Network Layer

1. Which command can be used on a Windows host to display the routing

table?

●​ netstat -s
●​ show ip route
●​ netstat -r
●​ tracert

Explanation: On a Windows host, either the route print or netstat -r commands

can be used to display the host routing table. The show ip route command is
used on a router to display its routing table. The netstat –s command is used to
display per-protocol statistics. The tracert command is used to display the path
that a packet travels to its destination.

2. What information is added during encapsulation at OSI Layer 3?

●​ source and destination MAC

●​ source and destination application protocol
●​ source and destination port number
●​ source and destination IP address

Explanation: IP is a Layer 3 protocol. Layer 3 devices can open the Layer 3

header to inspect the Layer 3 header which contains IP-related information
including the source and destination IP addresses.

3. How does the network layer use the MTU value?

●​ The network layer depends on the higher level layers to determine the
MTU.
●​ The network layer depends on the data link layer to set the MTU, and
adjusts the speed of transmission to accommodate it.
●​ The MTU is passed to the network layer by the data link layer.
●​ To increase speed of delivery, the network layer ignores the MTU.

Explanation: The data link layer indicates to the network layer the MTU for the
medium that is being used. The network layer uses that information to determine
how large the packet can be when it is forwarded. When packets are received on
one medium and forwarded on a medium with a smaller MTU, the network layer
device can fragment the packet to accommodate the smaller size.

4. Which characteristic describes an IPv6 enhancement over IPv4?​

●​ IPv6 addresses are based on 128-bit flat addressing as opposed to

IPv4 which is based on 32-bit hierarchical addressing.
●​ The IPv6 header is simpler than the IPv4 header is, which
improves packet handling.
●​ Both IPv4 and IPv6 support authentication, but only IPv6 supports
privacy capabilities.
●​ The IPv6 address space is four times bigger than the IPv4 address
space.

Explanation: IPv6 addresses are based on 128-bit hierarchical addressing, and

the IPv6 header has been simplified with fewer fields, improving packet handling.
IPv6 natively supports authentication and privacy capabilities as opposed to IPv4
that needs additional features to support those. The IPv6 address space is many
times bigger than IPv4 address space.

5. When a connectionless protocol is in use at a lower layer of the OSI

model, how is missing data detected and retransmitted if necessary?

●​ Connectionless acknowledgements are used to request

retransmission.
●​ Upper-layer connection-oriented protocols keep track of the data
received and can request retransmission from the upper-level
protocols on the sending host.
●​ Network layer IP protocols manage the communication sessions if
connection-oriented transport services are not available.
●​ The best-effort delivery process guarantees that all packets that are
sent are received.

Explanation: When connectionless protocols are in use at a lower layer of the

OSI model, upper-level protocols may need to work together on the sending and
receiving hosts to account for and retransmit lost data. In some cases, this is not
necessary, because for some applications a certain amount of data loss is
tolerable.
6. What was the reason for the creation and implementation of IPv6?

●​ to make reading a 32-bit address easier

●​ to relieve IPv4 address depletion
●​ to provide more address space in the Internet Names Registry
●​ to allow NAT support for private addressing

Explanation: IPv4 addressing space is exhausted by the rapid growth of the

Internet and the devices connected to the Internet. IPv6 expands the IP
addressing space by increasing the address length from the 32 bits to 128 bits,
which should provide sufficient addresses for future Internet growth needs for
many years to come.

7. Which statement accurately describes a characteristic of IPv4?

●​ All IPv4 addresses are assignable to hosts.

●​ IPv4 has a 32-bit address space.
●​ An IPv4 header has fewer fields than an IPv6 header has.
●​ IPv4 natively supports IPsec.

Explanation: IPv4 has a 32-bit address space, providing 4,294,967,296 unique

addresses, but only 3.7 billion are assignable, a limit due to address reservation
for multicasting and testing. IPv4 does not provide native support for IPsec. IPv6
has a simplified header with fewer fields than IPv4 has.

8. Which field in an IPv4 packet header will typically stay the same during
its transmission?

●​ Flag
●​ Time-to-Live
●​ Packet Length
●​ Destination Address

Explanation: The value in the Destination Address field in an IPv4 header will
stay the same during its transmission. The other options might change during its
transmission.

9. When a router receives a packet, what information must be examined in

order for the packet to be forwarded to a remote destination?

●​ destination MAC address

 ●​ source IP address
●​ destination IP address
●​ source MAC address

Explanation: When a router receives a packet, it examines the destination

address of the packet and uses the routing table to search for the best path to
that network.

10. Which field in an IPv6 packet is used by the router to determine if a

packet has expired and should be dropped?

●​ TTL
●​ Hop Limit
●​ Address Unreachable
●​ No Route to Destination

Explanation: ICMPv6, like IPv4, sends a Time Exceeded message if the router
cannot forward an IPv6 packet because the packet has expired. However, the
IPv6 packet does not have a TTL field. Instead, it uses the Hop Limit field to
determine if the packet has expired.

11. Which information is used by routers to forward a data packet toward

its destination?

●​ source IP address
●​ destination IP address
●​ source data-link address
●​ destination data-link address

Explanation: The destination IP address is the IP address for the receiving

device. This IP address is used by routers to forward the packet to its destination.

12. A computer has to send a packet to a destination host in the same LAN.
How will the packet be sent?

●​ The packet will be sent to the default gateway first, and then,
depending on the response from the gateway, it may be sent to the
destination host.
●​ The packet will be sent directly to the destination host.
●​ The packet will first be sent to the default gateway, and then from the
default gateway it will be sent directly to the destination host.
 ●​ The packet will be sent only to the default gateway.

Explanation: If the destination host is in the same LAN as the source host, there
is no need for a default gateway. A default gateway is needed if a packet needs
to be sent outside the LAN.

13. A router receives a packet from the Gigabit 0/0 interface and determines
that the packet needs to be forwarded out the Gigabit 0/1 interface. What
will the router do next?

