Uncategorized | Premium CCNA Exam Questions

CISCO CCNA Exam – Q203

What can be done to secure the virtual terminal interfaces on a router? (Choose two.)

A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.

Correct Answers: D, E

Explanation:
It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces ->
We cannot physically secure a virtual interface because it is “virtual” ->.
To apply an access list to a virtual terminal interface we must use the “access-class” command. The “access-group” command is only used to apply an access list to a physical interface -> C is not correct.
The most simple way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login.

CISCO CCNA Exam – Q202

Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two.)

A. SW1#show port-secure interface FastEthernet 0/12
B. SW1#show switchport port-secure interface FastEthernet 0/12
C. SW1#show running-config
D. SW1#show port-security interface FastEthernet 0/12
E. SW1#show switchport port-security interface FastEthernet 0/12

Correct Answers: C, D

Explanation:
We can verify whether port security has been configured by using the “show running-config” or “show port-security interface” for more detail. An example of the output of “show port-security interface” command is shown below:
CISCO CCNA Exam – Q202

CISCO CCNA Exam – Q201

Refer to the exhibit.
CISCO CCNA Exam – Q201

The following commands are executed on interface fa0/1 of 2950Switch.
2950Switch(config-if)# switchport port-security
2950Switch(config-if)# switchport port-security mac-address sticky
2950Switch(config-if)# switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)

A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.

Correct Answers: B, D

Explanation:
The configuration shown here is an example of port security, specifically port security using sticky addresses. You can use port security with dynamically learned and static MAC addresses to restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.
Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically.
Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.

CISCO CCNA Exam – Q200

What two things will a router do when running a distance vector routing protocol? (Choose two.)

A. Send periodic updates regardless of topology changes.
B. Send entire routing table to all routers in the routing domain.
C. Use the shortest-path algorithm to the determine best path.
D. Update the routing table based on updates from their neighbors.
E. Maintain the topology of the entire network in its database.

Correct Answers: A, D

Explanation:
Distance means how far and Vector means in which direction. Distance Vector routing protocols pass periodic copies of routing table to neighbor routers and accumulate distance vectors. In distance vector routing protocols, routers discover the best path to destination from each neighbor. The routing updates proceed step by step from router to router.

CISCO CCNA Exam – Q199

Which command is used to display the collection of OSPF link states?

A. show ip ospf link-state
B. show ip ospf lsa database
C. show ip ospf neighbors
D. show ip ospf database

Correct Answer: D

Explanation:
The “show ip ospf database” command displays the link states. Here is an example:
Here is the lsa database on R2.
CISCO CCNA Exam – Q199

CISCO CCNA Exam – Q198

Refer to the exhibit.
CISCO CCNA Exam – Q198

The technician wants to upload a new IOS in the router while keeping the existing IOS. What is the maximum size of an IOS file that could be loaded if the original IOS is also kept in flash?

A. 3 MB
B. 4 MB
C. 5 MB
D. 7 MB
E. 8 MB

Correct Answer: B

Explanation:
In this example, there are a total of 8 MB, but 3.8 are being used already, so another file as large as 4MB can be loaded in addition to the original file.

CISCO CCNA Exam – Q197

Refer to the exhibit.
CISCO CCNA Exam – Q197

The two exhibited devices are the only Cisco devices on the network. The serial network between the two devices has a mask of 255.255.255.252. Given the output that is shown, what three statements are true of these devices? (Choose three.)

A. The Manchester serial address is 10.1.1.1.
B. The Manchester serial address is 10.1.1.2.
C. The London router is a Cisco 2610.
D. The Manchester router is a Cisco 2610.
E. The CDP information was received on port Serial0/0 of the Manchester router.
F. The CDP information was sent by port Serial0/0 of the London router.

Correct Answers: A, C, E

Explanation:
From the output, we learn that the IP address of the neighbor router is 10.1.1.2 and the question stated that the subnet mask of the network between two routers is 255.255.255.252. Therefore there are only 2 available hosts in this network (22 – 2 = 2). So we can deduce the ip address (of the serial interface) of Manchester router is 10.1.1.1.
The platform of the neighbor router is cisco 2610, as shown in the output.
Maybe the most difficult choice of this question is the answer E or F. Please notice that “Interface” refers to the local port on the local router, in this case it is the port of Manchester router, and “Port ID (outgoing port)” refers to the port on the neighbor router.

CISCO CCNA Exam – Q196

If IP routing is enabled, which two commands set the gateway of last resort to the default gateway? (Choose two.)

A. ip default-gateway 0.0.0.0
B. ip route 172.16.2.1 0.0.0.0 0.0.0.0
C. ip default-network 0.0.0.0
D. ip default-route 0.0.0.0 0.0.0.0 172.16.2.1
E. ip route 0.0.0.0 0.0.0.0 172.16.2.1

Correct Answers: C, E

Explanation:
Both the “ip default-network” and “ip route 0.0.0.0 0.0.0.0 (next hop)” commands can be used to set the default gateway in a Cisco router.

CISCO CCNA Exam – Q195

Which parameter would you tune to affect the selection of a static route as a backup, when a dynamic protocol is also being used?

A. hop count
B. administrative distance
C. link bandwidth
D. link delay
E. link cost

Correct Answer: B

Explanation:
By default the administrative distance of a static route is 1, meaning it will be preferred over all dynamic routing protocols. If you want to have the dynamic routing protocol used and have the static route be used only as a backup, you need to increase the AD of the static route so that it is higher than the dynamic routing protocol.

CISCO CCNA Exam – Q194

Refer to the exhibit.
CISCO CCNA Exam – Q194

A network associate has configured OSPF with the command:
City(config-router)# network 192.168.12.64 0.0.0.63 area 0
After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF. Which three of the interfaces shown in the exhibit will participate in OSPF according to this configuration statement? (Choose three.)

A. FastEthernet0 /0
B. FastEthernet0 /1
C. Serial0/0
D. Serial0/1.102
E. Serial0/1.103
F. Serial0/1.104

Correct Answers: B,C,D

Explanation:
The “network 192.168.12.64 0.0.0.63″ equals to network 192.168.12.64/26. This network has:
+ Increment: 64 (/26= 1111 1111.1111 1111.1111 1111.1100 0000)
+ Network address: 192.168.12.64
+ Broadcast address: 192.168.12.127
Therefore all interfaces in the range of this network will join OSPF.