’t make any changes. Plus, none of the ports on a client switch can be added

to a new VLAN before the VTP server notifies the client switch of the new VLAN. Here’s a hint: if

you want a switch to become a server, first make it a client so that it receives all the correct VLAN

information, then change it to a server-much easier!

Transparent: Switches in transparent mode don’t participate in the VTP domain, but they’ll still

forward VTP advertisements through any configured trunk links. These switches can’t add and

delete VLANs because they keep their own database-one they do not share with other switches.

Transparent mode is really only considered locally significant.

In our example, the switch is configured for transparent mode. In transparent mode the local

VLAN information can be created but that VLAN information will not be advertised to the other

switch.


QUESTION 12

S0/0 on R1 is configured as a multipoint interface to communicate with R2 and R3 in the hub-andspoke

Frame Relay topology shown in the exhibit. Originally, static routes were configured

between these routers to successfully route traffic between the attached networks. What will need

to be done in order to use RIP v2 in place of the static routes?


A. Change the 172.16.2.0/25 and 172.16.2.128/25subnetworks so that at least two bits are

borrowed from the last octet.

B. Configure the noip subnet-zero command on R1, R2, and R3.

C. Configure the s0/0 interface on R1 as two sub interfaces and configure point-to-point links toR2
and R3.

D. Dynamic routing protocols such as RIP v2 cannot be used across Frame Relay networks.

Answer: C


QUESTION 13

An access list has been designed to prevent HTTP traffic from the Accounting Department from

reaching the HR server attached to the Holyoke router. Which of the following access lists will

accomplish this task when grouped with the e0 interface on the Chicopee router?


A. denytcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80 permit ip any any

B. permitip any any deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80

C. permitip any any deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80

D. denytcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80 permit ip any any

Answer: A


QUESTION 14

Which three benefits are of VLANs? (Choose three.)

A. They can enhance network security.

B. They allow logical grouping of users by function.

C. They simplify switch administration.

D. They increase the number of broadcast domains while decreasing the size of the broadcast

domains.

Answer: A,B,D

Explanation:

VLANs are used to segment a LAN into multiple, smaller LANs. This can be used to enhance

security as local traffic from one VLAN will not be passed to users in other VLANS.


QUESTION 15

A network administrator would configure port security on a switch, why?

A. to prevent unauthorized Telnet from accessing to a switch port

B. to protect the IP and MAC address of the switch and associated ports

C. to prevent unauthorized hosts from accessing the LAN

D. to block unauthorized access to the switch management interfaces over common TCP ports

Answer: C

Explanation:

You can use the port security feature to restrict input to an interface by limiting and identifying

MAC addresses of the stations allowed to access the port. When you assign secure MAC

addresses to a secure port, the port does not forward packets with source addresses outside the

group of defined addresses. If you limit the number of secure MAC addresses to one and assign a

single secure MAC address, the workstation attached to that port is assured the full bandwidth of

the port.

If a port is configured as a secure port and the maximum number of secure MAC addresses is

reached, when the MAC address of a station attempting to access the port is different from any of

the identified secure MAC addresses, a security violation occurs. Also, if a station with a secure

MAC address configured or learned on one secure port attempts to access another secure port, a

violation is flagged.

Reference:

https://www.cisco.com/en/US/products/hw/switches/ps62 /products_configuration_guide_chapter09186a00800d6a38.html#86378

 

Best CCNA Training and CCNA Certification at Certkingdom.com

Click to rate this post!
[Total: 0 Average: 0]

About the author /


Archives

Latest

+

Random

+
September 2011
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930