●​ route the packet out the Gigabit 0/1 interface

●​ create a new Layer 2 Ethernet frame to be sent to the destination
●​ look into the ARP cache to determine the destination IP address
●​ look into the routing table to determine if the destination network is in
the routing table

Explanation: Once a router receives a packet and looks inside the header to
determine the destination network, the router compares the destination network
to the routing table to determine if the packet is to be routed or dropped. If
routed, the router attaches a new Layer 2 header based on the technology that is
used by the outgoing port that is used. The packet is then routed out the
destination port as designated by the routing table. The ARP cache is used to
match an IP address with a MAC address.

14. Which IPv4 address can a host use to ping the loopback interface?

●​ 126.0.0.1
●​ 127.0.0.0
●​ 126.0.0.0
●​ 127.0.0.1

Explanation: A host can ping the loopback interface by sending a packet to a

special IPv4 address within the network 127.0.0.0/8.
 Basic Router Configuration

1. What is the purpose of the banner motd command?

●​ It configures a message that will identify printed documents to LAN

users.
●​ It is a way that routers communicate the status of their links with
oneanother.
●​ It provides an easy way of communicating with any user attached to a
router’s LANs.
●​ It provides a way to make announcements to those who log in to a
router.

Explanation: The banner motd command is used to display a message when a

user attempts to log into the router.

2. A technician is configuring a router to allow for all forms of management

access. As part of each different type of access, the technician is trying to
type the command login. Which configuration mode should be entered to
do this task?

●​ user executive mode

●​ global configuration mode
●​ any line configuration mode
●​ privileged EXEC mode

Explanation: The command login is used to allow access to a router or switch

through aux lines, console lines, and Telnet lines.

3. What is stored in the NVRAM of a Cisco router?

●​ the Cisco IOS

●​ the running configuration
●​ the bootup instructions
●​ the startup configuration

Explanation:​
The Cisco IOS is stored in flash.​
The running configuration file is stored in RAM.​
The bootup instructions are stored in ROM.​
The startup configuration file is stored in NVRAM.

4. Which statement regarding the service password-encryption command is

true?

●​ It is configured in privileged EXEC mode.

●​ It encrypts only line mode passwords.
●​ As soon as the service password-encryption command is entered,
all currently set passwords formerly displayed in plain text are
encrypted.
●​ To see the passwords encrypted by the service password-encryption
command in plain text, issue the no service password-encryption
command.

Explanation: The command service password-encryption is used to encrypt

all the clear text passwords in the running-configuration file.

5. An administrator is configuring a new router to permit out-of-band

management access. Which set of commands will allow the required login
using a password of cisco?

●​ Router(config)# line vty 0 4​

Router(config-line)# password manage​
Router(config-line)# exit​
Router(config)# enable password cisco
●​ Router(config)# line vty 0 4​
Router(config-line)# password cisco​
Router(config-line)# login
●​ Router(config)# line console 0​
Router(config-line)# password cisco​
Router(config-line)# login
●​ Router(config)# line console 0​
Router(config-line)# password cisco​
Router(config-line)# exit​
Router(config)# service password-encryption

Explanation: The VTY lines are the Virtual Terminal lines of the router, used
solely to control inbound Telnet connections while console 0 is the physical
console port on the switch/router you plug into. The line vty command is used to
remote configure access into the switch/router via telnet or ssh.

6. Which command can be used on a Cisco router to display all interfaces,

the IPv4 address assigned, and the current status?

●​ show ip interface brief

●​ ping
●​ show ip route
●​ show interface fa0/1

Explanation: The show ip interface brief command can be used on a Cisco

router to display all interfaces, the IPv4 address assigned, and the current status.

7. Which CLI mode allows users to access all device commands, such as
those used for configuration, management, and troubleshooting?

●​ user EXEC mode

●​ privileged EXEC mode
●​ global configuration mode
●​ interface configuration mode

Explanation: The command Router#configure terminal allows a user to enter

the privileged mode from where the configuration,management and
troubleshooting commands can be accessed.

8. What is the purpose of the startup configuration file on a Cisco router?

●​ to facilitate the basic operation of the hardware components of a

device
●​ to contain the commands that are used to initially configure a
router on startup
●​ to contain the configuration commands that the router IOS is currently
using
●​ to provide a limited backup version of the IOS, in case the router
cannot load the full featured IOS

Explanation: The startup configuration file is stored in NVRAM and contains the
commands needed to initially configure a router. It also creates the running
configuration file that is stored in in RAM.
9. Which characteristic describes the default gateway of a host computer?

●​ the logical address of the router interface on the same network as

the host computer
●​ the physical address of the switch interface connected to the host
computer
●​ the physical address of the router interface on the same network as the
host computer
●​ the logical address assigned to the switch interface connected to the
router

Explanation: The default gateway is the IP address of an interface on the router

on the same network as the sending host.

10. A router boots and enters setup mode. What is the reason for this?

●​ The IOS image is corrupt.

●​ Cisco IOS is missing from flash memory.
●​ The configuration file is missing from NVRAM.
●​ The POST process has detected hardware failure.

Explanation: If a router cannot locate the startup-config file in NVRAM it will

enter setup mode to allow the configuration to be entered from the console
device.

11. Which command is used to encrypt all passwords in a router

configuration file?

●​ Router_A (config)# enable secret <password>

●​ Router_A (config)# service password-encryption
●​ Router_A (config)# enable password <password>
●​ Router_A (config)# encrypt passwor

Explanation: The command service password-encryption is used to encrypt

and secure plain-text passwords configured on a router.

12. Company policy requires using the most secure method to safeguard
access to the privileged exec and configuration mode on the routers. The
privileged exec password is trustknow1. Which of the following router
commands achieves the goal of providing the highest level of security?
 ●​ secret password trustknow1
●​ enable password trustknow1
●​ service password-encryption
●​ enable secret trustknow1

Explanation: The command service password-encryption is used to encrypt

and secure plain-text passwords configured on a router

13. What will be the response from the router after the command,
“router(config)# hostname portsmouth” is entered?

●​ portsmouth#
●​ portsmouth(config)#
●​ invalid input detected
●​ router(config-host)#
●​ hostname = portsmouth portsmouth#
●​ ? command not recognized router(config)#

Explanation: The command hostname portsmouth is used to change the

current router name to portsmouth.
 IPv4 Addressing

1. What does the IP address 172.17.4.250/24 represent?

●​ network address
●​ multicast address
●​ host address
●​ broadcast address

Explanation: The /24 shows that the network address is 172.17.4.0. The
broadcast address for this network would be 172.17.4.255. Useable host
addresses for this network are 172.17.4.1 through 172.17.4.254.

2. If a network device has a mask of /28, how many IP addresses are

available for hosts on this network?

●​ 256
●​ 254
●​ 62
●​ 32
●​ 16
●​ 14

Explanation: A /28 mask is the same as 255.255.255.240. This leaves 4 host

bits. With 4 host bits, 16 IP addresses are possible, but one address represents
the subnet number and one address represents the broadcast address. 14
addresses can then be used to assign to network devices.

3. What is the purpose of the subnet mask in conjunction with an IP

address?

●​ to uniquely identify a host on a network

●​ to identify whether the address is public or private
●​ to determine the subnet to which the host belongs
●​ to mask the IP address to outsiders

Explanation: With the IPv4 address, a subnet mask is also necessary. A subnet
mask is a special type of IPv4 address that coupled with the IP address
determines the subnet of which the device is a member.
4. A network administrator is variably subnetting a network. The smallest
subnet has a mask of 255.255.255.224. How many usable host addresses
will this subnet provide?​

●​ 2
●​ 6
●​ 14
●​ 30
●​ 62

Explanation: The subnet mask 255.255.255.224 is equivalent to the /27 prefix.

This leaves 5 bits for hosts, providing a total of 30 usable IP addresses (25 = 32 –
2 = 30).

5. What subnet mask is represented by the slash notation /20?

●​ 255.255.255.248
●​ 255.255.224.0
●​ 255.255.240.0
●​ 255.255.255.0
●​ 255.255.255.192

Explanation: The slash notation /20 represents a subnet mask with 20 1s. This
would translate to: 11111111.11111111.11110000.0000, which in turn would
convert into 255.255.240.0.

6. Which statement is true about variable-length subnet masking?

●​ Each subnet is the same size.

●​ The size of each subnet may be different, depending on
requirements.
●​ Subnets may only be subnetted one additional time.
●​ Bits are returned, rather than borrowed, to create additional subnets.

Explanation: In variable-length subnet masking, bits are borrowed to create

subnets. Additional bits may be borrowed to create additional subnets within the
original subnets. This may continue until there are no bits available to borrow.

7. Why does a Layer 3 device perform the ANDing process on a destination

IP address and subnet mask?
 ●​ to identify the broadcast address of the destination network
●​ to identify the host address of the destination host
●​ to identify faulty frames
●​ to identify the network address of the destination network

Explanation: ANDing allows us to identify the network address from the IP

address and the network mask.

8. How many usable IP addresses are available on the 192.168.1.0/27

network?

●​ 256
●​ 254
●​ 62
●​ 30
●​ 16
●​ 32

Explanation: A /27 mask is the same as 255.255.255.224. This leaves 5 host

bits. With 5 host bits, 32 IP addresses are possible, but one address represents
the subnet number and one address represents the broadcast address. Thus, 30
addresses can then be used to assign to network devices.

9. Which subnet mask would be used if exactly 4 host bits are available?

●​ 255.255.255.224
●​ 255.255.255.128
●​ 255.255.255.240
●​ 255.255.255.248

Explanation: The subnet mask of 255.255.255.224 has 5 host bits. The mask of
255.255.255.128 results in 7 host bits. The mask of 255.255.255.240 has 4 host
bits. Finally, 255.255.255.248 represents 3 host bits.

10. Which two parts are components of an IPv4 address? (Choose two.)

●​ subnet portion
●​ network portion
●​ logical portion
●​ host portion
●​ physical portion
 ●​ broadcast portion

Explanation: An IPv4 address is divided into two parts: a network portion – to

identify the specific network on which a host resides, and a host portion – to
identify specific hosts on a network. A subnet mask is used to identify the length
of each portion.

11. If a network device has a mask of /26, how many IP addresses are
available for hosts on this network?

●​ 64
●​ 30
●​ 62
●​ 32
●​ 16
●​ 14

Explanation: A /26 mask is the same as 255.255.255.192. This leaves 6 host

bits. With 6 host bits, 64 IP addresses are possible, but one address represents
the subnet number and one address represents the broadcast address. Thus 62
addresses can then be assigned to network hosts.

12. What is the prefix length notation for the subnet mask 255.255.255.224?

●​ /25
●​ /26
●​ /27
●​ /28

Explanation: The binary format for 255.255.255.224 is

11111111.11111111.11111111.11100000. The prefix length is the number of
consecutive 1s in the subnet mask. Therefore, the prefix length is /27.

13. How many valid host addresses are available on an IPv4 subnet that is
configured with a /26 mask?

●​ 254
●​ 190
●​ 192
●​ 62
●​ 64
Explanation: When a /26 mask is used, 6 bits are used as host bits. With 6 bits,
64 addresses are possible, but one address is for the subnet number and one
address is for a broadcast. This leaves 62 addresses that can be assigned to
network devices.

14. Which subnet mask would be used if 5 host bits are available?

●​ 255.255.255.0
●​ 255.255.255.128
●​ 255.255.255.224
●​ 255.255.255.240

Explanation: The subnet mask of 255.255.255.0 has 8 host bits. The mask of
255.255.255.128 results in 7 host bits. The mask of 255.255.255.224 has 5 host
bits. Finally, 255.255.255.240 represents 4 host bits.

15. A network administrator subnets the 192.168.10.0/24 network into

subnets with /26 masks. How many equal-sized subnets are created?

●​ 1
●​ 2
●​ 4
●​ 8
●​ 16
●​ 64

Explanation: The normal mask for 192.168.10.0 is /24. A /26 mask indicates 2
bits have been borrowed for subnetting. With 2 bits, four subnets of equal size
could be created.​
 IPv6 Addressing

1. What is the subnet address for the IPv6 address

2001:D12:AA04:B5::1/64?

●​ 2001::/64
●​ 2001:D12::/64
●​ 2001:D12:AA04::/64
●​ 2001:D12:AA04:B5::/64

Explanation: The /64 represents the network and subnet IPv6 fields which are
the first four groups of hexadecimal digits. The first address within that range is
the subnetwork address of 2001: D12:AA04:B5::/64.​

2. Which type of IPv6 address is not routable and used only for
communication on a single subnet?

●​ global unicast address

●​ link-local address
●​ loopback address
●​ unique local address
●​ unspecified address

Explanation: Link-local addresses have relevance only on the local link. Routers
will not forward packets that include a link-local address as either the source or
destination address.

3. Which address type is not supported in IPv6?

●​ private
●​ multicast
●​ unicast
●​ broadcast

Explanation: IPv6 supports unicast, private, and multicast addresses but does
not support Layer 3 broadcasts.

4. What is the minimum configuration for a router interface that is enabled

for IPv6?

●​ To have a link-local IPv6 address

 ●​ to have both an IPv4 and an IPv6 address
●​ to have a self-generated loopback address
●​ to have both a link-local and a global unicast IPv6 address
●​ to have only an automatically generated multicast IPv6 address

Explanation: With IPv6, a router interface typically has more than one IPv6
address. The router will at least have a link-local address that can be
automatically generated, but the router commonly has an global unicast address
also configured.

5. What is the interface ID of the IPv6 address

2001:DB8::1000:A9CD:47FF:FE57:FE94/64?

●​ FE94
●​ FE57:FE94
●​ 47FF:FE57:FE94
●​ A9CD:47FF:FE57:FE94
●​ 1000:A9CD:47FF:FE57:FE94

Explanation: The interface ID of an IPv6 address is the rightmost 64 bits, or last

four hextets, of the address if no interface ID bits have been used for subnets.

6. What are three parts of an IPv6 global unicast address? (Choose three.)

●​ an interface ID that is used to identify the local network for a particular

host
●​ a global routing prefix that is used to identify the network portion
of the address that has been provided by an ISP
●​ a subnet ID that is used to identify networks inside of the local
enterprise site
●​ a global routing prefix that is used to identify the portion of the network
address provided by a local administrator
●​ an interface ID that is used to identify the local host on the
network

Explanation: There are three elements that make up an IPv6 global unicast
address. A global routing prefix which is provided by an ISP, a subnet ID which is
determined by the organization, and an interface ID which uniquely identifies the
interface interface of a host.
7. What is the valid most compressed format possible of the IPv6 address
2001:0DB8:0000:AB00:0000:0000:0000:1234?

●​ 2001:DB8:0:AB00::1234
●​ 2001:DB8:0:AB::1234
●​ 2001:DB8::AB00::1234
●​ 2001:DB8:0:AB:0:1234

Explanation: There are two rules defining how an IPv6 address can be
compressed. The first rule states that leading zeros in a hextet can be eliminated.
The second rule states that a single :: can be used to represent one or more
contiguous all zero hextets. There can be one and only one :: in an IPv6 address.

8. What is the prefix associated with the IPv6 address

2001:CA48:D15:EA:CC44::1/64?

●​ 2001::/64
●​ 2001:CA48::/64
●​ 2001:CA48:D15:EA::/64
●​ 2001:CA48:D15:EA:CC44::/64

Explanation: The /64 represents the network and subnet IPv6 fields. The fourth
field of hexadecimal digits is referred to as the subnet ID. The subnet ID for this
address is 2001:CA48:D15:EA::0/64.​​

9. What type of address is automatically assigned to an interface when IPv6

is enabled on that interface?

●​ global unicast
●​ link-local
●​ loopback
●​ unique local

Explanation: When IPv6 is enabled on any interface, that interface will

automatically generate an IPv6 link-local address.

10. Which IPv6 network prefix is only intended for local links and can not
be routed?

●​ 2001::/3
●​ FC00::/7
 ●​ FE80::/10
●​ FEC0::/10

Explanation: FE80::/10 is a link-local prefix. Devices with only link-local

addresses can communicate with other devices on the same network but not with
devices on any other network.

11. Your organization is issued the IPv6 prefix of 2001:0000:130F::/48 by

your service provider. With this prefix, how many bits are available for your
organization to create subnetworks if interface ID bits are not borrowed?

●​ 8
●​ 16
●​ 80
●​ 128

Explanation: The global routing prefix that is assigned to the organization has
48 bits. The next 16 bits are used for the subnet ID. This makes up the first 64
bits of the address, which is typically the network portion of the address. The
remaining 64 bits of the 128-bit IPv6 address are for the interface ID (or host)
portion of the address.

12. What is indicated by a successful ping to the ::1 IPv6 address?

●​ The host is cabled properly.

●​ The default gateway address is correctly configured.
●​ All hosts on the local link are available.
●​ The link-local address is correctly configured.
●​ IP is properly installed on the host.

Explanation: The IPv6 address ::1 is the loopback address. A successful ping to
this address means that the TCP/IP stack is correctly installed. It does not mean
that any addresses are correctly configured.

13. What is the most compressed representation of the IPv6 address

2001:0000:0000:abcd:0000:0000:0000:0001?

●​ 2001:0:abcd::1
●​ 2001:0:0:abcd::1
●​ 2001::abcd::1
●​ 2001:0000:abcd::1
 ●​ 2001::abcd:0:1

Explanation: The IPv6 address 2001:0000:0000:abcd:0000:0000:0000:0001 in

its most compressed format would be 2001:0:0:abcd::1. The first two hextets of
zeros would each compress to a single zero. The three consecutive hextets of
zeros can be compressed to a double colon ::. The three leading zeros in the last
hextet can be removed. The double colon :: can only be used once in an
address.

14. What is the purpose of the command ping ::1?

●​ It tests the internal configuration of an IPv6 host.

●​ It tests the broadcast capability of all hosts on the subnet.
●​ It tests the multicast connectivity to all hosts on the subnet.
●​ It tests the reachability of the default gateway for the network.

Explanation: The address ::1 is an IPv6 loopback address. Using the command
ping ::1 tests the internal IP stack to ensure that it is configured and functioning
correctly. It does not test reachability to any external device, nor does it confirm
that IPv6 addresses are properly configured on the host.

15. At a minimum, which address is required on IPv6-enabled interfaces?

●​ link-local
●​ unique local
●​ site local
●​ global unicast

Explanation: All IPv6 enabled interfaces must at minimum have a link-local

address. Other IPv6 addresses can be assigned to the interface as required.

16. What is the most compressed representation of the IPv6 address

2001:0db8:0000:abcd:0000:0000:0000:0001?

●​ 2001:0db8:abcd::1
●​ 2001:db8:0:abcd::1
●​ 2001:0db8:abcd::0001
●​ 2001:0db8:0000:abcd::1
●​ 2001:db8::abcd:0:1
Explanation: The IPv6 address 2001:0db8:0000:abcd:0000:0000:0000:0001 in
its most compressed format would be 2001:db8:0:abcd::1. The one leading zero
in the second hextet can be removed. The first hextet of zeros would be
compressed to a single zero. The three consecutive hextets of zeros can be
compressed to a double colon ::. The three leading zeros in the last hextet can
be removed. The double colon :: can only be used once in an address.

17. What is the prefix associated with the IPv6 address

2001:DB8:D15:EA:CC44::1/64?

●​ 2001::/64
●​ 2001:DB8::/64​
●​ 2001:DB8:D15:EA::/64​
●​ 2001:DB8:D15:EA:CC44::/64​

Explanation: The /64 represents the network and subnet IPv6 fields. The fourth
field of hexadecimal digits is referred to as the subnet ID. The subnet ID for this
address is 2001:DB8:D15:EA::0/64.​​

18. What is the network address for the IPv6 address

2001:DB8:AA04:B5::1/64?

●​ 2001::/64
●​ 2001:DB8::/64​
●​ 2001:DB8:AA04::/64​
●​ 2001:DB8:AA04:B5::/64​

Explanation: The /64 represents the network and subnet IPv6 fields which are
the first four groups of hexadecimal digits. The first address within that range is
the subnetwork address of 2001:DB8:AA04:B5::/64.​​

19. Your organization is issued the IPv6 prefix of 2001:db8:130f::/48 by your

service provider. With this prefix, how many bits are available for your
organization to create /64 subnetworks if interface ID bits are not
borrowed?

●​ 8
●​ 16
●​ 80
●​ 128
Explanation: The global routing prefix that is assigned to the organization has
48 bits. The next 16 bits are used for the subnet ID. This makes up the first 64
bits of the address, which is typically the network portion of the address. The
remaining 64 bits of the 128-bit IPv6 address are for the interface ID (or host)
portion of the address.
 Transport Layer

1. Network congestion has resulted in the source learning of the loss of

TCP segments that were sent to the destination. What is one way that the
TCP protocol addresses this?

●​ The source decreases the amount of data that it transmits before

it receives an acknowledgement from the destination.
●​ The source decreases the window size to decrease the rate of
transmission from the destination.
●​ The destination decreases the window size.
●​ The destination sends fewer acknowledgement messages in order to
conserve bandwidth.

Explanation: If the source determines that the TCP segments are either not
being acknowledged or are not acknowledged in a timely manner, then it can
reduce the number of bytes it sends before receiving an acknowledgment. This
does not involve changing the window in the segment header. The source does
not decrease the window that is sent in the segment header. The window in the
segment header is adjusted by the destination host when it is receiving data
faster than it can process it, not when network congestion is encountered.

2. Which two operations are provided by TCP but not by UDP? (Choose
two.)

●​ identifying the applications

●​ acknowledging received data
●​ tracking individual conversations
●​ retransmitting any unacknowledged data
●​ reconstructing data in the order received

Explanation: Numbering and tracking data segments, acknowledging received

data, and retransmitting any unacknowledged data are reliability operations to
ensure that all of the data arrives at the destination. UDP does not provide
reliability. Both TCP and UDP identify the applications and track individual
conversations. UDP does not number data segments and reconstructs data in
the order that it is received.

3. What is the TCP mechanism used in congestion avoidance?

 ●​ three-way handshake
●​ socket pair
●​ two-way handshake
●​ sliding window

Explanation: TCP uses windows to attempt to manage the rate of transmission

to the maximum flow that the network and destination device can support while
minimizing loss and retransmissions. When overwhelmed with data, the
destination can send a request to reduce the of the window. This congestion
avoidance is called sliding windows.

4. What is a responsibility of transport layer protocols?

●​ providing network access

●​ tracking individual conversations
●​ determining the best path to forward a packet
●​ translating private IP addresses to public IP addresses

Explanation: There are three main responsibilities for transport layer protocols
TCP and UDP:

●​ Tracking individual conversations

●​ Segmenting data and reassembling segments
●​ Identifying the applications

5. How does a networked server manage requests from multiple clients for
different services?

●​ The server sends all requests through a default gateway.

●​ Each request is assigned source and destination port numbers.
●​ The server uses IP addresses to identify different services.
●​ Each request is tracked through the physical address of the client.

Explanation: Each service provided by a server, such as email or file transfers,

uses a specific port number. The source port number of a service request
identifies the client that is requesting services. The destination port number
identifies the specific service. Servers do not use address information to provide
services. Routers and switches use addressing information to move traffic
through the network.
6. Which two services or protocols use the preferred UDP protocol for fast
transmission and low overhead? (Choose two)

●​ FTP
●​ DNS
●​ HTTP
●​ POP3
●​ VoIP

Explanation: Both DNS and VoIP use UDP to provide low overhead services
within a network implementation.​

7. What is the purpose of using a source port number in a TCP

communication?

●​ to notify the remote device that the conversation is over

●​ to assemble the segments that arrived out of order
●​ to keep track of multiple conversations between devices
●​ to inquire for a nonreceived segment

Explanation: The source port number in a segment header is used to keep track
of multiple conversations between devices. It is also used to keep an open entry
for the response from the server. The incorrect options are more related to flow
control and guaranteed delivery.

8. Which number or set of numbers represents a socket?

●​ 01-23-45-67-89-AB
●​ 21
●​ 192.168.1.1:80
●​ 10.1.1.15

Explanation: A socket is defined by the combination of an IP address and a port

number, and uniquely identifies a particular communication.

9. Which two flags in the TCP header are used in a TCP three-way
handshake to establish connectivity between two network devices?
(Choose two.)

●​ ACK
●​ FIN
 ●​ PSH
●​ RST
●​ SYN
●​ URG

Explanation: TCP uses the SYN and ACK flags in order to establish connectivity
between two network devices.

10. What happens if part of an FTP message is not delivered to the

destination?

●​ The message is lost because FTP does not use a reliable delivery
method.
●​ The FTP source host sends a query to the destination host.
●​ The part of the FTP message that was lost is re-sent.
●​ The entire FTP message is re-sent.

Explanation: Because FTP uses TCP as its transport layer protocol, sequence
and acknowledgment numbers will identify the missing segments, which will be
re-sent to complete the message.

11. What type of applications are best suited for using UDP?

●​ applications that are sensitive to delay

●​ applications that need reliable delivery
●​ applications that require retransmission of lost segments
●​ applications that are sensitive to packet loss

Explanation: UDP is not a connection-oriented protocol and does not provide

retransmission, sequencing, or flow control mechanisms. It provides basic
transport layer functions with a much lower overhead than TCP. Lower overhead
makes UDP suitable for applications which are sensitive to delay.

12. Which action is performed by a client when establishing communication

with a server via the use of UDP at the transport layer?

●​ The client sets the window size for the session.

●​ The client sends an ISN to the server to start the 3-way handshake.
●​ The client randomly selects a source port number.
●​ The client sends a synchronization segment to begin the session.
Explanation: Because a session does not have to be established for UDP, the
client selects a random source port to begin a connection. The random port
number selected is inserted into the source port field of the UDP header.

13. Which transport layer feature is used to guarantee session

establishment?

●​ UDP ACK flag

●​ TCP 3-way handshake
●​ UDP sequence number
●​ TCP port number

Explanation: TCP uses the 3-way handshake. UDP does not use this feature.
The 3-way handshake ensures there is connectivity between the source and
destination devices before transmission occurs.

14. What is the complete range of TCP and UDP well-known ports?

●​ 0 to 255
●​ 0 to 1023
●​ 256 – 1023
●​ 1024 – 49151

Explanation: There are three ranges of TCP and UDP ports. The well-know
range of port numbers is from 0 – 1023.

15. What is a socket?

●​ the combination of the source and destination IP address and source

and destination Ethernet address
●​ the combination of a source IP address and port number or a
destination IP address and port number
●​ the combination of the source and destination sequence and
acknowledgment numbers
●​ the combination of the source and destination sequence numbers and
port numbers

Explanation: A socket is a combination of the source IP address and source port

or the destination IP address and the destination port number.
16. Which transport layer feature is used to establish a connection-oriented
session?

●​ UDP ACK flag

●​ TCP 3-way handshake
●​ UDP sequence number
●​ TCP port number

Explanation: TCP uses the 3-way handshake. UDP does not use this feature.
The 3-way handshake ensures there is connectivity between the source and
destination devices before transmission occurs.

17. What TCP mechanism is used to enhance performance by allowing a

device to continuously send a steady stream of segments as long as the
device is also receiving necessary acknowledgements?

●​ Three-way handshake
●​ Socket pair
●​ Two-way handshake
●​ Sliding window

Explanation: TCP uses windows to attempt to manage the rate of transmission

to the maximum flow that the network and destination device can support while
minimizing loss and retransmissions. When overwhelmed with data, the
destination can send a request to reduce the of the window. The process of the
destination sending acknowledgments as it processes bytes received and the
continual adjustment of the source send window is known as sliding windows.
 Application Layer

1. On a home network, which device is most likely to provide dynamic IP

addressing to clients on the home network?

●​ a dedicated file server

●​ a home router
●​ an ISP DHCP server
●​ a DNS server

Explanation: On a home network, a home router usually serves as the DHCP

server. The home router is responsible for dynamically assigning IP addresses to
clients on the home network. ISPs also use DHCP, but it usually assigns an IP
address to the Internet interface of the home router, not the clients on the home
network. In businesses, it is common to have a file or other dedicated server
provide DHCP services to the network. Finally, a DNS server is responsible for
finding the IP address for a URL, not for providing dynamic addressing to
network clients.

2. What part of the URL, ht​tp://ww​w.cisco.com/index.html, represents the

top-level DNS domain?

●​ .com
●​ www
●​ http
●​ index

Explanation: The components of the URL ht​tp://ww​w.cisco.com/index.htm are

as follows:

●​ http = protocol
●​ www = part of the server name
●​ cisco = part of the domain name
●​ index = file name
●​ com = the top-level domain

3. What are two characteristics of the application layer of the TCP/IP

model? (Choose two.)

●​ responsibility for logical addressing

 ●​ responsibility for physical addressing
●​ the creation and maintenance of dialogue between source and
destination applications
●​ closest to the end user
●​ the establishing of window size

Explanation: The application layer of the TCP/IP model is the layer that is
closest to the end user, providing the interface between the applications. It is
responsible for formatting, compressing, and encrypting data, and is used to
create and maintain dialog between source and destination applications.

4. What message type is used by an HTTP client to request data from a web
server?

●​ GET
●​ POST
●​ PUT
●​ ACK

Explanation: HTTP clients send GET messages to request data from web
servers.

5. Which statement is true about FTP?

●​ The client can choose if FTP is going to establish one or two

connections with the server.
●​ The client can download data from or upload data to the server.
●​ FTP is a peer-to-peer application.
●​ FTP does not provide reliability during data transmission.

Explanation: FTP is a client/server protocol. FTP requires two connections

between the client and the server and uses TCP to provide reliable connections.
With FTP, data transfer can happen in either direction. The client can download
(pull) data from the server or upload (push) data to the server.

6. A wireless host needs to request an IP address. What protocol would be

used to process the request?

●​ FTP
●​ HTTP
●​ DHCP
 ●​ ICMP
●​ SNMP

Explanation: The DHCP protocol is used to request, issue, and manage IP

addressing information. CSMA/CD is the access method used with wired
Ethernet. ICMP is used to test connectivity. SNMP is used with network
management and FTP is used for file transfer.

7. Which TCP/IP model layer is closest to the end user?

●​ application
●​ internet
●​ network access
●​ transport

Explanation: End users use applications to interact with and use the network.
The application layer of the TCP/IP model is closest to the end user. Application
layer protocols are used to communicate and exchange messages with other
network devices and applications. The layers of the TCP/IP model are from top to
bottom (memory aid – ATIN): application, transport, internet, network access

8. Which three protocols or standards are used at the application layer of

the TCP/IP model? (Choose three.)

●​ ТСР
●​ HTTP
●​ MPEG
●​ GIF
●​ IP
●​ UDP

Explanation: HTTP, MPEG, and GIF operate at the application layer of the
TCP/IP model. TCP and UDP operate at the transport layer. IP operates at the
internet layer.​

9. Which protocol uses encryption?

●​ DHCP
●​ DNS
●​ FTP
●​ HTTPS
Explanation: HTTPS uses Secure Socket Layer (SSL) to encrypt traffic
accessed from a web server.

10. Why is DHCP preferred for use on large networks?

●​ Large networks send more requests for domain to IP address

resolution than do smaller networks.
●​ DHCP uses a reliable transport layer protocol.
●​ It prevents sharing of files that are copyrighted.
●​ It is a more efficient way to manage IP addresses than static
address assignment.
●​ Hosts on large networks require more IP addressing configuration
settings than hosts on small networks.

Explanation: Static IP address assignment requires personnel to configure each

network host with addresses manually. Large networks can change frequently
and have many more hosts to configure than do small networks. DHCP provides
a much more efficient means of configuring and managing IP addresses on large
networks than does static address assignment.

11. Which two tasks can be performed by a local DNS server? (Choose
two.)

●​ providing IP addresses to local hosts

●​ allowing data transfer between two network devices
●​ mapping name-to-IP addresses for internal hosts
●​ forwarding name resolution requests between servers
●​ retrieving email messages

Explanation: Two important functions of DNS are to (1) provide IP addresses for
domain names such as www.cisco.com, and (2) forward requests that cannot be
resolved to other servers in order to provide domain name to IP address
translation. DHCP provides IP addressing information to local devices. A file
transfer protocol such as FTP, SFTP, or TFTP provides file sharing services.
IMAP or POP can be used to retrieve an email message from a server.

12. Which protocol can be used to transfer messages from an email server
to an email client?

●​ SMTP
●​ POP3
 ●​ SNMP
●​ HTTP

Explanation: SMTP is used to send mail from the client to the server but POP3
is used to download mail from the server to the client. HTTP and SNMP are
protocols that are unrelated to email.

13. When retrieving email messages, which protocol allows for easy,
centralized storage and backup of emails that would be desirable for a
small- to medium-sized business?

●​ IMAP
●​ РОР
●​ SMTP
●​ HTTPS

Explanation: IMAP is preferred for small-to medium-sized businesses as IMAP

allows centralized storage and backup of emails, with copies of the emails being
forwarded to clients. POP delivers the emails to the clients and deletes them on
the email server. SMTP is used to send emails and not to receive them. HTTPS
is not used for secure web browsing.

14. Which application layer protocol is used to provide file-sharing and

print services to Microsoft applications?

●​ HTTP
●​ SMTP
●​ DHCP
●​ SMB

Explanation: SMB is used in Microsoft networking for file-sharing and print

services. The Linux operating system provides a method of sharing resources
with Microsoft networks by using a version of SMB called SAMBA.

15. An author is uploading one chapter document from a personal

computer to a file server of a book publisher. What role is the personal
computer assuming in this network model?

●​ client
●​ master
●​ server
 ●​ slave
●​ transient

Explanation: In the client/server network model, a network device assumes the

role of server in order to provide a particular service such as file transfer and
storage. The device requesting the service assumes the role of client. In the
client/server network model, a dedicated server does not have to be used, but if
one is present, the network model being used is the client/server model. In
contrast, the peer-to-peer network model does not have a dedicated server.
 Network Security Fundamentals

1. What three configuration steps must be performed to implement SSH

access to a router? (Choose three.)

●​ a password on the console line

●​ an IP domain name
●​ a user account
●​ an enable mode password
●​ a unique hostname
●​ an encrypted password

Explanation: To implement SSH on a router the following steps need to be

performed:

●​ Configure a unique hostname.

●​ Configure the domain name of the network.
●​ Configure a user account to use AAA or local database for
authentication.
●​ Generate RSA keys.
●​ Enable VTY SSH sessions.

2. What is the objective of a network reconnaissance attack?

●​ discovery and mapping of systems

●​ unauthorized manipulation of data
●​ disabling network systems or services
●​ denying access to resources by legitimate users

Explanation: The objective of a network reconnaissance attack is to discover

information about a network, network systems, and network services.

3. For security reasons a network administrator needs to ensure that local

computers cannot ping each other. Which settings can accomplish this
task?

●​ smartcard settings
●​ firewall settings
●​ MAC address settings
●​ file system settings
Explanation: Smartcard and file system settings do not affect network operation.
MAC address settings and filtering may be used to control device network access
but cannot be used to filter different data traffic types.

4. A network administrator establishes a connection to a switch via SSH.

What characteristic uniquely describes the SSH connection?

●​ out-of-band access to a switch through the use of a virtual terminal with

password authentication
●​ remote access to the switch through the use of a telephone dialup
connection
●​ on-site access to a switch through the use of a directly connected PC
and a console cable
●​ remote access to a switch where data is encrypted during the
session
●​ direct access to the switch through the use of a terminal emulation
program

Explanation: SSH provides a secure remote login through a virtual interface.

SSH provides a stronger password authentication than Telnet. SSH also encrypts
the data during the session.

5. Which benefit does SSH offer over Telnet for remotely managing a
router?

●​ encryption
●​ TCP usage
●​ authorization
●​ connections via multiple VTY lines

Explanation: SSH provides secure access to a network device for remote

management. It uses a stronger password authorization than Telnet does and
encrypts any data that is transported during the session.

6. What is one of the most effective security tools available for protecting
users from external threats?

●​ firewalls
●​ router that run AAA services
●​ patch servers
●​ password encryption techniques
Explanation: A firewall is one of the most effective security tools for protecting
internal network users from external threats. A firewall resides between two or
more networks, controls the traffic between them, and helps prevent
unauthorized access. A host intrusion prevention system can help prevent
outside intruders and should be used on all systems.

7. Which type of network threat is intended to prevent authorized users

from accessing resources?

●​ DoS attacks
●​ access attacks
●​ reconnaissance attacks
●​ trust exploitation

Explanation: Network reconnaissance attacks involve the unauthorized

discovery and mapping of the network and network systems. Access attacks and
trust exploitation involve unauthorized manipulation of data and access to
systems or user privileges. DoS, or Denial of Service attacks, are intended to
prevent legitimate users and devices from accessing network resources.

8. Which three services are provided by the AAA framework? (Choose

three.)

●​ accounting
●​ automation
●​ authorization
●​ authentication
●​ autobalancing
●​ autoconfiguration

Explanation: The authentication, authorization, and accounting (AAA)

framework provides services to help secure access to network devices.

9. Which malicious code attack is self-contained and tries to exploit a

specific vulnerability in a system being attacked?

●​ virus
●​ worm
●​ Trojan horse
●​ social engineering
Explanation: A worm is a computer program that is self replicated with the
intention of attacking a system and trying to exploit a specific vulnerability in the
target. Both virus and Trojan horse rely on a delivery mechanism to carry them
from one host to another. Social engineering is not a type of malicious code
attack.

10. Some routers and switches in a wiring closet malfunctioned after an air
conditioning unit failed. What type of threat does this situation describe?

●​ configuration
●​ environmental
●​ electrical
●​ maintenance

Explanation: The four classes of threats are as follows:

●​ Hardware threats – physical damage to servers, routers, switches,

cabling plant, and workstations
●​ Environmental threats – temperature extremes (too hot or too cold) or
humidity extremes (too wet or too dry)
●​ Electrical threats – voltage spikes, insufficient supply voltage
(brownouts), unconditioned power (noise), and total power loss
●​ Maintenance threats – poor handling of key electrical components
(electrostatic discharge), lack of critical spare parts, poor cabling, and
poor labeling

11. What does the term vulnerability mean?

●​ a weakness that makes a target susceptible to an attack

●​ a computer that contains sensitive information
●​ a method of attack to exploit a target
●​ a known target or victim machine
●​ a potential threat that a hacker creates

Explanation: A vulnerability is not a threat, but it is a weakness that makes the

PC or the software a target for attacks.

12. Which component is designed to protect against unauthorized

communications to and from a computer?

●​ security center
 ●​ port scanner
●​ antimalware
●​ antivirus
●​ firewall

Explanation: Antivirus and antimalware software are used to prevent infection

from malicious software. A port scanner is used to test a PC network connection
to determine which ports the PC is listening to. The security center is an area of
Windows that keeps track of the security software and settings on the PC. A
firewall is designed to block unsolicited connection attempts to a PC unless they
are specifically permitted.

13. Which command will block login attempts on RouterA for a period of 30
seconds if there are 2 failed login attempts within 10 seconds?

●​ RouterA(config)# login block-for 10 attempts 2 within 30

●​ RouterA(config)# login block-for 30 attempts 2 within 10
●​ RouterA(config)# login block-for 2 attempts 30 within 10
●​ RouterA(config)# login block-for 30 attempts 10 within 2

Explanation: The correct syntax is RouterA(config)# login block-for (number of

seconds) attempts (number of attempts) within (number of seconds).

14. What is the purpose of the network security accounting function?

●​ to require users to prove who they are

●​ to determine which resources a user can access
●​ to keep track of the actions of a user
●​ to provide challenge and response questions

Explanation: Authentication, authorization, and accounting are network services

collectively known as AAA. Authentication requires users to prove who they are.
Authorization determines which resources the user can access. Accounting
keeps track of the actions of the user.

15. What type of attack may involve the use of tools such as nslookup and
fping?

●​ access attack
●​ reconnaissance attack
●​ denial of service attack
 ●​ worm attack

Explanation: For reconnaissance attacks, external attackers can use Internet

tools, such as the nslookup and whois utilities, to easily determine the IP address
space assigned to a given corporation or entity. After the IP address space is
determined, an attacker can then ping the publicly available IP addresses to
identify the addresses that are active. Fping is a ping sweep tool that can help
automate this process.